Condividi:        

Cavallo di troia!!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Postdi Luke57 » 03/07/07 08:21

Ciao, prelevalo da qui:
http://www.sendmefile.com/00550922
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Sponsor
 

Postdi smells » 04/07/07 01:04

Ehi ciao sono riuscito a fare lo scan...ho pronto il report però nel sito ke mi hai dato mi chiede l'email del destinatario...grazie ancora...
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi smells » 04/07/07 18:50

se mi daresti la tua email ti mando il report...grz
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi Luke57 » 04/07/07 18:56

smells ha scritto:se mi daresti la tua email ti mando il report...grz

Ciao, mettilo qui:
http://www.easy-share.com/
copia e incolla, poi, il primo link che ti sarà fornito.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi smells » 04/07/07 19:03

ecco fatto...
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi smells » 04/07/07 19:03

ecco fatto...il link è questo..http://www.easy-share.com/cgi-bin/owner.cgi
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi smells » 04/07/07 19:10

SystemScan - http://www.suspectfile.com - ver. 3.2.0

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 03/07/2007
Time: 21.42.35

Output limited to:
-Recent files
-PC accounts
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Duplicates in BAK folders
-Svchost.exe instances
-Network settings
-Include HOSTS file
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Suspicious Files
-Include hijackthis.log
-Installed Applications

===================== Accounts on this PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| Guest (Disabled)
| HelpAssistant (Disabled)
Yes | katanga
| SUPPORT_388945a0 (Disabled)

### users folders

10/01/2007 19.02.10 (DIR) 0 byte 174 days old -- All Users
23/01/2007 17.09.42 (DIR) 0 byte 161 days old -- Default User
13/06/2007 00.29.17 (DIR) 0 byte 20 days old -- LocalService
13/06/2007 00.29.17 (DIR) 0 byte 20 days old -- NetworkService
14/06/2007 17.38.25 (DIR) 0 byte 19 days old -- katanga
28/06/2007 16.32.11 1470 byte 5 days old -- kctpjftl.txt

