Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

norton non parte più

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

norton non parte più

Postdi alemao » 30/03/07 17:27

non mi parte più norton...
mi fa strani errori . ho cercati i file e sono in questo percorso
documents and setting
poi nome cartella personale
poi impostazioni locali
poi temp

ci sono parecchi appcompact, 117476, applicazioni numeriche strane
navapsvc.mdm
identificativo
szAppName: NAVAPSVC:EXE SZAppVER12.6.0.1 szModName: Kernel32.dll


hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 18.26.30, on 30/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Documents and Settings\Francesco\Impostazioni locali\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9987320295
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9996248250
O17 - HKLM\System\CCS\Services\Tcpip\..\{32A55733-F307-4251-8FAC-7180FAC59101}: NameServer = 85.37.17.11 85.38.28.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEB7133A-DC34-4545-9A26-D759022BEAAD}: NameServer = 213.205.32.70,213.205.36.70
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
alemao
Utente Junior
 
Post: 88
Iscritto il: 16/08/06 11:18

Sponsor
 

Postdi SkunkWorks 68 » 30/03/07 18:03

Il log mi sembra pulito...
Prova a disinstallarlo e reinstallarlo...
P.S...Buona Fortuna.
Ciao
Avatar utente
SkunkWorks 68
Utente Senior
 
Post: 2336
Iscritto il: 03/03/07 08:55

Postdi alemao » 30/03/07 19:07

moderatori mi date un aiuto?
alemao
Utente Junior
 
Post: 88
Iscritto il: 16/08/06 11:18

Postdi alemao » 30/03/07 23:02

il virus rilevato da norton è downloader...è un trojan e si trova nel percorso precedenemente detto... che fare?
alemao
Utente Junior
 
Post: 88
Iscritto il: 16/08/06 11:18

Postdi alemao » 31/03/07 10:53

poi quando apro norton si inizia ad installare da solo un certo CCcommon...

per favore datemi una mano non ci capisco niente...
luke andorra per favore
alemao
Utente Junior
 
Post: 88
Iscritto il: 16/08/06 11:18

Postdi Luke57 » 31/03/07 11:37

Ciao, proviamo questo controllo:
scarica SystemScan (se non l'hai già)
http://www.suspectfile.com/systemscan
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verrà rilasciato in C:\suspectfile il file report.txt.
Vai su http://www.easy-share.com carica il file (sfoglia, indivisui il file, premi Upload) e nella tua prossima risposta scrivi l'URL che si sarà fornito (non quello per cancellarlo) per scaricarlo.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi alemao » 31/03/07 13:44

questo il report di system scan...
il file virus rilevato da norton già l'avevo eliminato


systemscan - http://www.suspectfile.com - ver. 2.0.24

Date: 31/03/2007
Time: 14.35.27,07

Output limited to:
-Recent files
-Registry Run Keys
-Running Services
-Not Running Services
-Device Driver Services
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Suspicious Files
-Include hijackthis.log

-------------Users folders -------------

Directory di C:\documents and settings

07/03/2005 19.13 <DIR> Default User
07/03/2005 19.13 <DIR> All Users
07/03/2005 19.26 <DIR> NetworkService
07/03/2005 19.26 <DIR> LocalService
05/10/2006 03.23 <DIR> Francesco

-------------Recent files (60 days) -------------
NOTE: searched only in C:, C:\WINDOWS, C:\WINDOWS\system32, C:\Programmi\File comuni, C:\WINDOWS\temp



Directory di C:\


31/03/2007 14.35 <DIR> suspectfile


Directory di C:\WINDOWS


26/03/2007 17.46 702.876 setupapi.log
31/03/2007 14.32 3.824 ModemLog_Agere Systems AC'97 Modem.txt
19/03/2007 00.52 1.738 wmsetup.log
31/03/2007 11.59 1.400.843 WindowsUpdate.log
31/03/2007 11.59 32.474 SchedLgU.Txt
31/03/2007 14.32 0 0.log
20/03/2007 20.22 10 popcinfo.dat


Directory di C:\WINDOWS\system32


17/03/2007 18.12 <DIR> InsFiles
24/03/2007 19.37 <DIR> bak
29/03/2007 19.21 1.158 wpa.dbl
25/03/2007 14.20 1.219.816 FNTCACHE.DAT
17/03/2007 19.53 48.776 S32EVNT1.DLL
12/02/2007 17.22 161.424 SymRedir.dll
12/02/2007 17.22 538.256 SymNeti.dll
24/03/2007 19.28 451 eRLog.ini


Directory di C:\Programmi\File comuni




Directory di C:\WINDOWS\temp





-------------HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe-------------

-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-------------

[Windows]
"AppInit_DLLs"=""

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"forceunlocklogon"=dword:00000000
"AllowMultipleTSSessions"=dword:00000001
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"Background"="0 0 0"
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Mapping aree Internet Explorer"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"=expand:"iedkcs32.dll"
@="Personalizzazione Internet Explorer"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Installazione software"
"DllName"=expand:"appmgmts.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
@SACL=
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"LaunchApp"="Alaunch"
"SoundMan"="SOUNDMAN.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"IMJPMIG8.1"="\"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName"
@=""
"AdslTaskBar"="rundll32.exe stmctrl.dll,TaskBar"
"Acrobat Assistant 7.0"="\"C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe\""
"ccApp"="\"C:\Programmi\File comuni\Symantec Shared\ccApp.exe\""

