Condividi:        

regscan.exe è un virus?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

regscan.exe è un virus?

Postdi maryepucci » 04/04/07 09:54

Ragazzi virlt (che mi è scaduto) mi ha segnalato questo file come virus??
Ma è un file di sitema o è veramente un virus?
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Sponsor
 

Postdi maryepucci » 04/04/07 11:42

raga è importante..
non so se eiliminarlo manualmente oppure no :(
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Postdi fiore giallo » 04/04/07 12:03

IO credo di aver avuto lo stesso problema e lo stesso dubbio

http://www.pc-facile.com/forum/viewtopic.php?t=59715

MI sono convinta che non sia un virus se è nella cartella legittima. Sta di fatto che non capisco perché questa applicazione tentasse di connettersi a internet nel mio pc.
Aspettiamo spiegazioni più esperte.... :roll:
fiore giallo
Utente Senior
 
Post: 204
Iscritto il: 15/11/05 19:40

Postdi maryepucci » 04/04/07 14:06

si..si..aspettiamo che qualcuno ci aiuti ... :-?
speriamo prestooo :(
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Postdi fiore giallo » 04/04/07 15:59

Anche se è dal 25 di marzo che io aspetto :lol: :lol: :lol:
fiore giallo
Utente Senior
 
Post: 204
Iscritto il: 15/11/05 19:40

Postdi maryepucci » 05/04/07 08:27

possibile che nessuno sappia dirci niente??
Gestori del forum dove siete finiti? :aaah
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Postdi Luke57 » 05/04/07 08:57

Ciao, per ambedue ;)
Scaricate hijackthis della Trendmicro da qui:
http://www.majorgeeks.com/downloadget.p ... 4f2b249d83
mettete il file hijackthis_v2.exe in una cartella del disco fisso appositamente creata, tipo C:\HJT2.
Dalla nuova cartella, click sull'eseguibile, nella finestra che si apre, premere "do a system scan and save a log file", attendere l'elaborazione di un file di testo, copiare e incollare tutto il suo contenuto in un post nel forum.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Luca05 » 05/04/07 10:37

trend micro me lo segnalva come trojan e l'ho eliminato in modalità provvisoria... spero di aver fatto bene!

non ho capito se regscan è un file che mi è stato infettato o un file già infetto di suo...
Luca05
Utente Senior
 
Post: 119
Iscritto il: 04/03/05 14:32

Postdi maryepucci » 05/04/07 11:33

grazie Luke sapevo che mi avresti aiutata :lol:

ecco il mio:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.31.45, on 05/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\winlogon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\BITWARE\NT\bwprnmon.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\Java\jre1.5.0_09\bin\jucheck.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Microsoft Office\Office10\EXCEL.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\eMule\emule.exe
C:\Programmi\DataBrain\DataBrain.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Microsoft Office\Office10\WINWORD.EXE
C:\HJT2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infoimprese.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CDWCheckRubrica] C:\SEAT\CDItalia\Chkrub_cdi
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PrevxOne] C:\Programmi\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [winjficv] "c:\windows\system32\winjficv.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [CheckRubAnniversari] C:\Documents and Settings\amministratore\Documenti\SeatCDItalia\127_0_0_1\chkrub_cdi.exe "C:\Documents and Settings\amministratore\Documenti\SeatCDItalia\127_0_0_1\PB.rub" "I"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B76AAEB-55AC-4791-8617-449E45DC6705}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{4B76AAEB-55AC-4791-8617-449E45DC6705}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{4B76AAEB-55AC-4791-8617-449E45DC6705}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS3\Services\Tcpip\..\{4B76AAEB-55AC-4791-8617-449E45DC6705}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS4\Services\Tcpip\..\{4B76AAEB-55AC-4791-8617-449E45DC6705}: NameServer = 213.140.2.12,213.140.2.21
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe (file missing)
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 8886 bytes
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Postdi Luca05 » 05/04/07 12:29

ciao
guarda ne so meno di te... il programmino che hai usato lo conosco, ma non so come leggere questi dati... spero di non aver cancellato una cosa già presente e infettata successivamente.
Per non saper né leggere e né scrivere ho fatto una ricerca di regscan sul sito della microsfot tanto per verificare se è un file da loro usato/conosciuto... niente... :roll:
Luca05
Utente Senior
 
Post: 119
Iscritto il: 04/03/05 14:32

Postdi Luke57 » 05/04/07 12:39

Ciao, apri hijackthis, premi “do a system scan only”, cerca e spunta:
O4 - HKLM\..\Run: [winjficv] "c:\windows\system32\winjficv.exe"

Premi fix checked.

