www.MegaLab.it

da **ALCALIN** » lun dic 24, 2007 2:16 pm

Buon giorno
Da ieri mattina il mio pc ha un nuovo ospite, il suo nome: W32/AGENTE.I.2ritengo sia una nuova versione di questo infame attacco, giacché non ho trovato ancora nulla in giro che possa aiutarmi.
Ho fatto una scansione con CLAM durata 12 ore e ho trovato un po' di sporcizia che ho eliminato, ma il virus continua imperversare...
Non riesco più ad eseguire gli aggiornamenti di windows, non per il problema che era stato detto anche qui, l'aggiornamento parte ma nno si installa, non dice che non è stato possibile, tutto silenzio.
Ogni tanto il pc si riavvia, cosa mai accaduta in passato, insomma una serie di fastidi che ho timore possano peggiorare la macchina e il suo utilizzo.
Grazie per eventuali soluzioni.

da **ste_95** » lun dic 24, 2007 2:21 pm

In primis ti chiedo di non scrivere tutto in grasseto e di postare nella sezione appopriata la prossima volta, poi ti chiedo di eseguire questi passaggi:

Scarica HiJackThis
Salvalo in una cartella (non aprirlo direttamente, sennò non farà i backup!)
Apri l'eseguibile
Clicca quindi su "Do a System Scan and Save a Logfile"
Attendi che finisca la scansione
Quindi copia il contenuto del blocco note qui sul forum.

da **ALCALIN** » lun dic 24, 2007 2:30 pm

Ho dimenticato di dire che ho fatto anche la scnsione con Hijackerthis e alla verifica tutto è perfettamente in ordine.
Solo che ogni tanto il mio antivirus Avira mi manda il msg che ha riscontarto quel maledetto virus e consiglia di negare l'accesso, ma dei danni sono certo li ha gia fatti come dicevo nel post d'inizio

da **crazy.cat** » lun dic 24, 2007 2:40 pm

Vediamo lo stesso il log della scansione di hijackthis, ci aiuta sempre.

E poi dove ti viene trovato questo virus?

da **ALCALIN** » lun dic 24, 2007 2:41 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.56.09, on 24/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
D:\Programmi\SPYWAREfighter\spftray.exe
D:\Programmi\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
D:\Programmi\PopTray\PopTray.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\AdunanzA\eMule_AdnzA.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Live\Mail\wlmail.exe
C:\Documents and Settings\PAPY\Desktop\sicurezza\Programmi intervento pulizia e riparazione\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "D:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PopTray.lnk = D:\Programmi\PopTray\PopTray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\office97\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - D:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~2\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~2\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - D:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 18110 bytes

da **ste_95** » lun dic 24, 2007 2:43 pm

Il log è pulito... [^]

crazy.cat ha scritto:E poi dove ti viene trovato questo virus?

da **ALCALIN** » lun dic 24, 2007 2:43 pm

la presenza del virus è stata segnalata in difefrenti postazioni dentro il pc: su CREATIVE, sul system 32 e altre parti ancora per ognuna delle quali è stato confermato il divieto di accesso, fatto dall'antivirus.

da **ALCALIN** » lun dic 24, 2007 2:46 pm

E' il fatto che il log sia pulito che mi preoccupa, poiché significa che è ben nascosto questo trojan maledetto e ancora non è chiaro quli danni causerà, ho anche valutato che sia arrivato attraverso una mail assolutamente corretta nella sua sostanza e attendibile poiché faceva riferimento a mie mail inviate ad indirizzi seri, tipo aziende...

da **ste_95** » lun dic 24, 2007 2:47 pm

Esegui una scansione estesa online con kaspersky e salva il log finale in formato html, quindi mettilo su www.freefilehosting.net e riportane qui il link.

da **ALCALIN** » lun dic 24, 2007 2:53 pm

Non ho l'antivirus citato, mi spiace come detto prima a parte il controllo di AVIRA ho fatto una scnsione con A2 squared, con CLAM, ma non mi hanno segnalato nulla di anomalo tranne CLAM che ha rilevato i divieti d'acecsso eseguiti da AVIRA agli attacchi del virus.
>Credo sia un brutto affare, il virus W32 è già ampiamente diffuso nelle sue varianti in cui è stato realizzato ma questa ancora non è conosciuta mi rendo conto.

da **ste_95** » lun dic 24, 2007 2:55 pm

La scansione va effettuata online qui:

http://www.kasperskyitalia.it/servizi/k ... bscan.html

[:)]

da **ALCALIN** » lun dic 24, 2007 3:06 pm

Mi spiace ma nno è possibile fare la scnsione on line mi dice licenza scaduta e non è possibile fare l'inizializzazione, ho provato anche andando direttamente nel sito italia della casa ma la cosa si ripete negativamente...

da **ste_95** » lun dic 24, 2007 3:10 pm

Segui allora le istruzioni di questo articolo:

http://www.MegaLab.it/

da **ALCALIN** » lun dic 24, 2007 4:03 pm

Allego la scansione con Systemscan, se riuscite a trare delle conclusioni....