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]
"Installed"="1"

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[Run\OptionalComponents\MSFS]
"Installed"="1"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

[RunOnce]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

[RunOnceEx]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
@SACL=
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"MSMSGS"="\"C:\Programmi\Messenger\msmsgs.exe\" /background"

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-------------

[Browser Helper Objects]
@SACL=

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
@=""

[Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
#### HKCR\CLSID\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\InprocServer32 @="C:\Programmi\Norton AntiVirus\NavShExt.dll"
@="NAV Helper"

[Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
#### HKCR\CLSID\{AE7CD045-E861-484f-8273-0445EE161910}\InprocServer32 @="C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll"
@=""

-------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-------------

[URLSearchHooks]
@SACL=
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\system32\shdocvw.dll"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-------------

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-------------HKLM\SYSTEM\ControlSet001\Control\Lsa-------------

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"LsaPid"=dword:000002ac
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="7038edf2"
"Pattern"=hex:04,fd,5c,5e,43,24,32,d2,ed,72,e5,ba,ff,7e,0d,06,37,30,33,38,65,\
64,66,32,00,00,00,00,70,81,00,00,18,ca,06,00,99,d0,b8,71,04,ca,06,00,10,00,\
00,00,00,00,00,00,2b,a1,ff,b2,ae,e0,38,05,e2,93,b5,70

[Lsa\GBG]
@Class="2be01fae"
"GrafBlumGroup"=hex:69,a0,2b,31,ee,83,d2,63,bc

[Lsa\JD]
@Class="e2b5b205"
"Lookup"=hex:f9,99,b3,03,8a,5e

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="ffa193c4"
"SkewMatrix"=hex:cb,1a,0b,55,1e,f0,1e,85,41,0d,32,64,1e,49,64,e1

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:0e,38,9c,e9,e0,fd,c6,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"RpcId"=dword:0000ffff
"Time"=hex:00,e0,6f,ff,a0,85,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"RpcId"=dword:00000011
"Time"=hex:00,e0,6f,ff,a0,85,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"RpcId"=dword:00000012
"Time"=hex:00,e0,6f,ff,a0,85,c4,01
"Type"=dword:00000031

-------------HKLM\SYSTEM\ControlSet001\Services\SharedAccess-------------

[SharedAccess]
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:00000707

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-------------HKLM\Software\Microsoft\Ole-------------

[Ole]
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-------------HKEY_CLASSES_ROOT\exefile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\comfile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\batfile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\piffile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\scrFile\shell\open\command-------------

@="\"%1\" /S"

-------------HKEY_CLASSES_ROOT\htafile\shell\open\command-------------

@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-------------HKEY_CLASSES_ROOT\logfile\shell\open\command-------------

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-------------

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-------------HKLM\Software\Microsoft\Active Setup\Installed Components-------------

[Installed Components]

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@=""
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
@="Microsoft Windows Media Player 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"
@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
@="Modulo ricerca non in linea"
"ComponentID"="MobilePk"

[Installed Components\{3B3136FD-73E1-6DF3-9364-221751FAC88D}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"Local"="EN"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Creazione avanzata"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Guida di Internet Explorer"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="Classi Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Strumenti di installazione di Internet Explorer"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
@="Miglioramenti sfoglia"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="Accesso sito MSN"
"ComponentID"="MSN_Auth"

[Installed Components\{75D37685-9337-7D32-785B-A33D9BED4F41}]
@="Microsoft Windows Media Player 6.4"
"ComponentID"="Microsoft Windows Media Player"
"Local"="EN"

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
@SACL=

[Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
@="Fax"
"ComponentID"="Fax"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Binding dati Dynamic HTML"
"ComponentID"="Tridata"

[Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
@="Provider fax"
"ComponentID"="Fax Provider"
"StubPath"=""

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Font principali di Internet Explorer"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Utilità di pianificazione"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@="Adobe Flash Player 9 ActiveX"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="Guida HTML"
"ComponentID"="HTMLHelp"

[Installed Components\{E105E9DE-67DA-FF20-80D6-D6365171EB67}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"Local"="EN"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"

