___________________________________________________________________________________________________
devi eliminare anche questi qui

aef6aa2f C:\Documents and Settings\Renato\Dati applicazioni\drivers\winupgro.exe

415fc83995272b36248ff9df0e8cc95d C:\Documents and Settings\Renato\Dati applicazioni\drivers\winupgro.exe
___________________________________________________________________________________________________


Una mia dimenticanza.
Sono rimasto con questo lavoro incompiuto, che non so come fare e dove trovarli.

All'interno di ....dati applicazioni... non c'è la cartella ...drivers... di conseguenza neanche winupgro.exe

Ho fatto la ricerca del file "winupgro.exe" è negativa.

Eccomi! A causa di impegni vari vado un pò a singhiozzo.


ComboFix 09-02-01.01 - Renato 2009-02-02 14.42.01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1535.1127 [GMT 1:00]
Eseguito da: c:\documents and settings\Renato\Desktop\PROGRAMMI per PULIZIA e Controlli\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090201-0] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
c:\windows\system32\ftpupd.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-01-02 al 2009-02-02 )))))))))))))))))))))))))))))))))))
.

2009-02-01 20:16 . 2009-02-01 20:16 <DIR> d-------- c:\programmi\CCleaner
2009-01-31 19:14 . 2009-01-31 19:14 <DIR> d-------- c:\programmi\Windows Defender
2009-01-31 12:03 . 2009-01-31 12:03 <DIR> d-------- c:\documents and settings\Renato\DoctorWeb
2009-01-30 22:33 . 2009-01-30 23:29 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-30 22:33 . 2009-01-30 22:33 <DIR> d-------- c:\documents and settings\Renato\Dati applicazioni\Malwarebytes
2009-01-30 22:33 . 2009-01-30 22:33 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-30 22:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-30 22:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-30 17:52 . 2009-01-31 15:11 <DIR> d-------- c:\programmi\FindyKill
2009-01-29 23:54 . 2009-01-30 11:06 <DIR> d-------- c:\programmi\AVS4YOU
2009-01-29 18:45 . 2009-01-29 18:45 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-29 18:45 . 2009-01-29 18:45 1,409 --a------ c:\windows\QTFont.for
2009-01-26 23:09 . 2009-01-29 23:57 324 --a------ c:\windows\system32\BIN_STRSBW.SPT
2009-01-24 11:20 . 2009-01-24 11:20 <DIR> d-------- c:\programmi\SIW
2009-01-21 16:05 . 2009-01-21 16:26 <DIR> d-------- c:\documents and settings\Renato\Dati applicazioni\FileZilla
2009-01-19 17:07 . 2009-01-19 17:07 <DIR> d-------- c:\documents and settings\Renato\Dati applicazioni\Photodex
2009-01-12 15:39 . 2009-01-12 15:39 268 --ah----- C:\sqmdata19.sqm
2009-01-12 15:39 . 2009-01-12 15:39 244 --ah----- C:\sqmnoopt19.sqm
2009-01-12 11:30 . 2009-01-12 11:30 268 --ah----- C:\sqmdata18.sqm
2009-01-12 11:30 . 2009-01-12 11:30 244 --ah----- C:\sqmnoopt18.sqm
2009-01-11 21:14 . 2009-01-11 21:14 244 --ah----- C:\sqmnoopt17.sqm
2009-01-11 21:14 . 2009-01-11 21:14 232 --ah----- C:\sqmdata17.sqm
2009-01-11 17:34 . 2009-01-11 17:34 268 --ah----- C:\sqmdata16.sqm
2009-01-11 17:34 . 2009-01-11 17:34 244 --ah----- C:\sqmnoopt16.sqm
2009-01-11 11:26 . 2009-02-01 22:23 244 --ah----- C:\sqmnoopt15.sqm
2009-01-11 11:26 . 2009-02-01 22:23 232 --ah----- C:\sqmdata15.sqm
2009-01-10 21:16 . 2009-02-01 22:23 244 --ah----- C:\sqmnoopt14.sqm
2009-01-10 21:16 . 2009-02-01 22:23 232 --ah----- C:\sqmdata14.sqm
2009-01-10 20:44 . 2009-02-01 22:23 244 --ah----- C:\sqmnoopt13.sqm
2009-01-10 20:44 . 2009-02-01 22:23 232 --ah----- C:\sqmdata13.sqm
2009-01-10 18:50 . 2009-02-01 22:23 244 --ah----- C:\sqmnoopt12.sqm
2009-01-10 18:50 . 2009-02-01 22:23 232 --ah----- C:\sqmdata12.sqm
2009-01-10 18:18 . 2009-02-01 22:23 244 --ah----- C:\sqmnoopt11.sqm
2009-01-10 18:18 . 2009-02-01 22:23 232 --ah----- C:\sqmdata11.sqm
2009-01-10 12:49 . 2009-02-01 22:14 244 --ah----- C:\sqmnoopt10.sqm
2009-01-10 12:49 . 2009-02-01 22:14 232 --ah----- C:\sqmdata10.sqm
2009-01-10 11:28 . 2009-01-23 16:09 244 --ah----- C:\sqmnoopt09.sqm
2009-01-10 11:28 . 2009-01-23 16:09 232 --ah----- C:\sqmdata09.sqm
2009-01-09 20:45 . 2009-01-20 20:14 244 --ah----- C:\sqmnoopt08.sqm
2009-01-09 20:45 . 2009-01-20 20:14 232 --ah----- C:\sqmdata08.sqm
2009-01-08 22:11 . 2009-01-08 22:11 103,488 --a------ c:\windows\system32\drivers\AnyDVD.sys
2009-01-08 17:17 . 2009-01-18 01:34 244 --ah----- C:\sqmnoopt07.sqm
2009-01-08 17:17 . 2009-01-18 01:34 232 --ah----- C:\sqmdata07.sqm
2009-01-07 05:52 . 2009-01-18 01:21 244 --ah----- C:\sqmnoopt06.sqm
2009-01-07 05:52 . 2009-01-18 01:21 232 --ah----- C:\sqmdata06.sqm
2009-01-05 13:51 . 2009-01-16 19:33 268 --ah----- C:\sqmdata05.sqm
2009-01-05 13:51 . 2009-01-16 19:33 244 --ah----- C:\sqmnoopt05.sqm
2009-01-04 18:39 . 2009-01-16 00:45 268 --ah----- C:\sqmdata04.sqm
2009-01-04 18:39 . 2009-01-16 00:45 244 --ah----- C:\sqmnoopt04.sqm
2009-01-04 18:38 . 2009-01-15 11:15 268 --ah----- C:\sqmdata03.sqm
2009-01-04 18:38 . 2009-01-15 11:15 244 --ah----- C:\sqmnoopt03.sqm
2009-01-03 15:50 . 2009-01-15 10:14 268 --ah----- C:\sqmdata02.sqm
2009-01-03 15:50 . 2009-01-15 10:14 244 --ah----- C:\sqmnoopt02.sqm
2009-01-03 00:18 . 2009-01-14 21:22 268 --ah----- C:\sqmdata01.sqm
2009-01-03 00:18 . 2009-01-14 21:22 244 --ah----- C:\sqmnoopt01.sqm
2009-01-02 03:15 . 2009-01-02 03:15 24,872 --a------ c:\windows\system32\drivers\ElbyCDIO.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 13:47 17,408 ----a-w c:\windows\system32\drivers\USBCRFT.SYS
2009-02-01 23:06 --------- d-----w c:\documents and settings\Renato\Dati applicazioni\skypePM
2009-02-01 22:36 --------- d-----w c:\documents and settings\Renato\Dati applicazioni\Skype
2009-02-01 21:53 --------- d-----w c:\programmi\Hijack This
2009-02-01 11:56 --------- d-----w c:\programmi\Mozilla Thunderbird
2009-01-31 17:52 --------- d-----w c:\programmi\TuneUp Utilities 2009
2009-01-31 11:40 --------- d-----w c:\programmi\ATnotes
2009-01-30 09:39 --------- d-----w c:\programmi\File comuni\AVSMedia
2009-01-30 02:22 371,600 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-30 02:22 31,172,640 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-29 23:44 --------- d-----w c:\programmi\eMule
2009-01-29 14:18 --------- d-----w c:\programmi\Any Video Converter
2009-01-29 13:36 --------- d-----w c:\programmi\IrfanView
2009-01-25 20:30 --------- d-----w c:\programmi\Google
2009-01-24 19:15 --------- d-----w c:\documents and settings\Renato\Dati applicazioni\Lavasoft
2008-12-28 21:00 --------- d-----w c:\documents and settings\Renato\Dati applicazioni\AdobeUM
2008-12-18 13:34 --------- d-----w c:\programmi\Java
2008-12-18 13:00 --------- d-----w c:\programmi\Windows Live
2008-12-18 12:59 --------- dcsh--w c:\programmi\File comuni\WindowsLiveInstaller
2008-12-18 12:57 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-12-17 23:31 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-17 12:40 --------- d-----w c:\programmi\mp3DirectCut
2008-12-16 17:19 --------- d-----w c:\programmi\AoA Audio Extractor
2008-12-13 14:06 --------- d-----w c:\programmi\VideoPoker
2008-12-13 14:02 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-13 14:02 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2008-12-12 22:18 --------- d-----w c:\documents and settings\Renato\Dati applicazioni\TuneUp Software
2008-12-12 22:18 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2008-12-12 22:17 --------- d-sh--w c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 22:09 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-12-03 08:30 --------- d-----w c:\programmi\Philips ToUcam Camera
2008-12-03 08:27 --------- d-----w c:\programmi\File comuni\Smith Micro Shared
2008-12-03 00:58 --------- d-----w c:\programmi\Skype
2008-12-03 00:58 --------- d-----w c:\programmi\File comuni\Skype
2008-12-03 00:58 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2005-09-07 16:13 88,072 ----a-w c:\documents and settings\Renato\etrdef.dat
2005-08-16 10:42 217,088 ----a-w c:\documents and settings\Renato\ETRemover_v201.exe
2005-06-21 23:20 26,624 ----a-w c:\documents and settings\Renato\engine.dll
2005-06-21 23:20 2,432 ----a-w c:\documents and settings\Renato\engine.sys
2008-09-08 14:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008090820080909\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X6100 Series"="c:\programmi\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2009-01-31 919016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Dit"="Dit.exe" [2004-08-05 c:\windows\Dit.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Renato\Menu Avvio\Programmi\Esecuzione automatica\
Rainlendar.lnk - c:\programmi\Rainlendar\Rainlendar.exe [2005-03-25 118784]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\programmi\AnfyTeam\Applet\lake\preview.html
FriendlyName= Anfy LAKE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\I:\0autocheck autochk *

