Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Services.exe - blocco pc da NT/AUTHORTY/SYSTEM

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Postdi huragano » 16/01/07 13:19

Ciao, a me è capitato molte volte di vedere pc con questi sintomi nella struttura dove lavoro....
Non è un vero è proprio virus, quindi spesso la maggiorparte degli antivirus non lo rilevano. E' un rootkit... Scarica Virit dal sito della tgsoft e fai una scansione con questo software, vedrai che qualcosa ti troverà sicuramente.
Fammi sapere...
Ciao
huragano
Newbie
 
Post: 2
Iscritto il: 16/01/07 13:12

Sponsor
 

Postdi monclar » 16/01/07 13:26

grazie huran, proverò anche quello e ti farò sapere.
ciao
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi monclar » 16/01/07 16:46

ciao Luke.
Ho fatto il download che mi avevi suggerito, ma non riesce ad aprirlo, mi dice che il programma è danneggiato!
che faccio?
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi monclar » 16/01/07 17:00

Penso di esserci riuscito, ecco il post:

************************* Rustock.b-fix -- By ejvindh *************************
16/01/2007 16.52.43,35


******************* Pre-run Status of system *******************

Rootkit driver PE386 is found. Starting the unload-procedure....
Examine the Avenger-logfile in order to assess the success of the unload-procedure

Rustock.b-ADS attached to the System32-folder:
:lzx32.sys 68944
Total size: 68944 bytes.
Attempting to remove ADS...
system32: deleted 68944 bytes in 1 streams.


******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No streams found.


******************************* End of Logfile ************************
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi monclar » 16/01/07 17:20

Ho fatto anche la scansione con VirIT che mi aveva consigliato huragano, mi ha trovato virus che altri programmi non avevano rilevato, ma non li rimuove; ho provato manualmente, ma all'indirizzo dei report non c'è nulla, anche spuntando visualizza files e cartelle nascoste... che siano loro i fetentoni causa di tutto?

ecco il report VirIT eXplorer Lite 6.1.49

(SCANSIONE DEL REGISTRO)
OK

(C:\WINDOWS)
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\dai.exe Possibile variante da Trojan.Win32.Small.JD
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\dai.exe Possibile variante da Trojan.Win32.Small.JD
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\dai.exe Possibile variante da Trojan.Win32.Small.JD
C:\WINDOWS\Downloaded Program Files\dai.exe Possibile variante da Trojan.Win32.Small.JD
C:\WINDOWS\Downloaded Program Files\ZOZZO.exe Possibile variante da Trojan.Win32.Small.JD

Chiavi Registro infette: 0.
Files infetti: 5.
Files Sospetti: 0.
Files Analizzati: 14461.
Chiavi Registro Rimosse: 0.
Virus Rimossi: 0.

ciao, aspetto commenti!
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi huragano » 16/01/07 18:05

Ok, dai, un bel passo in avanti lo abbiamo fatto...
hai rimosso il Rustock che è un rootkit piuttosto rognoso...
Ora come va il pc? Continua a riavviarsi o ad andare in crash?
Rimangono poi i files infetti trovati con Virit... che non trovi nel percorso indicato perchè il rootkit è in grado di nasconderli come fossero files di sistema...
Prova a fare una scansione con Gmer: apri Gmer e lancia lo scan dal Tab Rootkit, fai un copia/incolla nel Blocco Note dei percorsi dei files che trova nascosti (ad es: C:\Windows\beedg1.dll e C:\Windows\System32\com7.yyt)
Poi se trova qualcosa li rendiamo visibili con Avenger e li rimuoviamo definitivamente con Agvpfix. E' una procedura un po' laboriosa... ma dà i suoi frutti...
huragano
Newbie
 
Post: 2
Iscritto il: 16/01/07 13:12

Postdi monclar » 16/01/07 18:17

ok hura...
(shhhhhhhh, non voglio dirlo forte, ma sono collegato da più di 1 ora e ancora non è successo nulla).

Adesso proverò Gmer, se non lo posto subito è perchè devo uscire, in ogni caso lo farò appena possibile.
ciao
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi monclar » 16/01/07 18:53

ho lanciato Gmer, ma non capisco come fare a postare il report, quando dico COPY mi dice che il log è già salvato ma non capisco dove.
che devo fare?
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi monclar » 16/01/07 19:03

ecco il report di sysetmscan... è lunghissimo...scusate

systemscan - http://www.suspectfile.com - ver. 2.0.23

Date: 16/01/2007
Time: 18.57.08,64

Output limited to:
-Recent files
-Registry Run Keys
-Running Services
-Not Running Services
-Device Driver Services
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Suspicious Files

-------------Users folders -------------

Directory di C:\documents and settings

13/01/2007 18.39 <DIR> Administrator
25/09/2005 10.54 <DIR> All Users
17/09/2005 15.10 <DIR> Default User
12/01/2007 19.04 <DIR> LocalService
17/09/2005 14.57 <DIR> NetworkService
16/01/2007 16.54 <DIR> utente