===================== Recent files (60 days old)=====================

----- recent files in C:\
05/05/2007 19.07.13 244 byte 59 days old -- sqmnoopt13.sqm
05/05/2007 19.07.13 232 byte 59 days old -- sqmdata12.sqm
05/05/2007 19.07.28 244 byte 59 days old -- sqmnoopt14.sqm
05/05/2007 19.07.28 232 byte 59 days old -- sqmdata13.sqm
05/05/2007 19.07.47 232 byte 59 days old -- sqmdata14.sqm
05/05/2007 19.07.47 244 byte 59 days old -- sqmnoopt15.sqm
05/05/2007 19.07.54 232 byte 59 days old -- sqmdata15.sqm
05/05/2007 19.07.54 244 byte 59 days old -- sqmnoopt16.sqm
05/05/2007 19.08.06 232 byte 59 days old -- sqmdata16.sqm
05/05/2007 19.08.06 244 byte 59 days old -- sqmnoopt17.sqm
19/05/2007 19.30.32 244 byte 45 days old -- sqmnoopt18.sqm
19/05/2007 19.30.32 232 byte 45 days old -- sqmdata17.sqm
19/05/2007 19.30.38 244 byte 45 days old -- sqmnoopt19.sqm
19/05/2007 19.30.38 232 byte 45 days old -- sqmdata18.sqm
19/05/2007 19.30.45 232 byte 45 days old -- sqmdata19.sqm
19/05/2007 19.30.45 244 byte 45 days old -- sqmnoopt00.sqm
19/05/2007 19.32.36 244 byte 45 days old -- sqmnoopt01.sqm
19/05/2007 19.32.36 232 byte 45 days old -- sqmdata00.sqm
13/06/2007 02.21.04 12303385 byte 20 days old -- AVG7QT.DAT
19/06/2007 20.32.15 244 byte 14 days old -- sqmnoopt02.sqm
19/06/2007 20.32.15 232 byte 14 days old -- sqmdata01.sqm
19/06/2007 20.32.34 232 byte 14 days old -- sqmdata02.sqm
19/06/2007 20.32.34 244 byte 14 days old -- sqmnoopt03.sqm
19/06/2007 20.33.59 244 byte 14 days old -- sqmnoopt04.sqm
19/06/2007 20.33.59 232 byte 14 days old -- sqmdata03.sqm
22/06/2007 20.43.00 (DIR) 0 byte 11 days old -- $VAULT$.AVG
26/06/2007 22.18.45 (DIR) 0 byte 7 days old -- Program Files
26/06/2007 22.25.08 (DIR) 0 byte 7 days old -- VundoFix Backups
27/06/2007 22.14.34 372 byte 6 days old -- VundoFix.txt
30/06/2007 20.27.26 (DIR) 0 byte 3 days old -- Documents and Settings
30/06/2007 20.27.54 3104 byte 3 days old -- avenger.txt
30/06/2007 20.28.03 (DIR) 0 byte 3 days old -- avenger
01/07/2007 20.22.17 (DIR) 0 byte 2 days old -- WINDOWS
01/07/2007 20.23.09 (DIR) 0 byte 2 days old -- Programmi
03/07/2007 21.33.25 (DIR)1610612736 byte 0 days old -- pagefile.sys
03/07/2007 21.42.35 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
05/05/2007 14.32.19 0 byte 59 days old -- setuperr.log
02/06/2007 17.04.34 15944 byte 31 days old -- DPINST.LOG
12/06/2007 12.17.05 30384 byte 21 days old -- Passepartout.exe
13/06/2007 00.29.13 (DIR) 0 byte 20 days old -- system
14/06/2007 21.04.37 2122 byte 19 days old -- wmsetup10.log
15/06/2007 00.03.13 0 byte 18 days old -- Sti_Trace.log
22/06/2007 20.36.32 281786 byte 11 days old -- ntbtlog.txt
22/06/2007 22.14.24 (DIR) 0 byte 11 days old -- Installer
26/06/2007 00.19.53 (DIR) 0 byte 7 days old -- Help
26/06/2007 00.19.54 (DIR) 0 byte 7 days old -- SoftwareDistribution
26/06/2007 01.05.37 (DIR) 0 byte 7 days old -- $NtUninstallKB898461$
26/06/2007 01.05.43 8250 byte 7 days old -- KB898461.log
26/06/2007 01.06.02 (DIR) 0 byte 7 days old -- $MSI31Uninstall_KB893803v2$
26/06/2007 01.06.13 9365 byte 7 days old -- KB893803v2.log
26/06/2007 23.24.28 (DIR) 0 byte 7 days old -- $NtUninstallKB928843$
26/06/2007 23.24.33 16438 byte 7 days old -- KB928843.log
26/06/2007 23.24.39 (DIR) 0 byte 7 days old -- $NtUninstallKB890859$
26/06/2007 23.24.46 20522 byte 7 days old -- KB890859.log
26/06/2007 23.24.49 (DIR) 0 byte 7 days old -- $NtUninstallKB914389$
26/06/2007 23.24.52 19184 byte 7 days old -- KB914389.log
26/06/2007 23.24.55 (DIR) 0 byte 7 days old -- $NtUninstallKB920683$
26/06/2007 23.24.57 19765 byte 7 days old -- KB920683.log
26/06/2007 23.25.01 (DIR) 0 byte 7 days old -- $NtUninstallKB908519$
26/06/2007 23.25.03 19579 byte 7 days old -- KB908519.log
26/06/2007 23.25.07 (DIR) 0 byte 7 days old -- $NtUninstallKB894391$
26/06/2007 23.25.11 21805 byte 7 days old -- KB894391.log
26/06/2007 23.25.13 (DIR) 0 byte 7 days old -- $NtUninstallKB935839$
26/06/2007 23.25.17 21833 byte 7 days old -- KB935839.log
26/06/2007 23.25.20 (DIR) 0 byte 7 days old -- $NtUninstallKB896428$
26/06/2007 23.25.22 21544 byte 7 days old -- KB896428.log
26/06/2007 23.25.26 (DIR) 0 byte 7 days old -- $NtUninstallKB913580$
26/06/2007 23.25.29 23096 byte 7 days old -- KB913580.log
26/06/2007 23.25.33 (DIR) 0 byte 7 days old -- $NtUninstallKB905749$
26/06/2007 23.25.35 23297 byte 7 days old -- KB905749.log
26/06/2007 23.25.39 (DIR) 0 byte 7 days old -- $NtUninstallKB908531$
26/06/2007 23.25.47 23794 byte 7 days old -- KB908531.log
26/06/2007 23.25.51 (DIR) 0 byte 7 days old -- $NtUninstallKB904706$
26/06/2007 23.25.53 23191 byte 7 days old -- KB904706.log
26/06/2007 23.25.55 (DIR) 0 byte 7 days old -- $NtUninstallKB930916$
26/06/2007 23.25.58 23583 byte 7 days old -- KB930916.log
26/06/2007 23.26.01 (DIR) 0 byte 7 days old -- $NtUninstallKB916595$
26/06/2007 23.26.04 23404 byte 7 days old -- KB916595.log
26/06/2007 23.26.06 (DIR) 0 byte 7 days old -- $NtUninstallKB886185$
26/06/2007 23.26.09 17526 byte 7 days old -- KB886185.log
27/06/2007 19.42.03 (DIR) 0 byte 6 days old -- $NtUninstallKB935840$
27/06/2007 19.42.09 29513 byte 6 days old -- KB935840.log
27/06/2007 19.42.19 (DIR) 0 byte 6 days old -- $NtUninstallKB920213$
27/06/2007 19.42.23 18232 byte 6 days old -- KB920213.log
27/06/2007 19.42.28 (DIR) 0 byte 6 days old -- $NtUninstallKB900725$
27/06/2007 19.42.36 19763 byte 6 days old -- KB900725.log
27/06/2007 19.42.40 (DIR) 0 byte 6 days old -- $NtUninstallKB888302$
27/06/2007 19.42.48 18671 byte 6 days old -- KB888302.log
27/06/2007 19.42.54 (DIR) 0 byte 6 days old -- $NtUninstallKB926255$
27/06/2007 19.43.00 20097 byte 6 days old -- KB926255.log
27/06/2007 19.43.06 (DIR) 0 byte 6 days old -- $NtUninstallKB918118$
27/06/2007 19.43.10 20813 byte 6 days old -- KB918118.log
27/06/2007 19.43.16 (DIR) 0 byte 6 days old -- $NtUninstallKB922582$
27/06/2007 19.43.18 15510 byte 6 days old -- KB922582.log
27/06/2007 19.43.22 (DIR) 0 byte 6 days old -- $NtUninstallKB923191$
27/06/2007 19.43.24 19537 byte 6 days old -- KB923191.log
27/06/2007 19.43.28 (DIR) 0 byte 6 days old -- $NtUninstallKB901214$
27/06/2007 19.43.31 21668 byte 6 days old -- KB901214.log
27/06/2007 19.43.34 (DIR) 0 byte 6 days old -- $NtUninstallKB932168$
27/06/2007 19.43.37 23611 byte 6 days old -- KB932168.log
27/06/2007 19.43.40 (DIR) 0 byte 6 days old -- $NtUninstallKB917953$
27/06/2007 19.43.43 23096 byte 6 days old -- KB917953.log
27/06/2007 19.43.46 (DIR) 0 byte 6 days old -- $NtUninstallKB905414$
27/06/2007 19.43.48 23836 byte 6 days old -- KB905414.log
27/06/2007 19.43.54 (DIR) 0 byte 6 days old -- $NtUninstallKB917344$
27/06/2007 19.43.58 24649 byte 6 days old -- KB917344.log
27/06/2007 19.44.02 (DIR) 0 byte 6 days old -- $NtUninstallKB914388$
27/06/2007 19.44.05 25161 byte 6 days old -- KB914388.log
27/06/2007 19.44.10 (DIR) 0 byte 6 days old -- $NtUninstallKB919007$
27/06/2007 19.44.13 24983 byte 6 days old -- KB919007.log
27/06/2007 19.44.17 (DIR) 0 byte 6 days old -- $NtUninstallKB930178$
27/06/2007 19.44.19 25541 byte 6 days old -- KB930178.log
27/06/2007 19.44.25 (DIR) 0 byte 6 days old -- $NtUninstallKB920872$
27/06/2007 19.44.28 30343 byte 6 days old -- KB920872.log
27/06/2007 19.44.31 (DIR) 0 byte 6 days old -- $NtUninstallKB926436$
27/06/2007 19.44.34 24746 byte 6 days old -- KB926436.log