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" /nosplash /minimized
"swg"=c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\HOMERunner.exe"
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Seagate Scheduler2 Service"="c:\programmi\File comuni\Seagate\Schedule2\schedhlp.exe"
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"DiscWizardMonitor.exe"=c:\programmi\Seagate\DiscWizard\DiscWizardMonitor.exe
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
"AcronisTimounterMonitor"=c:\programmi\Seagate\DiscWizard\TimounterMonitor.exe
"USBToolTip"="c:\programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
"USB2Check"=RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
"PinnacleDriverCheck"=c:\windows\system32\PSDrvCheck.exe -CheckReg
"ToUcamVProperty"=c:\progra~1\PHILIP~1\VProperty.exe
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8591:TCP"= 8591:TCP:ppLive
"5000:UDP"= 5000:UDP:ppLive
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-01 111184]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2005-02-12 3026]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-01 20560]
R2 CS_INST_DRV;CS_INST_DRV;c:\windows\system32\drivers\csinstdrv.sys [2004-02-06 4096]
R2 HTCertDriver;HTCertDriver;c:\windows\system32\drivers\HTCertDriver.sys [2004-02-06 4720]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\programmi\File comuni\Seagate\Schedule2\schedul2.exe [2008-08-22 431384]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-12 603904]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [2005-01-04 223232]
R3 TTTvTune;Cinergy 400 TV Tuner;c:\windows\system32\drivers\PhTvTune.sys [2005-09-01 16128]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S3 aaudstum;aaudstum; [x]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2005-03-17 17408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6f94314-b15f-11dc-900f-0011672f7ec1}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]

2009-02-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKU-Default-Run-Yahoo Update - Yahoo.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://virgilio.alice.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Renato\Dati applicazioni\Mozilla\Firefox\Profiles\ti5t4dow.default\
FF - prefs.js: browser.startup.homepage - hxxp://virgilio.alice.it/index.html

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 14:48:05
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Identities\{04D42C6C-E995-434C-A595-96BDAD393515}\Software]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Identities\{04D42C6C-E995-434C-A595-96BDAD393515}\Software\Microsoft\Outlook Express\5.0\Block Senders]
@DACL=(02 0000)
"Version"=dword:00050000

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Identities\{04D42C6C-E995-434C-A595-96BDAD393515}\Software\Microsoft\Outlook Express\5.0\Columns]
@DACL=(02 0000)
"Local Store Column Info"=hex:10,00,00,00,03,00,00,00,06,00,00,00,03,00,00,00,
ff,ff,ff,ff,08,00,00,00,01,00,00,00,ff,ff,ff,ff,07,00,00,00,01,00,00,00,ff,\
"Mail Column Info (In)"=hex:10,00,00,00,06,00,00,00,0f,00,00,00,09,00,00,00,ff,
ff,ff,ff,10,00,00,00,09,00,00,00,ff,ff,ff,ff,14,00,00,00,09,00,00,00,ff,ff,\
"Mail Column Info (Out)"=hex:10,00,00,00,06,00,00,00,0f,00,00,00,09,00,00,00,
ff,ff,ff,ff,10,00,00,00,09,00,00,00,ff,ff,ff,ff,00,00,00,00,01,00,00,00,ff,\