SystemScan - www.suspectfile.com - ver. 3.2.2

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 24/12/2007
Time: 15.29.58

Output limited to:
-Recent files
-PC accounts
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Duplicates in BAK folders
-Svchost.exe instances
-Network settings
-Include HOSTS file
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Suspicious Files
-Include hijackthis.log
-Installed Applications

===================== Accounts on this PC =====================

Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| Guest (Disabled)
| HelpAssistant (Disabled)
Yes | PAPY
| SUPPORT_388945a0 (Disabled)

### users folders

24/08/2007 19.19.12 (DIR) 0 byte 122 days old -- All Users
17/11/2007 11.55.27 (DIR) 0 byte 37 days old -- LocalService
17/11/2007 11.55.27 (DIR) 0 byte 37 days old -- NetworkService
17/11/2007 12.55.55 (DIR) 0 byte 37 days old -- Default User
17/11/2007 14.52.34 (DIR) 0 byte 37 days old -- Default User.WINDOWS
29/11/2007 10.16.17 (DIR) 0 byte 25 days old -- Utente_01
22/12/2007 18.22.02 (DIR) 0 byte 2 days old -- NetworkService.NT AUTHORITY
22/12/2007 18.22.02 (DIR) 0 byte 2 days old -- Administrator
22/12/2007 18.22.02 (DIR) 0 byte 2 days old -- LocalService.NT AUTHORITY
23/12/2007 14.43.06 (DIR) 0 byte 1 days old -- All Users.WINDOWS
24/12/2007 12.46.04 (DIR) 0 byte 0 days old -- PAPY

### startup files in users folders

C:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech SetPoint.lnk
C:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Logitech SetPoint.lnk
C:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\Default User.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\PAPY\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\PAPY\Menu Avvio\Programmi\Esecuzione automatica\PopTray.lnk
C:\documents and settings\Utente_01\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini

===================== Recent files (60 days old)=====================

----- recent files in C:\
14/11/2007 09.14.51 486304 byte 40 days old -- sam.tmp
17/11/2007 15.29.21 244 byte 37 days old -- sqmnoopt00.sqm
17/11/2007 15.29.21 268 byte 37 days old -- sqmdata00.sqm
17/11/2007 15.34.48 244 byte 37 days old -- sqmnoopt01.sqm
17/11/2007 15.34.48 268 byte 37 days old -- sqmdata01.sqm
17/11/2007 18.37.19 (DIR) 0 byte 37 days old -- Documents and Settings
17/11/2007 18.40.19 (DIR) 0 byte 37 days old -- RECYCLER
20/11/2007 15.31.28 64561 byte 34 days old -- Movie.swf
06/12/2007 23.32.08 (DIR) 0 byte 18 days old -- System Volume Information
16/12/2007 12.01.40 (DIR) 0 byte 8 days old -- Temp
16/12/2007 14.28.23 162 byte 8 days old -- YServer.txt
17/12/2007 11.40.57 217088 byte 7 days old -- Soluzione7LOC.mdb
17/12/2007 11.52.42 (DIR) 0 byte 7 days old -- ArchiviSoluzione7
21/12/2007 17.24.59 120 byte 3 days old -- drmHeader.bin
23/12/2007 18.52.22 221 byte 1 days old -- boot.ini
24/12/2007 12.11.27 1610612736 byte 0 days old -- pagefile.sys
24/12/2007 12.11.32 (DIR)1073274880 byte 0 days old -- hiberfil.sys
24/12/2007 12.35.55 (DIR) 0 byte 0 days old -- Config.Msi
24/12/2007 12.48.26 (DIR) 0 byte 0 days old -- Programmi
24/12/2007 12.52.39 306108 byte 0 days old -- Omar Codazzi - Uomini.mp4.H0
24/12/2007 14.02.59 (DIR) 0 byte 0 days old -- WINDOWS
24/12/2007 15.29.58 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
01/11/2007 15.23.15 (DIR) 0 byte 53 days old -- Microsoft.NET
17/11/2007 14.40.34 37 byte 37 days old -- vbaddin.ini
17/11/2007 14.40.34 36 byte 37 days old -- vb.ini
17/11/2007 14.42.35 (DIR) 0 byte 37 days old -- Offline Web Pages
17/11/2007 14.44.07 0 byte 37 days old -- control.ini
17/11/2007 14.44.27 (DIR) 0 byte 37 days old -- repair
17/11/2007 14.48.41 8192 byte 37 days old -- REGLOCS.OLD
17/11/2007 15.16.53 (DIR) 0 byte 37 days old -- WBEM
17/11/2007 15.20.01 (DIR) 0 byte 37 days old -- assembly
17/11/2007 15.20.09 (DIR) 0 byte 37 days old -- Internet Logs
17/11/2007 15.20.29 (DIR) 0 byte 37 days old -- XPize
17/11/2007 15.28.34 (DIR) 0 byte 37 days old -- msdownld.tmp
17/11/2007 15.46.22 (DIR) 0 byte 37 days old -- $NtUninstallWMFDist11$
17/11/2007 15.47.53 (DIR) 0 byte 37 days old -- $NtUninstallwmp11$
17/11/2007 16.17.09 298365 byte 37 days old -- setupapi.old
17/11/2007 18.01.03 (DIR) 0 byte 37 days old -- Driver Cache
17/11/2007 18.04.07 (DIR) 0 byte 37 days old -- twain_32
17/11/2007 18.08.07 (DIR) 0 byte 37 days old -- PeerNet
17/11/2007 18.08.20 (DIR) 0 byte 37 days old -- ime
17/11/2007 18.08.21 (DIR) 0 byte 37 days old -- ehome
17/11/2007 18.23.13 749 byte 37 days old -- WindowsShell.Manifest
17/11/2007 18.23.22 (DIR) 0 byte 37 days old -- Web
17/11/2007 18.24.13 4161 byte 37 days old -- ODBCINST.INI
17/11/2007 18.37.13 (DIR) 0 byte 37 days old -- CSC
17/11/2007 18.48.57 (DIR) 0 byte 37 days old -- security
17/11/2007 18.57.58 0 byte 37 days old -- nsreg.dat
17/11/2007 20.54.52 (DIR) 0 byte 37 days old -- $NtUninstallWudf01005$
18/11/2007 00.05.26 (DIR) 0 byte 36 days old -- Cursors
18/11/2007 00.05.26 (DIR) 0 byte 36 days old -- Media
18/11/2007 15.59.24 (DIR) 0 byte 36 days old -- ie7
18/11/2007 16.12.39 (DIR) 0 byte 36 days old -- Minidump
18/11/2007 17.10.02 4744 byte 36 days old -- PAPY.acl
18/11/2007 17.32.57 (DIR) 0 byte 36 days old -- VistaMizer
18/11/2007 17.34.53 (DIR) 0 byte 36 days old -- srchasst
18/11/2007 17.34.56 (DIR) 0 byte 36 days old -- network diagnostic
19/11/2007 12.36.33 244 byte 35 days old -- FinsonLiveUpdate.ini
19/11/2007 12.37.06 0 byte 35 days old -- msds.dat
19/11/2007 12.37.15 1072 byte 35 days old -- FINSON.INI
20/11/2007 16.55.52 118784 byte 34 days old -- bwUnin-7.2.0.137-8876480SL.exe
21/11/2007 13.45.00 316640 byte 33 days old -- WMSysPr9.prx
21/11/2007 13.46.18 (DIR) 0 byte 33 days old -- $NtUninstallMSCompPackV1$
22/11/2007 08.48.02 (DIR) 0 byte 32 days old -- AppPatch
22/11/2007 18.45.05 0 byte 32 days old -- Sti_Trace.log
22/11/2007 18.51.06 (DIR) 0 byte 32 days old -- Downloaded Installations
22/11/2007 18.59.24 (DIR) 0 byte 32 days old -- NewSoft
22/11/2007 18.59.34 0 byte 32 days old -- pexplore.ini
22/11/2007 18.59.34 34 byte 32 days old -- if40le.ini
22/11/2007 18.59.34 16 byte 32 days old -- SCNDRVU.INI
22/11/2007 18.59.34 0 byte 32 days old -- UMXADDIN.INI
23/11/2007 08.58.28 (DIR) 0 byte 31 days old -- Twain32
23/11/2007 09.03.41 63 byte 31 days old -- mdm.ini
23/11/2007 09.03.42 424 byte 31 days old -- ODBC.INI
23/11/2007 12.20.47 (DIR) 0 byte 31 days old -- system
23/11/2007 12.21.51 (DIR) 0 byte 31 days old -- ShellNew
23/11/2007 12.22.13 (DIR) 0 byte 31 days old -- Fonts
24/11/2007 11.13.24 (DIR) 0 byte 30 days old -- pss
02/12/2007 19.44.27 73216 byte 22 days old -- ST6UNST.EXE
02/12/2007 19.44.30 249856 byte 22 days old -- Setup1.exe
04/12/2007 15.10.56 737280 byte 20 days old -- iun6002.exe
04/12/2007 23.28.10 (DIR) 0 byte 20 days old -- $NtUninstallWIC$
12/12/2007 11.29.56 78 byte 12 days old -- magix.ini
12/12/2007 11.30.56 (DIR) 0 byte 12 days old -- Help
12/12/2007 12.03.53 0 byte 12 days old -- audiocleanic.INI
22/12/2007 17.06.16 (DIR) 0 byte 2 days old -- Tasks
22/12/2007 18.21.56 (DIR) 0 byte 2 days old -- Registration
22/12/2007 18.48.22 1409 byte 2 days old -- QTFont.for
22/12/2007 18.52.58 72 byte 2 days old -- SBWIN.INI
22/12/2007 19.26.47 (DIR) 0 byte 2 days old -- WinSxS
22/12/2007 20.25.22 (DIR) 0 byte 2 days old -- Prefetch
23/12/2007 18.33.53 (DIR) 0 byte 1 days old -- $hf_mig$
23/12/2007 18.45.40 (DIR) 0 byte 1 days old -- msagent
23/12/2007 18.52.22 227 byte 1 days old -- system.ini
23/12/2007 18.52.22 848 byte 1 days old -- win.ini
23/12/2007 20.50.27 (DIR) 0 byte 1 days old -- Debug
24/12/2007 12.11.36 2048 byte 0 days old -- bootstat.dat
24/12/2007 12.12.14 50 byte 0 days old -- wiaservc.log
24/12/2007 12.12.49 0 byte 0 days old -- 0.log
24/12/2007 12.13.30 (DIR) 0 byte 0 days old -- SoftwareDistribution
24/12/2007 12.19.39 (DIR) 0 byte 0 days old -- LastGood
24/12/2007 12.35.55 (DIR) 0 byte 0 days old -- Installer
24/12/2007 12.58.02 54156 byte 0 days old -- QTFont.qfn
24/12/2007 12.58.58 211 byte 0 days old -- wiadebug.log
24/12/2007 13.30.04 116 byte 0 days old -- NeroDigital.ini
24/12/2007 14.03.07 1095242 byte 0 days old -- WindowsUpdate.log
24/12/2007 14.03.28 91333 byte 0 days old -- KB890859.log
24/12/2007 14.03.33 144316 byte 0 days old -- KB920872.log
24/12/2007 14.03.38 143083 byte 0 days old -- KB900485.log
24/12/2007 14.03.45 90848 byte 0 days old -- KB931784.log
24/12/2007 14.53.00 20054 byte 0 days old -- ntbtlog.txt
24/12/2007 15.02.46 (DIR) 0 byte 0 days old -- system32
24/12/2007 15.02.46 (DIR) 0 byte 0 days old -- inf
24/12/2007 15.02.47 702678 byte 0 days old -- setupapi.log
24/12/2007 15.02.47 (DIR) 0 byte 0 days old -- Downloaded Program Files
24/12/2007 15.19.58 (DIR) 0 byte 0 days old -- temp