Poi, scarica KILLBOX da qui
http://www.bleepingcomputer.com/files/s ... illBox.zip
- estrailo sul desktop e apri la cartella che lo contiene e quindi avvialo
- Seleziona l'opzione Delete on Reboot . Nello spazio scrivi il percorso del file da eliminare
c:\windows\system32\winjficv.exe
e clicchi sulla crocetta rossa (il computer si riavvierà)

Fatto ciò, scarica SystemScan (strumento di diagnosi):
http://www.suspectfile.com/systemscan
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verrà rilasciato in C:\suspectfile il file report.txt.
Vai su:
http://www.easy-share.com
carica il file (premendo Sfoglia e poi il tasto Upload) , ti sarà fornito l'URL per scaricarlo. Incolla in un post tale URL
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Luca05 » 05/04/07 12:44

winjficv.exe

e questo cos'è?
Luca05
Utente Senior
 
Post: 119
Iscritto il: 04/03/05 14:32

Postdi fiore giallo » 05/04/07 13:16

Lo farò al più presto, grazie
Al momento non posso occuparmi tanto del pc ma appena posso vi posto un log
fiore giallo
Utente Senior
 
Post: 204
Iscritto il: 15/11/05 19:40

Postdi maryepucci » 05/04/07 13:56

niente da fare :cry:
luke l'ultimo link che mi hai dato http://www.easy-share.com quando faccio la scansione mi scarica alcuni virus..boh non capisco!!
cmq virlt mi da sempre:
windows/system32/regscan.exe come troyan ...ma perchè non è un file di sistema??
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Postdi Luke57 » 05/04/07 14:18

Ciao, devi scaricare systemscan, quello che dici è il link dove despositare il file. Leggi bene quanto ti ho scritto sopra.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi maryepucci » 05/04/07 14:44

Luke57 ha scritto:Ciao, devi scaricare systemscan, quello che dici è il link dove despositare il file. Leggi bene quanto ti ho scritto sopra.


infatti è quello che quando mi fà la scansione mi mette dei virus nei file temporanei :evil:
:roll:
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Postdi Luke57 » 05/04/07 16:08

Ciao, disattiva l'antivirus durante la scansione con systemscan, sta tranquilla che non mette alcun virus, anzi aiuta a trovarli.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi maryepucci » 05/04/07 16:14

Luke57 ha scritto:Ciao, disattiva l'antivirus durante la scansione con systemscan, sta tranquilla che non mette alcun virus, anzi aiuta a trovarli.


ok
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Postdi maryepucci » 05/04/07 16:26

OK ECCO:

systemscan - http://www.suspectfile.com - ver. 2.0.24

Date: 05/04/2007
Time: 17.13.23,25

Output limited to:
-Recent files
-Registry Run Keys
-Running Services
-Not Running Services
-Device Driver Services
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Suspicious Files

-------------Users folders -------------

Directory di C:\documents and settings

05/06/2006 21.55 <DIR> All Users
03/04/2007 18.09 <DIR> amministratore
06/06/2006 14.17 <DIR> Default User
03/04/2007 13.03 <DIR> LocalService
03/04/2007 13.03 <DIR> NetworkService
23/06/2006 12.53 <DIR> nne
19/08/2004 15.39 <DIR> vlOrhKKhK

-------------Recent files (60 days) -------------
NOTE: searched only in C:, C:\WINDOWS, C:\WINDOWS\system32, C:\Programmi\File comuni, C:\WINDOWS\temp