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Identities\{04D42C6C-E995-434C-A595-96BDAD393515}\Software\Microsoft\Outlook Express\5.0\Dont Show Dialogs]
@DACL=(02 0000)
"Compact Do not Ask Again"=dword:00000001

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Identities\{04D42C6C-E995-434C-A595-96BDAD393515}\Software\Microsoft\Outlook Express\5.0\Mail]
@DACL=(02 0000)
"Welcome Message"=dword:00000000
"Accounts Checked"=dword:00000001
"Default_CodePage"=dword:00006faf
"Attach VCard"=dword:00000000
"NotePosEx"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,ff,a8,00,00,00,43,00,00,00,3f,03,00,00,7b,02,00,00
"Check Mail on Startup"=dword:00000000
"No Check Default"=dword:00000001
"Saved Toolbar Settings"=hex:11,9e,00,00,f0,9c,00,00,f1,9c,00,00,f4,9c,00,00,
ff,ff,ff,ff,b4,9c,00,00,f2,9d,00,00,ff,ff,ff,ff,01,9d,00,00,ff,ff,ff,ff,07,\
"Saved Toolbar Settings Version"=dword:00000011
"ShowHybridView"=dword:00000001
"Show Header Info"=dword:00000001
"SplitDir"=dword:00000000
"SplitHorzPct"=dword:00000020
"SplitVertPct"=dword:00000032
"PlaySoundOnNewMail"=dword:00000001
"Poll For Mail"=dword:0002bf20
"ThreadArticles"=dword:00000000
"Safe Attachments"=dword:00000001
"Secure Safe Attachments"=dword:00000001
"Wide Stationery Name"=""
"Stationery Name Converted"=dword:00000001
"Compose Use Stationery"=dword:00000000
"Font Size"=dword:00000009
"Font Name"="Arial"
"Check Mail on Startup-NAS"=dword:00000001
"Welcome Message-NAS"=dword:00000000
"Accounts Checked-NAS"=dword:00000001
"No Check Default-NAS"=dword:00000000
"MarkPreviewAsRead"=dword:0000000a
"Message Read HTML"=dword:00000001
"SaveInSentItems"=dword:00000001
"Auto Add Replies To WAB"=dword:00000001
"Include Reply Msg"=dword:00000001
"Send Mail Immediately"=dword:00000001
"Message Send HTML"=dword:00000001
"VCard Display Name"=""
"Digitally Sign Messages"=dword:00000000
"Encrypt Messages"=dword:00000000
"Block External Content"=dword:00000001
"Warn on Mapi Send"=dword:00000001
"Security Label"=dword:00000000
"Log POP3 (0/1)"=dword:00000000
"Log IMAP4 (0/1)"=dword:00000000
"Log HTTPMail (0/1)"=dword:00000000
"Delete Wastebasket On Exit"=dword:00000001

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Identities\{04D42C6C-E995-434C-A595-96BDAD393515}\Software\Microsoft\Outlook Express\5.0\MailNote]
@DACL=(02 0000)
"Send Mail Toolbar Settings"=hex:db,9d,00,00,ff,ff,ff,ff,26,9d,00,00,24,9e,00,
00,27,9d,00,00,25,9d,00,00,ff,ff,ff,ff,48,9d,00,00,47,9d,00,00,ff,ff,ff,ff,\
"Saved Toolbar Settings Version"=dword:0000000f
"Read Mail Toolbar Settings"=hex:f0,9c,00,00,f1,9c,00,00,f4,9c,00,00,ff,ff,ff,
ff,b4,9c,00,00,22,9e,00,00,ff,ff,ff,ff,d1,9c,00,00,d2,9c,00,00,ff,ff,ff,ff,\

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Identities\{04D42C6C-E995-434C-A595-96BDAD393515}\Software\Microsoft\Outlook Express\5.0\News]
@DACL=(02 0000)
"Accounts Checked"=dword:00000001
"No Check Default"=dword:00000001
"ShowHybridView"=dword:00000001
"Show Header Info"=dword:00000001
"SplitDir"=dword:00000000
"SplitHorzPct"=dword:00000032
"SplitVertPct"=dword:00000032
"New group notification"=dword:00000001
"Wide Stationery Name"=""
"Stationery Name Converted"=dword:00000001
"Compose Use Stationery"=dword:00000000
"Font Size"=dword:00000009
"Font Name"="Arial"
"Accounts Checked-NAS"=dword:00000000
"No Check Default-NAS"=dword:00000000
"Download at a time"=dword:0000012c
"Auto Expand Threads"=dword:00000000
"Auto Fill Preview"=dword:00000001
"Mark Read on Exit"=dword:00000000
"Message Send HTML"=dword:00000000
"Attach VCard"=dword:00000000
"VCard Display Name"=""
"Cache Delete Message Days"=dword:00000005
"Cache Compact Percent"=dword:00000014
"Cache Read Messages"=dword:00000000
"Log"=dword:00000000

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Identities\{04D42C6C-E995-434C-A595-96BDAD393515}\Software\Microsoft\Outlook Express\5.0\Recent Stationery Wide List]
@DACL=(02 0000)
"File0"="Cielo blu.htm"
"File1"="Natura.htm"
"File2"="Giallo.htm"
"File3"="Girasole.htm"
"File4"="Agrumi.htm"
"File5"="Quadretti bianchi.htm"
"File6"="Foglie.htm"
"File7"=""
"File8"=""
"File9"=""

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Identities\{04D42C6C-E995-434C-A595-96BDAD393515}\Software\Microsoft\Outlook Express\5.0\Rules]
@DACL=(02 0000)
"Messenger Auto logon"=dword:00000001

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Identities\{04D42C6C-E995-434C-A595-96BDAD393515}\Software\Microsoft\Outlook Express\5.0\signatures]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Identities\{04D42C6C-E995-434C-A595-96BDAD393515}\Software\Microsoft\Outlook Express\5.0\Trident]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Identities\{04D42C6C-E995-434C-A595-96BDAD393515}\Software\Microsoft\WAB]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\Desktop\Old WorkAreas]
@DACL=(02 0000)
@SACL=
"NoOfOldWorkAreas"=dword:00000001
"OldWorkAreaRects"=hex:00,00,00,00,00,00,00,00,00,04,00,00,e2,02,00,00

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\Desktop\SafeMode]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\Desktop\Scheme]
@DACL=(02 0000)
@SACL=
"Edit"=""
"Display"=""