27/06/2007 19.44.37 (DIR) 0 byte 6 days old -- $NtUninstallKB890046$
27/06/2007 19.44.40 24815 byte 6 days old -- KB890046.log
27/06/2007 19.44.47 (DIR) 0 byte 6 days old -- $NtUninstallKB902400$
27/06/2007 19.44.59 32191 byte 6 days old -- KB902400.log
27/06/2007 19.45.02 (DIR) 0 byte 6 days old -- $NtUninstallKB918439$
27/06/2007 19.45.05 29955 byte 6 days old -- KB918439.log
27/06/2007 19.45.07 (DIR) 0 byte 6 days old -- $NtUninstallKB891781$
27/06/2007 19.45.10 29164 byte 6 days old -- KB891781.log
27/06/2007 19.45.13 (DIR) 0 byte 6 days old -- $NtUninstallKB920670$
27/06/2007 19.45.15 29754 byte 6 days old -- KB920670.log
27/06/2007 19.45.20 (DIR) 0 byte 6 days old -- $NtUninstallKB929123$
27/06/2007 19.45.24 30573 byte 6 days old -- KB929123.log
27/06/2007 19.45.28 (DIR) 0 byte 6 days old -- $NtUninstallKB925902$
27/06/2007 19.45.32 31871 byte 6 days old -- KB925902.log
27/06/2007 19.45.40 (DIR) 0 byte 6 days old -- $NtUninstallKB911564$
27/06/2007 19.45.45 45152 byte 6 days old -- KB911564.log
27/06/2007 19.45.52 (DIR) 0 byte 6 days old -- $NtUninstallKB923689$
27/06/2007 19.45.55 47330 byte 6 days old -- KB923689.log
27/06/2007 19.45.59 (DIR) 0 byte 6 days old -- $NtUninstallKB910437$
27/06/2007 19.46.01 24343 byte 6 days old -- KB910437.log
27/06/2007 19.46.15 (DIR) 0 byte 6 days old -- $NtUninstallKB933566$
27/06/2007 19.46.32 42903 byte 6 days old -- KB933566.log
27/06/2007 19.46.36 (DIR) 0 byte 6 days old -- $NtUninstallKB896358$
27/06/2007 19.46.40 37831 byte 6 days old -- KB896358.log
27/06/2007 19.46.43 (DIR) 0 byte 6 days old -- $NtUninstallKB887472$
27/06/2007 19.46.46 35991 byte 6 days old -- KB887472.log
27/06/2007 19.46.50 (DIR) 0 byte 6 days old -- $NtUninstallKB931836$
27/06/2007 19.46.53 48275 byte 6 days old -- KB931836.log
27/06/2007 19.46.55 (DIR) 0 byte 6 days old -- $hf_mig$
27/06/2007 19.46.57 (DIR) 0 byte 6 days old -- $NtUninstallKB927891$
27/06/2007 19.47.00 29993 byte 6 days old -- KB927891.log
27/06/2007 19.47.15 (DIR) 0 byte 6 days old -- $NtUninstallKB924496$
27/06/2007 19.47.25 38543 byte 6 days old -- KB924496.log
27/06/2007 19.47.29 (DIR) 0 byte 6 days old -- $NtUninstallKB873339$
27/06/2007 19.47.34 36387 byte 6 days old -- KB873339.log
27/06/2007 19.47.37 (DIR) 0 byte 6 days old -- $NtUninstallKB931261$
27/06/2007 19.47.40 37617 byte 6 days old -- KB931261.log
27/06/2007 19.47.44 (DIR) 0 byte 6 days old -- $NtUninstallKB924270$
27/06/2007 19.47.47 39725 byte 6 days old -- KB924270.log
27/06/2007 19.47.50 (DIR) 0 byte 6 days old -- $NtUninstallKB900485$
27/06/2007 19.47.54 44072 byte 6 days old -- KB900485.log
27/06/2007 19.47.57 (DIR) 0 byte 6 days old -- $NtUninstallKB896423$
27/06/2007 19.48.01 35291 byte 6 days old -- KB896423.log
27/06/2007 19.48.04 (DIR) 0 byte 6 days old -- $NtUninstallKB924667$
27/06/2007 19.48.06 (DIR) 0 byte 6 days old -- WinSxS
27/06/2007 19.48.08 37744 byte 6 days old -- KB924667.log
27/06/2007 19.48.11 (DIR) 0 byte 6 days old -- $NtUninstallKB911562$
27/06/2007 19.48.15 40667 byte 6 days old -- KB911562.log
27/06/2007 19.48.18 (DIR) 0 byte 6 days old -- $NtUninstallKB911280$
27/06/2007 19.48.22 41063 byte 6 days old -- KB911280.log
27/06/2007 19.48.26 (DIR) 0 byte 6 days old -- $NtUninstallKB923980$
27/06/2007 19.48.30 41753 byte 6 days old -- KB923980.log
27/06/2007 19.48.38 (DIR) 0 byte 6 days old -- $NtUninstallKB893756$
27/06/2007 19.48.41 40453 byte 6 days old -- KB893756.log
27/06/2007 19.48.45 (DIR) 0 byte 6 days old -- $NtUninstallKB920685$
27/06/2007 19.48.48 40544 byte 6 days old -- KB920685.log
27/06/2007 19.48.51 (DIR) 0 byte 6 days old -- $NtUninstallKB899591$
27/06/2007 19.48.54 40230 byte 6 days old -- KB899591.log
27/06/2007 19.48.59 (DIR) 0 byte 6 days old -- $NtUninstallKB901017$
27/06/2007 19.49.01 39908 byte 6 days old -- KB901017.log
27/06/2007 19.49.08 (DIR) 0 byte 6 days old -- $NtUninstallKB925398_WMP64$
27/06/2007 19.49.12 55925 byte 6 days old -- KB925398.log
27/06/2007 19.49.14 (DIR) 0 byte 6 days old -- $NtUninstallKB911927$
27/06/2007 19.49.18 40414 byte 6 days old -- KB911927.log
27/06/2007 19.49.21 (DIR) 0 byte 6 days old -- $NtUninstallKB929969$
27/06/2007 19.49.25 41959 byte 6 days old -- KB929969.log
27/06/2007 19.49.32 (DIR) 0 byte 6 days old -- $NtUninstallKB931784$
27/06/2007 19.49.39 43634 byte 6 days old -- KB931784.log
27/06/2007 19.49.44 558200 byte 6 days old -- setupapi.log
27/06/2007 19.49.44 (DIR) 0 byte 6 days old -- $NtUninstallKB917734_WMP9$
27/06/2007 19.49.49 55505 byte 6 days old -- KB917734.log
27/06/2007 19.49.54 (DIR) 0 byte 6 days old -- $NtUninstallKB928255$
27/06/2007 19.50.04 43155 byte 6 days old -- KB928255.log
27/06/2007 19.50.07 (DIR) 0 byte 6 days old -- $NtUninstallKB923414$
27/06/2007 19.50.11 42744 byte 6 days old -- KB923414.log
27/06/2007 19.50.13 (DIR) 0 byte 6 days old -- $NtUninstallKB885836$
27/06/2007 19.50.16 39581 byte 6 days old -- KB885836.log
27/06/2007 19.50.20 (DIR) 0 byte 6 days old -- $NtUninstallKB885835$
27/06/2007 19.50.24 40322 byte 6 days old -- KB885835.log
27/06/2007 19.50.27 (DIR) 0 byte 6 days old -- $NtUninstallKB922819$
27/06/2007 19.50.30 43368 byte 6 days old -- KB922819.log
27/06/2007 19.50.33 (DIR) 0 byte 6 days old -- $NtUninstallKB924191$
27/06/2007 19.50.37 43565 byte 6 days old -- KB924191.log
27/06/2007 19.50.40 (DIR) 0 byte 6 days old -- $NtUninstallKB927802$
27/06/2007 19.50.43 43240 byte 6 days old -- KB927802.log
27/06/2007 19.50.48 (DIR) 0 byte 6 days old -- $NtUninstallKB927779$
27/06/2007 19.50.51 46355 byte 6 days old -- KB927779.log
27/06/2007 19.50.51 1374 byte 6 days old -- imsins.BAK
27/06/2007 19.50.54 (DIR) 0 byte 6 days old -- $NtUninstallKB899587$
27/06/2007 19.50.57 27267 byte 6 days old -- updspapi.log
27/06/2007 19.50.58 30108 byte 6 days old -- ocmsn.log
27/06/2007 19.50.58 227448 byte 6 days old -- ocgen.log
27/06/2007 19.50.58 24258 byte 6 days old -- tabletoc.log
27/06/2007 19.50.58 46845 byte 6 days old -- KB899587.log
27/06/2007 19.50.58 220038 byte 6 days old -- tsoc.log
27/06/2007 19.50.58 97269 byte 6 days old -- ntdtcsetup.log
27/06/2007 19.50.58 482256 byte 6 days old -- FaxSetup.log
27/06/2007 19.50.58 33150 byte 6 days old -- MedCtrOC.log
27/06/2007 19.50.58 24102 byte 6 days old -- msgsocm.log
27/06/2007 19.50.58 1374 byte 6 days old -- imsins.log
27/06/2007 19.50.58 (DIR) 0 byte 6 days old -- inf
27/06/2007 19.50.58 523886 byte 6 days old -- iis6.log
27/06/2007 19.50.58 84474 byte 6 days old -- netfxocm.log
27/06/2007 19.50.58 159983 byte 6 days old -- comsetup.log
27/06/2007 19.50.58 147926 byte 6 days old -- msmqinst.log
27/06/2007 20.07.49 (DIR) 0 byte 6 days old -- msagent
27/06/2007 20.08.24 923 byte 6 days old -- spupdsvc.log
01/07/2007 20.19.51 (DIR) 0 byte 2 days old -- system32
01/07/2007 21.04.12 50 byte 2 days old -- wiaservc.log
02/07/2007 01.19.35 216 byte 1 days old -- wiadebug.log
02/07/2007 22.40.11 15719 byte 1 days old -- wmsetup.log
03/07/2007 09.54.26 116 byte 0 days old -- NeroDigital.ini
03/07/2007 20.01.07 (DIR) 0 byte 0 days old -- Prefetch
03/07/2007 21.32.08 32602 byte 0 days old -- SchedLgU.Txt
03/07/2007 21.33.33 2048 byte 0 days old -- bootstat.dat
03/07/2007 21.34.00 0 byte 0 days old -- 0.log
03/07/2007 21.34.03 (DIR) 0 byte 0 days old -- Temp
03/07/2007 21.35.16 1903636 byte 0 days old -- WindowsUpdate.log

