www.MegaLab.it

[hashcat]

Eccolo:



Dopo aver cliccato ok sull'ultima finestra ti chiederà se vuoi apportare le modifiche al disco e tu rispondi affermativamente

[read82]

OK fatto tutto.....
ho riavviato ma si ferma subito il pc con schermata nera ed un trattino in alto a sinistra che lampeggia

[read82]

oh my god....

Io ho cliccato su AZZERA BYTE....e poi dato ok....
cos aho combinato??

[read82]

Buh, anche la guida dice di cliccare su AZZERA BYTES, mentre nel video non viene cliccato

[hashcat]

Buh, anche la guida dice di cliccare su AZZERA BYTES, mentre nel video non viene cliccato

Si ma tu devi riempire i settori con degli zero quindi la procedura dovrebbe essere ugualmente corretta

[read82]

Buh, anche la guida dice di cliccare su AZZERA BYTES, mentre nel video non viene cliccato

Si ma tu devi riempire i settori con degli zero quindi la procedura dovrebbe essere ugualmente corretta

Beh credo di si, dato che anche la guida dice di cliccare su AZZERA.
Adesso ho però riavviato il portatile e dopo due secondi si ferma..
appare un trattino in alto a sinistra che lampeggia e non va avanti.

[farbix89]

Prova con il consiglio già fornito da Uomo in caso di problemi al riavvio

Alla fine salva tutto e riavvia il pc, se non dovesse riavviarsi correttamente utilizza la consolle di ripristino di windows per riparare i problemi di boot. In questo modo non dovresti più avere segnalazioni di problemi e dell'infezione non ci sarà più traccia.

[read82]

Grazie Farbix
Dunque devo procurare windows vista
O c'è altra modo per avviare la console?

Ho visto che gli unici comandi che mi fa fare sono quelli del Boot ed il bios
Quindi metto cd e lo avvio .

Con windows XP l'ho fatto pareccjie volte, mai però con vista...vediamo se trovo una guida

[farbix89]

Eccola qua

http://www.MegaLab.it/3677/2/ripristina ... di-windows

[read82]

Ragazzi ho scaricato Windows Vista recovery disc, che praticamemte mi ha dato lo stesso comando che visualizzo nella guida da voi indicatomi, se clicco su ripara porblemi non mi trova nessun problema
Se riavvio non parte nulla....

Mi vede il sistema operativo con la relativa partizione, quindi escludo danneggiamento partizione.

DIte che mi serve proprio il cd di vista?

Quali comandi posso dare dal prompt?

[read82]

Ragazzi è assurda la situazione.

Go dato il comando Bootrec.exe/fimbr
Ha risolto il problema ....
cosa faccio riavvio ....e........Solita schermata blu

Appena entrato in modalità provvisoria , vediamo un po'....


NOn ci credo.........

Se digito Asw MBR mi da ancora quei file nascosti di prevx...... pkbf.sys, pxrts.sys, pscan.sys

ma non erastato azzerato tutto??

[hashcat]

Quali comandi posso dare dal prompt?

I file che vengono rilevati sono inerenti a Prevx per rimuoverli ti conviene reinstallare prevx e successivamente disinstallarlo, poi utilizzare il pulitore che ti avevo indicato.

Potresti mostrare il resoconto di mbr?

Procedimento facoltativo:

Utilizzando il prompt dei comandi (serve il cd di windows vista) digiti il seguente comando:

Codice: Seleziona tutto

Sfc /Scannow

Questo comando provvede a controllare l'integrità dei file di sistema e se corrotti li sostituisce con quelli presente sul disco del sistema operativo.

N.B.: Per il funzionamento del comando Sfc /Scannow è necessario che il disco del sistema operativo sia presente nel lettore cd

[read82]

Adesso mbr stealth mi dice questo

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: Hitachi_HTS543216L9A300 rev.FB2OC40C -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Il settore Zero invece mi da questo