Directory di C:\


05/04/2007 13.51 <DIR> !KillBox
19/03/2007 12.40 <DIR> 3gptemp
04/04/2007 18.01 <DIR> VEXPLITE
22/02/2007 16.51 <DIR> Temp
05/04/2007 17.13 <DIR> suspectfile
03/04/2007 12.43 <DIR> Programmi
05/04/2007 13.50 <DIR> HJT2
05/04/2007 13.54 <DIR> WINDOWS
03/04/2007 12.09 <DIR> Documents and Settings
05/03/2007 13.23 <DIR> Avenger
08/03/2007 17.47 614 APP615.DBF
08/03/2007 14.01 3.584 APP74.DBF
08/03/2007 16.49 614 APP612.DBF
08/03/2007 17.49 614 APP604.DBF
08/03/2007 17.46 614 APP603.DBF
08/03/2007 17.48 713 APP599.DBF
08/03/2007 17.48 911 APP580.DBF
08/03/2007 17.49 1.406 APP573.DBF
08/03/2007 14.22 713 APP556.DBF
08/03/2007 14.22 6.455 APP301.DBF
12/03/2007 17.57 1.505 APP237.DBF
06/03/2007 10.31 328.007 RUBRICA DI RENATO.WAB
08/03/2007 17.46 1.208 APP166.DBF
02/04/2007 10.26 206 sysnzxl.exe
03/04/2007 17.19 418.312 sysowev.exe


Directory di C:\WINDOWS


05/04/2007 14.42 <DIR> Temp
05/04/2007 13.54 <DIR> system32
03/04/2007 13.03 <DIR> system
05/04/2007 14.08 <DIR> Prefetch
05/03/2007 12.40 565.311 gmer.dll
05/03/2007 12.40 250 gmer.ini
05/03/2007 12.40 80 gmer_uninstall.cmd
05/04/2007 09.22 116 NeroDigital.ini
03/04/2007 12.17 2.667.570 ntbtlog.txt
16/02/2007 15.43 1.257 ODBC.INI
03/04/2007 14.59 1.120 CDWCditalia.ini
05/04/2007 13.53 32.540 SchedLgU.Txt
03/04/2007 14.59 5.714 seat.LOG
16/02/2007 17.37 111.757 setupact.log
03/04/2007 13.30 433.404 setupapi.log
05/04/2007 13.54 159 wiadebug.log
05/04/2007 13.54 50 wiaservc.log
16/02/2007 15.42 1.055 win.ini
05/04/2007 14.00 405.608 WindowsUpdate.log
05/04/2007 13.54 0 0.log
30/03/2007 12.56 49 wpd99.drv


Directory di C:\WINDOWS\system32


23/02/2007 18.08 <DIR> Restore
22/03/2007 10.32 <DIR> Macromed
03/04/2007 13.04 <DIR> drivers
03/04/2007 13.29 <DIR> CatRoot2
02/04/2007 12.50 0 BWFAX
16/02/2007 15.46 594.160 FNTCACHE.DAT
26/03/2007 09.00 52.764 perfc009.dat
26/03/2007 09.00 63.180 perfc010.dat
26/03/2007 09.00 380.350 perfh009.dat
26/03/2007 09.00 425.432 perfh010.dat
26/03/2007 09.00 931.982 PerfStringBackup.INI
02/04/2007 08.54 2.206 wpa.dbl


Directory di C:\Programmi\File comuni


16/02/2007 15.41 <DIR> Microsoft Shared


Directory di C:\WINDOWS\temp





-------------HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

[run]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-------------

[run]

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe-------------

-------------HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-------------

[Windows]
"AppInit_DLLs"=""
"NoPopUpsOnBoot"=dword:00000001

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"forceunlocklogon"=dword:00000000
"AllowMultipleTSSessions"=dword:00000000
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000000
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Senza fili"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="Utilità di pianificazione pacchetti QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Script"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Mapping aree Internet Explorer"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"=expand:"iedkcs32.dll"
@="Personalizzazione Internet Explorer"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Installazione software"
"DllName"=expand:"appmgmts.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="Protezione IP"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\!SASWinLogon]
"DllName"="C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"nne"=dword:00000000
"vlOrhKKhK"=dword:00000000