----- recent files in C:\WINDOWS\Downloaded Program Files\

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
05/05/2007 13.10.45 (DIR) 0 byte 59 days old -- Restore
16/05/2007 17.12.56 683520 byte 48 days old -- inetcomm.dll
17/05/2007 11.15.30 (DIR) 0 byte 47 days old -- Naughty America The Game - Screensaver dir
17/05/2007 13.01.47 30592 byte 47 days old -- mlfcache.dat
31/05/2007 08.44.42 638976 byte 33 days old -- divxdec.ax
31/05/2007 08.44.54 823296 byte 33 days old -- divx_xx0c.dll
31/05/2007 08.44.54 802816 byte 33 days old -- divx_xx11.dll
31/05/2007 08.44.54 740442 byte 33 days old -- DivX.dll
31/05/2007 08.44.55 823296 byte 33 days old -- divx_xx07.dll
31/05/2007 08.45.07 524288 byte 33 days old -- DivXsm.exe
31/05/2007 08.45.07 4816 byte 33 days old -- divxsm.tlb
02/06/2007 17.10.08 4245 byte 31 days old -- jupdate-1.6.0_01-b06.log
13/06/2007 23.16.09 147729 byte 20 days old -- libssl32.dll
13/06/2007 23.16.09 684567 byte 20 days old -- libeay32.dll
16/06/2007 23.23.47 75776 byte 17 days old -- haaahaa.dll.bak
16/06/2007 23.24.00 92672 byte 17 days old -- hhkhnnou.dll
16/06/2007 23.24.14 750592 byte 17 days old -- nhrmkchj.dll
18/06/2007 20.11.49 140288 byte 15 days old -- ytjmqxzl.dll.bak
20/06/2007 21.39.08 140288 byte 13 days old -- ytjmqxzl.dll
21/06/2007 02.04.06 75776 byte 12 days old -- haaahaa.dll
26/06/2007 00.19.42 (DIR) 0 byte 7 days old -- SoftwareDistribution
26/06/2007 01.05.39 (DIR) 0 byte 7 days old -- PreInstall
27/06/2007 19.41.35 752512 byte 6 days old -- PerfStringBackup.INI
27/06/2007 19.41.36 311912 byte 6 days old -- perfh009.dat
27/06/2007 19.41.36 345368 byte 6 days old -- perfh010.dat
27/06/2007 19.41.36 47706 byte 6 days old -- perfc010.dat
27/06/2007 19.41.36 40108 byte 6 days old -- perfc009.dat
27/06/2007 19.44.55 (DIR) 0 byte 6 days old -- Com
27/06/2007 19.46.50 122268 byte 6 days old -- TZLog.log
27/06/2007 20.07.50 (DIR) 0 byte 6 days old -- dllcache
27/06/2007 20.07.53 190592 byte 6 days old -- FNTCACHE.DAT
30/06/2007 22.44.21 (DIR) 0 byte 3 days old -- CatRoot2
02/07/2007 16.16.41 (DIR) 0 byte 1 days old -- drivers
03/07/2007 21.33.23 5361 byte 0 days old -- ikhcore.log
03/07/2007 21.33.36 2206 byte 0 days old -- wpa.dbl
03/07/2007 21.33.46 87970 byte 0 days old -- nvapps.xml

----- recent files in C:\WINDOWS\system32\drivers\
13/06/2007 00.29.58 4224 byte 20 days old -- avg7rsw.sys
13/06/2007 00.30.00 4960 byte 20 days old -- avgtdi.sys
13/06/2007 00.37.13 777984 byte 20 days old -- avg7core.sys
13/06/2007 00.37.13 27776 byte 20 days old -- avg7rsxp.sys
13/06/2007 00.37.41 3968 byte 20 days old -- avgclean.sys
28/06/2007 16.32.12 60416 byte 5 days old -- hcfabht^.sys
01/07/2007 20.21.50 30592 byte 2 days old -- ikhfile.sys
01/07/2007 20.21.51 51072 byte 2 days old -- ikhlayer.sys
03/07/2007 21.34.08 (DIR) 0 byte 0 days old -- etc