-------------Recent files (60 days) -------------
NOTE: searched only in C:, C:\WINDOWS, C:\WINDOWS\system32, C:\Programmi\File comuni, C:\WINDOWS\temp



Directory di C:\


03/01/2007 19.12 <DIR> 21ebeecb7cd73ab9c845
17/12/2006 00.06 <DIR> ACRWIN2000
16/01/2007 17.21 <DIR> VEXPLITE
16/01/2007 16.56 <DIR> avenger
16/01/2007 18.57 <DIR> suspectfile
17/12/2006 00.06 <DIR> DATI_ACR
13/01/2007 18.39 <DIR> Documents and Settings
16/01/2007 16.56 <DIR> WINDOWS
16/01/2007 16.56 <DIR> Rustbfix
13/01/2007 20.45 <DIR> Programmi
11/01/2007 22.33 0 CONFIG.SYS
16/01/2007 16.55 1.194 avenger.txt
11/01/2007 22.33 0 AUTOEXEC.BAT
14/01/2007 19.55 107 gromozon_removal.log


Directory di C:\WINDOWS


10/01/2007 11.04 <DIR> WBEM
03/01/2007 19.21 <DIR> AppPatch
16/01/2007 18.48 <DIR> Temp
16/01/2007 16.55 <DIR> system32
13/01/2007 16.27 <DIR> pss
16/01/2007 18.48 <DIR> Prefetch
11/01/2007 23.53 <DIR> network diagnostic
21/11/2006 17.21 <DIR> msagent
14/01/2007 19.47 <DIR> Minidump
10/01/2007 11.47 <DIR> Help
10/01/2007 11.04 <DIR> Media
13/01/2007 11.01 <DIR> WinSxS
15/01/2007 21.12 <DIR> Internet Logs
10/01/2007 11.04 693.036 iis6.log
10/01/2007 11.04 27.046 ie7_main.log
10/01/2007 11.04 1.374 imsins.BAK
10/01/2007 11.04 1.374 imsins.log
10/01/2007 11.04 67.121 ie7.log
13/01/2007 11.19 674 KB823980.log
11/01/2007 20.45 868 KB835732.log
10/01/2007 11.01 10.906 KB904942.log
10/01/2007 11.01 5.733 KB914440.log
10/01/2007 11.01 11.717 KB915865.log
21/11/2006 12.43 15.075 KB920213.log
10/01/2007 11.02 14.467 IDNMitigationAPIs.log
21/11/2006 12.43 17.165 KB922760.log
14/12/2006 19.04 9.768 KB923689.log
14/12/2006 19.04 10.947 KB923694.log
21/11/2006 12.44 16.193 KB923980.log
21/11/2006 12.44 15.852 KB924270.log
14/12/2006 19.04 8.685 KB925398.log
10/01/2007 11.01 29.880 KB925454.log
14/12/2006 19.04 11.171 KB926255.log
12/01/2007 17.30 68.237 KB929969.log
10/01/2007 11.04 42.287 MedCtrOC.log
12/01/2007 21.08 80 gmer_uninstall.cmd
16/01/2007 18.49 250 gmer.ini
28/11/2006 15.23 573.440 gmer.exe
12/01/2007 21.08 565.311 gmer.dll
10/01/2007 11.04 605.067 FaxSetup.log
10/01/2007 11.04 30.535 msgsocm.log
10/01/2007 11.04 192.528 msmqinst.log
03/01/2007 17.14 116 NeroDigital.ini
10/01/2007 11.04 106.758 netfxocm.log
10/01/2007 11.02 12.708 NLSDownlevelMapping.log
14/01/2007 20.41 965.438 ntbtlog.txt
10/01/2007 11.04 126.526 ntdtcsetup.log
10/01/2007 11.04 294.668 ocgen.log
10/01/2007 11.04 37.555 ocmsn.log
07/01/2007 21.54 5.120 omsnlog.dll
13/01/2007 17.53 13.758 EPISMI00.SWB
10/01/2007 11.04 210.909 comsetup.log
01/12/2006 23.41 169 RtlRack.ini
16/01/2007 16.54 32.606 SchedLgU.Txt
16/01/2007 16.40 990.620 setupapi.log
10/01/2007 11.48 8.053 spupdsvc.log
14/01/2007 19.58 476 System.ini
10/01/2007 11.04 31.108 tabletoc.log
10/01/2007 11.04 281.003 tsoc.log
10/01/2007 11.04 75.182 updspapi.log
16/01/2007 16.56 0 0.log
16/01/2007 16.56 159 wiadebug.log
16/01/2007 16.56 50 wiaservc.log
12/01/2007 18.37 711 win.ini
12/01/2007 18.37 711 win.tmp
16/01/2007 16.56 1.478.838 WindowsUpdate.log
04/01/2007 20.53 32.057 wmsetup.log
13/01/2007 11.19 4.740 xpsp1hfm.log