-------------Comparing registry keys CCS1 vs CCS2 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {32A55733-F307-4251-8FAC-7180FAC59101} REG_BINARY 0F000000000000000000000000000000FC540E46F9000000000000000000000000000000FC540E4601000000000000000000000000000000FC540E462B000000000000000000000000000000FC540E462C000000000000000000000000000000FC540E4606000000000000000000000000000000FC540E46
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {32A55733-F307-4251-8FAC-7180FAC59101} REG_BINARY 0F000000000000000000000000000000D0200E46F9000000000000000000000000000000D0200E4601000000000000000000000000000000D0200E462B000000000000000000000000000000D0200E462C000000000000000000000000000000D0200E4606000000000000000000000000000000D0200E46
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\eeCtrl\Started
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetBT\Parameters\Interfaces\Tcpip_{32A55733-F307-4251-8FAC-7180FAC59101} NetbiosOptions REG_DWORD 2 (0x2)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 1799 (0x707)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 1792 (0x700)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SPBBCDrv\DBlocking
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{32A55733-F307-4251-8FAC-7180FAC59101} NTEContextList REG_MULTI_SZ 0x00000004\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{32A55733-F307-4251-8FAC-7180FAC59101} NTEContextList REG_MULTI_SZ \0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{32A55733-F307-4251-8FAC-7180FAC59101} DhcpIPAddress REG_SZ 87.10.14.210
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{32A55733-F307-4251-8FAC-7180FAC59101} DhcpIPAddress REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{32A55733-F307-4251-8FAC-7180FAC59101} DhcpSubnetMask REG_SZ 255.255.255.255
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{32A55733-F307-4251-8FAC-7180FAC59101} DhcpSubnetMask REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{32A55733-F307-4251-8FAC-7180FAC59101} NameServer REG_SZ 85.37.17.11 85.38.28.69
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{32A55733-F307-4251-8FAC-7180FAC59101} NameServer REG_SZ
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{EEB7133A-DC34-4545-9A26-D759022BEAAD} EnableDHCP REG_DWORD 0 (0x0)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{EEB7133A-DC34-4545-9A26-D759022BEAAD} EnableDHCP REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{EEB7133A-DC34-4545-9A26-D759022BEAAD} IPAddress REG_MULTI_SZ 192.168.0.200\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{EEB7133A-DC34-4545-9A26-D759022BEAAD} IPAddress REG_MULTI_SZ 0.0.0.0\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{EEB7133A-DC34-4545-9A26-D759022BEAAD} SubnetMask REG_MULTI_SZ 255.255.255.0\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{EEB7133A-DC34-4545-9A26-D759022BEAAD} SubnetMask REG_MULTI_SZ 0.0.0.0\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{EEB7133A-DC34-4545-9A26-D759022BEAAD} DefaultGateway REG_MULTI_SZ 192.168.0.251\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{EEB7133A-DC34-4545-9A26-D759022BEAAD} DefaultGateway REG_MULTI_SZ \0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{EEB7133A-DC34-4545-9A26-D759022BEAAD} DefaultGatewayMetric REG_MULTI_SZ 0\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{EEB7133A-DC34-4545-9A26-D759022BEAAD} DefaultGatewayMetric REG_MULTI_SZ \0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{EEB7133A-DC34-4545-9A26-D759022BEAAD} NameServer REG_SZ 213.205.32.70,213.205.36.70
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{EEB7133A-DC34-4545-9A26-D759022BEAAD} NameServer REG_SZ
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{EEB7133A-DC34-4545-9A26-D759022BEAAD} NTEContextList REG_MULTI_SZ 0x00000003\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{EEB7133A-DC34-4545-9A26-D759022BEAAD} NTEContextList REG_MULTI_SZ 0x00000002\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{EEB7133A-DC34-4545-9A26-D759022BEAAD} DhcpClassIdBin REG_BINARY

Result compared: Different


-------------Comparing registry keys CCS1 vs CCS3 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical


-------------List of running services -------------



000) "Adobe LM Service" - Adobe LM Service
---> STAT = (RUNNING) Started manually
---> FILE = "C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe"

001) "ALG" - Servizio Gateway di livello applicazione
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe

002) "anbmService" - Notebook Manager Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Acer\eManager\anbmServ.exe

003) "AudioSrv" - Audio Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

004) "Browser" - Browser di computer
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

005) "ccEvtMgr" - Symantec Event Manager
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"

006) "ccSetMgr" - Symantec Settings Manager
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"

007) "CryptSvc" - Servizi di crittografia
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

008) "DcomLaunch" - Utilità di avvio processo server DCOM
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch

009) "Dhcp" - Client DHCP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

010) "Dnscache" - Client DNS
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k NetworkService

011) "ERSvc" - Servizio di segnalazione errori
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

012) "Eventlog" - Registro eventi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe

013) "EventSystem" - Sistema di eventi COM+
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

014) "FastUserSwitchingCompatibility" - Compatibilità di Cambio rapido utente
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

015) "helpsvc" - Guida in linea e supporto tecnico
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

016) "lanmanserver" - Server
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

017) "lanmanworkstation" - Workstation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

018) "LmHosts" - Helper NetBIOS di TCP/IP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

019) "Netman" - Connessioni di rete
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

020) "Nla" - NLA (Network Location Awareness)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

021) "PlugPlay" - Plug and Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe

022) "PolicyAgent" - Servizi IPSEC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe

023) "ProtectedStorage" - Archiviazione protetta
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe

024) "RasMan" - Connection Manager di Accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

025) "RpcSs" - RPC (Remote Procedure Call)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss

026) "SamSs" - Gestione account di protezione (SAM)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe

027) "Schedule" - Utilità di pianificazione
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

028) "seclogon" - Accesso secondario
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

029) "SENS" - Notifica eventi di sistema
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