----- recent files in C:\WINDOWS\temp\
07/05/2007 12.13.03 0 byte 57 days old -- exp1C.tmp
08/05/2007 19.03.28 0 byte 56 days old -- exp12.tmp
09/05/2007 20.41.08 0 byte 55 days old -- exp1B.tmp
11/05/2007 07.13.04 0 byte 53 days old -- exp19.tmp
12/05/2007 15.07.35 0 byte 52 days old -- exp1A.tmp
13/05/2007 15.44.55 0 byte 51 days old -- exp8F4.tmp
14/05/2007 16.42.42 0 byte 50 days old -- exp278D.tmp
15/05/2007 17.42.26 0 byte 49 days old -- exp3B07.tmp
16/05/2007 18.42.37 0 byte 48 days old -- exp669B.tmp
17/05/2007 19.42.26 0 byte 47 days old -- exp7915.tmp
18/05/2007 20.11.46 0 byte 46 days old -- exp1F.tmp
21/05/2007 11.03.52 0 byte 43 days old -- exp1D.tmp
22/05/2007 11.04.27 0 byte 42 days old -- exp1FFC.tmp
23/05/2007 12.04.26 0 byte 41 days old -- exp37C9.tmp
24/05/2007 14.07.55 0 byte 40 days old -- exp13.tmp
25/05/2007 14.08.51 0 byte 39 days old -- exp9F.tmp
26/05/2007 14.08.52 0 byte 38 days old -- exp248.tmp
30/05/2007 12.46.36 0 byte 34 days old -- exp37D.tmp
31/05/2007 20.19.29 0 byte 33 days old -- exp11.tmp
02/06/2007 02.07.00 0 byte 31 days old -- exp14.tmp
03/06/2007 17.00.47 0 byte 30 days old -- exp1E.tmp
04/06/2007 17.02.08 0 byte 29 days old -- exp898.tmp
05/06/2007 17.47.07 0 byte 28 days old -- expBD2.tmp
06/06/2007 17.56.45 0 byte 27 days old -- exp6F0.tmp
07/06/2007 18.19.34 0 byte 26 days old -- expF.tmp
08/06/2007 19.13.44 0 byte 25 days old -- exp7A.tmp
09/06/2007 19.21.59 0 byte 24 days old -- exp253.tmp
10/06/2007 20.20.25 0 byte 23 days old -- exp25.tmp
11/06/2007 22.13.20 0 byte 22 days old -- exp15.tmp
12/06/2007 22.45.54 0 byte 21 days old -- exp10.tmp
29/07/2007 18.37.42 16384 byte -26 days old -- Perflib_Perfdata_c50.dat

----- recent files in C:\Programmi\
02/06/2007 15.08.01 (DIR) 0 byte 31 days old -- Mozilla Firefox
02/06/2007 17.04.26 (DIR) 0 byte 31 days old -- MSN Messenger
02/06/2007 17.10.08 (DIR) 0 byte 31 days old -- Java
02/06/2007 17.13.26 (DIR) 0 byte 31 days old -- Messenger Plus! Live
03/06/2007 19.33.20 (DIR) 0 byte 30 days old -- mIRC
07/06/2007 00.11.42 (DIR) 0 byte 26 days old -- DivX
12/06/2007 23.02.44 (DIR) 0 byte 21 days old -- Eset
13/06/2007 13.21.08 (DIR) 0 byte 20 days old -- File comuni
25/06/2007 11.58.08 (DIR) 0 byte 8 days old -- VirusTotalUploader
27/06/2007 19.45.22 (DIR) 0 byte 6 days old -- Outlook Express
27/06/2007 19.45.42 (DIR) 0 byte 6 days old -- Windows Media Player
27/06/2007 19.46.22 (DIR) 0 byte 6 days old -- Internet Explorer
27/06/2007 19.46.45 (DIR) 0 byte 6 days old -- Messenger
01/07/2007 20.13.22 (DIR) 0 byte 2 days old -- MalwareSweeper.com
01/07/2007 20.23.20 (DIR) 0 byte 2 days old -- a-squared Anti-Malware
02/07/2007 16.16.41 (DIR) 0 byte 1 days old -- Spyware Doctor
03/07/2007 09.45.47 (DIR) 0 byte 0 days old -- WinRAR
03/07/2007 21.33.54 (DIR) 0 byte 0 days old -- eMule

----- recent files in C:\Programmi\File comuni\
15/05/2007 16.50.54 (DIR) 0 byte 49 days old -- Real
27/06/2007 19.45.21 (DIR) 0 byte 6 days old -- System

----- recent files in C:\Documents and Settings\katanga\Dati applicazioni\
15/05/2007 16.50.52 (DIR) 0 byte 49 days old -- Real
12/06/2007 23.05.30 (DIR) 0 byte 21 days old -- DivX
22/06/2007 20.36.23 (DIR) 0 byte 11 days old -- AVG7
22/06/2007 22.15.07 (DIR) 0 byte 11 days old -- Microsoft
01/07/2007 20.19.43 (DIR) 0 byte 2 days old -- PC Tools
03/07/2007 09.45.47 (DIR) 0 byte 0 days old -- Help