Directory di C:\WINDOWS\system32


03/01/2007 19.12 <DIR> wbem
13/01/2007 18.35 <DIR> Restore
11/01/2007 19.35 <DIR> ZoneLabs
10/01/2007 11.04 <DIR> it-it
03/01/2007 19.12 <DIR> ActiveScan
16/01/2007 16.56 <DIR> drivers
11/01/2007 23.37 <DIR> config
16/01/2007 16.40 <DIR> CatRoot2
12/01/2007 17.30 <DIR> CatRoot
06/12/2006 20.07 12.288 advpack.dll.mui
03/01/2007 19.12 0 asfiles.txt
03/01/2007 19.07 1.406 Help.ico
06/12/2006 20.08 1.032.192 ieframe.dll.mui
13/01/2007 01.09 23.126 ikhcore.log
03/01/2007 00.19 10.980.776 MRT.exe
03/01/2007 19.07 30.590 pavas.ico
18/12/2006 14.02 1.808 subst.inf
05/01/2007 21.32 37.376 udial.exe
03/01/2007 19.07 2.550 Uninstall.ico
16/01/2007 16.56 54.112 vsconfig.xml
07/12/2006 17.02 2.174.976 wmvcore.dll
15/01/2007 21.04 2.206 wpa.dbl


Directory di C:\Programmi\File comuni


03/01/2007 19.17 <DIR> Autodesk Shared
12/01/2007 19.00 <DIR> McAfee
12/01/2007 19.27 <DIR> Nikon
14/12/2006 19.04 <DIR> System


Directory di C:\WINDOWS\temp


16/01/2007 16.56 0 sqlite_ydgZwzJwPf8bj7g
16/01/2007 17.26 1.024 sqlite_4Gtylpw1Pt1zk17



-------------HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

[run]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

[Run]

-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-------------

[Windows]
"AppInit_DLLs"=""

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\SYSTEM32\Userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"forceunlocklogon"=dword:00000000
"AllowMultipleTSSessions"=dword:00000001
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"Background"="0 0 0"
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Senza fili"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="Utilità di pianificazione pacchetti QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Script"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"DisplayName"=expand:"@iedkcs32.dll,-3051"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"DisplayName"=expand:"@iedkcs32.dll,-3014"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Installazione software"
"DllName"=expand:"appmgmts.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="Protezione IP"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Unlock"="WinlogonUnlockEvent"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp;Impostazioni locali\Dati applicazioni\Microsoft\Outlook"
"BuildNumber"=dword:00000a28

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"AVGCtrl"="C:\Programmi\AVPersonal\AVGNT.EXE /min"
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"SoundMan"="SOUNDMAN.EXE"
"FLMK08KB"="C:\Programmi\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE"
"FLMOFFICE4DMOUSE"="C:\Programmi\Browser MOUSE\mouse32a.exe"
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 \"EPSON Stylus C46 Series\" /O6 \"USB001\" /M \"Stylus C46\""
"OM_Monitor"="C:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe"
"Zone Labs Client"="\"C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe\" /minimized"
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE"

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]
"Installed"="1"

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[Run\OptionalComponents\MSFS]
"Installed"="1"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

[RunOnce]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

[RunOnceEx]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

[RunServices]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

[RunServicesOnce]

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"OM_Monitor"="C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart"
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

[RunOnce]

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-------------

[Browser Helper Objects]

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll"

[Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\Programmi\Spybot - Search & Destroy\SDHelper.dll"

[Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
#### HKCR\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\InprocServer32 @="c:\programmi\mcafee\virusscan\scriptcl.dll"
@="scriptproxy"

[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\programmi\google\googletoolbar3.dll"

-------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-------------

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-------------

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-------------HKLM\SYSTEM\ControlSet001\Control\Lsa-------------

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"LsaPid"=dword:00000260
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="7fb3fa30"
"Pattern"=hex:15,3e,37,28,81,a7,7c,34,5b,e5,6b,bd,dd,9a,8c,12,37,66,62,33,66,\
61,33,30,00,fd,07,00,07,75,00,00,34,fa,07,00,56,82,47,75,20,fa,07,00,40,fd,\
07,00,4c,fd,07,00,50,e0,a6,7b,ae,4f,b3,48,52,de,34,7f

[Lsa\GBG]
@Class="504f5aae"
"GrafBlumGroup"=hex:d6,65,d1,7f,d2,b6,96,bf,91

[Lsa\JD]
@Class="52347b48"
"Lookup"=hex:18,a7,82,0f,3f,91

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="a6e0ded5"
"SkewMatrix"=hex:ca,d5,ce,39,f6,f4,24,83,ae,c1,be,05,95,43,8a,14

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:3e,d9,a2,41,24,be,c5,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"RpcId"=dword:0000ffff
"Time"=hex:00,e6,db,e6,f1,85,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"RpcId"=dword:00000011
"Time"=hex:00,c7,d1,ec,f1,85,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"RpcId"=dword:00000012
"Time"=hex:00,c7,d1,ec,f1,85,c4,01
"Type"=dword:00000031