----- recent files in C:\WINDOWS\Downloaded Program Files\
17/11/2007 18.23.20 65 byte 37 days old -- desktop.ini

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
29/10/2007 16.35.16 121344 byte 56 days old -- xpsp3res.dll
29/10/2007 23.42.50 1292800 byte 56 days old -- quartz.dll
31/10/2007 00.23.38 3590656 byte 54 days old -- mshtml.dll
02/11/2007 08.36.11 (DIR) 0 byte 52 days old -- Macromed
13/11/2007 12.31.11 60416 byte 41 days old -- tzchange.exe
17/11/2007 14.40.28 (DIR) 0 byte 37 days old -- MsDtc
17/11/2007 14.44.07 2885 byte 37 days old -- CONFIG.NT
17/11/2007 14.52.08 13648 byte 37 days old -- wpa.bak
17/11/2007 15.17.33 (DIR) 0 byte 37 days old -- it-it
17/11/2007 15.20.20 (DIR) 0 byte 37 days old -- en-us
17/11/2007 15.20.25 (DIR) 0 byte 37 days old -- SiudiLoad
17/11/2007 15.20.26 (DIR) 0 byte 37 days old -- URTTemp
17/11/2007 15.20.27 (DIR) 0 byte 37 days old -- XPSViewer
17/11/2007 15.23.14 (DIR) 0 byte 37 days old -- ras
17/11/2007 15.38.15 0 byte 37 days old -- h323log.txt
17/11/2007 18.02.14 (DIR) 0 byte 37 days old -- 1033
17/11/2007 18.02.57 (DIR) 0 byte 37 days old -- icsxml
17/11/2007 18.07.53 (DIR) 0 byte 37 days old -- npp
17/11/2007 18.21.51 22980 byte 37 days old -- emptyregdb.dat
17/11/2007 18.23.13 749 byte 37 days old -- sapi.cpl.manifest
17/11/2007 18.23.13 749 byte 37 days old -- wuaucpl.cpl.manifest
17/11/2007 18.23.13 749 byte 37 days old -- ncpa.cpl.manifest
17/11/2007 18.23.13 749 byte 37 days old -- nwc.cpl.manifest
17/11/2007 18.23.13 749 byte 37 days old -- cdplayer.exe.manifest
17/11/2007 18.23.19 488 byte 37 days old -- logonui.exe.manifest
17/11/2007 18.23.19 488 byte 37 days old -- WindowsLogon.manifest
17/11/2007 18.23.51 (DIR) 0 byte 37 days old -- ias
17/11/2007 18.27.58 288 byte 37 days old -- $winnt$.inf
18/11/2007 17.32.59 219648 byte 36 days old -- uxtheme.dll
18/11/2007 17.34.52 (DIR) 0 byte 36 days old -- 1040
18/11/2007 17.34.54 (DIR) 0 byte 36 days old -- Setup
18/11/2007 17.34.55 (DIR) 0 byte 36 days old -- usmt
18/11/2007 17.34.55 (DIR) 0 byte 36 days old -- oobe
19/11/2007 13.02.57 (DIR) 0 byte 35 days old -- appmgmt
22/11/2007 18.41.37 (DIR) 0 byte 32 days old -- Restore
22/11/2007 18.59.25 (DIR) 0 byte 32 days old -- color
23/11/2007 12.20.47 2986 byte 31 days old -- FFASTLOG.TXT
25/11/2007 13.11.55 5677 byte 29 days old -- jupdate-1.6.0_03-b05.log
02/12/2007 15.00.06 18684536 byte 22 days old -- MRT.exe
04/12/2007 23.26.31 (DIR) 0 byte 20 days old -- DRVSTORE
04/12/2007 23.29.16 (DIR) 0 byte 20 days old -- DirectX
12/12/2007 09.31.02 268070 byte 12 days old -- TZLog.log
12/12/2007 11.30.03 4608 byte 12 days old -- w95inf32.dll
12/12/2007 11.30.03 2272 byte 12 days old -- w95inf16.dll
12/12/2007 11.30.57 5973 byte 12 days old -- CDUninst.isu
22/12/2007 18.21.56 (DIR) 0 byte 2 days old -- wbem
22/12/2007 18.22.11 (DIR) 0 byte 2 days old -- config
22/12/2007 18.22.53 13706 byte 2 days old -- wpa.dbl
22/12/2007 18.53.38 (DIR) 0 byte 2 days old -- ReinstallBackups
22/12/2007 18.53.49 588 byte 2 days old -- settingsbkup.sfm
22/12/2007 18.53.49 588 byte 2 days old -- settings.sfm
22/12/2007 20.24.17 16832 byte 2 days old -- amcompat.tlb
22/12/2007 20.24.17 23392 byte 2 days old -- nscompat.tlb
23/12/2007 18.28.22 (DIR) 0 byte 1 days old -- Com
23/12/2007 18.45.42 (DIR) 0 byte 1 days old -- dllcache
23/12/2007 18.45.48 192184 byte 1 days old -- FNTCACHE.DAT
23/12/2007 18.48.38 39992 byte 1 days old -- perfc009.dat
23/12/2007 18.48.38 47592 byte 1 days old -- perfc010.dat
23/12/2007 18.48.38 751592 byte 1 days old -- PerfStringBackup.INI
23/12/2007 18.48.38 345010 byte 1 days old -- perfh010.dat
23/12/2007 18.48.38 311604 byte 1 days old -- perfh009.dat
24/12/2007 12.13.17 (DIR) 0 byte 0 days old -- drivers
24/12/2007 14.03.31 (DIR) 0 byte 0 days old -- CatRoot2
24/12/2007 14.03.58 (DIR) 0 byte 0 days old -- CatRoot
24/12/2007 15.02.46 (DIR) 0 byte 0 days old -- Kaspersky Lab