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\Document Windows]
@DACL=(02 0000)
@SACL=
"Maximized"="no"
"height"=hex:00,00,00,00
"width"=hex:00,00,00,80
"x"=hex:00,00,00,80
"y"=hex:00,00,00,00

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International]
@DACL=(02 0000)
@SACL=
@=""
"W2KLpk"=dword:00000001
"CodePointToFontMap"=hex:22,00,00,00,54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,
65,00,77,00,20,00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,\
"AcceptLanguage"="it"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\CpMRU]
@DACL=(02 0000)
"Enable"=dword:00000001
"Size"=dword:0000000a
"InitHits"=dword:00000064
"Factor"=dword:00000014
"Cache"=hex:e2,04,00,00,7b,01,00,00,bd,6f,00,00,74,01,00,00,a8,03,00,00,cc,00,
00,00,b0,6f,00,00,c0,00,00,00,9f,4e,00,00,81,00,00,00,a4,03,00,00,6a,00,00,\

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\10]
@DACL=(02 0000)
"IEPropFontName"="Mangal"
"IEFixedFontName"="Mangal"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\11]
@DACL=(02 0000)
"IEPropFontName"="Vrinda"
"IEFixedFontName"="Vrinda"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\12]
@DACL=(02 0000)
"IEPropFontName"="Raavi"
"IEFixedFontName"="Raavi"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\13]
@DACL=(02 0000)
"IEPropFontName"="Shruti"
"IEFixedFontName"="Shruti"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\14]
@DACL=(02 0000)
"IEPropFontName"="Kalinga"
"IEFixedFontName"="Kalinga"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\15]
@DACL=(02 0000)
"IEPropFontName"="Latha"
"IEFixedFontName"="Latha"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\16]
@DACL=(02 0000)
"IEPropFontName"="Gautami"
"IEFixedFontName"="Gautami"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\17]
@DACL=(02 0000)
"IEPropFontName"="Tunga"
"IEFixedFontName"="Tunga"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\18]
@DACL=(02 0000)
"IEPropFontName"="Kartika"
"IEFixedFontName"="Kartika"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\19]
@DACL=(02 0000)
"IEPropFontName"="Tahoma"
"IEFixedFontName"="Tahoma"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\20]
@DACL=(02 0000)
"IEPropFontName"="DokChampa"
"IEFixedFontName"="DokChampa"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\21]
@DACL=(02 0000)
"IEPropFontName"="Microsoft Himalaya"
"IEFixedFontName"="Microsoft Himalaya"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\22]
@DACL=(02 0000)
"IEPropFontName"="Sylfaen"
"IEFixedFontName"="Sylfaen"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\23]
@DACL=(02 0000)
"IEPropFontName"="Gulim"
"IEFixedFontName"="GulimChe"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\24]
@DACL=(02 0000)
"IEPropFontName"="MS PGothic"
"IEFixedFontName"="MS Gothic"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\25]
@DACL=(02 0000)
"IEPropFontName"="PMingLiu"
"IEFixedFontName"="MingLiu"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\26]
@DACL=(02 0000)
"IEPropFontName"="Simsun"
"IEFixedFontName"="NSimsun"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\27]
@DACL=(02 0000)
"IEPropFontName"="Nyala"
"IEFixedFontName"="Nyala"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\28]
@DACL=(02 0000)
"IEPropFontName"="Euphemia"
"IEFixedFontName"="Euphemia"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\29]
@DACL=(02 0000)
"IEPropFontName"="Plantagenet Cherokee"
"IEFixedFontName"="Plantagenet Cherokee"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\30]
@DACL=(02 0000)
"IEPropFontName"="Microsoft Yi Baiti"
"IEFixedFontName"="Microsoft Yi Baiti"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\34]
@DACL=(02 0000)
"IEPropFontName"="Iskoola Pota"
"IEFixedFontName"="Iskoola Pota"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\35]
@DACL=(02 0000)
"IEPropFontName"="Estrangelo Edessa"
"IEFixedFontName"="Estrangelo Edessa"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\37]
@DACL=(02 0000)
"IEPropFontName"="DaunPenh"
"IEFixedFontName"="DaunPenh"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\38]
@DACL=(02 0000)
"IEPropFontName"="MV Boli"
"IEFixedFontName"="MV Boli"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\39]
@DACL=(02 0000)
"IEPropFontName"="Mongolian Baiti"
"IEFixedFontName"="Mongolian Baiti"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\4]
@DACL=(02 0000)
"IEPropFontName"="Times New Roman"
"IEFixedFontName"="Courier New"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\5]
@DACL=(02 0000)
"IEPropFontName"="Times New Roman"
"IEFixedFontName"="Courier New"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\6]
@DACL=(02 0000)
"IEPropFontName"="Times New Roman"
"IEFixedFontName"="Courier New"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\7]
@DACL=(02 0000)
"IEPropFontName"="Sylfaen"
"IEFixedFontName"="Sylfaen"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\8]
@DACL=(02 0000)
"IEPropFontName"="David"
"IEFixedFontName"="Miriam Fixed"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\International\Scripts\9]
@DACL=(02 0000)
"IEPropFontName"="Simplified Arabic"
"IEFixedFontName"="Simplified Arabic Fixed"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\SearchUrl]
@DACL=(02 0000)
@SACL=
@="http://home.microsoft.com/access/autosearch.asp?p=%s"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\Security]
@DACL=(02 0000)
@SACL=
"Sending_Security"="Medium"
"Viewing_Security"="Low"
"Safety Warning Level"="Query"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\Security\AntiPhishing]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\Services]
@DACL=(02 0000)
@SACL=
@=""

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\Settings]
@DACL=(02 0000)
@SACL=
"Anchor Color Visited"="128,0,128"
"Anchor Color"="0,0,255"
"Background Color"="192,192,192"
"Text Color"="0,0,0"
"Use Anchor Hover Color"="No"

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
@DACL=(02 0000)
@SACL=
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@SACL=

[HKEY_USERS\S-1-5-21-1140415071-1880152587-3647918729-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"wmffile"=hex(0):
"ACDSee.WMF"=hex(0):
@=dword:00000000