-------------HKLM\SYSTEM\ControlSet001\Services\SharedAccess-------------

[SharedAccess]
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:00001973

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistenza remota - Windows Messenger e conversazione"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\Programmi\Skype\Phone\Skype.exe"="C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\File comuni\McAfee\MNA\McNASvc.exe"="C:\Programmi\File comuni\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-------------HKLM\Software\Microsoft\Ole-------------

[Ole]
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

-------------HKEY_CLASSES_ROOT\exefile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\comfile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\batfile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\piffile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\scrFile\shell\open\command-------------

@="\"%1\" /S"

-------------HKEY_CLASSES_ROOT\htafile\shell\open\command-------------

@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-------------HKEY_CLASSES_ROOT\logfile\shell\open\command-------------

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-------------

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-------------HKLM\Software\Microsoft\Active Setup\Installed Components-------------

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
"LocalizedName"="@C:\WINDOWS\system32\ie4uinit.exe,-21"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"LocalizedName"="@C:\WINDOWS\system32\iedkcs32.dll,-3052"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\system32\msjava.dll"

[Installed Components\{0AF50295-8D49-ABC5-1815-6249828FDE88}]
@="DirectAnimation"
"ComponentID"="DirectAnimation"
"Local"="EN"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@=""
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
@="Microsoft Windows Media Player 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Creazione avanzata"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="Classi Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.7"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{6B4A2E2B-F7AC-EDB3-E13A-5983F14BEE0F}]
@="DirectAnimation"
"ComponentID"="DirectAnimation"
"Local"="EN"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{88A8F07D-7AD1-28B0-D991-8382D2DD00F2}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"Local"="EN"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
"LocalizedName"="@C:\WINDOWS\system32\ie4uinit.exe,-20"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
@=".NET Framework"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Utilità di pianificazione"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
#### HKCR\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx"
@="Macromedia Flash Player 8"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"

[Installed Components\{F2D2B58B-B2FD-46D1-8319-DCE564079934}]
@=".NET Framework"
"ComponentID"=".NETFramework"

-------------Comparing registry keys CCS1 vs CCS2 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AVG Anti-Spyware Guard\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {D096132C-7CE6-4B91-96FF-9F02450BE8D5} REG_BINARY 0F0000000000000000000000000000003210AD45F90000000000000000000000000000003210AD45010000000000000000000000000000003210AD452B0000000000000000000000000000003210AD452C0000000000000000000000000000003210AD45060000000000000000000000000000003210AD45
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {D096132C-7CE6-4B91-96FF-9F02450BE8D5} REG_BINARY 0F0000000000000000000000000000002AF1AC45F90000000000000000000000000000002AF1AC45010000000000000000000000000000002AF1AC452B0000000000000000000000000000002AF1AC452C0000000000000000000000000000002AF1AC45060000000000000000000000000000002AF1AC45
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ialm\Device0\VolatileSettings
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetBT\Parameters\Interfaces\Tcpip_{D096132C-7CE6-4B91-96FF-9F02450BE8D5} NetbiosOptions REG_DWORD 2 (0x2)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 6515 (0x1973)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 6491 (0x195B)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\srescan\Parameters\Loaded
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters DhcpNameServer REG_SZ 151.99.125.2 151.99.125.3
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{D096132C-7CE6-4B91-96FF-9F02450BE8D5} DhcpIPAddress REG_SZ 80.116.239.40
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{D096132C-7CE6-4B91-96FF-9F02450BE8D5} DhcpIPAddress REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{D096132C-7CE6-4B91-96FF-9F02450BE8D5} DhcpSubnetMask REG_SZ 255.255.255.255
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{D096132C-7CE6-4B91-96FF-9F02450BE8D5} DhcpSubnetMask REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{D096132C-7CE6-4B91-96FF-9F02450BE8D5} NameServer REG_SZ 85.37.17.39 85.38.28.71
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{D096132C-7CE6-4B91-96FF-9F02450BE8D5} NameServer REG_SZ
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\viritsvclite\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\vsmon\Parameters

Result compared: Different


-------------Comparing registry keys CCS1 vs CCS3 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical


-------------List of running services -------------



000) "ALG" - Servizio Gateway di livello applicazione
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe

001) "AntiVirService" - AntiVir Service
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\AVPersonal\AVGUARD.EXE"

002) "AudioSrv" - Audio Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

003) "AVG Anti-Spyware Guard" - AVG Anti-Spyware Guard
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe

004) "AVWUpSrv" - AntiVir Update
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\AVPersonal\AVWUPSRV.EXE"

005) "Browser" - Browser di computer
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

006) "CryptSvc" - Servizi di crittografia
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

007) "DcomLaunch" - Utilità di avvio processo server DCOM
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch

008) "Dhcp" - Client DHCP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

009) "dmserver" - Gestione dischi logici
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

010) "Dnscache" - Client DNS
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k NetworkService

011) "ERSvc" - Servizio di segnalazione errori
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

012) "Eventlog" - Registro eventi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe

013) "EventSystem" - Sistema di eventi COM+
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

014) "FastUserSwitchingCompatibility" - Compatibilità di Cambio rapido utente
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