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-------------

[Winlogon]
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon-------------

[Winlogon]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"CDWCheckRubrica"="C:\SEAT\CDItalia\Chkrub_cdi"
"nod32kui"="\"C:\Programmi\Eset\nod32kui.exe\" /WAITSERVICE"
"SunJavaUpdateSched"="\"C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe\""
"bwprnmon.exe"="C:\BITWARE\NT\bwprnmon.exe"
"QuickTime Task"="\"C:\Programmi\QuickTime\qttask.exe\" -atboottime"
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"SoundMan"="SOUNDMAN.EXE"
"HP Software Update"="\"C:\Programmi\HP\HP Software Update\HPWuSchd2.exe\""
"HP Component Manager"="\"C:\Programmi\HP\hpcoretech\hpcmpmgr.exe\""
"PrevxOne"="C:\Programmi\Prevx1\PXConsole.exe"
"MessengerPlus3"="\"C:\Programmi\MessengerPlus! 3\MsgPlus.exe\""
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE"

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]
"Installed"="1"

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[Run\OptionalComponents\MSFS]
"Installed"="1"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

[RunOnce]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

[RunOnceEx]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

[RunServices]

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

[RunServicesOnce]

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run-------------

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"NBJ"="\"C:\Programmi\Ahead\Nero BackItUp\NBJ.exe\""
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"CheckRubAnniversari"="C:\Documents and Settings\amministratore\Documenti\SeatCDItalia\127_0_0_1\chkrub_cdi.exe \"C:\Documents and Settings\amministratore\Documenti\SeatCDItalia\127_0_0_1\PB.rub\" \"I\""
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-------------

[RunOnce]

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-------------

[RunOnceEx]

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-------------

-------------HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-------------

[RunServicesOnce]

-------------HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-------------

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-------------

[Browser Helper Objects]

[Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
#### HKCR\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\InprocServer32 @="C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll"

[Browser Helper Objects\{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}]
#### HKCR\CLSID\{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}\InprocServer32 @="C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll"
@="Malicious Scripts Scanner"

[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll"

[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\programmi\google\googletoolbar4.dll"

-------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-------------

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\system32\shdocvw.dll"
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""
#### HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 @="C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll"

-------------HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-------------

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
#### HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\InprocServer32 @="C:\Programmi\SUPERAntiSpyware\SASSEH.DLL"

-------------HKLM\SYSTEM\ControlSet001\Control\Lsa-------------

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"LsaPid"=dword:0000030c
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="c8ef8c88"
"Pattern"=hex:93,1f,ef,97,91,b5,ef,97,ed,1f,4f,47,e2,ee,5f,d8,63,38,65,66,38,\
63,38,38,00,fd,07,00,86,05,00,00,34,fa,07,00,56,82,47,75,20,fa,07,00,40,fd,\
07,00,4c,fd,07,00,e2,5d,5e,09,4b,7d,ef,ac,9e,eb,99,c8

[Lsa\GBG]
@Class="e27d414b"
"GrafBlumGroup"=hex:92,7f,4b,59,14,69,a3,27,73

[Lsa\JD]
@Class="9e9909ac"
"Lookup"=hex:b7,48,98,6d,14,dc

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="5e5deb44"
"SkewMatrix"=hex:2b,ca,ef,b2,0e,59,e2,fb,2d,b8,65,2b,1d,67,98,4c

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:ac,62,46,20,dc,8b,c6,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"RpcId"=dword:0000ffff
"Time"=hex:00,e6,db,e6,f1,85,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"RpcId"=dword:00000011
"Time"=hex:00,c7,d1,ec,f1,85,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"RpcId"=dword:00000012
"Time"=hex:00,c7,d1,ec,f1,85,c4,01
"Type"=dword:00000031