[HKEY_LOCAL_MACHINE\software\ATI Technologies Inc.\Driver ATI]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,e7,8b,e4,d7,a1,
0b,a7,ea,c8,28,51,af,b0,29,a3,98,13,28,e2,63,cc,68,bf,1b,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,06,83,77,db,6d,
e7,61,40,71,3b,04,66,8b,46,0d,96,7b,68,da,1a,45,58,c1,e9,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,71,1e,a7,c6,cc,
63,1b,f6,25,da,ec,7e,55,20,c9,26,45,54,f6,b5,18,e3,83,fa,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,23,42,ab,48,6a,
c7,75,58,3e,1e,9e,e0,57,5a,93,61,a9,46,b9,00,b0,3e,ed,2b,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,11,01,d5,ef,b1,
43,93,ef,cd,44,cd,b9,a6,33,6c,cd,8a,91,00,fe,49,a7,95,5d,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,9e,35,d7,1a,bf,
30,a5,a5,b0,18,ed,a7,3f,8d,37,a4,a9,f9,0f,d4,ad,9e,5b,43,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,05,54,bb,5a,e0,
a4,88,78,31,77,e1,ba,b1,f8,68,02,04,99,e6,d9,5d,98,cb,8a,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,83,af,18,76,33,
91,57,c1,83,6c,56,8b,a0,85,96,ab,fa,f0,5f,e1,f8,ee,e8,6b,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,56,35,e3,dd,1b,
78,16,47,51,fa,6e,91,28,9e,14,cc,1e,91,53,ee,1d,27,a2,ef,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,49,c8,5f,71,83,
0d,97,73,b1,cd,45,5a,a8,c4,f8,b9,ac,d5,5c,2c,9e,dd,50,d1,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,97,47,81,87,42,
b9,fb,40,e3,0e,66,d5,eb,bc,2f,6b,a8,77,8c,61,95,9b,8d,6a,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,9d,cc,28,0e,3a,
b5,21,c1,fa,ea,66,7f,d4,3b,6b,70,09,45,ce,1a,dc,8d,29,83,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Intel Corporation\Hyper-Threading Technology Splash Screen]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{60BFF50D-FB2C-4498-A577-C9548C390BB9}]
@DACL=(02 0000)
@SACL=
"FriendlyName"="Microsoft Windows Movie Maker 2.0"
"ComponentGUID"="{60BFF50D-FB2C-4498-A577-C9548C390BB9}"
"Version"=dword:00020000
"Sub-Version"=dword:00000cf0
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{60BFF50D-FB2C-4498-A577-C9548C390BB9}\\mm20ex.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{60BFF50D-FB2C-4498-A577-C9548C390BB9}\\mm20ex.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\MSPMSP\KBDeviceList]
@DACL=(02 0000)
@SACL=
"SanDiskIM"="SanDisk ;ImageMate III ;2.3"
"SanDiskIMb"="E-USB Fl;ash ; "
"Lexmark"="Parallel; Flash Unit;"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1132)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1196)
c:\windows\system32\relog_ap.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\programmi\IVT Corporation\BlueSoleil\BTNtService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\wwSecure.exe
c:\programmi\Lexmark X6100 Series\lxbfbmon.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-02-02 14:52:36 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-02-02 13:52:33

Pre-Run: 43.100.880.896 byte disponibili
Post-Run: 43,031,851,008 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

670 --- E O F --- 2009-01-22 16:39:46

Sono arrivato con il primo.



Malwarebytes' Anti-Malware 1.33
Versione del database: 1715
Windows 5.1.2600 Service Pack 3

02/02/2009 17.53.52
mbam-log-2009-02-02 (17-53-52).txt

Tipo di scansione: Scansione completa (C:\|D:\|K:\|)
Elementi scansionati: 185750
Tempo trascorso: 1 hour(s), 2 minute(s), 32 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Gli altri due.



--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Renato ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090201-0] 4.8.1296 (Not Activated)
Firewall : ZoneAlarm Firewall 7.0.473.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:70 Go (Free:40 Go)
D:\ (Local Disk) - FAT32 - Total:4 Go (Free:3 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
J:\ (USB)
K:\ (Local Disk) - NTFS - Total:189 Go (Free:157 Go)
L:\ (USB)
M:\ (USB)
N:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 02/02/2009|18.21 )

--------------------\\ Listing folders in DATIAP~1

[24/10/2005|11.29] C:\DOCUME~1\ADMINI~1\DATIAP~1\Adobe
[06/02/2004|00.17] C:\DOCUME~1\ADMINI~1\DATIAP~1\Identities
[21/03/2005|13.47] C:\DOCUME~1\ADMINI~1\DATIAP~1\Lavasoft
[09/01/2008|16.47] C:\DOCUME~1\ADMINI~1\DATIAP~1\Microsoft
[31/01/2009|17.01] C:\DOCUME~1\ADMINI~1\DATIAP~1\Real
[0|File] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte
[7|Directory] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte disponibili

[12/12/2008|23.17] C:\DOCUME~1\ALLUSE~1\DATIAP~1\{55A29068-F2CE-456C-9148-C869879E2357}
[12/05/2008|16.43] C:\DOCUME~1\ALLUSE~1\DATIAP~1\ACD Systems
[20/02/2007|14.33] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Adobe
[20/02/2007|14.35] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Adobe Systems
[28/12/2004|21.24] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Ahead
[21/11/2006|11.23] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple Computer
[01/01/2008|18.14] C:\DOCUME~1\ALLUSE~1\DATIAP~1\AVS4YOU
[23/10/2007|11.07] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Bluetooth
[15/11/2004|08.47] C:\DOCUME~1\ALLUSE~1\DATIAP~1\BVRP Software
[22/07/2007|21.43] C:\DOCUME~1\ALLUSE~1\DATIAP~1\DVD Shrink
[25/01/2009|21.30] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Google
[10/05/2008|09.16] C:\DOCUME~1\ALLUSE~1\DATIAP~1\MailFrontier
[30/01/2009|22.33] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
[18/12/2008|13.59] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[25/10/2007|00.54] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Motive
[13/02/2004|01.24] C:\DOCUME~1\ALLUSE~1\DATIAP~1\MSN6
[29/12/2007|11.53] C:\DOCUME~1\ALLUSE~1\DATIAP~1\NCH Software
[12/04/2005|19.56] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Pinnacle
[10/12/2004|21.25] C:\DOCUME~1\ALLUSE~1\DATIAP~1\QuickTime
[06/02/2004|00.30] C:\DOCUME~1\ALLUSE~1\DATIAP~1\SBSI
[23/09/2006|00.29] C:\DOCUME~1\ALLUSE~1\DATIAP~1\SBT
[16/11/2008|18.48] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Seagate
[03/12/2008|01.58] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Skype
[19/02/2007|22.57] C:\DOCUME~1\ALLUSE~1\DATIAP~1\SlySoft
[25/10/2005|22.04] C:\DOCUME~1\ALLUSE~1\DATIAP~1\SmartSound Software Inc
[18/12/2004|18.13] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Sony Corporation
[26/08/2008|18.47] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
[18/12/2008|00.31] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TEMP
[12/12/2008|23.18] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TuneUp Software
[13/12/2008|15.02] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Ulead Systems
[27/07/2005|16.38] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[18/12/2008|13.57] C:\DOCUME~1\ALLUSE~1\DATIAP~1\WLInstaller
[09/01/2008|19.25] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Yahoo!
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[35|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[06/02/2004|00.17] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Identities
[06/02/2004|00.55] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[20/03/2005|16.00] C:\DOCUME~1\LOCALS~1\DATIAP~1\Help
[10/02/2007|21.42] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[28/12/2006|13.57] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[28/03/2005|01.16] C:\DOCUME~1\NETWOR~1\DATIAP~1\Symantec
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili


[16/06/2007|00.18] C:\DOCUME~1\Renato\DATIAP~1\ACD Systems
[25/12/2007|00.14] C:\DOCUME~1\Renato\DATIAP~1\Adobe
[28/12/2008|22.00] C:\DOCUME~1\Renato\DATIAP~1\AdobeUM
[11/01/2007|19.20] C:\DOCUME~1\Renato\DATIAP~1\Ahead
[21/11/2006|11.24] C:\DOCUME~1\Renato\DATIAP~1\Apple Computer
[21/02/2007|09.57] C:\DOCUME~1\Renato\DATIAP~1\Arcsoft
[28/12/2007|11.36] C:\DOCUME~1\Renato\DATIAP~1\AVS4YOU
[07/01/2008|00.45] C:\DOCUME~1\Renato\DATIAP~1\AVSMedia
[21/02/2007|10.29] C:\DOCUME~1\Renato\DATIAP~1\Canon
[08/12/2007|15.19] C:\DOCUME~1\Renato\DATIAP~1\FastStone
[21/01/2009|16.26] C:\DOCUME~1\Renato\DATIAP~1\FileZilla
[06/08/2008|06.56] C:\DOCUME~1\Renato\DATIAP~1\Google
[20/10/2006|13.28] C:\DOCUME~1\Renato\DATIAP~1\Help
[20/06/2006|11.02] C:\DOCUME~1\Renato\DATIAP~1\Identities
[16/06/2007|11.46] C:\DOCUME~1\Renato\DATIAP~1\ImageFox
[24/01/2009|20.15] C:\DOCUME~1\Renato\DATIAP~1\Lavasoft
[12/03/2007|19.25] C:\DOCUME~1\Renato\DATIAP~1\LimeWire
[06/06/2006|21.20] C:\DOCUME~1\Renato\DATIAP~1\Macromedia
[30/01/2009|22.33] C:\DOCUME~1\Renato\DATIAP~1\Malwarebytes
[23/05/2006|23.32] C:\DOCUME~1\Renato\DATIAP~1\Media Player Classic
[01/02/2009|16.54] C:\DOCUME~1\Renato\DATIAP~1\Microsoft
[28/04/2005|13.46] C:\DOCUME~1\Renato\DATIAP~1\Microsoft Web Folders
[13/10/2007|14.56] C:\DOCUME~1\Renato\DATIAP~1\Motive
[01/08/2008|15.04] C:\DOCUME~1\Renato\DATIAP~1\Mozilla
[08/06/2007|14.05] C:\DOCUME~1\Renato\DATIAP~1\MSN6
[20/02/2007|21.14] C:\DOCUME~1\Renato\DATIAP~1\Opera
[18/12/2004|14.40] C:\DOCUME~1\Renato\DATIAP~1\pdf995
[19/01/2009|17.07] C:\DOCUME~1\Renato\DATIAP~1\Photodex
[22/01/2006|16.29] C:\DOCUME~1\Renato\DATIAP~1\ppStream
[14/04/2005|15.04] C:\DOCUME~1\Renato\DATIAP~1\Rainlendar
[07/01/2006|16.05] C:\DOCUME~1\Renato\DATIAP~1\Real
[01/02/2009|23.36] C:\DOCUME~1\Renato\DATIAP~1\Skype
[02/02/2009|00.06] C:\DOCUME~1\Renato\DATIAP~1\skypePM
[06/01/2006|17.44] C:\DOCUME~1\Renato\DATIAP~1\SlySoft
[17/05/2008|20.13] C:\DOCUME~1\Renato\DATIAP~1\SPAMfighter
[03/03/2007|11.52] C:\DOCUME~1\Renato\DATIAP~1\Sun
[14/11/2004|22.25] C:\DOCUME~1\Renato\DATIAP~1\Symantec
[31/05/2008|23.25] C:\DOCUME~1\Renato\DATIAP~1\Talkback
[04/10/2004|16.15] C:\DOCUME~1\Renato\DATIAP~1\Template
[30/06/2007|17.57] C:\DOCUME~1\Renato\DATIAP~1\Thunderbird
[21/08/2008|09.02] C:\DOCUME~1\Renato\DATIAP~1\TomTom
[12/12/2008|23.18] C:\DOCUME~1\Renato\DATIAP~1\TuneUp Software
[15/11/2004|22.50] C:\DOCUME~1\Renato\DATIAP~1\Ulead Systems
[21/10/2007|10.34] C:\DOCUME~1\Renato\DATIAP~1\vlc
[07/09/2007|13.35] C:\DOCUME~1\Renato\DATIAP~1\Webroot
[18/02/2006|14.28] C:\DOCUME~1\Renato\DATIAP~1\zanic
[18/02/2006|14.04] C:\DOCUME~1\Renato\DATIAP~1\Zanichelli
[0|File] C:\DOCUME~1\Renato\DATIAP~1\byte
[49|Directory] C:\DOCUME~1\Renato\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[02/02/2009 16.38][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[15/01/2009 10.32][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[02/02/2009 16.35][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10/09/2002 13.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Programmi