----- recent files in C:\DOCUME~1\katanga\IMPOST~1\Temp\
08/05/2007 09.41.30 (DIR) 0 byte 56 days old -- WMC0000.tmp
14/05/2007 14.16.29 37120 byte 50 days old -- f39a_appcompat.txt
14/05/2007 19.46.28 3668 byte 50 days old -- cnv2EFC.tmp
14/05/2007 23.07.27 43160 byte 50 days old -- 1d11_appcompat.txt
15/05/2007 12.04.19 3668 byte 49 days old -- cnv3509.tmp
18/05/2007 20.11.33 3668 byte 46 days old -- cnv13.tmp
25/05/2007 09.15.50 (DIR) 0 byte 39 days old -- WERa757.dir00
25/05/2007 09.16.14 (DIR) 0 byte 39 days old -- WERf2ce.dir00
25/05/2007 09.16.57 (DIR) 0 byte 39 days old -- WERa3f4.dir00
25/05/2007 09.17.02 (DIR) 0 byte 39 days old -- WERb21c.dir00
02/06/2007 15.01.27 0 byte 31 days old -- IH917.tmp
02/06/2007 17.08.23 1160 byte 31 days old -- jinstall.cfg
02/06/2007 17.09.31 0 byte 31 days old -- java_install.log
04/06/2007 23.24.29 512 byte 29 days old -- ~DFA2EB.tmp
04/06/2007 23.24.29 622592 byte 29 days old -- ~DFA2E0.tmp
04/06/2007 23.24.39 512 byte 29 days old -- ~DFB082.tmp
04/06/2007 23.24.39 622592 byte 29 days old -- ~DFB06F.tmp
05/06/2007 13.24.21 697 byte 28 days old -- IH2E1.tmp
05/06/2007 15.10.55 780 byte 28 days old -- dw.log
05/06/2007 15.11.00 16384 byte 28 days old -- ~WRF0002.tmp
05/06/2007 15.11.03 1536 byte 28 days old -- ~WRS0001.tmp
06/06/2007 20.39.07 7888 byte 27 days old -- jar_cache19577.tmp
09/06/2007 22.24.20 (DIR) 0 byte 24 days old -- WER732e.dir00
10/06/2007 16.09.26 7888 byte 23 days old -- jar_cache56387.tmp
11/06/2007 22.29.04 38969 byte 22 days old -- jar_cache60365.tmp
12/06/2007 12.16.58 38969 byte 21 days old -- jar_cache22616.tmp
12/06/2007 13.45.06 32768 byte 21 days old -- ~DF6FD3.tmp
12/06/2007 13.46.18 32768 byte 21 days old -- ~DF5C09.tmp
12/06/2007 14.50.27 32768 byte 21 days old -- ~DFB91C.tmp
12/06/2007 23.02.42 (DIR) 0 byte 21 days old -- ~nsu.tmp
12/06/2007 23.05.35 49152 byte 21 days old -- ~DFF391.tmp
13/06/2007 00.30.07 287691 byte 20 days old -- avg7inst.log
13/06/2007 00.30.10 (DIR) 0 byte 20 days old -- RarSFX0
13/06/2007 00.31.52 426 byte 20 days old -- IMTB.xml
13/06/2007 00.31.52 2050 byte 20 days old -- IMTA.xml
13/06/2007 00.31.53 798998 byte 20 days old -- IMTC.xml
13/06/2007 00.36.34 3072 byte 20 days old -- regincd2.exe
13/06/2007 00.38.00 3584 byte 20 days old -- regtdi.exe
13/06/2007 10.46.50 830 byte 20 days old -- WINWORD.log
13/06/2007 10.46.54 1706 byte 20 days old -- wecerr.txt
13/06/2007 10.47.07 (DIR) 0 byte 20 days old -- Word8.0
15/06/2007 10.13.04 0 byte 18 days old -- x3n8.tmp
20/06/2007 21.44.02 45283 byte 13 days old -- jar_cache12753.tmp
21/06/2007 23.40.12 7888 byte 12 days old -- jar_cache57932.tmp
22/06/2007 22.26.44 7888 byte 11 days old -- jar_cache6757.tmp
22/06/2007 22.53.39 (DIR) 0 byte 11 days old -- msohtml1
25/06/2007 10.49.09 7888 byte 8 days old -- jar_cache59118.tmp
26/06/2007 00.38.29 9216 byte 7 days old -- tywf.exe
26/06/2007 00.38.30 210 byte 7 days old -- jar_cache1653.tmp
26/06/2007 10.13.06 7888 byte 7 days old -- jar_cache58331.tmp
26/06/2007 20.35.10 7888 byte 7 days old -- jar_cache51061.tmp
26/06/2007 22.26.35 7888 byte 7 days old -- jar_cache39532.tmp
26/06/2007 22.27.14 7888 byte 7 days old -- jar_cache6245.tmp
26/06/2007 23.14.18 7888 byte 7 days old -- jar_cache59163.tmp
27/06/2007 07.59.02 121 byte 6 days old -- DFC5A2B2.TMP
27/06/2007 19.43.05 7888 byte 6 days old -- jar_cache60402.tmp
27/06/2007 21.18.36 7888 byte 6 days old -- jar_cache40911.tmp
27/06/2007 22.10.09 (DIR) 0 byte 6 days old -- hsperfdata_katanga
28/06/2007 08.30.16 7888 byte 5 days old -- jar_cache7412.tmp
28/06/2007 16.28.53 7888 byte 5 days old -- jar_cache55370.tmp
29/06/2007 08.09.55 8612 byte 4 days old -- java_install_reg.log
29/06/2007 08.09.57 7888 byte 4 days old -- jar_cache42664.tmp
01/07/2007 20.13.41 16384 byte 2 days old -- ~DFCDFA.tmp
01/07/2007 20.18.47 (DIR) 0 byte 2 days old -- DRDld
01/07/2007 20.19.37 0 byte 2 days old -- StpB.tmp
01/07/2007 20.22.51 (DIR) 0 byte 2 days old -- is-65345.tmp
02/07/2007 20.12.19 16384 byte 1 days old -- ~DF1144.tmp
02/07/2007 22.40.04 12818 byte 1 days old -- control.xml
03/07/2007 21.26.48 (DIR) 0 byte 0 days old -- MessengerCache
03/07/2007 21.38.43 41047 byte 0 days old -- jusched.log
03/07/2007 21.42.32 16384 byte 0 days old -- ~DF5324.tmp
03/07/2007 21.42.35 (DIR) 0 byte 0 days old -- nsz8.tmp

===================== Duplicates in BAK folders =====================

No BAK folders found

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe\""
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"KernelFaultCheck"=expand:"%systemroot%\system32\dumprep 0 -k"
"ClientGW"=""
"eSnips"="\"C:\Programmi\eSnips\ClientGW.exe\""
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP"
"a-squared"="\"C:\Programmi\a-squared Anti-Malware\a2guard.exe\""

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]
"Installed"="1"

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[Run\OptionalComponents\MSFS]
"Installed"="1"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"BitTorrent"="\"C:\Programmi\BitTorrent\bittorrent.exe\" --force_start_minimized"
"DAEMON Tools"="\"C:\Programmi\DAEMON Tools\daemon.exe\" -lang 1033"
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
"Malware Sweeper"="C:\Programmi\MalwareSweeper.com\MalwareSweeper\MalSwep.exe"
"Spyware Doctor"="\"C:\Programmi\Spyware Doctor\swdoctor.exe\" /Q"
"eMuleAutoStart"="C:\Programmi\eMule\emule.exe -AutoStart"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE"
"Spyware Doctor"="\"C:\Programmi\Spyware Doctor\swdoctor.exe\" /Q"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[Run]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\System32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Senza fili"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="Utilità di pianificazione pacchetti QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Script"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Mapping aree Internet Explorer"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"=expand:"iedkcs32.dll"
"@="Personalizzazione Internet Explorer"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installazione software"
"DllName"=expand:"appmgmts.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="Protezione IP"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\egdptnfr]
"DLLName"="haaahaa.dll"
"Logoff"="WLEventLogoff"
"Logon"="WLEventLogon"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]
"Status"=dword:00000000
"RsopStatus"=dword:00000000
"LastPolicyTime"=dword:00daf7ea
"PrevSlowLink"=dword:00000000
"PrevRsopLogging"=dword:00000001
"ForceRefreshFG"=dword:00000000

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx"

[Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
#### HKCR\CLSID\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\InprocServer32 @="C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll"

[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{8E23B2D6-0676-41EB-891F-36967B772234}]

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\programmi\google\googletoolbar2.dll"

[Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
#### HKCR\CLSID\{B56A7D7D-6927-48C8-A975-17DF180C71AC}\InprocServer32 @="C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\System32\shdocvw.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----