----- recent files in C:\WINDOWS\system32\drivers\
02/11/2007 09.15.20 120832 byte 52 days old -- pctfw.sys
05/11/2007 15.07.24 209816 byte 49 days old -- pctfw2.sys
05/11/2007 15.07.26 18328 byte 49 days old -- pctssipc.sys
05/11/2007 15.07.26 40856 byte 49 days old -- pctmp.sys
13/11/2007 11.25.54 20480 byte 41 days old -- secdrv.sys
17/11/2007 15.21.07 61632 byte 37 days old -- avipbb.sys
14/12/2007 11.38.11 (DIR) 0 byte 10 days old -- UMDF
22/12/2007 18.19.36 (DIR) 0 byte 2 days old -- etc

----- recent files in C:\WINDOWS\temp\

----- recent files in C:\Programmi\
01/11/2007 14.08.36 (DIR) 0 byte 53 days old -- RAM Defrag V2.55
09/11/2007 23.25.13 (DIR) 0 byte 45 days old -- iColorFolder
17/11/2007 11.54.15 (DIR) 0 byte 37 days old -- C6 Messenger
17/11/2007 11.54.33 (DIR) 0 byte 37 days old -- Nokia
17/11/2007 13.43.03 (DIR) 0 byte 37 days old -- ComPlus Applications
17/11/2007 20.52.04 (DIR) 0 byte 37 days old -- PC Connectivity Solution
18/11/2007 12.15.13 (DIR) 0 byte 36 days old -- Google
18/11/2007 16.10.33 (DIR) 0 byte 36 days old -- Windows Defender
18/11/2007 17.34.55 (DIR) 0 byte 36 days old -- Windows NT
18/11/2007 17.34.56 (DIR) 0 byte 36 days old -- Movie Maker
18/11/2007 17.34.57 (DIR) 0 byte 36 days old -- NetMeeting
19/11/2007 12.35.54 (DIR) 0 byte 35 days old -- Finson Live Update
20/11/2007 16.55.35 (DIR) 0 byte 34 days old -- InstallShield Installation Information
21/11/2007 13.49.12 (DIR) 0 byte 33 days old -- DivX
21/11/2007 16.49.52 (DIR) 0 byte 33 days old -- Codec Pack - All In 1
21/11/2007 17.11.25 (DIR) 0 byte 33 days old -- Windows Live Toolbar
22/11/2007 18.34.09 (DIR) 0 byte 32 days old -- Logitech
22/11/2007 18.42.24 (DIR) 0 byte 32 days old -- Ahead
22/11/2007 18.59.35 (DIR) 0 byte 32 days old -- ScannerU
23/11/2007 09.01.52 (DIR) 0 byte 31 days old -- Microsoft Visual Studio
23/11/2007 09.05.08 (DIR) 0 byte 31 days old -- Adobe
23/11/2007 09.09.23 (DIR) 0 byte 31 days old -- Microsoft Office
23/11/2007 09.56.01 (DIR) 0 byte 31 days old -- Foxit Software
23/11/2007 12.20.48 (DIR) 0 byte 31 days old -- microsoft frontpage
25/11/2007 13.11.55 (DIR) 0 byte 29 days old -- Java
27/11/2007 09.42.31 (DIR) 0 byte 27 days old -- Apple Software Update
04/12/2007 23.19.01 (DIR) 0 byte 20 days old -- File comuni
04/12/2007 23.28.03 (DIR) 0 byte 20 days old -- Microsoft SQL Server Compact Edition
08/12/2007 20.46.24 (DIR) 0 byte 16 days old -- WinRAR
12/12/2007 10.16.42 (DIR) 0 byte 12 days old -- Internet Explorer
13/12/2007 13.53.32 (DIR) 0 byte 11 days old -- Windows Live
16/12/2007 14.27.54 (DIR) 0 byte 8 days old -- Yahoo!
17/12/2007 10.42.12 (DIR) 0 byte 7 days old -- Soluzione 7
22/12/2007 18.50.57 (DIR) 0 byte 2 days old -- Creative
22/12/2007 19.07.46 (DIR) 0 byte 2 days old -- Messenger Plus! Live
22/12/2007 20.23.48 (DIR) 0 byte 2 days old -- WindowsUpdate
23/12/2007 18.28.55 (DIR) 0 byte 1 days old -- Outlook Express
23/12/2007 18.29.25 (DIR) 0 byte 1 days old -- Windows Media Player
23/12/2007 18.30.14 (DIR) 0 byte 1 days old -- Messenger
24/12/2007 12.41.33 (DIR) 0 byte 0 days old -- Spyware Doctor
24/12/2007 12.48.26 (DIR) 0 byte 0 days old -- eRightSoft
24/12/2007 14.06.30 (DIR) 0 byte 0 days old -- Mozilla Firefox
24/12/2007 14.32.22 (DIR) 0 byte 0 days old -- AdunanzA

----- recent files in C:\Programmi\File comuni\
07/11/2007 22.41.56 (DIR) 0 byte 47 days old -- PC Tools
13/11/2007 19.16.29 (DIR) 0 byte 41 days old -- ODBC
16/11/2007 15.22.43 (DIR) 0 byte 38 days old -- PCSuite
17/11/2007 11.54.39 (DIR) 0 byte 37 days old -- Nokia
21/11/2007 17.10.52 (DIR) 0 byte 33 days old -- Adobe
23/11/2007 12.20.48 (DIR) 0 byte 31 days old -- Microsoft Shared
04/12/2007 23.20.15 (DIR) 0 byte 20 days old -- WindowsLiveInstaller
07/12/2007 22.37.04 (DIR) 0 byte 17 days old -- Wise Installation Wizard
22/12/2007 19.26.12 (DIR) 0 byte 2 days old -- Application
23/12/2007 18.28.55 (DIR) 0 byte 1 days old -- System