030) "SharedAccess" - Windows Firewall / Condivisione connessione Internet (ICS)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

031) "ShellHWDetection" - Rilevamento hardware shell
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

032) "SNDSrvc" - Symantec Network Drivers Service
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe"

033) "SPBBCSvc" - SPBBCSvc
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe"

034) "Spooler" - Spooler di stampa
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\spoolsv.exe

035) "srservice" - Servizio Ripristino configurazione di sistema
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

036) "SSDPSRV" - Servizio di rilevamento SSDP
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

037) "Symantec Core LC" - Symantec Core LC
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe"

038) "TapiSrv" - Telefonia
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

039) "TermService" - Servizi terminal
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch

040) "Themes" - Temi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

041) "TrkWks" - Manutenzione collegamenti distribuiti client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

042) "Utilità di pianificazione di LiveUpdate automatico" - Utilità di pianificazione di LiveUpdate automatico
---> STAT = (RUNNING) Started automatically
---> FILE = "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

043) "W32Time" - Ora di Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

044) "WebClient" - WebClient
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

045) "winmgmt" - Strumentazione gestione Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

046) "wuauserv" - Aggiornamenti automatici
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

047) "WZCSVC" - Zero Configuration reti senza fili
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs



..:: BOOT REGISTRY ::..

0) "LaunchApp"
---> CMD = Alaunch
---> FILE = C:\WINDOWS\System32\Alaunch

1) "SoundMan"
---> CMD = SOUNDMAN.EXE
---> FILE = C:\WINDOWS\System32\SOUNDMAN.EXE

2) "AGRSMMSG"
---> CMD = AGRSMMSG.exe
---> FILE = C:\WINDOWS\System32\AGRSMMSG.exe

3) "SiSPower"
---> CMD = Rundll32.exe SiSPower.dll,ModeAgent
---> FILE = C:\WINDOWS\System32\Rundll32.exe SiSPower.dll,ModeAgent

4) "IMJPMIG8.1"
---> CMD = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
---> FILE = (NOT EXISTS)

5) "MSPY2002"
---> CMD = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
---> FILE = C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe

6) "PHIME2002ASync"
---> CMD = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
---> FILE = C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe

7) "PHIME2002A"
---> CMD = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
---> FILE = C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe

8) ""
---> CMD =
---> FILE = C:\WINDOWS\system32\IME\TINTLGNT\

9) "AdslTaskBar"
---> CMD = rundll32.exe stmctrl.dll,TaskBar
---> FILE = C:\WINDOWS\system32\IME\TINTLGNT\rundll32.exe stmctrl.dll,TaskBar

10) "Acrobat Assistant 7.0"
---> CMD = "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
---> FILE = C:\Programmi\Adobe\Acrobat 7.0\Distillr\acrotray.exe

11) "ccApp"
---> CMD = "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
---> FILE = (NOT EXISTS)



-------------List of NOT running services -------------



000) "Alerter" - Avvisi
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

001) "AppMgmt" - Gestione applicazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

002) "BITS" - Servizio trasferimento intelligente in background
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

003) "CiSvc" - Servizio di indicizzazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\cisvc.exe

004) "ClipSrv" - ClipBook
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\clipsrv.exe

005) "COMSysApp" - Applicazione di sistema COM+
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

006) "dmadmin" - Servizio amministrativo di Gestione disco logico
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dmadmin.exe /com

007) "dmserver" - Gestione dischi logici
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

008) "Fax" - Fax
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\fxssvc.exe

009) "HidServ" - Accesso periferica Human Interface
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

010) "HTTPFilter" - SSL HTTP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter

011) "ImapiService" - Servizio COM di masterizzazione CD IMAPI
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\imapi.exe

012) "LiveUpdate" - LiveUpdate
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"

013) "Messenger" - Messenger
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

014) "mnmsrvc" - Condivisione desktop remoto di NetMeeting
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\mnmsrvc.exe

015) "MSDTC" - Distributed Transaction Coordinator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msdtc.exe

016) "MSIServer" - Windows Installer
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msiexec.exe /V

017) "navapsvc" - Servizio Auto-Protect di Norton AntiVirus
---> STAT = (NOT RUNNING) Started automatically
---> FILE = "C:\Programmi\Norton AntiVirus\navapsvc.exe"

018) "NetDDE" - DDE di rete
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe

019) "NetDDEdsdm" - DDE DSDM di rete
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe

020) "Netlogon" - Accesso rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\lsass.exe

021) "NPFMntor" - Norton AntiVirus Firewall Monitor Service
---> STAT = (NOT RUNNING) Started automatically
---> FILE = "C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe"

022) "NSCService" - Norton Protection Center Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE"

023) "NtLmSsp" - Provider supporto protezione LM NT
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\lsass.exe

024) "NtmsSvc" - Archivi rimovibili
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

025) "RasAuto" - Auto Connection Manager di Accesso remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

026) "RDSessMgr" - Gestione sessione di assistenza mediante desktop remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\sessmgr.exe

027) "RemoteAccess" - Routing e Accesso remoto
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs

028) "RpcLocator" - RPC Locator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\locator.exe