-------------HKLM\SYSTEM\ControlSet001\Services\SharedAccess-------------

[SharedAccess]
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:0000059e

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\PAGINE BIANCHE 2005-06\CD\ServerCDItalia.exe"="C:\PAGINE BIANCHE 2005-06\CD\ServerCDItalia.exe:*:Enabled:ServerCDItalia"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4"
"C:\Programmi\Internet Explorer\IEXPLORE.EXE"="C:\Programmi\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"D:\CD\ServerCDItalia.exe"="D:\CD\ServerCDItalia.exe:*:Enabled:ServerCDItalia"
"E:\CD\ServerHttp.exe"="E:\CD\ServerHttp.exe:*:Enabled:ServerHttp"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

-------------HKLM\Software\Microsoft\Ole-------------

[Ole]
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

-------------HKEY_CLASSES_ROOT\exefile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\comfile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\batfile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\piffile\shell\open\command-------------

@="\"%1\" %*"

-------------HKEY_CLASSES_ROOT\scrFile\shell\open\command-------------

@="\"%1\" /S"

-------------HKEY_CLASSES_ROOT\htafile\shell\open\command-------------

-------------HKEY_CLASSES_ROOT\logfile\shell\open\command-------------

-------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-------------

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-------------HKLM\Software\Microsoft\Active Setup\Installed Components-------------

[Installed Components]

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\system32\msjava.dll"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
@=""
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
@="Microsoft Windows Media Player 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"
@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
@="Modulo ricerca non in linea"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Creazione avanzata"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Guida di Internet Explorer"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="Classi Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Strumenti di installazione di Internet Explorer"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
@="Miglioramenti sfoglia"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{67453764-A323-D17C-33C5-8A4E2DB87787}]
@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
"Local"="EN"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="Accesso sito MSN"
"ComponentID"="MSN_Auth"

[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Binding dati Dynamic HTML"
"ComponentID"="Tridata"

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Font principali di Internet Explorer"
"ComponentID"="Fontcore"

[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
@=".NET Framework"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Utilità di pianificazione"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="Guida HTML"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"

[Installed Components\{F041CE6D-1020-F143-2133-3FA0C874AD27}]
@=""
"ComponentID"="NetShow"
"Local"="EN"

[Installed Components\{F2D2B58B-B2FD-46D1-8319-DCE564079934}]
@=".NET Framework"
"ComponentID"=".NETFramework"