----- recent files in C:\Documents and Settings\PAPY\Dati applicazioni\
17/11/2007 15.04.03 (DIR) 0 byte 37 days old -- MetaProducts
17/11/2007 15.06.48 (DIR) 0 byte 37 days old -- PCToolsFirewallPlus
17/11/2007 15.30.29 62 byte 37 days old -- desktop.ini
17/11/2007 16.08.48 (DIR) 0 byte 37 days old -- HDD Thermometer
17/11/2007 16.38.07 (DIR) 0 byte 37 days old -- ViStart
17/11/2007 18.59.43 (DIR) 0 byte 37 days old -- Macromedia
18/11/2007 01.07.54 (DIR) 0 byte 36 days old -- Logitech
18/11/2007 12.15.53 (DIR) 0 byte 36 days old -- Google
18/11/2007 12.56.04 (DIR) 0 byte 36 days old -- Thunderbird
18/11/2007 12.56.05 (DIR) 0 byte 36 days old -- Mozilla
18/11/2007 17.10.26 (DIR) 0 byte 36 days old -- Help
18/11/2007 18.17.59 (DIR) 0 byte 36 days old -- Nokia
19/11/2007 11.22.36 (DIR) 0 byte 35 days old -- Identities
19/11/2007 20.19.01 (DIR) 0 byte 35 days old -- PC Suite
21/11/2007 14.10.05 (DIR) 0 byte 33 days old -- DivX
21/11/2007 14.31.03 (DIR) 0 byte 33 days old -- vlc
22/11/2007 19.03.42 (DIR) 0 byte 32 days old -- Adobe
23/11/2007 08.58.28 (DIR) 0 byte 31 days old -- Microsoft Web Folders
23/11/2007 09.04.57 (DIR) 0 byte 31 days old -- Leadertech
23/11/2007 12.22.07 (DIR) 0 byte 31 days old -- Yahoo! Messenger
24/11/2007 14.16.11 (DIR) 0 byte 30 days old -- Nokia Multimedia Player
25/11/2007 13.12.30 (DIR) 0 byte 29 days old -- Sun
26/11/2007 19.00.14 (DIR) 0 byte 28 days old -- PC Tools
02/12/2007 19.44.06 (DIR) 0 byte 22 days old -- Creative
03/12/2007 16.25.37 (DIR) 0 byte 21 days old -- Ahead
05/12/2007 17.14.53 (DIR) 0 byte 19 days old -- Apple Computer
07/12/2007 22.38.00 (DIR) 0 byte 17 days old -- SUPERAntiSpyware.com
08/12/2007 20.46.30 (DIR) 0 byte 16 days old -- WinRAR
13/12/2007 22.19.21 (DIR) 0 byte 11 days old -- Opera
13/12/2007 22.43.36 (DIR) 0 byte 11 days old -- Microsoft
22/12/2007 18.20.59 (DIR) 0 byte 2 days old -- GlobalSizeLicense
23/12/2007 14.43.56 (DIR) 0 byte 1 days old -- .clamwin
24/12/2007 12.58.50 130915 byte 0 days old -- NMM-MetaData.db

----- recent files in C:\DOCUME~1\PAPY\IMPOST~1\Temp\
14/12/2007 20.23.54 3985 byte 10 days old -- Fede MP3.m3u
20/12/2007 16.30.38 27186688 byte 4 days old -- a76f19.msi
22/12/2007 20.28.06 49476 byte 2 days old -- ff3d_appcompat.txt
22/12/2007 20.47.26 49476 byte 2 days old -- 3a55_appcompat.txt
23/12/2007 13.59.57 512 byte 1 days old -- ~DFE6A0.tmp
23/12/2007 13.59.57 16384 byte 1 days old -- ~DFE68E.tmp
23/12/2007 14.45.13 2039 byte 1 days old -- tmpbxaypp
23/12/2007 16.00.35 512 byte 1 days old -- ~DF8F96.tmp
23/12/2007 16.00.35 32768 byte 1 days old -- ~DF8F84.tmp
23/12/2007 16.00.44 32768 byte 1 days old -- ~DF9B9B.tmp
23/12/2007 16.00.44 512 byte 1 days old -- ~DF9BB6.tmp
23/12/2007 17.25.53 512 byte 1 days old -- ~DF997F.tmp
23/12/2007 17.25.53 16384 byte 1 days old -- ~DF9964.tmp
23/12/2007 18.19.13 94 byte 1 days old -- ClamWin4.log
23/12/2007 18.21.07 416 byte 1 days old -- java_install_reg.log
23/12/2007 19.30.52 12 byte 1 days old -- ClamWin_CheckVer_Time
23/12/2007 19.30.52 12 byte 1 days old -- ClamWin_CheckVer_Info
23/12/2007 22.01.57 (DIR) 0 byte 1 days old -- Google Toolbar
24/12/2007 01.19.47 (DIR) 0 byte 0 days old -- DefaultEmoticons
24/12/2007 01.21.59 (DIR) 0 byte 0 days old -- Icons
24/12/2007 11.02.58 1118 byte 0 days old -- ClamWin1.log
24/12/2007 12.10.26 49476 byte 0 days old -- 99cd_appcompat.txt
24/12/2007 12.12.29 (DIR) 0 byte 0 days old -- WPDNSE
24/12/2007 12.34.16 (DIR) 0 byte 0 days old -- MessengerCache
24/12/2007 12.35.47 4333 byte 0 days old -- NclRegPermissions(1).log
24/12/2007 12.35.55 416 byte 0 days old -- MSI660f1.LOG
24/12/2007 12.38.02 (DIR) 0 byte 0 days old -- Nokia PB3 Temp Folder
24/12/2007 12.58.33 353 byte 0 days old -- MCLLog.txt
24/12/2007 13.42.40 1396 byte 0 days old -- wmplog00.sqm
24/12/2007 14.02.19 512 byte 0 days old -- ~DF77FF.tmp
24/12/2007 14.02.19 32768 byte 0 days old -- ~DF77E7.tmp
24/12/2007 14.02.25 32768 byte 0 days old -- ~DF8971.tmp
24/12/2007 14.02.25 512 byte 0 days old -- ~DF89BF.tmp
24/12/2007 14.41.26 (DIR) 0 byte 0 days old -- plugtmp
24/12/2007 15.00.02 16384 byte 0 days old -- ~DF1AFA.tmp
24/12/2007 15.00.02 512 byte 0 days old -- ~DF1B0C.tmp
24/12/2007 15.13.47 5562 byte 0 days old -- plf4C.tmp
24/12/2007 15.14.03 (DIR) 0 byte 0 days old -- pft4E.tmp
24/12/2007 15.14.29 73650 byte 0 days old -- kl-install-2007-12-24-15-14-10.log
24/12/2007 15.15.33 0 byte 0 days old -- kleaner.log
24/12/2007 15.15.33 33804 byte 0 days old -- caevents.log
24/12/2007 15.15.33 (DIR) 0 byte 0 days old -- {75193929-9A52-4CA4-98DE-8C7296940920}
24/12/2007 15.15.55 96138 byte 0 days old -- kl-install-2007-12-24-15-15-18.log
24/12/2007 15.19.35 16384 byte 0 days old -- ~DF1D68.tmp
24/12/2007 15.29.45 (DIR) 0 byte 0 days old -- nsb67.tmp
24/12/2007 15.29.51 16384 byte 0 days old -- ~DF839A.tmp
24/12/2007 15.29.58 (DIR) 0 byte 0 days old -- nss69.tmp