029) "RSVP" - QoS RSVP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\rsvp.exe

030) "SAVScan" - Symantec AVScan
---> STAT = (NOT RUNNING) Started manually
---> FILE = "C:\Programmi\Norton AntiVirus\SAVScan.exe"

031) "SCardSvr" - smart card
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\SCardSvr.exe

032) "stisvc" - Acquisizione di immagini di Windows (WIA)
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k imgsvc

033) "SwPrv" - MS Software Shadow Copy Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{50CFF27D-AC37-45C3-9BCD-C924D5B7C006}

034) "SysmonLog" - Avvisi e registri di prestazioni
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\smlogsvc.exe

035) "upnphost" - Host di periferiche Plug and Play universali
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService

036) "UPS" - Gruppo di continuità
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\ups.exe

037) "VSS" - Copia replicata del volume
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\vssvc.exe

038) "WmdmPmSN" - Servizio Numero di serie per dispositivi multimediali portatili
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

039) "WmiApSrv" - Scheda WMI Performance
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\wbem\wmiapsrv.exe

040) "wscsvc" - Centro sicurezza PC
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs

041) "xmlprov" - Servizio Provisioning di rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs



-------------List of running device driver services -------------



000) "ACPI" - Driver ACPI Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\ACPI.sys

001) "ACPIEC" - Driver del controller integrato Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\ACPIEC.sys

002) "AFD" - AFD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys

003) "AgereSoftModem" - Agere Systems Soft Modem
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\AGRSM.sys

004) "ALCXWDM" - Service for Realtek AC97 Audio (WDM)
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\ALCXWDM.SYS

005) "AmdK8" - Driver del processore AMD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\AmdK8.sys

006) "atapi" - Controller disco rigido IDE/ESDI standard
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\atapi.sys

007) "audstub" - Driver stub audio
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\audstub.sys

008) "BCM43XX" - Driver per l’adattatore di rete Broadcom 802.11
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\bcmwl5.sys

009) "Beep" - Beep
---> STAT = (RUNNING) Started by "IoInitSystem" function

010) "Cdfs" - Cdfs
---> STAT = (RUNNING) Disabled

011) "Cdrom" - Driver del CD-ROM
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\cdrom.sys

012) "CmBatt" - Driver batteria a metodo di controllo ACPI Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\CmBatt.sys

013) "Compbatt" - Driver della batteria composita Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\compbatt.sys

014) "Disk" - Driver del disco
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\disk.sys

015) "DKbFltr" - Dritek HotKey Keyboard Filter Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\DKbFltr.sys

016) "eeCtrl" - Symantec Eraser Control driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \??\C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys

017) "EraserUtilRebootDrv" - EraserUtilRebootDrv
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

018) "Fastfat" - Fastfat
---> STAT = (RUNNING) Disabled

019) "Fips" - Fips
---> STAT = (RUNNING) Started by "IoInitSystem" function

020) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\fltMgr.sys

021) "Ftdisk" - Driver archiviazione volumi
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\ftdisk.sys

022) "gagp30kx" - Filtro Microsoft AGPv3.0 generico per piattaforme processore K8
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\gagp30kx.sys

023) "Gpc" - Utilità di classificazione pacchetti generica
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\msgpc.sys

024) "HTTP" - HTTP
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\HTTP.sys

025) "i8042prt" - Driver di porta mouse PS/2 e tastiera i8042
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\i8042prt.sys

026) "Imapi" - Driver filtro masterizzazione CD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\imapi.sys

027) "IpNat" - Traduttore indirizzi di rete IP
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ipnat.sys

028) "IPSec" - Driver IPSEC
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\ipsec.sys

029) "isapnp" - Driver bus PnP ISA/EISA
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\isapnp.sys

030) "Kbdclass" - Driver classe tastiera
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\kbdclass.sys

031) "kmixer" - Mixer wave audio del kernel Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\kmixer.sys

032) "KSecDD" - KSecDD
---> STAT = (RUNNING) Started by operating system loader

033) "mnmdd" - mnmdd
---> STAT = (RUNNING) Started by "IoInitSystem" function

034) "Modem" - Modem
---> STAT = (RUNNING) Started manually

035) "Mouclass" - Driver classe mouse
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\mouclass.sys

036) "MountMgr" - MountMgr
---> STAT = (RUNNING) Started by operating system loader

037) "MRxDAV" - Redirector del client WebDav
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mrxdav.sys

038) "MRxSmb" - MRXSMB
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\mrxsmb.sys

039) "Msfs" - Msfs
---> STAT = (RUNNING) Started by "IoInitSystem" function

040) "mssmbios" - Driver BIOS Microsoft System Management
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mssmbios.sys

041) "Mup" - Mup
---> STAT = (RUNNING) Started by operating system loader

042) "NDIS" - Driver di sistema NDIS
---> STAT = (RUNNING) Started by operating system loader

043) "NdisTapi" - Driver TAPI NDIS di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndistapi.sys

044) "Ndisuio" - Protocollo I/O modalità utente su NDIS
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndisuio.sys

045) "NdisWan" - Driver WAN NDIS di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndiswan.sys