-------------Comparing registry keys CCS1 vs CCS2 -------------
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\.NET CLR Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\.NET CLR Networking
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\.NETFramework
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Abiosdsk
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\abp480n5
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ACPI
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ACPIEC
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Adobe LM Service
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\adpu160m
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aec
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AFD
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AgereSoftModem
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Aha154x
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aic78u2
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aic78xx
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ALCXWDM
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Alerter
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ALG
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AliIde
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AMON
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\amsint
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AppMgmt
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\asc
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\asc3350p
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\asc3550
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ASP.NET
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ASP.NET_1.1.4322
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aspnet_state
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AsyncMac
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\atapi
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Atdisk
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Atmarpc
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AudioSrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\audstub
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\BattC
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Beep
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\BIOS
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\BITS
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Browser
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\cbidf2k
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\cd20xrnt
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Cdaudio
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Cdfs
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Cdrom
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Changer
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\CiSvc
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ClipSrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\CmdIde
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\COMSysApp
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ContentFilter
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ContentIndex
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Cpqarray
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\CryptSvc
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\dac2w2k
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\dac960nt
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\DcomLaunch
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Disk
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\dmadmin
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\dmboot
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\dmio
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\dmload
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\dmserver
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\DMusic
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dnscache
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\dpti2o
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\drmkaud
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ERSvc
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\EventSystem
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Fastfat
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\FastUserSwitchingCompatibility
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Fdc
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\FETND5BV
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\FETNDIS
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Fips
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Flpydisk
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\FltMgr
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Fs_Rec
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Ftdisk
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\gameenum
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\gmer
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Gpc
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\gusvc
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\helpsvc
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HidServ
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\hpn
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HPZid412
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HPZipr12
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HPZius12
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HTTP
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HTTPFilter
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\i2omgmt
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\i2omp
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\i8042prt
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Imapi
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ImapiService
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\inetaccs
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ini910u
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Inport
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\IntelIde
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\intelppm
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Ip6Fw
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\IpFilterDriver
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\IpInIp
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\IpNat
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\IPSec
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\IRENUM
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ISAPISearch
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\isapnp
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Kbdclass
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\kmixer
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\KSecDD
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\lanmanserver
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\lanmanworkstation
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\lbrtfdc
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ldap
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\LicenseService
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\LightScribeService
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\LmHosts
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MDM
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Messenger
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mnmdd
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mnmsrvc
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Modem
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MODEMCSA
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Mouclass
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MountMgr
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mraid35x
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MRxDAV
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MRxSmb
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MSDTC
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Msfs
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MSIServer
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MSKSSRV