===================== Duplicates in BAK folders =====================

No BAK folders found

===================== REGISTRY SCAN =====================

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"avgnt"="\"C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"
"00PCTFW"="\"D:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe\" -s"
"UpdReg"="C:\WINDOWS\UpdReg.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"SDTray"="\"C:\Programmi\Spyware Doctor\SDTrayApp.exe\""
"spywarefighterguard"="D:\Programmi\SPYWAREfighter\spftray.exe"
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup"

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]
"Installed"="1"

[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[Run\OptionalComponents\MSFS]
"Installed"="1"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[Run]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[Run]

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
#### HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\InprocServer32 @="D:\Programmi\SUPERAntiSpyware\SASSEH.DLL"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"="LogonUI.EXE"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Senza fili"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="Utilità di pianificazione pacchetti QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Script"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installazione software"
"DllName"=expand:"appmgmts.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="Protezione IP"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\!SASWinLogon]
"DllName"="D:\Programmi\SUPERAntiSpyware\SASWINLO.dll"

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\TaskMgr.exe]
"Debugger"="C:\Documents and Settings\PAPY\Desktop\sicurezza\DTaskManager\DTaskManager.exe"

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"PDBoot.exe\00autocheck autochk *\00sprestrt\00\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

[RunServicesOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

[RunServicesOnce]

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

[Load]

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\programmi\google\googletoolbar1.dll"

[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----

[startupfolder]

[startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
"path"="C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk"
"backup"="C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
"path"="C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk"
"backup"="C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE "
"item"="Avvio veloce di Adobe Reader"

[startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Barra di Tutto per scrivere bene.lnk]
"path"="C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Barra di Tutto per scrivere bene.lnk"
"backup"="C:\WINDOWS\pss\Barra di Tutto per scrivere bene.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\PROGRA~1\EXPERT~1\TUTTOP~1.5\SuiteBar.exe "
"item"="Barra di Tutto per scrivere bene"

[startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^BlueSoleil.lnk]
"path"="C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\BlueSoleil.lnk"
"backup"="C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\IVTCOR~1\BLUESO~1\BLUESO~1.EXE "
"item"="BlueSoleil"

[startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Google Updater.lnk]
"path"="C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Google Updater.lnk"
"backup"="C:\WINDOWS\pss\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~1.EXE -systray -startup"
"item"="Google Updater"

[startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
"path"="C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk"
"backup"="C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\PROGRA~1\MICROS~1\Office\OSA9.EXE -b -l"
"item"="Microsoft Office"

[startupfolder\C:^Documents and Settings^PAPY^Menu Avvio^Programmi^Esecuzione automatica^Glass2k.lnk]
"path"="C:\Documents and Settings\PAPY\Menu Avvio\Programmi\Esecuzione automatica\Glass2k.lnk"
"backup"="C:\WINDOWS\pss\Glass2k.lnkStartup"
"location"="Startup"
"command"="C:\Programmi\glass2k\Glass2k.exe "
"item"="Glass2k"

[startupfolder\C:^Documents and Settings^PAPY^Menu Avvio^Programmi^Esecuzione automatica^Thoosje Sidebar.lnk]
"path"="C:\Documents and Settings\PAPY\Menu Avvio\Programmi\Esecuzione automatica\Thoosje Sidebar.lnk"
"backup"="C:\WINDOWS\pss\Thoosje Sidebar.lnkStartup"
"location"="Startup"
"command"="C:\Programmi\Thoosje Sidebar 2.2\Thoosje Sidebar.exe "
"item"="Thoosje Sidebar"

[startupfolder\C:^Documents and Settings^PAPY^Menu Avvio^Programmi^Esecuzione automatica^TrueTransparency.lnk]
"path"="C:\Documents and Settings\PAPY\Menu Avvio\Programmi\Esecuzione automatica\TrueTransparency.lnk"
"backup"="C:\WINDOWS\pss\TrueTransparency.lnkStartup"
"location"="Startup"
"command"="C:\Programmi\TrueTransparency\TrueTransparency.exe "
"item"="TrueTransparency"

[startupfolder\C:^Documents and Settings^PAPY^Menu Avvio^Programmi^Esecuzione automatica^ViOrb.lnk]
"path"="C:\Documents and Settings\PAPY\Menu Avvio\Programmi\Esecuzione automatica\ViOrb.lnk"
"backup"="C:\WINDOWS\pss\ViOrb.lnkStartup"
"location"="Startup"
"command"="C:\Programmi\ViOrb\ViOrb.exe "
"item"="ViOrb"

[startupfolder\C:^Documents and Settings^PAPY^Menu Avvio^Programmi^Esecuzione automatica^ViStart.lnk]
"path"="C:\Documents and Settings\PAPY\Menu Avvio\Programmi\Esecuzione automatica\ViStart.lnk"
"backup"="C:\WINDOWS\pss\ViStart.lnkStartup"
"location"="Startup"
"command"="C:\Programmi\ViStart\ViStart.exe "
"item"="ViStart"

[startupfolder\C:^Documents and Settings^PAPY^Menu Avvio^Programmi^Esecuzione automatica^VisualTaskTips.lnk]
"path"="C:\Documents and Settings\PAPY\Menu Avvio\Programmi\Esecuzione automatica\VisualTaskTips.lnk"
"backup"="C:\WINDOWS\pss\VisualTaskTips.lnkStartup"
"location"="Startup"
"command"="C:\Programmi\VisualTaskTips\VisualTaskTips.exe "
"item"="VisualTaskTips"

[startupfolder\C:^Documents and Settings^PAPY^Menu Avvio^Programmi^Esecuzione automatica^WinFlip.lnk]
"path"="C:\Documents and Settings\PAPY\Menu Avvio\Programmi\Esecuzione automatica\WinFlip.lnk"
"backup"="C:\WINDOWS\pss\WinFlip.lnkStartup"
"location"="Startup"
"command"="C:\Programmi\WinFlip\WinFlip.exe "
"item"="WinFlip"

-----HKCU\Control Panel\Desktop\-----

[Desktop]

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:00000c24

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Programmi\AdunanzA\eMule_AdnzA.exe"="C:\Programmi\AdunanzA\eMule_AdnzA.exe:*:Enabled:eMule"
"C:\Documents and Settings\PAPY\Desktop\eMule_AdnzA.exe"="C:\Documents and Settings\PAPY\Desktop\eMule_AdnzA.exe:*:Enabled:eMule"
"C:\Documents and Settings\PAPY\Impostazioni locali\Temporary Internet Files\Content.IE5\W96RWPI7\incredimail_install[1].exe"="C:\Documents and Settings\PAPY\Impostazioni locali\Temporary Internet Files\Content.IE5\W96RWPI7\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Documents and Settings\PAPY\Impostazioni locali\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe"="C:\Documents and Settings\PAPY\Impostazioni locali\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"D:\Programmi\Yahoo!\Messenger\YPager.exe"="D:\Programmi\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"D:\Programmi\Yahoo!\Messenger\YServer.exe"="D:\Programmi\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programmi\Windows Live\Messenger\msnmsgr.exe"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programmi\Windows Live\Messenger\livecall.exe"="C:\Programmi\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{69EFCAB0-79DC-4E94-9C5F-10D56AF5AA5F}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\ABCPix]

[VB and VBA Program Settings\ABCPix\URL]

[VB and VBA Program Settings\ABCPix\UserDef]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

[VB and VBA Program Settings\Cripty 3000 v2.0]

[VB and VBA Program Settings\Cripty 3000 v2.0\Impostazioni]

[VB and VBA Program Settings\Euro Add-in]

[VB and VBA Program Settings\Euro Add-in\Wizard Options]

[VB and VBA Program Settings\Glass2k]

[VB and VBA Program Settings\Glass2k\Settings]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Programmi\Java\jre1.6.0_03\bin\regutils.dll"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"@="Microsoft Windows Media Player 6.4"
"ComponentID"="Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Creazione avanzata"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classi Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.7"
"ComponentID"="MSVBScript"

[Installed Components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
"@="Aggiornamento della protezione per Windows XP (KB923789)"
"ComponentID"="KB923789"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Utilità di pianificazione"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
"ComponentID"="Yahoo! Messenger

da **ste_95** » lun dic 24, 2007 4:13 pm

Il report di suspectfile va messo su www.freefilehosting.net e riportandone il link [:)]

da **crazy.cat** » lun dic 24, 2007 4:29 pm

ste_95 ha scritto:Il report di suspectfile va messo su www.freefilehosting.net e riportandone il link

ormai è qui......leggilo dal sito.

da **ALCALIN** » lun dic 24, 2007 4:40 pm

Il file .zip è stato inviato, ora che succede mi mandano risposta, oppure dove trovo una risposta?
Grazie per l'aiuto escusate se sono così pedante ma in questo caso sono in difficoltà

da **ste_95** » lun dic 24, 2007 4:43 pm

Il log è incompleto (Poiché tagliato dal numero massimo di caratteri), ma da quello che ho visto non c'è nulla, ma manca una parte essenziale, mettilo quindi su www.freefilehosting.net e riportane il link

www.MegaLab.it

W32

W32

Già fatto

Posto comunque il log

W32

Chi c’è in linea