046) "NDProxy" - Proxy NDIS
---> STAT = (RUNNING) Started manually

047) "NetBIOS" - Interfaccia NetBIOS
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\netbios.sys

048) "NetBT" - NetBios su Tcpip
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\netbt.sys

049) "Npfs" - Npfs
---> STAT = (RUNNING) Started by "IoInitSystem" function

050) "NTIDrvr" - Upper Class Filter Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\NTIDrvr.sys

051) "Null" - Null
---> STAT = (RUNNING) Started by "IoInitSystem" function

052) "PartMgr" - PartMgr
---> STAT = (RUNNING) Started by operating system loader

053) "PCI" - PCI Bus Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\pci.sys

054) "PCIIde" - PCIIde
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\pciide.sys

055) "Pcmcia" - Pcmcia
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\pcmcia.sys

056) "PptpMiniport" - WAN Miniport (PPTP)
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspptp.sys

057) "PSched" - Utilità di pianificazione pacchetti QoS
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\psched.sys

058) "Ptilink" - Driver Direct Parallel Link
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ptilink.sys

059) "RasAcd" - Driver connessione automatica Accesso remoto
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\rasacd.sys

060) "Rasl2tp" - WAN Miniport (L2TP)
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\rasl2tp.sys

061) "RasPppoe" - Driver PPPOE di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspppoe.sys

062) "Raspti" - Direct Parallel
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspti.sys

063) "Rdbss" - Rdbss
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\rdbss.sys

064) "RDPCDD" - RDPCDD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\RDPCDD.sys

065) "redbook" - Driver filtro riproduzione CD-ROM audio digitale
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\redbook.sys

066) "SAVRTPEL" - SAVRTPEL
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \??\C:\Programmi\Norton AntiVirus\SAVRTPEL.SYS

067) "Secdrv" - Secdrv
---> STAT = (RUNNING) Started automatically
---> FILE = system32\DRIVERS\secdrv.sys

068) "SiS315" - SiS315
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\sisgrp.sys

069) "SISAGP" - SiS AGP Filter
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\SISAGPX.sys

070) "SiSkp" - SiSkp
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\srvkp.sys

071) "SISNICXP" - SiS PCI Fast Ethernet Adapter Driver for NDIS51
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\sisnicxp.sys

072) "SPBBCDrv" - SPBBCDrv
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \??\C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCDrv.sys

073) "sr" - Driver filtro Ripristino configurazione di sistema
---> STAT = (RUNNING) Started by operating system loader
---> FILE = \SystemRoot\system32\DRIVERS\sr.sys

074) "Srv" - Srv
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\srv.sys

075) "Stmatm" - ATM/ADSL miniport
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\stmatm.sys

076) "swenum" - Driver bus software
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\swenum.sys

077) "SYMDNS" - SYMDNS
---> STAT = (RUNNING) Started manually
---> FILE = \SystemRoot\System32\Drivers\SYMDNS.SYS

078) "SymEvent" - SymEvent
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

079) "SYMFW" - SYMFW
---> STAT = (RUNNING) Started manually
---> FILE = \SystemRoot\System32\Drivers\SYMFW.SYS

080) "SYMIDS" - SYMIDS
---> STAT = (RUNNING) Started manually
---> FILE = \SystemRoot\System32\Drivers\SYMIDS.SYS

081) "SYMIDSCO" - SYMIDSCO
---> STAT = (RUNNING) Started manually
---> FILE = \??\C:\PROGRA~1\FILECO~1\SYMANT~1\SymcData\IDS-DI~1\20070308.002\symidsco.sys

082) "symlcbrd" - symlcbrd
---> STAT = (RUNNING) Started automatically
---> FILE = \??\C:\WINDOWS\system32\drivers\symlcbrd.sys

083) "SYMNDIS" - SYMNDIS
---> STAT = (RUNNING) Started manually
---> FILE = \SystemRoot\System32\Drivers\SYMNDIS.SYS

084) "SYMREDRV" - SYMREDRV
---> STAT = (RUNNING) Started manually
---> FILE = \SystemRoot\System32\Drivers\SYMREDRV.SYS

085) "SYMTDI" - SYMTDI
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\Drivers\SYMTDI.SYS

086) "SynTP" - Synaptics TouchPad Driver
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\SynTP.sys

087) "sysaudio" - Periferica audio di sistema Microsoft Kernel
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\sysaudio.sys

088) "TaurusUsb" - ADSL Modem USB Service 1.09a
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\torususb.sys

089) "Tcpip" - Driver protocollo TCP/IP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\tcpip.sys

090) "TermDD" - Driver della periferica terminale
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\termdd.sys