[31/03/2005|23.56] C:\Programmi\7-Zip
[15/11/2004|08.48] C:\Programmi\ABBYY FineReader 5.0 Sprint
[12/05/2008|16.43] C:\Programmi\ACD Systems
[14/06/2008|19.56] C:\Programmi\Acronis
[10/03/2007|19.05] C:\Programmi\Adobe
[21/10/2005|13.13] C:\Programmi\AdorageI-GfxDatas
[12/04/2005|19.20] C:\Programmi\AdorageI-SAL
[03/08/2008|17.42] C:\Programmi\Advanced JPEG Compressor
[01/12/2005|23.01] C:\Programmi\Agenda
[08/03/2005|23.58] C:\Programmi\Agnitum
[25/11/2008|21.25] C:\Programmi\Ahead
[04/04/2007|12.15] C:\Programmi\AIDA32 - Enterprise System Information
[07/08/2007|09.12] C:\Programmi\Alice ti aiuta
[15/11/2005|11.30] C:\Programmi\Alwil Software
[06/06/2006|16.04] C:\Programmi\AnfyTeam
[29/01/2009|15.18] C:\Programmi\Any Video Converter
[16/12/2008|18.19] C:\Programmi\AoA Audio Extractor
[21/11/2006|11.22] C:\Programmi\Apple Software Update
[21/02/2007|13.44] C:\Programmi\ArcSoft
[31/01/2009|12.40] C:\Programmi\ATnotes
[16/11/2004|00.35] C:\Programmi\Audacity
[30/01/2009|11.06] C:\Programmi\AVS4YOU
[07/01/2008|17.52] C:\Programmi\AVSMedia
[03/11/2007|20.24] C:\Programmi\Axon Data
[21/06/2006|15.35] C:\Programmi\biliardo
[24/12/2006|23.01] C:\Programmi\bobyte
[21/02/2007|14.20] C:\Programmi\Canon
[01/02/2009|20.16] C:\Programmi\CCleaner
[16/06/2005|16.28] C:\Programmi\CDEX
[20/12/2004|13.42] C:\Programmi\Ciel
[21/05/2008|09.37] C:\Programmi\CleanMyPC Popup Blocker
[03/05/2008|18.11] C:\Programmi\Cobian Backup 7
[06/12/2007|18.52] C:\Programmi\Cobian Backup 8
[07/08/2007|09.11] C:\Programmi\Common Files
[06/02/2004|00.13] C:\Programmi\ComPlus Applications
[23/05/2008|13.14] C:\Programmi\Da eliminare - di STUDIO 9
[20/11/2004|18.59] C:\Programmi\Demo-SiS
[14/02/2007|18.56] C:\Programmi\Dir Lister
[14/02/2007|22.45] C:\Programmi\Directory Lister
[20/11/2007|16.33] C:\Programmi\Disclib
[08/03/2005|23.57] C:\Programmi\DSLR Focus
[27/11/2004|00.09] C:\Programmi\DVD Decrypter
[31/01/2005|18.26] C:\Programmi\DVD Shrink
[28/02/2006|01.07] C:\Programmi\Elaborate Bytes
[28/11/2007|19.40] C:\Programmi\ELI
[06/06/2007|16.23] C:\Programmi\Empire Interactive
[30/01/2009|00.44] C:\Programmi\eMule
[19/12/2004|18.36] C:\Programmi\Evviva la Dama!
[14/11/2004|22.22] C:\Programmi\Fastrate USB 100
[10/09/2008|15.54] C:\Programmi\FastStone Capture
[02/02/2009|14.42] C:\Programmi\File comuni
[21/07/2006|19.21] C:\Programmi\FileZilla
[31/01/2009|15.11] C:\Programmi\FindyKill
[06/09/2006|19.42] C:\Programmi\FotoHTML
[17/11/2004|20.05] C:\Programmi\Front Page Express
[06/06/2007|16.25] C:\Programmi\FX Uninstall Information
[22/11/2004|00.53] C:\Programmi\Gadwin Systems
[13/08/2005|19.32] C:\Programmi\Garmin
[25/01/2009|21.30] C:\Programmi\Google
[01/02/2009|22.53] C:\Programmi\Hijack This
[13/12/2008|15.02] C:\Programmi\InstallShield Installation Information
[06/02/2004|00.30] C:\Programmi\Intel
[06/02/2004|00.30] C:\Programmi\Interfree
[11/12/2008|22.38] C:\Programmi\Internet Explorer
[12/01/2008|18.32] C:\Programmi\iPOD Video Converter 2007
[29/01/2009|14.36] C:\Programmi\IrfanView
[23/10/2007|10.58] C:\Programmi\IVT Corporation
[14/06/2005|21.36] C:\Programmi\IZArc
[18/12/2008|14.34] C:\Programmi\Java
[16/11/2008|15.38] C:\Programmi\JerMar Software Corp
[03/08/2008|17.09] C:\Programmi\JPEGCompress
[07/11/2008|16.35] C:\Programmi\Lexmark X6100 Series
[03/11/2006|16.46] C:\Programmi\LHSP
[22/11/2004|00.35] C:\Programmi\Luminaxys
[31/01/2005|17.28] C:\Programmi\Macromedia
[30/01/2009|23.29] C:\Programmi\Malwarebytes' Anti-Malware
[08/09/2008|15.08] C:\Programmi\Messenger
[10/05/2007|08.04] C:\Programmi\Microsoft CAPICOM 2.1.0.2
[23/09/2006|00.28] C:\Programmi\microsoft frontpage
[21/11/2007|11.42] C:\Programmi\Microsoft Office
[23/09/2006|00.21] C:\Programmi\Microsoft Visual Studio
[07/08/2007|09.11] C:\Programmi\Motive
[02/01/2008|20.30] C:\Programmi\Movavi Video Converter 6
[08/09/2008|14.52] C:\Programmi\Movie Maker
[25/01/2009|22.54] C:\Programmi\Mozilla Firefox
[01/02/2009|12.56] C:\Programmi\Mozilla Thunderbird
[17/12/2008|13.40] C:\Programmi\mp3DirectCut
[06/02/2004|00.12] C:\Programmi\MSN Gaming Zone
[17/11/2006|10.44] C:\Programmi\MSXML 4.0
[24/05/2006|13.07] C:\Programmi\Mv2Player
[29/12/2007|12.00] C:\Programmi\NCH Software
[08/09/2008|14.43] C:\Programmi\NetMeeting
[13/06/2007|13.43] C:\Programmi\outlook express
[18/11/2007|14.56] C:\Programmi\Password Corral v4.0
[03/12/2008|09.30] C:\Programmi\Philips ToUcam Camera
[06/04/2008|20.21] C:\Programmi\Picasa2
[22/05/2008|18.03] C:\Programmi\Pinnacle
[21/11/2006|11.23] C:\Programmi\QuickTime
[14/04/2005|14.57] C:\Programmi\Rainlendar
[07/01/2006|16.03] C:\Programmi\Real
[18/05/2005|19.47] C:\Programmi\RegiStax
[13/02/2007|17.00] C:\Programmi\Registro Seeker
[16/11/2008|18.48] C:\Programmi\Seagate
[06/02/2004|00.13] C:\Programmi\Servizi in linea
[24/01/2009|11.20] C:\Programmi\SIW
[03/12/2008|01.58] C:\Programmi\Skype
[18/02/2006|14.34] C:\Programmi\SlySoft
[12/04/2005|18.29] C:\Programmi\SmartSound Software
[23/09/2006|00.29] C:\Programmi\Snapshot Viewer
[09/12/2008|23.09] C:\Programmi\Spybot - Search & Destroy
[08/05/2005|22.36] C:\Programmi\Starry Night Pro
[14/11/2004|22.21] C:\Programmi\Telecom Italia
[01/09/2005|17.51] C:\Programmi\TerraTec
[21/08/2008|09.01] C:\Programmi\TomTom HOME
[21/08/2008|09.02] C:\Programmi\TomTom HOME 2
[02/01/2008|18.04] C:\Programmi\Total Video Converter
[31/01/2009|18.52] C:\Programmi\TuneUp Utilities 2009
[15/11/2004|22.48] C:\Programmi\Ulead Systems
[22/11/2004|21.56] C:\Programmi\Uninstall Information
[29/05/2008|23.12] C:\Programmi\vanBasco's Karaoke Player
[21/10/2007|10.32] C:\Programmi\VideoLAN
[13/12/2008|15.06] C:\Programmi\VideoPoker
[02/08/2007|15.47] C:\Programmi\VirtualDubMod_1_5_10_2_All_inclusive
[08/03/2005|23.57] C:\Programmi\VirtualMoon
[27/04/2006|13.52] C:\Programmi\vso
[07/09/2007|13.35] C:\Programmi\Webroot
[01/07/2006|09.36] C:\Programmi\Webteh
[31/01/2009|19.14] C:\Programmi\Windows Defender
[18/12/2008|14.00] C:\Programmi\Windows Live
[12/06/2007|18.52] C:\Programmi\Windows Media Connect 2
[31/01/2009|13.16] C:\Programmi\Windows Media Player
[08/09/2008|14.43] C:\Programmi\Windows NT
[16/11/2004|00.02] C:\Programmi\WindowsUpdate
[01/07/2006|18.40] C:\Programmi\WinHTTrack
[29/11/2004|14.23] C:\Programmi\WinRAR
[09/07/2007|21.17] C:\Programmi\WS_FTP
[06/02/2004|00.14] C:\Programmi\xerox
[04/08/2005|13.49] C:\Programmi\X-Fonter
[15/11/2004|00.35] C:\Programmi\XviD
[21/04/2007|19.11] C:\Programmi\Zone Labs
[0|File] C:\Programmi\byte
[142|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[12/05/2008|16.43] C:\Programmi\File comuni\ACD Systems
[14/06/2008|19.56] C:\Programmi\File comuni\Acronis
[20/02/2007|17.22] C:\Programmi\File comuni\Adobe
[20/02/2007|17.20] C:\Programmi\File comuni\Adobe Systems Shared
[08/03/2005|23.58] C:\Programmi\File comuni\Agnitum Shared
[15/11/2004|00.01] C:\Programmi\File comuni\Ahead
[30/01/2009|10.39] C:\Programmi\File comuni\AVSMedia
[23/09/2006|00.21] C:\Programmi\File comuni\Designer
[17/04/2006|14.39] C:\Programmi\File comuni\DirectX
[15/11/2004|22.48] C:\Programmi\File comuni\InstallShield
[19/04/2006|16.34] C:\Programmi\File comuni\Java
[03/11/2006|16.53] C:\Programmi\File comuni\L&H Shared
[31/01/2005|17.28] C:\Programmi\File comuni\Macromedia
[18/12/2008|13.59] C:\Programmi\File comuni\Microsoft Shared
[07/08/2007|09.11] C:\Programmi\File comuni\Motive
[02/01/2008|20.23] C:\Programmi\File comuni\MOVAVI
[06/02/2004|00.13] C:\Programmi\File comuni\MSSoap
[05/01/2006|01.29] C:\Programmi\File comuni\NSV
[05/01/2006|01.23] C:\Programmi\File comuni\Nullsoft
[05/02/2004|15.09] C:\Programmi\File comuni\ODBC
[07/01/2006|16.03] C:\Programmi\File comuni\Real
[16/11/2008|18.49] C:\Programmi\File comuni\Seagate
[06/02/2004|00.13] C:\Programmi\File comuni\Services
[03/12/2008|01.58] C:\Programmi\File comuni\Skype
[03/12/2008|09.27] C:\Programmi\File comuni\Smith Micro Shared
[18/12/2004|18.13] C:\Programmi\File comuni\Sony Shared
[05/02/2004|15.09] C:\Programmi\File comuni\SpeechEngines
[21/02/2007|12.16] C:\Programmi\File comuni\Symantec Shared
[08/09/2008|14.42] C:\Programmi\File comuni\System
[07/09/2007|13.35] C:\Programmi\File comuni\Webroot Shared
[18/12/2008|13.59] C:\Programmi\File comuni\WindowsLiveInstaller
[07/01/2006|16.03] C:\Programmi\File comuni\xing shared
[0|File] C:\Programmi\File comuni\byte
[34|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 40 Processes )