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MSPCLOCK
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MSPQM
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Mup
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NDIS
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NdisTapi
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Ndisuio
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NdisWan
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NDProxy
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetBIOS
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetBT
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetDDE
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetDDEdsdm
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetGbc
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Npfs\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NtLmSsp Start REG_DWORD 4 (0x4)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\NtLmSsp Start REG_DWORD 3 (0x3)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Null\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NwlnkFlt\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NwlnkFwd\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\P3
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Parport\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PartMgr\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PCIDump\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PCIIde\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PDCOMP\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PDFRAME\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PDRELI\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PDRFRAME\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PerfNet\Performance WbemAdapFileTime REG_BINARY 0020CA751432C101
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\PerfNet\Performance WbemAdapFileTime REG_BINARY 00B805140C32C101
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Pml Driver HPZ12\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PptpMiniport\Parameters
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\PREVXAgent Group REG_SZ PrevxAgentGroup
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\PREVXAgent Tag REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PrevxEmulator\Parameters
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\PrevxTdi Tag REG_DWORD 8 (0x8)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PSched\Performance WbemAdapFileTime REG_BINARY 0020CA751432C101
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\PSched\Performance WbemAdapFileTime REG_BINARY 00B805140C32C101
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Ptilink\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\PXRDDriver\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Rasl2tp\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RasPppoe\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Raspti\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Rdbss\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RDPCDD\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\rdpdr\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RDPWD\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RDSessMgr\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\redbook\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RemoteAccess\Performance WbemAdapFileTime REG_BINARY 0020CA751432C101
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\RemoteAccess\Performance WbemAdapFileTime REG_BINARY 00B805140C32C101
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RemoteRegistry Start REG_DWORD 4 (0x4)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\RemoteRegistry Start REG_DWORD 2 (0x2)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RSVP\Parameters StartBlocker REG_SZ
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\RSVP\Parameters StartBlocker REG_SZ !"$%&$#!%&$#!$#%!&$#&%!$#%$"!DF!CXY!DWCER"!
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RSVP\Parameters Requests REG_SZ
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\RSVP\Parameters Requests REG_SZ !"$%&$#!%&$#!$#%!&$#&%!$#%$"!DF!CXY!DWCER"!
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RSVP\Parameters Upcalls REG_SZ
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\RSVP\Parameters Upcalls REG_SZ !"$%&$#!%&$#!$#%!&$#&%!$#%$"!DF!CXY!DWCER"!
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RSVP\Performance WbemAdapFileTime REG_BINARY 0020CA751432C101
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\RSVP\Performance WbemAdapFileTime REG_BINARY 00B805140C32C101
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SASDIFSV\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SASENUM\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SASKUTIL\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SCardSvr\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Schedule FailureActions REG_BINARY 805101000000000000000000030000004D00410001000000701700000100000060EA00000000000000000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Schedule FailureActions REG_BINARY 805101000000000000000000030000000500030001000000701700000100000060EA00000000000000000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Secdrv\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\serenum\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Sfloppy\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 1438 (0x59E)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 615 (0x267)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List D:\CD\ServerCDItalia.exe REG_SZ D:\CD\ServerCDItalia.exe:*:Enabled:ServerCDItalia
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List E:\CD\ServerHttp.exe REG_SZ E:\CD\ServerHttp.exe:*:Enabled:ServerHttp
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\splitter\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Srv\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sscdbus\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sscdmdfl\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sscdmdm\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\StatusAgent4
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\swenum\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\swmidi\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SwPrv ImagePath REG_EXPAND_SZ C:\WINDOWS\system32\dllhost.exe /Processid:{39F3D769-1093-4EB1-9E26-1B968009C0CB}
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SwPrv ImagePath REG_EXPAND_SZ C:\WINDOWS\system32\dllhost.exe /Processid:{F0DBD7CD-6E25-4638-A474-EE59562992E8}
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SwPrv\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sysaudio\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SysmonLog Start REG_DWORD 4 (0x4)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SysmonLog Start REG_DWORD 3 (0x3)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SysVii\Parameters
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SysVii\Security
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TapiSrv\Performance WbemAdapFileTime REG_BINARY 0020CA751432C101
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\TapiSrv\Performance WbemAdapFileTime REG_BINARY 00B805140C32C101
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters NV Hostname REG_SZ maria1
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters NV Hostname REG_SZ maria
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters DataBasePath REG_SZ %SystemRoot%\System32\drivers\etc
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters DataBasePath REG_EXPAND_SZ %SystemRoot%\System32\drivers\etc
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters Hostname REG_SZ maria1
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters Hostname REG_SZ maria