091) "UBHelper" - UBHelper
---> STAT =
alemao
Utente Junior
 
Post: 88
Iscritto il: 16/08/06 11:18

Postdi Luke57 » 31/03/07 14:46

Ciao, non può entrarci, è troppo lungo,lo devi inserire nel link che ti ho detto.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi alemao » 31/03/07 15:06

fatto

file url : http://w12.easy-share.com/957396.html

html code : <a target="_blank" href="http://w12.easy-share.com/957396.html">download</a>

bbcode: download
alemao
Utente Junior
 
Post: 88
Iscritto il: 16/08/06 11:18

Postdi Luke57 » 31/03/07 15:14

Ciao, scarica Findawf da qui:
http://noahdfear.geekstogo.com/FindAWF.exe

Esegui il file, si aprirà una finestra dos, premi invio per continuare, finito tutto si aprirà il block notes, copia e incolla il contenuto in un post.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi alemao » 31/03/07 16:05

ecco
Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~

Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\WINDOWS\SYSTEM32\BAK

0 File 0 byte
2 Directory 26.974.420.992 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\MESSEN~1\BAK

0 File 0 byte
2 Directory 26.974.420.992 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\ARCADE\BAK

09/03/2005 18.59 49.152 PCMService.exe
1 File 49.152 byte
2 Directory 26.974.420.992 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\LAUNCH~1\BAK

12/10/2005 15.16 315.392 QtZgAcer.EXE
1 File 315.392 byte
2 Directory 26.974.420.992 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\WINDOWS\IME\IMJP8_1\BAK

19/08/2004 05.00 208.952 IMJPMIG.EXE
1 File 208.952 byte
2 Directory 26.974.420.992 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

22/02/2007 12.11 52.840 ccApp.exe
1 File 52.840 byte
2 Directory 26.974.420.992 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

07/10/2004 23.43 688.218 SynTPEnh.exe
07/10/2004 23.44 98.394 SynTPLpr.exe
2 File 786.612 byte
2 Directory 26.974.420.992 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\ACER\EMPOWE~1\ERECOV~1\BAK

16/11/2005 16.54 385.024 Monitor.exe
1 File 385.024 byte
2 Directory 26.974.420.992 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\WINDOWS\SYSTEM32\IME\PINTLGNT\BAK

19/08/2004 05.00 59.392 ImScInst.exe
1 File 59.392 byte
2 Directory 26.974.420.992 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

19/08/2004 05.00 455.168 TINTSETP.EXE
1 File 455.168 byte
2 Directory 26.974.420.992 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\BAK

11/08/2005 16.30 81.920 issch.exe
11/08/2005 16.30 249.856 ISUSPM.exe
2 File 331.776 byte
2 Directory 26.974.420.992 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\ADOBE\ACROBA~2.0\DISTILLR\BAK

12/01/2006 20.52 483.328 Acrotray.exe
1 File 483.328 byte
2 Directory 26.974.420.992 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

49152 9 Mar 2005 "C:\Programmi\Arcade\bak\PCMService.exe"
315392 12 Oct 2005 "C:\Programmi\Launch Manager\bak\QtZgAcer.EXE"
208952 19 Aug 2004 "C:\WINDOWS\ime\imjp8_1\imjpmig.exe"
208952 19 Aug 2004 "C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE"
52840 22 Feb 2007 "C:\Programmi\File comuni\Symantec Shared\bak\ccApp.exe"
98394 7 Oct 2004 "C:\Programmi\Synaptics\SynTP\Media\SYNTPLPR.EXE"
98394 7 Oct 2004 "C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe"
688218 7 Oct 2004 "C:\Programmi\Synaptics\SynTP\Media\SYNTPENH.EXE"
688218 7 Oct 2004 "C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe"
385024 16 Nov 2005 "C:\Acer\Empowering Technology\eRecovery\bak\Monitor.exe"
59392 19 Aug 2004 "C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe"
59392 19 Aug 2004 "C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe"
455168 19 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe"
455168 19 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
249856 11 Aug 2005 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe"
81920 11 Aug 2005 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe"
483328 12 Jan 2006 "C:\Programmi\Adobe\Acrobat 7.0\Distillr\acrotray.exe"
483328 12 Jan 2006 "C:\Programmi\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe"
alemao
Utente Junior
 
Post: 88
Iscritto il: 16/08/06 11:18

Postdi Luke57 » 31/03/07 18:01

Ciao, Scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio

- con un doppio click avvia il file avenger.exe
- Seleziona "Input Script Manually"
- Clicca sulla lente di ingrandimento

- Nella finestra che si aprirà "View/edit script"
- copia / incolla (Ctrl+V) quanto segue (in neretto):



files to delete:
C:\Programmi\Arcade\PCMService.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\ime\imjp8_1\IMJPMIG.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe



files to move:
C:\Programmi\Arcade\bak\PCMService.exe | C:\Programmi\Arcade\PCMService.exe
C:\Programmi\Launch Manager\bak\QtZgAcer.EXE | C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE | C:\WINDOWS\ime\imjp8_1\IMJPMIG.EXE
C:\Programmi\File comuni\Symantec Shared\bak\ccApp.exe | C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe | C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe | C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\bak\Monitor.exe | C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe | C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE | C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe | C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe | C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe | C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe




- Clicca sul tasto Done
- Poi sull'icona del semaforo
- Rispondi Yes due volte
Il pc dovrebbe riavviarsi ( se così non fosse, fallo tu)
Posta il log che verrà creato in C:\Avenger
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi alemao » 31/03/07 18:19

mi dice error dopo che clikko sul semaforo
alemao
Utente Junior
 
Post: 88
Iscritto il: 16/08/06 11:18

Postdi alemao » 31/03/07 18:30

mi è ripartito norton e questo mi conferma che tu sei un mostro di bravura....!!

questo il log
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fuydaest

*******************

Script file located at: \??\C:\fycwcskj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Programmi\Arcade\PCMService.exe not found!
Deletion of file C:\Programmi\Arcade\PCMService.exe failed!