-----HKCU\Control Panel\Desktop\-----

[Desktop]

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\System32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"LsaPid"=dword:00000398
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="83b3c657"
"Pattern"=hex:19,f9,74,34,44,da,ba,89,12,f5,12,cf,f1,c2,5c,73,38,33,62,33,63,\
36,35,37,00,68,08,00,01,00,00,00,d8,00,00,00,dc,00,00,00,48,fa,06,00,d6,48,\
53,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,6c,41,95,26

[Lsa\GBG]
@Class="6cd7f087"
"GrafBlumGroup"=hex:5d,ae,53,f2,77,c9,b1,32,21

[Lsa\JD]
@Class="0fc82658"
"Lookup"=hex:10,d7,a2,91,57,54

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="95416838"
"SkewMatrix"=hex:4f,3e,b4,f0,f0,ad,4b,20,1e,64,60,9b,b5,e6,fe,cf

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:bc,da,8a,be,b3,6b,c7,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,4e,a0,48,fa,85,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,2f,96,4e,fa,85,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,2f,96,4e,fa,85,c4,01
"Type"=dword:00000031

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."

[SharedAccess\Epoch]
"Epoch"=dword:00000735

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\MSN Messenger\msncall.exe"="C:\Programmi\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programmi\MSN Messenger\livecall.exe"="C:\Programmi\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Programmi\BitTorrent\bittorrent.exe"="C:\Programmi\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Programmi\LimeWire\LimeWire.exe"="C:\Programmi\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\Programmi\MSN Messenger\msncall.exe"="C:\Programmi\MSN Messenger\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\Programmi\mIRC\mirc.exe"="C:\Programmi\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programmi\MSN Messenger\livecall.exe"="C:\Programmi\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Programmi\Grisoft\AVG7\avginet.exe"="C:\Programmi\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Programmi\Grisoft\AVG7\avgemc.exe"="C:\Programmi\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"16525:UDP"="16525:UDP:*:Enabled:Rosso Alice UDP"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{EDA78C2E-5242-4304-8AF0-0DBCE20689F8}"=dword:00000001
"{CE6C3AD0-E4E4-4D4A-9233-F0CC12EE366F}"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{5FC7FC15-1755-4430-A4B7-A5EF1DD68E38}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

[VB and VBA Program Settings\Euro Add-in]

[VB and VBA Program Settings\Euro Add-in\Wizard Options]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

[MountPoints2]

[MountPoints2\C]
"BaseClass"="Drive"

[MountPoints2\D]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,df,\
df,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,20,00,00,00,08,00,00,00

[MountPoints2\E]
"BaseClass"="Drive"

[MountPoints2\F]
"BaseClass"="Drive"

[MountPoints2\{007d8012-20e7-11dc-8de7-000b6a735c66}]
"BaseClass"="Drive"
"_CommentFromDesktopINI"=""
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
"_LabelFromReg"="SmElLs"

[MountPoints2\{0f7e1cb6-a0d1-11db-bbd5-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,e0,00,00,00,08,07,00,00

[MountPoints2\{0f7e1cb7-a0d1-11db-bbd5-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{2bf3b225-c819-11db-8d1f-0008c74bdb96}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,01,00,00

[MountPoints2\{31949530-18c4-11dc-8dd7-000b6a735c66}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00

[MountPoints2\{38f24cfc-a623-11db-a1df-0008c74bdb96}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,01,01,00,5f,\
5f,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,20,00,00,00,0a,00,00,00

[MountPoints2\{38f24cfc-a623-11db-a1df-0008c74bdb96}\shell]
@="None"

[MountPoints2\{38f24cfc-a623-11db-a1df-0008c74bdb96}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{38f24cfc-a623-11db-a1df-0008c74bdb96}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{38f24cfc-a623-11db-a1df-0008c74bdb96}\_Autorun]

[MountPoints2\{38f24cfc-a623-11db-a1df-0008c74bdb96}\_Autorun\DefaultIcon]
@="E:\autorun6e.exe"

[MountPoints2\{4170d93c-6597-1018-8dbd-0008c74bdb96}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00

[MountPoints2\{4170d93c-6597-1018-8dbd-0008c74bdb96}\shell]
@="None"

[MountPoints2\{4170d93c-6597-1018-8dbd-0008c74bdb96}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{4170d93c-6597-1018-8dbd-0008c74bdb96}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{a5d9ce1f-c209-1471-ac3b-000b6a735c66}]
"BaseClass"="Drive"

[MountPoints2\{def52f09-a3c1-11db-a1db-000b6a735c66}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,01,00,00

[MountPoints2\{def52f09-a3c1-11db-a1db-000b6a735c66}\shell]
@="None"

[MountPoints2\{def52f09-a3c1-11
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi Luke57 » 05/07/07 07:44

Ciao, non può entrci tutto il report in un post, non è difficilo inserirlo nel sito che ti ho indicato, ci vai, inserici il file testo con sfoglia e premendo upload, una volta caricatgo ti appare un link, il primo, generalmente l'indirizzo del sito seguito dal numero, copi e incolli il link in un post.
Inoltre mi sembra strano che vundofix non ti abbia trovato niente, hai un'infezione, così pare, da trojan vundo e varianti.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi smells » 05/07/07 18:51

ehi ciao...ci sn riuscito...ecco qui..http://w13.easy-share.com/1452261.html ps..cn vundo ho appena riprovato a fare lo scan..mi dice sempre nessuna infezione trovata..grazie ancora
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi Luke57 » 05/07/07 21:56

Scarica The Avenger
http://swandog46.geekstogo.com/avenger.zip
Avvia il programma,clicca su Input Script Manually
clicca sulla icona con la lente di ingrandimento
si aprirà una nuova finestra con scritto View/edit script

In quella finestra bianca copia e incolla (ctrl+v) le scritte in neretto:


folders to delete:
C:\WINDOWS\temp
C:\DOCUME~1\katanga\IMPOST~1\Temp


Files to delete:
C:\WINDOWS\ Passepartout.exe
C:\WINDOWS\system32\haaahaa.dll.bak
C:\WINDOWS\system32\hhkhnnou.dll
C:\WINDOWS\system32\nhrmkchj.dll
C:\WINDOWS\system32\ytjmqxzl.dll.bak
C:\WINDOWS\system32\ytjmqxzl.dll
C:\WINDOWS\Tasks\XoftSpySE.job
C:\WINDOWS\Tasks\AA8A20929181D24A.job

Registry keys to delete:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon \Notify\egdptnfr


Clicca sul pulsante Done
Adesso clicca sul semaforo con la luce verde
Rispondi Yes 2 volte
Il pc si dovrebbe riavviare,se non si riavvia,riavvialo manualmente