iexplore.exe ~ [PID:2460]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 18:23:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Renato\Desktop\Convertitori file video\Total Video Converter 3-01 & reg-crack
C:\DOCUME~1\Renato\Desktop\Convertitori file video\Total Video Converter 3-01 & reg-crack\regme.reg
C:\DOCUME~1\Renato\Desktop\Convertitori file video\Total Video Converter 3-01 & reg-crack\total-video-converter.exe
C:\DOCUME~1\Renato\Preferiti\Download\CrackDB.com.url
C:\DOCUME~1\Renato\Preferiti\SOFTWARE\SeriAll.Com - Serials, Keys, Keygen, Cracks.url


[F:325][D:9]-> C:\DOCUME~1\Renato\IMPOST~1\Temp
[F:11][D:0]-> C:\DOCUME~1\Renato\Cookies
[F:218][D:4]-> C:\DOCUME~1\Renato\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 02/02/2009|18.24 - Option : [1]

--------------------\\ Scan completed at 18.24.28


______________________________________________________________________________________________________________________________________












Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.32.40, on 02/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lexmark X6100 Series\lxbfbmgr.exe
C:\WINDOWS\Dit.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Lexmark X6100 Series\lxbfbmon.exe
C:\Programmi\Rainlendar\Rainlendar.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Windows NT\Accessori\WORDPAD.EXE
C:\Documents and Settings\Renato\Desktop\PROGRAMMI per PULIZIA e Controlli\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Programmi\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Programmi\Rainlendar\Rainlendar.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nipoteenonno.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotoalbum1.aruba.it/admin/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://nipoteenonno.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://fotoadmin.aruba.it/ThirdParty/ImageUploader/ImageUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Programmi\File comuni\Seagate\Schedule2\schedul2.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O24 - Desktop Component 1: Anfy LAKE - C:\Programmi\AnfyTeam\Applet\lake\preview.html

--
End of file - 8841 bytes

Gentilissimo Shapiro. Tutto fatto!
Penso proprio che ora sia terminato lo splendido lavoro che hai fatto per il mio computer.
Prima di concludere questo lungo post, ho voluto rifare tutte le verifiche per me possibili.
Posto l'ultima scansione fatta.
Ringraziandoti moltissimo, porgo a te e a tutti i tuoi colleghi Cordiali Saluti e Auguri di buon lavoro.
Renato


KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, February 3, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, February 03, 2009 11:23:12
Records in database: 1739502

---

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
J:\
K:\
L:\
M:\
N:\

Scan statistics:
Files scanned: 137705
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:03:12

No malware has been detected. The scan area is clean.

The selected area was scanned.