015) "helpsvc" - Guida in linea e supporto tecnico
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

016) "lanmanserver" - Server
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

017) "lanmanworkstation" - Workstation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

018) "LmHosts" - Helper NetBIOS di TCP/IP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

019) "McAfee HackerWatch Service" - McAfee HackerWatch Service
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe"

020) "McLogManagerService" - McAfee Log Manager
---> STAT = (RUNNING) Started automatically
---> FILE = C:\PROGRA~1\McAfee\MSC\mclogsrv.exe

021) "mcmispupdmgr" - McAfee Update Manager
---> STAT = (RUNNING) Started automatically
---> FILE = C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

022) "McNASvc" - McAfee Network Agent
---> STAT = (RUNNING) Started automatically
---> FILE = "c:\programmi\file comuni\mcafee\mna\mcnasvc.exe"

023) "McODS" - McAfee Scanner
---> STAT = (RUNNING) Started automatically
---> FILE = C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

024) "mcpromgr" - McAfee Protection Manager
---> STAT = (RUNNING) Started automatically
---> FILE = C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

025) "McRedirector" - McAfee Redirector Service
---> STAT = (RUNNING) Started automatically
---> FILE = c:\PROGRA~1\FILECO~1\mcafee\redirsvc\redirsvc.exe

26) Unable to open informations about service configuration!027) "McSysmon" - McAfee SystemGuards
---> STAT = (RUNNING) Started automatically
---> FILE = C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

028) "mctskshd.exe" - McAfee Task Scheduler
---> STAT = (RUNNING) Started automatically
---> FILE = C:\PROGRA~1\McAfee\MSC\mctskshd.exe

029) "mcusrmgr" - McAfee User Manager
---> STAT = (RUNNING) Started automatically
---> FILE = C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe

030) "MDM" - Machine Debug Manager
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"

031) "Netman" - Connessioni di rete
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

032) "Nla" - NLA (Network Location Awareness)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

033) "PlugPlay" - Plug and Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe

034) "PolicyAgent" - Servizi IPSEC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe

035) "ProtectedStorage" - Archiviazione protetta
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe

036) "RasMan" - Connection Manager di Accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

037) "RemoteRegistry" - Registro di sistema remoto
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

038) "RpcSs" - RPC (Remote Procedure Call)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss

039) "SamSs" - Gestione account di protezione (SAM)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe

040) "Schedule" - Utilità di pianificazione
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

041) "seclogon" - Accesso secondario
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

042) "SENS" - Notifica eventi di sistema
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

043) "SharedAccess" - Windows Firewall / Condivisione connessione Internet (ICS)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

044) "ShellHWDetection" - Rilevamento hardware shell
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

045) "Spooler" - Spooler di stampa
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\spoolsv.exe

046) "SSDPSRV" - Servizio di rilevamento SSDP
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

047) "stisvc" - Acquisizione di immagini di Windows (WIA)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k imgsvc

048) "TapiSrv" - Telefonia
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

049) "TermService" - Servizi terminal
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch

050) "Themes" - Temi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

051) "TrkWks" - Manutenzione collegamenti distribuiti client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

052) "viritsvclite" - Virit eXplorer Lite
---> STAT = (RUNNING) Started automatically
---> FILE = C:\VEXPLITE\viritsvc.exe

053) "W32Time" - Ora di Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

054) "WebClient" - WebClient
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

055) "winmgmt" - Strumentazione gestione Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

056) "wscsvc" - Centro sicurezza PC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

057) "wuauserv" - Aggiornamenti automatici
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

058) "WZCSVC" - Zero Configuration reti senza fili
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs



..:: BOOT REGISTRY ::..

0) "AVGCtrl"
---> CMD = C:\Programmi\AVPersonal\AVGNT.EXE /min
---> FILE = C:\Programmi\AVPersonal\AVGNT.EXE

1) "RemoteControl"
---> CMD = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
---> FILE = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

2) "NeroFilterCheck"
---> CMD = C:\WINDOWS\system32\NeroCheck.exe
---> FILE = C:\WINDOWS\system32\NeroCheck.exe

3) "IgfxTray"
---> CMD = C:\WINDOWS\system32\igfxtray.exe
---> FILE = C:\WINDOWS\system32\igfxtray.exe

4) "HotKeysCmds"
---> CMD = C:\WINDOWS\system32\hkcmd.exe
---> FILE = C:\WINDOWS\system32\hkcmd.exe

5) "SoundMan"
---> CMD = SOUNDMAN.EXE
---> FILE = C:\WINDOWS\system32\SOUNDMAN.EXE

6) "FLMK08KB"
---> CMD = C:\Programmi\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
---> FILE = C:\Programmi\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE

7) "FLMOFFICE4DMOUSE"
---> CMD = C:\Programmi\Browser MOUSE\mouse32a.exe
---> FILE = C:\Programmi\Browser MOUSE\mouse32a.exe

8) "EPSON Stylus C46 Series"
---> CMD = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
---> FILE = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE

9) "OM_Monitor"
---> CMD = C:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe
---> FILE = C:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe

10) "Zone Labs Client"
---> CMD = "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
---> FILE = C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe

11) "!AVG Anti-Spyware"
---> CMD = "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
---> FILE = (NOT EXISTS)

12) "VIRIT LITE MONITOR"
---> CMD = C:\VEXPLITE\MONLITE.EXE
---> FILE = C:\VEXPLITE\monlite.exe



-------------List of NOT running services -------------



000) "Alerter" - Avvisi
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

001) "AppMgmt" - Gestione applicazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

002) "aspnet_state" - ASP.NET State Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

003) "Autodesk Licensing Service" - Autodesk Licensing Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe"

004) "BITS" - Servizio trasferimento intelligente in background
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

005) "CiSvc" - Servizio di indicizzazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\cisvc.exe

006) "ClipSrv" - ClipBook
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\clipsrv.exe

007) "COMSysApp" - Applicazione di sistema COM+
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

008) "dmadmin" - Servizio amministrativo di Gestione disco logico
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dmadmin.exe /com

009) "Emproxy" - McAfee E-mail Proxy
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\PROGRA~1\FILECO~1\McAfee\EmProxy\emproxy.exe

010) "HidServ" - Accesso periferica Human Interface
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

011) "HTTPFilter" - SSL HTTP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter

012) "ImapiService" - Servizio COM di masterizzazione CD IMAPI
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\imapi.exe

013) "Messenger" - Messenger
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

014) "mnmsrvc" - Condivisione desktop remoto di NetMeeting
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\mnmsrvc.exe

015) "MSDTC" - Distributed Transaction Coordinator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msdtc.exe

016) "MSIServer" - Windows Installer
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msiexec.exe /V

017) "NetDDE" - DDE di rete
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe

018) "NetDDEdsdm" - DDE DSDM di rete
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe

019) "Netlogon" - Accesso rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\lsass.exe

020) "NtLmSsp" - Provider supporto protezione LM NT
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\lsass.exe

021) "NtmsSvc" - Archivi rimovibili
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

022) "ose" - Office Source Engine
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE"

023) "RasAuto" - Auto Connection Manager di Accesso remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

024) "RDSessMgr" - Gestione sessione di assistenza mediante desktop remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\sessmgr.exe

025) "RemoteAccess" - Routing e Accesso remoto
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

026) "RpcLocator" - RPC Locator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\locator.exe

027) "RSVP" - QoS RSVP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\rsvp.exe

028) "SCardSvr" - smart card
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\SCardSvr.exe

029) "srservice" - Servizio Ripristino configurazione di sistema
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

030) "SwPrv" - MS Software Shadow Copy Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{FAAE594F-9097-4553-9092-7469BA268CA3}

031) "SysmonLog" - Avvisi e registri di prestazioni
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\smlogsvc.exe

032) "TlntSvr" - Telnet
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\tlntsvr.exe

033) "upnphost" - Host di periferiche Plug and Play universali
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

034) "UPS" - Gruppo di continuità
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\ups.exe

035) "vsmon" - TrueVector Internet Monitor
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

036) "VSS" - Copia replicata del volume
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\vssvc.exe

037) "WmdmPmSN" - Servizio Numero di serie per dispositivi multimediali portatili
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

038) "Wmi" - Estensioni driver di Strumentazione gestione Windows
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

039) "WmiApSrv" - Scheda WMI Performance
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\wbem\wmiapsrv.exe

040) "xmlprov" - Servizio Provisioning di rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs



-------------List of running device driver services -------------



000) "ACPI" - Driver ACPI Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\ACPI.sys

001) "AFD" - AFD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys

002) "ALCXSENS" - Service for WDM 3D Audio Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\ALCXSENS.SYS

003) "ALCXWDM" - Service for Realtek AC97 Audio (WDM)
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\ALCXWDM.SYS

004) "atapi" - Controller disco rigido IDE/ESDI standard
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\atapi.sys

005) "audstub" - Driver stub audio
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\audstub.sys

006) "AVG Anti-Spyware Driver" - AVG Anti-Spyware Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys

007) "AvgAsCln" - AVG Anti-Spyware Clean Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\AvgAsCln.sys

008) "avgntdd" - avgntdd
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\Programmi\AVPersonal\AVGNTDD.SYS

009) "Beep" - Beep
---> STAT = (RUNNING) Started by "IoInitSystem" function

010) "Cdfs" - Cdfs
---> STAT = (RUNNING) Disabled

011) "cdrbsdrv" - cdrbsdrv
---> STAT = (RUNNING) Started by "IoInitSystem" function

012) "Cdrom" - Driver del CD-ROM
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\cdrom.sys

013) "Disk" - Driver del disco
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\disk.sys

014) "dmio" - Driver Gestione dischi logici
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\drivers\dmio.sys

015) "dmload" - dmload
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\System32\drivers\dmload.sys

016) "Fastfat" - Fastfat
---> STAT = (RUNNING) Disabled

017) "Fdc" - Driver controller disco floppy
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\fdc.sys