Could not process line:
C:\Programmi\Arcade\PCMService.exe
Status: 0xc0000034



File C:\Programmi\Launch Manager\QtZgAcer.EXE not found!
Deletion of file C:\Programmi\Launch Manager\QtZgAcer.EXE failed!

Could not process line:
C:\Programmi\Launch Manager\QtZgAcer.EXE
Status: 0xc0000034

File C:\WINDOWS\ime\imjp8_1\IMJPMIG.EXE deleted successfully.


File C:\Programmi\File comuni\Symantec Shared\ccApp.exe not found!
Deletion of file C:\Programmi\File comuni\Symantec Shared\ccApp.exe failed!

Could not process line:
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
Status: 0xc0000034



File C:\Programmi\Synaptics\SynTP\SynTPLpr.exe not found!
Deletion of file C:\Programmi\Synaptics\SynTP\SynTPLpr.exe failed!

Could not process line:
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
Status: 0xc0000034



File C:\Programmi\Synaptics\SynTP\SynTPEnh.exe not found!
Deletion of file C:\Programmi\Synaptics\SynTP\SynTPEnh.exe failed!

Could not process line:
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
Status: 0xc0000034



File C:\Acer\Empowering Technology\eRecovery\Monitor.exe not found!
Deletion of file C:\Acer\Empowering Technology\eRecovery\Monitor.exe failed!

Could not process line:
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
Status: 0xc0000034

File C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe deleted successfully.
File C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE deleted successfully.


File C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe not found!
Deletion of file C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe failed!

Could not process line:
C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
Status: 0xc0000034



File C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe not found!
Deletion of file C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe failed!

Could not process line:
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
Status: 0xc0000034

File C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe deleted successfully.
File move operation C:\Programmi\Arcade\bak\PCMService.exe|C:\Programmi\Arcade\PCMService.exe completed successfully.
File move operation C:\Programmi\Launch Manager\bak\QtZgAcer.EXE|C:\Programmi\Launch Manager\QtZgAcer.EXE completed successfully.
File move operation C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE|C:\WINDOWS\ime\imjp8_1\IMJPMIG.EXE completed successfully.
File move operation C:\Programmi\File comuni\Symantec Shared\bak\ccApp.exe|C:\Programmi\File comuni\Symantec Shared\ccApp.exe completed successfully.
File move operation C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe|C:\Programmi\Synaptics\SynTP\SynTPLpr.exe completed successfully.
File move operation C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe|C:\Programmi\Synaptics\SynTP\SynTPEnh.exe completed successfully.
File move operation C:\Acer\Empowering Technology\eRecovery\bak\Monitor.exe|C:\Acer\Empowering Technology\eRecovery\Monitor.exe completed successfully.
File move operation C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe|C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe completed successfully.
File move operation C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE|C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE completed successfully.
File move operation C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe|C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe completed successfully.
File move operation C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe|C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe completed successfully.
File move operation C:\Programmi\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe|C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.

tutto ok?
alemao
Utente Junior
 
Post: 88
Iscritto il: 16/08/06 11:18

Postdi alemao » 01/04/07 19:41

scusa luke ma mi compare nelle connessioni remote istant access...
alemao
Utente Junior
 
Post: 88
Iscritto il: 16/08/06 11:18

Postdi alemao » 01/04/07 19:46

ho scaricato quel programma che tu consigliavi agli altri e questo è il report



Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~

Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\WINDOWS\SYSTEM32\BAK

0 File 0 byte
2 Directory 26.977.435.648 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\MESSEN~1\BAK

0 File 0 byte
2 Directory 26.977.435.648 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\ARCADE\BAK

0 File 0 byte
2 Directory 26.977.435.648 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\LAUNCH~1\BAK

0 File 0 byte
2 Directory 26.977.435.648 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\WINDOWS\IME\IMJP8_1\BAK

0 File 0 byte
2 Directory 26.977.435.648 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 26.977.435.648 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

0 File 0 byte
2 Directory 26.977.435.648 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\ACER\EMPOWE~1\ERECOV~1\BAK

0 File 0 byte
2 Directory 26.977.435.648 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\WINDOWS\SYSTEM32\IME\PINTLGNT\BAK

0 File 0 byte
2 Directory 26.977.435.648 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

0 File 0 byte
2 Directory 26.977.435.648 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\BAK

0 File 0 byte
2 Directory 26.977.435.648 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\ADOBE\ACROBA~2.0\DISTILLR\BAK

0 File 0 byte
2 Directory 26.977.435.648 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report
alemao
Utente Junior
 
Post: 88
Iscritto il: 16/08/06 11:18

Postdi Luke57 » 02/04/07 07:09

Ciao, sembra tutto a posto.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "norton non parte più":


Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti