Condividi:        

Linkoptimizer

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Postdi Luke57 » 15/10/06 16:09

n1926 ha scritto:purtroppo non posso aprire sto sito... una delle conseguenze di sti stramaledetti virus...

Ciao, prendilo da qui:
http://www.mytempdir.com/993310
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Sponsor
 

Postdi n1926 » 15/10/06 16:17

ho scaricato il programma, ma tranne vedere x pochi centesimi di secondo na finestra nera non fa nulla...
n1926
Utente Junior
 
Post: 41
Iscritto il: 24/08/06 10:48

Postdi Luke57 » 15/10/06 16:21

Ciao, apri il programma, si apre la finestra dos (quella nera), premi un tasto per continuare, scegli l'opzione 4 e aspetti lo sca (scan completo)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Luke57 » 15/10/06 16:23

Luke57 ha scritto:Ciao, apri il programma, si apre la finestra dos (quella nera), premi un tasto per continuare, scegli l'opzione 4 e aspetti lo sca (scan completo)

Ciao, Il log viene salvato con il nome di report.txt nella cartella c:/suspectfile.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi n1926 » 15/10/06 16:24

il problema è che la finestra si chiude... ti ho detto, compare x pochi centesimi di picosecondo... :) meglio che scherzo va, me sa che nn mi resta che piangere(citazione)
n1926
Utente Junior
 
Post: 41
Iscritto il: 24/08/06 10:48

Postdi n1926 » 15/10/06 17:31

ho provato a riavviare il programma in modalità provvisoria ma niente... al riavvio cmq, Virus Active Shield ma segnalato e cancellato (spero!) un virus: C:\WINDOWS\system32\c_77u.nls , segnalato con l'avviso "not-a-virus:AdWare.Win32.LinkOptimizer.a" ...
...ed ora? :roll:
n1926
Utente Junior
 
Post: 41
Iscritto il: 24/08/06 10:48

Postdi n1926 » 15/10/06 18:47

Dopo l'eliminazione con AVS del file che ti ho scritto, ed aver fatto una scansione con Ad-Ware (con l'eliminazione di 1 TrackingCookie), i programmini come gmer, avenger e l'ultimo che mi hai postato hanno cominciato ad essere di nuovo accessibili... quindi eccoti il log (nella finestra dos cmq c'era scritto ALL DONE!)

Systemscan - http://www.suspectfile.com



-------------Users folders ----------------
Directory di C:\documents and settings
15/10/2006 02.27 <DIR> .
15/10/2006 02.27 <DIR> ..
15/10/2006 02.27 <DIR> Administrator
27/01/2006 21.45 <DIR> All Users
04/11/2004 22.40 <DIR> Default User
26/03/2006 16.33 <DIR> LocalService
26/03/2006 16.33 <DIR> NetworkService
15/10/2006 00.41 <DIR> user


-------------Dumping registry----------------

--------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run--------------------------------
[run]

--------------------------HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run--------------------------------
[run]

--------------------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon--------------------------------
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\SYSTEM32\Userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"forceunlocklogon"=dword:00000000
"AllowMultipleTSSessions"=dword:00000001
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"Background"="0 0 0"
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Senza fili"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="Utilità di pianificazione pacchetti QoS"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Script"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Mapping aree Internet Explorer"
"DllName"=expand:"iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"=expand:"iedkcs32.dll"
@="Personalizzazione Internet Explorer"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="EFS recovery"
[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Installazione software"
"DllName"=expand:"appmgmts.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="Protezione IP"
"DllName"=expand:"gptext.dll"
[Winlogon\Notify]
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"
[Winlogon\Notify\klogon]
"DllName"="C:\WINDOWS\system32\klogon.dll"
"Logon"="WLEventStop"
"Startup"="WLEventStart"
"Lock"="WLEventStart"
"Unlock"="WLEventStop"
"Logoff"="WLEventStart"
@=""
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
"QZHeQT"=dword:00000000
"FmzyfMGqJIVGstjJW"=dword:00000000

--------------------------HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon--------------------------------

--------------------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon--------------------------------
[Winlogon]
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp;Impostazioni locali\Dati applicazioni\Microsoft\Outlook"

--------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon--------------------------------

--------------------------HKLM\Software\Microsoft\Windows\CurrentVersion\Run--------------------------------
[Run]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe"
"SoundMan"="SOUNDMAN.EXE"
"Zone Labs Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
"aol"="\"D:\backup\Michele\software\active_virus_shield\avp.exe\""
"!AVG Anti-Spyware"="\"D:\backup\Michele\software\AVG Anti-Spyware 7.5\avgas.exe\" /minimized"
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE"
[Run\OptionalComponents]
[Run\OptionalComponents\IMAIL]
"Installed"="1"
[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[Run\OptionalComponents\MSFS]
"Installed"="1"

--------------------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce--------------------------------
[RunOnce]

--------------------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx--------------------------------
[RunOnceEx]

--------------------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices--------------------------------
[RunServices]

--------------------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce--------------------------------
[RunServicesOnce]

--------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run--------------------------------
[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe\""

--------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce--------------------------------
[RunOnce]

--------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx--------------------------------

--------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices--------------------------------

--------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce--------------------------------

--------------------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run--------------------------------

--------------------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run--------------------------------

--------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects--------------------------------
[Browser Helper Objects]

--------------------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks--------------------------------
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""

--------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks--------------------------------
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

--------------------------HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List--------------------------------
[List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Programmi\Phone\Skype.exe"="D:\Programmi\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Programmi\MSN Messenger\msncall.exe"="C:\Programmi\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

--------------------------HKLM\SYSTEM\ControlSet001\Control\Lsa--------------------------------
[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"LsaPid"=dword:00000274
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"
[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
@Class="acadfc59"
"Pattern"=hex:9f,09,60,cd,f5,f2,ea,92,ae,31,01,07,a2,04,7b,a7,61,63,61,64,66,\
63,35,39,00,fd,07,00,6b,06,00,00,34,fa,07,00,56,82,47,75,20,fa,07,00,40,fd,\
07,00,4c,fd,07,00,94,a4,71,d1,b5,cb,ad,4b,ee,f7,7b,ac
[Lsa\GBG]
@Class="94cbdeb5"
"GrafBlumGroup"=hex:2f,ca,96,2a,a5,c3,ed,60,a8
[Lsa\JD]
@Class="ee7bd14b"
"Lookup"=hex:60,79,d6,98,81,d0
[Lsa\Kerberos]
[Lsa\Kerberos\Domains]
[Lsa\Kerberos\SidCache]
[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000
[Lsa\Skew1]
@Class="71a4f783"
"SkewMatrix"=hex:9c,dd,af,51,32,27,46,cb,bf,0c,6f,65,25,49,41,b4
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
"Time"=hex:90,b0,9b,c0,b3,c2,c4,01
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"RpcId"=dword:0000ffff
"Time"=hex:00,e6,db,e6,f1,85,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"RpcId"=dword:00000011
"Time"=hex:00,c7,d1,ec,f1,85,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"RpcId"=dword:00000012
"Time"=hex:00,c7,d1,ec,f1,85,c4,01
"Type"=dword:00000031

--------------------------HKLM\SYSTEM\ControlSet001\Services\SharedAccess--------------------------------
[SharedAccess]
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
[SharedAccess\Epoch]
"Epoch"=dword:00005b01
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Programmi\MSN Messenger\msncall.exe"="C:\Programmi\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000
"DoNotAllowExceptions"=dword:00000001
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Programmi\Phone\Skype.exe"="D:\Programmi\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Programmi\MSN Messenger\msncall.exe"="C:\Programmi\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

--------------------------HKLM\Software\Microsoft\Ole--------------------------------
[Ole]
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"
"lgcolor"=dword:08ca6bee
"lgopen"=dword:13de4355
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

--------------------------HKEY_CLASSES_ROOT\exefile\shell\open\command--------------------------------
@="\"%1\" %*"

--------------------------HKEY_CLASSES_ROOT\comfile\shell\open\command--------------------------------
@="\"%1\" %*"

--------------------------HKEY_CLASSES_ROOT\batfile\shell\open\command--------------------------------
@="\"%1\" %*"

--------------------------HKEY_CLASSES_ROOT\piffile\shell\open\command--------------------------------
@="\"%1\" %*"

--------------------------HKEY_CLASSES_ROOT\scrFile\shell\open\command--------------------------------
@="\"%1\" /S"

--------------------------HKEY_CLASSES_ROOT\htafile\shell\open\command--------------------------------
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

--------------------------HKEY_CLASSES_ROOT\logfile\shell\open\command--------------------------------

--------------------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler--------------------------------
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"

-------------------------Encrypting File System dumping -------------------------

--------------------------HKLM\Software\Microsoft\Active Setup\Installed Components--------------------------------
[Installed Components]
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Programmi\Java\jre1.5.0_06\bin\regutils.dll"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"
[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
"ComponentID"="Director"
@="Macromedia Shockwave Director 8.5.1"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
@=""
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"ComponentID"="Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub"
@="Microsoft Windows Media Player 6.4"
[Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
"ComponentID"="Director"
@="Adobe Shockwave Director 10.1.3"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
@="Adobe Shockwave Director 10.1.3"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
@="Modulo ricerca non in linea"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Creazione avanzata"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Guida di Internet Explorer"
"ComponentID"="HelpCont"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="Classi Java DirectAnimation"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Strumenti di installazione di Internet Explorer"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
@="Miglioramenti sfoglia"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="Accesso sito MSN"
"ComponentID"="MSN_Auth"
[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Binding dati Dynamic HTML"
"ComponentID"="Tridata"
[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Font principali di Internet Explorer"
"ComponentID"="Fontcore"
[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
@=".NET Framework"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Utilità di pianificazione"
"ComponentID"="MSTASK"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@="Macromedia Flash Player 8"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="Guida HTML"
"ComponentID"="HTMLHelp"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
[Installed Components\{F2D2B58B-B2FD-46D1-8319-DCE564079934}]
@=".NET Framework"
"ComponentID"=".NETFramework"

--------------------------Comparing services --------------------------------
Result compared: Identical

--------------------------List of running services --------------------------------
Unable to enumerate available services on Windows system. (Get query)
SYSTEM SAYS: Sono disponibili altri dati.

..:: BOOT REGISTRY ::..
0) "SunJavaUpdateSched"
---> TYPE = String
---> CMD = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
---> FILE = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
1) "SoundMan"
---> TYPE = String
---> CMD = SOUNDMAN.EXE
---> FILE = C:\Programmi\Java\jre1.5.0_06\bin\SOUNDMAN.EXE
2) "Zone Labs Client"
---> TYPE = String
---> CMD = C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
---> FILE = C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
3) "aol"
---> TYPE = String
---> CMD = "D:\backup\Michele\software\active_virus_shield\avp.exe"
---> FILE = D:\backup\Michele\software\active_virus_shield\avp.exe
4) "!AVG Anti-Spyware"
---> TYPE = String
---> CMD = "D:\backup\Michele\software\AVG Anti-Spyware 7.5\avgas.exe" /minimized
---> FILE = (NOT EXISTS)
5) "VIRIT LITE MONITOR"
---> TYPE = String
---> CMD = C:\VEXPLITE\MONLITE.EXE
---> FILE = C:\VEXPLITE\MONLITE.EXE

--------------------------loaded Dlls --------------------------------
You do not have the DEBUG privilege, which is required to run this program

--------------------------ALTERNATE DATA STREAMS (NTFS only) --------------------------------

Error opening C:\hiberfil.sys:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\pagefile.sys:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

...

...


C:\digi2\immagini\Thumbs.db:
:encryptable:$DATA 0
..
C:\Documents and Settings\All Users\Documenti\Immagini\Immagini campione\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\All Users\Documenti\Musica\Musica campione\Thumbs.db:
:encryptable:$DATA 0
.
Error opening C:\Documents and Settings\LocalService\NTUSER.DAT:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\Documents and Settings\LocalService\ntuser.dat.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\Documents and Settings\NetworkService\NTUSER.DAT:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\Documents and Settings\NetworkService\ntuser.dat.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\Documents and Settings\user\NTUSER.DAT:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\Documents and Settings\user\ntuser.dat.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.



...


C:\Documents and Settings\user\Desktop\proposta libri canapa.odt:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Desktop\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\user\Desktop\Collegamenti desktop inutilizzati\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\user\Desktop\Documenti_old\My Music\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\ALCCHKID.EXE:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\ALCRMV.EXE:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\ALCRMV9X.EXE:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\ALCUPD.EXE:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\ALCXDEV.EXE:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\DATA1.CAB:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\DATA1.HDR:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\DATA2.CAB:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\GETDXVER.EXE:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\IKERNEL.EX_:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\LAYOUT.BIN:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\README.TXT:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\SetCDfmt.exe:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Setup.exe:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Setup.ini:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\SETUP.INX:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\SETUP.ISS:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\SOUNDMAN.ICO:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Ap\AVRACK.INI:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Ap\AvRack2.exe:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Ap\Classic.dll:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Ap\Cool.bmp:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Ap\Grass.bmp:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Ap\GrayScale.bmp:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Ap\Magenta.bmp:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Ap\MPIE4STD.EXE:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Ap\Mpstd.exe:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Ap\RtlRack.exe:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Ap\Wooden.bmp:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\CONFIG\Win98gold\Alcxwdm.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\CONFIG\WIN98se\Alcxinit.dat:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\CONFIG\WINME\Alcxinit.dat:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\ALCXSENS.SYS:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm.cat:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\ALCXWDM.SYS:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm0.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm1.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm10.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm11.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm12.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm13.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm14.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm15.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm16.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm17.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm18.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm19.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm2.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm20.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm21.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm22.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm3.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm4.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm5.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm6.inf:
:Zone.Identifier:$DATA 0
.
C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm7.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm8.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\Alcxwdm9.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\ALSndMgr.cpl:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\ALSNDMGR.WAV:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\AUDIO3D.DLL:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\ChCfg.exe:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\CRLDS3D.DLL:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\RtlCPAPI.dll:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\RTLCPL.EXE:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WDM\SoundMan.exe:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Win95\ALCX95.DRV:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Win95\ALCX95.INI:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Win95\ALSWWT.DRV:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Win95\ALSWWT16.DLL:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Win95\SWWTAC97.DAT:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Win95\SWWTAC97.TON:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Win95\VALCX95.INF:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\Win95\VALCX95.VXD:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WinNT4\ALCXNT.DLL:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WinNT4\ALCXNT.SYS:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WinNT4\ALSWWTNT.DAT:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WinNT4\Alswwtnt.dll:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WinNT4\Alswwtnt.sys:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WinNT4\ALSWWTNT.TON:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WinNT4\MMDRV.DLL:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WinNT4\Oemsetup.inf:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\audio\Realtek_Audio drv_V3[1].61\V3.61\WinNT4\SoundMan.exe:
:Zone.Identifier:$DATA 0

C:\Documents and Settings\user\Desktop\drivers\bios\8kmm3116.bin:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Desktop\drivers\ideminiport\miniport_533.EXE:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Desktop\drivers\skrete\v397rtl8139.zip:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Desktop\drivers\via4in1\VIA_Hyperion 4IN1_V451v\VIAHyperion4in1451v\VIAHyperion4in1451v.exe:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Desktop\LIDIA\collezione_confetti.zip:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Desktop\LIDIA\domeslau.doc:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Desktop\LIDIA\foppapedrettiprofessionebambino2006.zip:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Desktop\LIDIA\Leaflet Birbanda interno.pdf:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Desktop\LIDIA\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\user\Desktop\LIDIA\foto matrimonio nunzia piu tesi di lidia\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\user\Documenti\File ricevuti\a2006.01.28@17.35.44.JPG:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\bandiera[1].jpg:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\calendario_ainett_stephens_2006_maggio.jpg:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\come_mi_spendo_ita.pdf:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\Counting Crows - Mr. Jones.mp3:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\DSCF0069.JPG:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\DSCF0140.JPG:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\DSCN0374.JPG:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\Inni militari - Il silenzio (solo tromba).mp3:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\isola_famosi_3_481_3268.gif:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\isola_famosi_3_481_3273.gif:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\isola_famosi_3_481_3275.gif:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\moopo.jpg:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\PICT0523.JPG:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\Pixies - Doolittle - 04 - I Bleed.mp3:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\pk.jpg:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\riccucci_falchi[1].jpg:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\Silenzio.asx:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\solo1_liveaugustband.mp3:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\solo2_liveaugustband.mp3:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\solo_livejoebarbieri.mp3:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\spinello.zip:
:Zone.Identifier:$DATA 26

C:\Documents and Settings\user\Documenti\File ricevuti\Thumbs.db:
:encryptable:$DATA 0

C:\Documents and Settings\user\Documenti\File ricevuti\x1ppUPyqopddk6hTvDkYGHG4koZKTgLN-g2sztOTjaKr7ULu0MQHD9T8Erg8HdqkVWaJzbQo3_TatUXzpSspc6JaUsOUO3ZrYyUpz5-pnMq6nHyQB7uJK7fDtFfmvZtfYvyfSnuQvk3lyTTKzu33aZJ0A.jpg:
:Zone.Identifier:$DATA 26
.
C:\Documents and Settings\user\Documenti\Immagini\Thumbs.db:
:encryptable:$DATA 0
.
C:\Documents and Settings\user\Documenti\My Skype Pictures\Thumbs.db:
:encryptable:$DATA 0

Error opening C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\bl.db-journal:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\is2.db-journal:
Impossibile accedere al file. Il file è utilizzato da un altro processo.




Error opening C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

.
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\0WEIRQZO\Allegato_A_curriculum_OLP_2007 Cinzia M.doc:
:Zone.Identifier:$DATA 26
..
C:\Programmi\Install_Messenger.exe:
:Zone.Identifier:$DATA 26


...

...

...

...

...
C:\Programmi\Messenger\Thumbs.db:
:encryptable:$DATA 0


..
C:\Programmi\Microsoft Office\CLIPART\PUB60COR\Thumbs.db:
:encryptable:$DATA 0
.

...

...

...

...

...

...

...

...

...
Error opening C:\WINDOWS\system32\CatRoot2\edb.log:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\WINDOWS\system32\CatRoot2\tmp.edb:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\WINDOWS\system32\config\default:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\WINDOWS\system32\config\default.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\WINDOWS\system32\config\SAM:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\WINDOWS\system32\config\SAM.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\WINDOWS\system32\config\SECURITY:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\WINDOWS\system32\config\SECURITY.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\WINDOWS\system32\config\software:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\WINDOWS\system32\config\software.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\WINDOWS\system32\config\system:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\WINDOWS\system32\config\system.LOG:
Impossibile accedere al file. Il file è utilizzato da un altro processo.



...

.
Error opening C:\WINDOWS\system32\drivers\fidbox.dat:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\WINDOWS\system32\drivers\fidbox.idx:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\WINDOWS\system32\drivers\fidbox2.dat:
Impossibile accedere al file. Il file è utilizzato da un altro processo.


Error opening C:\WINDOWS\system32\drivers\fidbox2.idx:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

..
Error opening C:\WINDOWS\Temp\ZLT064c4.TMP:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

-------------Checking files -------------
(Unusually Runtime packers compressed exe and dll files in \, C:\WINDOWS\, C:\WINDOWS\system32\)
Note:Not all files found by this scanner are bad
---->This file compressed with Upack C:\WINDOWS\System32\IFMON.DLL
n1926
Utente Junior
 
Post: 41
Iscritto il: 24/08/06 10:48

Postdi Luke57 » 15/10/06 21:01

Ciao, non mi sembra che ci sia granchè, salvo errori.
da start>esegui>control userpasswords2 (lo digiti nello spazio)>OK
nella finestra Account utente che si apre se trovi
QZHeQT
"FmzyfMGqJIVGstjJW
"
evidenziali e rimuovili.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi n1926 » 16/10/06 00:18

quelli non ci sono. sono presenti:
nome utente gruppo
Administrator Administrators
ASPNET Users
user Utenti debugger; Administrators
... è tutto ok?

in Pannello di controllo->Strumenti di amministrazione->Servizi c'è sempre la voce in Connessioni .\QZHeQT , il cui Tipo di Avvio l'ho impostato a disattivato...così è innocuo?
n1926
Utente Junior
 
Post: 41
Iscritto il: 24/08/06 10:48

Postdi Luke57 » 16/10/06 08:03

Ciao, erano account già tolti.
Il servizio, oltre che disabilitato, non ha nemmeno più l'eseguibile.
Prova con questo comando:
start>esegui>sc delete nomedelservizio>OK
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi n1926 » 16/10/06 09:43

ottimo! ha eliminato la voce...
riassumendo,quindi, possiamo dire che è tutto ok allora? mi suggerisci di far qlc controllo?
n1926
Utente Junior
 
Post: 41
Iscritto il: 24/08/06 10:48

Postdi n1926 » 18/10/06 12:49

le cose sembrano andare bene da un paio di giorni...
volevo solo ringraziarti, visto che nn l'ho ancora fatto, x tutte le info che mi hai dato... ;) ciao ciao!
n1926
Utente Junior
 
Post: 41
Iscritto il: 24/08/06 10:48

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "Linkoptimizer":

linkoptimizer
Autore: essed
Forum: Sicurezza e Privacy
Risposte: 8

Chi c’è in linea

Visitano il forum: Nessuno e 96 ospiti