018) "Fips" - Fips
---> STAT = (RUNNING) Started by "IoInitSystem" function

019) "Flpydisk" - Driver disco floppy
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\flpydisk.sys

020) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\fltMgr.sys

021) "Ftdisk" - Driver archiviazione volumi
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\ftdisk.sys

022) "gameenum" - Enumeratore porta giochi
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\gameenum.sys

023) "gmer" - gmer
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\gmer.sys

024) "Gpc" - Utilità di classificazione pacchetti generica
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\msgpc.sys

025) "hardlock" - hardlock
---> STAT = (RUNNING) Started automatically
---> FILE = \??\C:\WINDOWS\system32\drivers\hardlock.sys

026) "HidUsb" - Driver di classe HID Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\hidusb.sys

027) "HTTP" - HTTP
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\HTTP.sys

028) "i8042prt" - Driver di porta mouse PS/2 e tastiera i8042
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\i8042prt.sys

029) "ialm" - ialm
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ialmnt5.sys

030) "Imapi" - Driver filtro masterizzazione CD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\imapi.sys

031) "IntelIde" - IntelIde
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\intelide.sys

032) "intelppm" - Driver processore Intel
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\intelppm.sys

033) "IpFilterDriver" - Driver filtro traffico IP
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ipfltdrv.sys

034) "IpNat" - Traduttore indirizzi di rete IP
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ipnat.sys

035) "IPSec" - Driver IPSEC
---> ST
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi Luke57 » 16/01/07 19:36

Ciao, non ti può entrare tutto in un post, è chilometrico.
Mettilo semmai su:
http://www.mytempdir.com
(con Sfoglia, individui il file del report, premi poi Host it, una volta caricato appare il link dove visualizzare il file).
Copia e incolla il link in un post.

Posta invece quello di Gmer:
avvii Gmer.exe, premi il tab>>>>>, poi il tab Rootkit, spunti le caselle files e ADS e premi scan
Al termine dello scan, premi Copy e incolli il report in foglio di testo.
Poi, ritorni in Gmer, ti sposti nel tab Autostart (non spuntare la casella "show all"), premi Scan.
Al termine, premi Copy e incolli il report nel foglio di testo suddetto.
Copi e incolli, poi, i due report in un post nel forum.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi monclar » 16/01/07 20:08

ok luke
a dopo
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi monclar » 16/01/07 21:23

ecco il link per report si ststemscan
(5 ore e passa di collegamento e tutto va bene)

http://www.mytempdir.com/1170413
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi monclar » 16/01/07 21:39

ED ECCO QUELLO DI GMER (file di word - è lunghissimo!!)

http://www.mytempdir.com/1170455

Gmer alla fine della scansione mi ha segnalato un ROOTKIT activity, cos'è?

attendo esiti (positivi possibilmente) ;-)

CIAO
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi monclar » 16/01/07 21:44

e INFINE Vi posto ANCHE il log di HijackThis
(CREPI L'AVARIZIA!)

Logfile of HijackThis v1.99.1
Scan saved at 21.42.33, on 16/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\programmi\file comuni\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FILECO~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Browser MOUSE\mouse32a.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programmi\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 4.0 La Mia Edizione Personalizzata\CalCheck.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\utente\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\programmi\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [AVGCtrl] C:\Programmi\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [FLMK08KB] C:\Programmi\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [OM_Monitor] C:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Agenda Calendario per la Mia Edizione Personalizzata di Ulead Photo Express 4.0.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 4.0 La Mia Edizione Personalizzata\CalCheck.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programmi\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmi\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programmi\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{D096132C-7CE6-4B91-96FF-9F02450BE8D5}: NameServer = 85.37.17.39 85.38.28.71
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FILECO~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmi\file comuni\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FILECO~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

CIAO
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi Luke57 » 17/01/07 09:03

monclar ha scritto:ED ECCO QUELLO DI GMER (file di word - è lunghissimo!!)

http://www.mytempdir.com/1170455

Gmer alla fine della scansione mi ha segnalato un ROOTKIT activity, cos'è?

attendo esiti (positivi possibilmente) ;-)

CIAO

Cio, ma se ti dico di mettere il report in un foglio di testo, fallo! Ci credo che è pesante, è un file doc, non lo posso leggere, mi blocca il computer. Poi è inutile postare ad infinitum" log di hijackthis, nel tuo caso non rilevano niente.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi monclar » 17/01/07 09:24

ok luke, scusami... :undecided:
Come al solito lo farò nel pom dato che sono al lavoro.
ciao.
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi monclar » 17/01/07 17:37

Ciao, ecco il link per scaricare il report di Gmer.

http://www.mytempdir.com/1171762

a dopo.
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi Luke57 » 17/01/07 21:42

Ciao, non è chiaro, come fa un file di testo a pesare 5,7 MB? Prova a fare la scansione solamente dal tab Autostart, non spuntare la casella show all, premi Scan. Al termine (durerà pochi secondi), premi Copy e poi lo incolli direttamente in un post.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi monclar » 18/01/07 01:06

Ciao, non saprei, l'ho incollatyo in un foglio di blocco note. Comunque di seguito ecco il post di Autostart.