Uploaded with ImageShack.us

asw mbr avasta mi da invece questo

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-16 15:05:48
-----------------------------
15:05:48.174 OS Version: Windows 6.0.6002 Service Pack 2
15:05:48.174 Number of processors: 2 586 0xF0D
15:05:48.174 ComputerName: PC-STEFANIA UserName: Stefania
15:05:49.064 Initialize success
15:05:51.731 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:05:51.731 Disk 0 Vendor: Hitachi_HTS543216L9A300 FB2OC40C Size: 152627MB BusType: 3
15:05:53.759 Disk 0 MBR read successfully
15:05:53.759 Disk 0 MBR scan
15:05:53.759 Disk 0 Windows VISTA default MBR code
15:05:55.772 Disk 0 scanning sectors +312578048
15:05:55.787 Disk 0 scanning C:\Windows\system32\drivers
15:06:02.823 Service scanning
15:06:03.494 Service pxkbf C:\Windows\System32\drivers\pxkbf.sys **HIDDEN**
15:06:03.494 Service pxrts C:\Windows\System32\drivers\pxrts.sys **HIDDEN**
15:06:03.494 Service pxscan C:\Windows\System32\drivers\pxscan.sys **HIDDEN**
15:06:04.071 Disk 0 trace - called modules:
15:06:04.071
15:06:04.071 Scan finished successfully
15:07:27.297 Disk 0 MBR has been saved successfully to "C:\Users\Stefania\Desktop\MBR.dat"
15:07:27.312 The log file has been saved successfully to "C:\Users\Stefania\Desktop\aswMBR.txt"


aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-17 17:25:03
-----------------------------
17:25:03.680 OS Version: Windows 6.0.6002 Service Pack 2
17:25:03.680 Number of processors: 2 586 0xF0D
17:25:03.680 ComputerName: PC-STEFANIA UserName: Stefania
17:25:04.366 Initialize success
17:25:05.942 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:25:05.942 Disk 0 Vendor: Hitachi_HTS543216L9A300 FB2OC40C Size: 152627MB BusType: 3
17:25:08.001 Disk 0 MBR read successfully
17:25:08.001 Disk 0 MBR scan
17:25:08.001 Disk 0 unknown MBR code
17:25:10.014 Disk 0 scanning sectors +312578048
17:25:10.092 Disk 0 scanning C:\Windows\system32\drivers
17:25:16.722 Service scanning
17:25:17.299 Service pxkbf C:\Windows\System32\drivers\pxkbf.sys **HIDDEN**
17:25:17.299 Service pxrts C:\Windows\System32\drivers\pxrts.sys **HIDDEN**
17:25:17.299 Service pxscan C:\Windows\System32\drivers\pxscan.sys **HIDDEN**17:25:17.860 Disk 0 trace - called modules:
17:25:17.876 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys
17:25:17.876 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85446548]
17:25:17.876 3 CLASSPNP.SYS[8a3a68b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85296b98]
17:25:17.876 Scan finished successfully
17:25:32.868 Disk 0 MBR has been saved successfully to "C:\Users\Stefania\Desktop\MBR.dat"
17:25:32.914 The log file has been saved successfully to "C:\Users\Stefania\Desktop\aswMBR.txt"

[farbix89]

forse si può ancora far qualcosa (con hashcat e Uomo sei in buone mani ).


Prenderei in considerazione uno zero-filling totale del disco,almeno estirpi il problema alla radice....ovvio che devi fare backup dei dati importanti prima di agire in maniera così drastica,ma rimane una possibilità (l'ultima).

[hashcat]

Ok procedi come ho spiegato sopra per rimuovere Prevx.

Per quanto riguarda le cause dei "Blue screens of death" utilizza lo strumento BlueScreenView esegui il programma con privilegi di amministratore e con il tasto destro seleziona "HTML REPORT - All items" e posta il file qui.

[read82]

intanto sto facendo una scansione con spybot, vediamo se rileva qualcosa..sino a ieri rileva sistematicamente virus che una volta eliminati riapparivano al successivo riavvio...


edit..mi sta rilevando gli stessi virus che mi rilevava....insomma non è cambiato nulla...

[read82]

Ok procedi come ho spiegato sopra per rimuovere Prevx.

Per quanto riguarda le cause dei "Blue screens of death" utilizza lo strumento BlueScreenView esegui il programma con privilegi di amministratore e con il tasto destro seleziona "HTML REPORT - All items" e posta il file qui.

daccordo faccio subito

[hashcat]

edit..mi sta rilevando gli stessi virus che mi rilevava....insomma non è cambiato nulla...

Il rootkit non viene più rilevato da mbr

Al termine della scansione con Spybot potresti gentilmente allegarne il log. Se il log è troppo lungo caricalo su paste2.org

EDIT:

Ora il computer funziona anche in modalità provvisoria?

[read82]

Dunque il computer, da quando ho avuto questi problemi ha SOLO FUNZIONATO IN MODALITA' PROVVISORIA

BLUESCREEN mi da 0 crashed quindi non mi fa fare nulla...
in realtà cerca i blue screen in C:windows\minidump, ma ho nottao invece che sono in applocal ecc ecc
vediamo un po' se trovo qualche programmma che apre sti fiile.dump


questo è il log

-- Search result list ---
Click.GiftLoad: [SBI $89783858] Impostazioni utente (Valore di registro, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe

Fraud.DefenseCenter: [SBI $8B9C68F8] Impostazioni (Modifica al registro, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Fraud.DefenseCenter: [SBI $8B9C68F8] Impostazioni (Modifica al registro, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Win32.FraudLoad.edt: [SBI $8454102F] Impostazioni (Chiave di registro, fixed)
HKEY_USERS\.DEFAULT\Software\NtWqIVLZEWZU

Win32.FraudLoad.edt: [SBI $8454102F] Impostazioni (Chiave di registro, fixed)
HKEY_USERS\S-1-5-18\Software\NtWqIVLZEWZU

Fraud.WindowsRecovery: [SBI $9C8FE954] Impostazioni (Valore di registro, fixed)
HKEY_USERS\.DEFAULT\Software\75fa38b7-8b94-4995-ad32-52e938867954

Fraud.WindowsRecovery: [SBI $9C8FE954] Impostazioni (Valore di registro, fixing failed)
HKEY_USERS\S-1-5-18\Software\75fa38b7-8b94-4995-ad32-52e938867954

Fraud.WindowsRecovery: [SBI $597FC39E] Impostazioni (Valore di registro, fixed)
HKEY_USERS\.DEFAULT\Software\BD

Fraud.WindowsRecovery: [SBI $597FC39E] Impostazioni (Valore di registro, fixing failed)
HKEY_USERS\S-1-5-18\Software\BD

Microsoft.Windows.ActiveDesktop: [SBI $99FAD8A8] Impostazioni utente (Modifica al registro, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper

Microsoft.Windows.ActiveDesktop: [SBI $99FAD8A8] Impostazioni utente (Modifica al registro, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper

DoubleClick: Cookie tracciante (Internet Explorer: Stefania) (Cookie, nothing done)


Right Media: Cookie tracciante (Internet Explorer: Stefania) (Cookie, nothing done)


Log: Activity: ntbtlog.txt (File di backup, fixed)
C:\Windows\ntbtlog.txt

Log: Shutdown: System32\wbem\logs\wmiprov.log (File di backup, fixed)
C:\Windows\System32\wbem\logs\wmiprov.log

Internet Explorer: [SBI $FF589D0C] Download directory (Modifica al registro, fixed)
HKEY_USERS\S-1-5-21-2679278627-3391944010-3728754988-1000\Software\Microsoft\Internet Explorer\Download Directory

Internet Explorer: [SBI $0BC7B918] User agent (Modifica al registro, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Modifica al registro, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Management Console: [SBI $ECD50EAD] Recent command list (1 file) (Chiave di registro, fixed)
HKEY_USERS\S-1-5-21-2679278627-3391944010-3728754988-1000\Software\Microsoft\Microsoft Management Console\Recent File List

MS Direct3D: [SBI $C2A44980] Most recent application (Modifica al registro, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Modifica al registro, fixed)
HKEY_USERS\S-1-5-21-2679278627-3391944010-3728754988-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Modifica al registro, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Modifica al registro, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS Paint: [SBI $07867C39] Recent file list (1 file) (Chiave di registro, fixed)
HKEY_USERS\S-1-5-21-2679278627-3391944010-3728754988-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

Windows: [SBI $1E4E2003] Drivers installation paths (Modifica al registro, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $7308A845] Run history (2 file) (Chiave di registro, fixed)
HKEY_USERS\S-1-5-21-2679278627-3391944010-3728754988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 file) (Chiave di registro, fixed)
HKEY_USERS\S-1-5-21-2679278627-3391944010-3728754988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (63 file) (Chiave di registro, fixed)
HKEY_USERS\S-1-5-21-2679278627-3391944010-3728754988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Chiave di registro, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Chiave di registro, fixed)
HKEY_USERS\S-1-5-21-2679278627-3391944010-3728754988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Chiave di registro, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Modifica al registro, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Modifica al registro, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Modifica al registro, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Modifica al registro, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Valore di registro, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Valore di registro, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinRAR: [SBI $0B56E92B] Recent file list (4 file) (Chiave di registro, fixed)
HKEY_USERS\S-1-5-21-2679278627-3391944010-3728754988-1000\Software\WinRAR\ArcHistory

WinRAR: [SBI $B84F9965] Last used directory (Modifica al registro, fixed)
HKEY_USERS\S-1-5-21-2679278627-3391944010-3728754988-1000\Software\WinRAR\General\LastFolder

Cookie: [SBI $49804B54] Cookie (30) (Cookie, fixed)


Cache: [SBI $49804B54] Cache (368) (Cache, fixed)


History: [SBI $49804B54] Cronologia (36) (Cronologia, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2011-05-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-05-09 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-05-09 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-05-10 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2010-12-28 Includes\Trojans.sbi (*)
2011-05-11 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2011-05-11 Includes\TrojansC-04.sbi (*)
2011-05-11 Includes\TrojansC-05.sbi (*)
2011-05-11 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 34672
MD5: 69B16C7B7746BA5C642FC05B3561FC73

Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, CLMLServer
command: "C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
file: C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
size: 196608
MD5: 550EA4A351D7E15F75A99185269BC906

Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 31072
MD5: 644795F6985C740F5E36E9336B837D0B

Located: HK_LM:Run, HotKeysCmds
command: C:\Windows\system32\hkcmd.exe
file: C:\Windows\system32\hkcmd.exe
size: 170520
MD5: 585ACCC456C07D826BE926DA1310629A

Located: HK_LM:Run, IgfxTray
command: C:\Windows\system32\igfxtray.exe
file: C:\Windows\system32\igfxtray.exe
size: 150040
MD5: 1D4F57A744EC624A617A8B3856C84655

Located: HK_LM:Run, PCMAgent
command: "C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe"
file: C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
size: 143360
MD5: 893C0CE7AD243FC4C9EF66A3EF449278

Located: HK_LM:Run, Persistence
command: C:\Windows\system32\igfxpers.exe
file: C:\Windows\system32\igfxpers.exe
size: 145944
MD5: 724D61FD73072188E6ADF1CCB68A9B24

Located: HK_LM:Run, PlayMovie
command: "C:\Program Files\CyberLink\PlayMovie\PMVService.exe"
file: C:\Program Files\CyberLink\PlayMovie\PMVService.exe
size: 172032
MD5: FA38235D5C8ABE33E1F9B908346C7AED

Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 6265376
MD5: 62B33087950E8A6A9DC180F25E7781B5

Located: HK_LM:Run, Skytel
command: Skytel.exe
file: C:\Windows\Skytel.exe
size: 1833504
MD5: 3CBD93374ED2CE9DFD6B11DB2A95A4FA

Located: HK_LM:Run, SmpcSys
command: C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
file: C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
size: 1038136
MD5: CB2B9EB1447D8A264E46948DF46C1212

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 894512
MD5: 8C6BC84B3513BE42EC204FEE5FB29446

Located: HK_CU:Run, W5E7SH31DG
where: .DEFAULT...
command: C:\Windows\TEMP\Agr.exe
file: C:\Windows\TEMP\Agr.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, FlashPlayerUpdate
where: .DEFAULT...
command: C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
file: C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
size: 256280
MD5: 678F50CBC5537150CFDCCA7944130B6D

Located: HK_CU:Run, SUPERAntiSpyware
where: S-1-5-21-2679278627-3391944010-3728754988-1000...
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 2424192
MD5: 9FB2EE7C060AF10E60E94182779DCECE

Located: HK_CU:Run, W5E7SH31DG
where: S-1-5-18...
command: C:\Windows\TEMP\Agr.exe
file: C:\Windows\TEMP\Agr.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, FlashPlayerUpdate
where: S-1-5-18...
command: C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
file: C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
size: 256280
MD5: 678F50CBC5537150CFDCCA7944130B6D

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 11/06/2008 11:33:16
Date (last access): 17/05/2011 12:58:58
Date (last write): 11/06/2008 11:33:16
Filesize: 75128
Attributes: hidden archive
MD5: E96C752BBA0E22330A43258FC800200E
CRC32: E5D72083
Version: 9.0.0.332

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name:

{69D72956-317C-44bd-B369-8E44D4EF9801} (SafeOnline BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SafeOnline BHO
Path: C:\Windows\system32\
Long name: PxSecure.dll
Short name:
Date (created): 17/05/2011 5:42:26
Date (last access): 17/05/2011 5:42:26
Date (last write): 17/05/2011 5:42:26
Filesize: 71880
Attributes: archive
MD5: 83558BA17363A65C75C1BE39282E08C5
CRC32: 05D0DCD8
Version: 3.0.5.220

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\Program Files\Microsoft Office\Office12\
Long name: GrooveShellExtensions.dll
Short name: GRA8E1~1.DLL
Date (created): 12/02/2009 3:19:32
Date (last access): 17/05/2011 1:08:54
Date (last write): 12/02/2009 3:19:32
Filesize: 2217848
Attributes: archive
MD5: A6B5A41C0ED007AB6C43CAD899E533D8
CRC32: BA078F79
Version: 12.0.6421.1000

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 21/09/2010 2:08:38
Date (last access): 17/05/2011 1:00:18
Date (last write): 21/09/2010 2:08:38
Filesize: 439168
Attributes: archive
MD5: 6BF01E200063D7274F3AF06D226671F5
CRC32: C8953126
Version: 7.250.4225.0

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 29/06/2010 4:14:30
Date (last access): 17/05/2011 1:04:48
Date (last write): 29/06/2010 4:14:30
Filesize: 41760
Attributes: archive
MD5: 385BD69743EA92E76CDF07B3345A25D5
CRC32: D47CB5BA
Version: 6.0.200.2



--- ActiveX list ---
{5554DCB0-700B-498D-9B58-4E40E5814405} (RSClientPrint 2008 Class)
DPF name:
CLSID name: RSClientPrint 2008 Class
Installer: C:\Windows\Downloaded Program Files\RSClientPrint-x86.inf
Codebase: http://www.formulacerta.it/Reserved.Rep ... e=PrintCab
Path: C:\Windows\Downloaded Program Files\
Long name: rsclientprint.dll
Short name: RSCLIE~1.DLL
Date (created): 10/07/2008 2:49:14
Date (last access): 14/05/2011 2:07:24
Date (last write): 10/07/2008 2:49:14
Filesize: 583704
Attributes: archive
MD5: 5DF42E28E01872F5CFA95E26D8E5CF00
CRC32: 7BAE5129
Version: 2007.100.1600.22

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_20
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 25/08/2010 9:54:58
Date (last access): 17/05/2011 1:04:48
Date (last write): 12/04/2010 5:29:22
Filesize: 108320
Attributes: archive
MD5: 3F7C69FF524EC11535342108A350A76F
CRC32: 28370E95
Version: 6.0.200.2

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_20
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 25/08/2010 9:54:58
Date (last access): 17/05/2011 1:04:48
Date (last write): 12/04/2010 5:29:22
Filesize: 108320
Attributes: archive
MD5: 3F7C69FF524EC11535342108A350A76F
CRC32: 28370E95
Version: 6.0.200.2

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_20
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_20.dll
Short name: NPJPI1~1.DLL
Date (created): 12/04/2010 3:19:06
Date (last access): 17/05/2011 1:04:50
Date (last write): 12/04/2010 5:29:22
Filesize: 136992
Attributes: archive
MD5: E06930C34F16C8AD24AD79502F40026A
CRC32: 529E0B62
Version: 6.0.200.2

{E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool)
DPF name:
CLSID name: Windows Live Hotmail Photo Upload Tool
Installer: C:\Windows\Downloaded Program Files\MSNPUpld.inf
Codebase: http://gfx2.hotmail.com/mail/w4/m3/phot ... dit-it.cab
Path: C:\Windows\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 19/08/2009 11:53:00
Date (last access): 16/05/2011 8:19:42
Date (last write): 19/08/2009 11:53:00
Filesize: 641368
Attributes: archive
MD5: 6F315BDFE7148459DE3B4B59E6DFA1D4
CRC32: AE293764
Version: 15.1.100.0



--- Process list ---
PID: 1584 (1576) C:\Windows\Explorer.EXE
size: 2926592
MD5: D07D4C3038F3578FFCE1C0237F2A1253
PID: 1860 (1584) C:\Program Files\Internet Explorer\iexplore.exe
size: 636080
MD5: 2C5168C856455CC43C4B4E1CC1920001
PID: 220 (1584) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 2036 (1584) C:\Program Files\Internet Explorer\iexplore.exe
size: 636080
MD5: 2C5168C856455CC43C4B4E1CC1920001
PID: 1784 ( 412) C:\Program Files\Prevx\prevx.exe
size: 6416120
MD5: E83EDA549DF387DB4C4FBBD6D7F94886
PID: 1656 (1584) C:\Users\Stefania\Desktop\bluescreenview\BlueScreenView.exe
size: 52736
MD5: 38B8A1C3F50FB50454E2EDF8195DC3BC
PID: 940 (1584) C:\Windows\System32\wercon.exe
size: 1143296
MD5: BF899F57858B8C6F162D9EEB2370641C
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 324 ( 4) smss.exe
size: 64000
PID: 384 ( 372) csrss.exe
size: 6144
PID: 420 ( 412) csrss.exe
size: 6144
PID: 428 ( 372) wininit.exe
size: 96768
PID: 464 ( 412) winlogon.exe
size: 314368
PID: 504 ( 428) services.exe
size: 279552
PID: 516 ( 428) lsass.exe
size: 9728
PID: 524 ( 428) lsm.exe
size: 229888
PID: 672 ( 504) svchost.exe
size: 21504
PID: 728 ( 504) svchost.exe
size: 21504
PID: 768 ( 504) svchost.exe
size: 21504
PID: 860 ( 504) svchost.exe
size: 21504
PID: 888 ( 504) svchost.exe
size: 21504
PID: 912 ( 504) svchost.exe
size: 21504
PID: 960 ( 504) svchost.exe
size: 21504
PID: 976 ( 504) svchost.exe
size: 21504
PID: 1184 ( 504) svchost.exe
size: 21504
PID: 1348 ( 504) svchost.exe
size: 21504


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 17/05/2011 5:53:36

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.it/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://homepage.packardbell.com/rdr.asp ... ynote_mh36
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: Provider di servizi TCPv6 RSVP
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: Provider di servizi TCP RSVP
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: Provider di servizi UDPv6 RSVP
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: Provider di servizi UDP RSVP
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BA0FF9FA-9A57-4D1F-852B-CD34E3E92D2F}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BA0FF9FA-9A57-4D1F-852B-CD34E3E92D2F}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1D4BBC28-4EA9-4566-BDD6-30B464E7420C}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1D4BBC28-4EA9-4566-BDD6-30B464E7420C}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{393D4F74-850C-4E66-8C61-67F87B806251}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{393D4F74-850C-4E66-8C61-67F87B806251}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{363189AE-2781-4C83-B519-9E859A3C66E6}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{363189AE-2781-4C83-B519-9E859A3C66E6}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BA0FF9FA-9A57-4D1F-852B-CD34E3E92D2F}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BA0FF9FA-9A57-4D1F-852B-CD34E3E92D2F}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AEBABDB5-2D5A-4434-9910-E4158D84222F}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AEBABDB5-2D5A-4434-9910-E4158D84222F}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{00F7F134-C6C9-4CF6-9667-83D8844439B0}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{00F7F134-C6C9-4CF6-9667-83D8844439B0}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1EF3C584-366B-4702-8173-3931C0E9D7A7}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1EF3C584-366B-4702-8173-3931C0E9D7A7}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1D4BBC28-4EA9-4566-BDD6-30B464E7420C}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1D4BBC28-4EA9-4566-BDD6-30B464E7420C}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{393D4F74-850C-4E66-8C61-67F87B806251}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{393D4F74-850C-4E66-8C61-67F87B806251}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Spazio dei nomi legacy Riconoscimento presenza in rete (NLAv1)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: Provider shim denominazione posta elettronica
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: Provider spazio dei nomi area PNRP
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: Provider spazio dei nomi PNRP
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

[hashcat]

BLUESCREEN mi da 0 crashed quindi non mi fa fare nulla...
in realtà cerca i blue screen in C:windows\minidump, ma ho nottao invece che sono in applocal ecc ecc
vediamo un po' se trovo qualche programmma che apre sti fiile.dump

Basta cambiare la cartella di scansione dei file di Bluescreenview:

vediamo un po' se trovo qualche programmma che apre sti fiile.dump

I file sono in formato .dmp