Al riavvio collegati e posta il contenuto del file C:\Avenger.txt

Inoltre vai in C:\Windows\System32\drivers\etc\Hosts ed apri il file hosts con blocco note; il file dovrebbe risultare così:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# Questo è un esempio di file HOSTS usato da Microsoft TCP/IP per Windows.
#
# Questo file contiene la mappatura degli indirizzi IP ai nomi host.
# Ogni voce dovrebbe occupare una singola riga. L'indirizzo IP dovrebbe
# trovarsi nella prima colonna seguito dal nome host corrispondente.
# L'indirizzo e il nome host dovrebbero essere separati da almeno uno spazio
# o punto di tabulazione.
#
# È inoltre possibile inserire commenti (come questi) nelle singole righe
# o dopo il nome del computer caratterizzato da un simbolo '#'.
#
# Per esempio:
#
# 102.54.94.97 rhino.acme.com # server origine
# 38.25.63.10 x.acme.com # client host x

127.0.0.1 localhost



-Alla fine delle righe contrassegnate da # deve esserci solo questo:
127.0.0.1 localhost

Elimina gli altri siti presenti sotto la dicitura, salva ed esci.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Luke57 » 06/07/07 09:36

Ciao, mi sono accorto che ho indicato male una voce dello script da inserire in avenger. Ecco quello corretto:

folders to delete:
C:\WINDOWS\temp
C:\DOCUME~1\katanga\IMPOST~1\Temp


Files to delete:
C:\WINDOWS\Passepartout.exe
C:\WINDOWS\system32\haaahaa.dll.bak
C:\WINDOWS\system32\hhkhnnou.dll
C:\WINDOWS\system32\nhrmkchj.dll
C:\WINDOWS\system32\ytjmqxzl.dll.bak
C:\WINDOWS\system32\ytjmqxzl.dll
C:\WINDOWS\Tasks\XoftSpySE.job
C:\WINDOWS\Tasks\AA8A20929181D24A.job

Registry keys to delete:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon \Notify\egdptnfr
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi smells » 06/07/07 15:49

ciao..grazie davvero x l'aiuto sei molto chiaro..nn ho capito solo 1 cosa...dp qst # devo scrivere solo 127.0.0.1 localhost e cancellare tutto il resto? tutto qui? grazie...
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi smells » 06/07/07 15:51

il report è qst...Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ucktrvjb

*******************

Script file located at: \??\C:\WINDOWS\djrivqxp.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\WINDOWS\temp deleted successfully.
Folder C:\DOCUME~1\katanga\IMPOST~1\Temp deleted successfully.
File C:\WINDOWS\Passepartout.exe deleted successfully.


Could not open file C:\WINDOWS\system32\haaahaa.dll.bak for deletion
Deletion of file C:\WINDOWS\system32\haaahaa.dll.bak failed!

Could not process line:
C:\WINDOWS\system32\haaahaa.dll.bak
Status: 0xc0000022

File C:\WINDOWS\system32\hhkhnnou.dll deleted successfully.
File C:\WINDOWS\system32\nhrmkchj.dll deleted successfully.
File C:\WINDOWS\system32\ytjmqxzl.dll.bak deleted successfully.
File C:\WINDOWS\system32\ytjmqxzl.dll deleted successfully.
File C:\WINDOWS\Tasks\XoftSpySE.job deleted successfully.
File C:\WINDOWS\Tasks\AA8A20929181D24A.job deleted successfully.


Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon \Notify\egdptnfr not found!
Deletion of registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon \Notify\egdptnfr failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi Luke57 » 06/07/07 16:27

Ciao, lo lasci così:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# Questo è un esempio di file HOSTS usato da Microsoft TCP/IP per Windows.
#
# Questo file contiene la mappatura degli indirizzi IP ai nomi host.
# Ogni voce dovrebbe occupare una singola riga. L'indirizzo IP dovrebbe
# trovarsi nella prima colonna seguito dal nome host corrispondente.
# L'indirizzo e il nome host dovrebbero essere separati da almeno uno spazio
# o punto di tabulazione.
#
# È inoltre possibile inserire commenti (come questi) nelle singole righe
# o dopo il nome del computer caratterizzato da un simbolo '#'.
#
# Per esempio:
#
# 102.54.94.97 rhino.acme.com # server origine
# 38.25.63.10 x.acme.com # client host x

127.0.0.1 localhost

cancelli tutto quello al di sotto dell'ultima frase, lo salvi ed esci.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi smells » 07/07/07 00:54

ehy..ho fatto come hai detto...e ora?:) grazie mille x l'aiuto nn mi stanco mai di dirtelo!!
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi Luke57 » 07/07/07 17:48

Ciao, riutilizza avenger con questo script:


Files to delete:
C:\WINDOWS\system32\haaahaa.dll.


Registry keys to delete:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon \Notify\egdptnfr

Posta poi il report di avenger + nuovo log di hijackthis.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi smells » 07/07/07 19:41

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jrchswos

*******************

Script file located at: \??\C:\qgglcmks.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\WINDOWS\system32\haaahaa.dll. for deletion
Deletion of file C:\WINDOWS\system32\haaahaa.dll. failed!

Could not process line:
C:\WINDOWS\system32\haaahaa.dll.
Status: 0xc0000022



Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon \Notify\egdptnfr not found!
Deletion of registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon \Notify\egdptnfr failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi smells » 07/07/07 19:42

Logfile of HijackThis v1.99.1
Scan saved at 20.42.11, on 07/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\katanga\Desktop\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {8E23B2D6-0676-41EB-891F-36967B772234} - c:\windows\system32\haaahaa.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [eSnips] "C:\Programmi\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.rossoalice.it
O15 - Trusted Zone: *.rossoalice.virgilio.it
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://smells1.spaces.live.com//PhotoUp ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8552446703
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://static.waverevenue.com/website.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE6C3AD0-E4E4-4D4A-9233-F0CC12EE366F}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: egdptnfr - C:\WINDOWS\SYSTEM32\haaahaa.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi Luke57 » 07/07/07 21:07

Ciao, non si riesce ad avere ragione di quella dll, boh.
Riutilizza avenger con questo script:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:
c:\windows\system32\haaahaa.dll

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E23B2D6-0676-41EB-891F-36967B772234}
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon \Notify\egdptnfr
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi smells » 09/07/07 15:49

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kxxuonrt

*******************

Script file located at: \??\C:\WINDOWS\system32\rnnikkkl.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file c:\windows\system32\haaahaa.dll for deletion
Deletion of file c:\windows\system32\haaahaa.dll failed!

Could not process line:
c:\windows\system32\haaahaa.dll
Status: 0xc0000022

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.


Could not open registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E23B2D6-0676-41EB-891F-36967B772234} for deletion
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E23B2D6-0676-41EB-891F-36967B772234} failed!
Status: 0xc0000022



Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon \Notify\egdptnfr not found!
Deletion of registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon \Notify\egdptnfr failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.



sono nelle mani di dio?
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "Cavallo di troia!!!":


Chi c’è in linea

Visitano il forum: Nessuno e 33 ospiti