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters DisableTaskOffload REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters DisableDynamicUpdate REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters EnablePMTUBHDetect REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters EnablePMTUDiscovery REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters SackOpts REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters Tcp1323Opts REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters TcpMaxDataRetransmissions REG_DWORD 5 (0x5)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters TcpMaxDupAcks REG_DWORD 2 (0x2)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters TcpNumConnections REG_DWORD 100 (0x64)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\ServiceProvider Class REG_DWORD 1 (0x1)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\ServiceProvider Class REG_DWORD 8 (0x8)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\ServiceProvider DnsPriority REG_DWORD 7 (0x7)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\ServiceProvider DnsPriority REG_DWORD 2000 (0x7D0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\ServiceProvider HostsPriority REG_DWORD 6 (0x6)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\ServiceProvider HostsPriority REG_DWORD 500 (0x1F4)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\ServiceProvider LocalPriority REG_DWORD 5 (0x5)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\ServiceProvider LocalPriority REG_DWORD 499 (0x1F3)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\ServiceProvider NetbtPriority REG_DWORD 8 (0x8)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\ServiceProvider NetbtPriority REG_DWORD 2001 (0x7D1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TDPIPE\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TDTCP\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TermDD\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TermService\Parameters Certificate REG_BINARY 01000000010000000100000006005C005253413148000000000200003F00000001000100EBB64C10B0E8663300A2B32A2AA9E1FEDC0C09A5DFB7F74C9362E1F81C562DA74D09C2E7B4B3F9255F5BBD215EC2E231361BBFF7D2464825B4E0956B958F93D4000000000000000008004800D9E17F09946AAC8C0DBADE7EE2FBD56B7CCC6D1F7DBD98F149EAD25F20D9A9030AC820789BC589EE1951F0BF759CFF35F60E7D45462BDB870B54365CECC19A5A0000000000000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\TermService\Parameters Certificate REG_BINARY 01000000010000000100000006005C005253413148000000000200003F000000010001008BFDB4BAF4FE94E97C745594E9CC22F38624FB0F4D8A32F37A4F1EAD821E7EA9B8C408DBB030DCF4D4890E45B8F6CE4C86F6099AE54DF5B1528438BC01D2E1CE000000000000000008004800D19F18CCD16B41247891535613B47D44E6628069FAD5E8E75DAF43C6C72789D5CD2C48184A2D3960B7B99FCA8FF18C763C65AE9AF3C8EE3BB42296F7069D292C0000000000000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TermService\Performance Last Counter REG_DWORD 3158 (0xC56)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\TermService\Performance Last Counter REG_DWORD 2182 (0x886)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TermService\Performance Last Help REG_DWORD 3159 (0xC57)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\TermService\Performance Last Help REG_DWORD 2183 (0x887)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TermService\Performance First Counter REG_DWORD 3030 (0xBD6)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\TermService\Performance First Counter REG_DWORD 2054 (0x806)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TermService\Performance First Help REG_DWORD 3031 (0xBD7)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\TermService\Performance First Help REG_DWORD 2055 (0x807)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TermService\Performance Object List REG_SZ 3030 3152 3030 3152
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\TermService\Performance Object List REG_SZ 2054 2176 2054 2176
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TermService\Performance Library Validation Code REG_BINARY 0020CA751432C1010030000000000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\TermService\Performance Library Validation Code REG_BINARY 00B805140C32C1010030000000000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TermService\Performance WbemAdapFileTime REG_BINARY 0020CA751432C101
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\TermService\Performance WbemAdapFileTime REG_BINARY 00B805140C32C101
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Themes FailureActions REG_BINARY 805101000000000000000000030000004D0041000100000060EA00000100000060EA00000000000000000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Themes FailureActions REG_BINARY 8051010000000000000000000300000041004D000100000060EA00000100000060EA00000000000000000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\UMWdf
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Update\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\upnphost FailureActions REG_BINARY FFFFFFFF000000000000000001000000000000000100000000000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\upnphost FailureActions REG_BINARY FFFFFFFF000000000000000001000000090003000100000000000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\UPS\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\usbccgp\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\usbehci\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\usbhub\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\usbprint\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\usbscan\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\USBSTOR\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\usbuhci\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\VgaSave\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\viagfx\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ViaIde\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\VIRAGTLT
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\viritsvclite
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\VolSnap\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\VSS\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\VXD
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Wanarp\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\WDICA\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\wdmaud\Parameters
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\WinSock2\Parameters\NameSpace_Catalog5 Serial_Access_Num REG_DWORD 16 (0x10)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\WinSock2\Parameters\NameSpace_Catalog5 Serial_Access_Num REG_DWORD 4 (0x4)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\WinSock2\Parameters\Protocol_Catalog9 Num_Catalog_Entries REG_DWORD 11 (0xB)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\WinSock2\Parameters\Protocol_Catalog9 Num_Catalog_Entries REG_DWORD 13 (0xD)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 PackedCatalogItem REG_BINARY 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C000F020A00000028090F02000000004A0A0F02000000006C0B0F0200000000960C0F02A6000000B80D0F0200000000E20E0F020000000004100F029500000026110F020000000050120F020000000072130F020000000094140F0200000000BE150F0205000000E0160F029A00000002180F020000000024190F0200000000461A0F0200000000681B0F02000000008A1C0F022F000000AC1D0F0280000000CE1E0F021E000000F81F0F02D20000001A210F02B90000003C220F0277000000FD000101640074020830E002383BE0022049412E0AA336803468747470733A2F2F7777776600020000000000000000000000000008000000A01A0FE78BABCF118CA300805F48A192E9030000010000000000000000000000000000000000000000000000000000000000000002000000020000001000000010000000010000000600000000000000000000000000000000000000000000004D00530041004600440020005400630070006900700020005B005400430050002F00490050005D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 PackedCatalogItem REG_BINARY 696D6F6E2E646C6C006F74255C73797374656D33325C6D7377736F636B2E646C6C000F020A00000028090F02000000004A0A0F02000000006C0B0F0200000000960C0F02A6000000B80D0F0200000000E20E0F020000000004100F029500000026110F020000000050120F020000000072130F020000000094140F0200000000BE150F0205000000E0160F029A00000002180F020000000024190F0200000000461A0F0200000000681B
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Postdi maryepucci » 05/04/07 16:33

ops scusate... :oops:
ecco l'url

http://w12.easy-share.com/970452.html

e ora??
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "regscan.exe è un virus?":

Virus o cosa?
Autore: danibi60
Forum: Sicurezza e Privacy
Risposte: 26

Chi c’è in linea

Visitano il forum: Nessuno e 59 ospiti