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-18 01:04:48
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\SYSTEM32\Userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName = igfxsrvc.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirService /*AntiVir Service*/@ = "C:\Programmi\AVPersonal\AVGUARD.EXE"
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
AVWUpSrv /*AntiVir Update*/@ = "C:\Programmi\AVPersonal\AVWUPSRV.EXE"
McAfee HackerWatch Service /*McAfee HackerWatch Service*/@ = "C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe"
McLogManagerService /*McAfee Log Manager*/@ = C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
mcmispupdmgr /*McAfee Update Manager*/@ = C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
McNASvc /*McAfee Network Agent*/@ = "c:\programmi\file comuni\mcafee\mna\mcnasvc.exe"
McODS /*McAfee Scanner*/@ = C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
mcpromgr /*McAfee Protection Manager*/@ = C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
McRedirector /*McAfee Redirector Service*/@ = c:\PROGRA~1\FILECO~1\mcafee\redirsvc\redirsvc.exe
McShield /*McAfee Real-time Scanner*/@ = C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
McSysmon /*McAfee SystemGuards*/@ = C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
mctskshd.exe /*McAfee Task Scheduler*/@ = C:\PROGRA~1\McAfee\MSC\mctskshd.exe
mcusrmgr /*McAfee User Manager*/@ = C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@AVGCtrlC:\Programmi\AVPersonal\AVGNT.EXE /min = C:\Programmi\AVPersonal\AVGNT.EXE /min
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@IgfxTrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@HotKeysCmdsC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@FLMK08KBC:\Programmi\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE = C:\Programmi\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
@FLMOFFICE4DMOUSEC:\Programmi\Browser MOUSE\mouse32a.exe = C:\Programmi\Browser MOUSE\mouse32a.exe
@EPSON Stylus C46 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
@OM_MonitorC:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe = C:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe
@Zone Labs Client"C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" = "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
@!AVG Anti-Spyware"C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE
@tcactiveC:\Programmi\The Cleaner\tca.exe = C:\Programmi\The Cleaner\tca.exe
@tcmonitorC:\Programmi\The Cleaner\tcm.exe = C:\Programmi\The Cleaner\tcm.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@OM_MonitorC:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart /*file not found*/ = C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart /*file not found*/
@swgC:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe /*file not found*/ = C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Autodesk Drawing Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
@{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*Gestore icona firma digitale di AutoCAD*/C:\WINDOWS\system32\AcSignIcon.dll = C:\WINDOWS\system32\AcSignIcon.dll
@{6DEA92E9-8682-4b6a-97DE-354772FE5727} /*Autodesk DWF Preview*/C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll = C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll
@{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} /*Componente estensione della shell di CorelDRAW*/C:\Programmi\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll = C:\Programmi\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll
@CorelDRAW Shell Extension Component /*CorelDRAW Shell Extension Component*/(null) =
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AntiVir/Win@{a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programmi\AVPersonal\AVShlExt.DLL
MCVSRIGHTCLICKSCANNER@{162EFDC5-2957-465D-887B-590AF4A7E84D} = c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll
TheCleaner@{2DE506B9-4320-11d3-8E42-002035221EDA} = C:\Programmi\The Cleaner\tcshellex.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
TheCleaner@{2DE506B9-4320-11D3-8E42-002035221EDA} = C:\Programmi\The Cleaner\tcshellex.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AntiVir/Win@{a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programmi\AVPersonal\AVShlExt.DLL
MCVSRIGHTCLICKSCANNER@{162EFDC5-2957-465D-887B-590AF4A7E84D} = c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll
TheCleaner@{2DE506B9-4320-11D3-8E42-002035221EDA} = C:\Programmi\The Cleaner\tcshellex.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\Programmi\Spybot - Search & Destroy\SDHelper.dll = C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
@{7DB2D5A0-7241-4E79-B68D-6309F01C5231}c:\programmi\mcafee\virusscan\scriptcl.dll = c:\programmi\mcafee\virusscan\scriptcl.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar3.dll = c:\programmi\google\googletoolbar3.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\ssmarque.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Agenda Calendario per la Mia Edizione Personalizzata di Ulead Photo Express 4.0.lnk = Agenda Calendario per la Mia Edizione Personalizzata di Ulead Photo Express 4.0.lnk
Alice ti aiuta.lnk = Alice ti aiuta.lnk
Tasto di scelta rapida per l'avvio di AutoCAD.lnk = Tasto di scelta rapida per l'avvio di AutoCAD.lnk
WinZip Quick Pick.lnk = WinZip Quick Pick.lnk

---- EOF - GMER 1.0.12 ----

A domani.
CIAO
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi Luke57 » 18/01/07 15:50

Ciao, il log di Gmer mi sembra pulito.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "Services.exe - blocco pc da NT/AUTHORTY/SYSTEM":


Chi c’è in linea

Visitano il forum: Nessuno e 12 ospiti