Folle...
SystemScan -
www.suspectfile.com - ver. 3.6.2 (code: holifay & bReAkdOWn)
Running on: Windows XP HOME Edition, Service Pack 3 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\user\Desktop\sys38702.exe
Running in: User mode
Date: 10/11/2009
Time: 23.35.50
Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications
-Include HIJACKTHIS.log
===================== ACCOUNTS ON THIS PC =====================
Users on this computer:
Is Admin? | Username
Yes | Administrator
| Guest (Disabled)
| HelpAssistant (Disabled)
| SUPPORT_388945a0 (Disabled)
Yes | user
### users folders
09/04/2009 18.50.53 (DIR) 0 byte 215 days old -- All Users
11/04/2009 13.25.30 (DIR) 0 byte 213 days old -- Default User
09/11/2009 11.34.42 (DIR) 0 byte 1 days old -- LocalService
09/11/2009 11.34.43 (DIR) 0 byte 1 days old -- NetworkService
09/11/2009 11.34.43 (DIR) 0 byte 1 days old -- Administrator
10/11/2009 22.48.03 (DIR) 0 byte 0 days old -- user
### startup files in users folders
C:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Search.lnk
C:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\user\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\user\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
C:\documents and settings\user\Menu Avvio\Programmi\Esecuzione automatica\Secunia PSI.lnk
===================== RECENT FILES =====================
Listing files newer than 60 days
---- recent files in C:\
09/04/2009 20:33:43 -- 10/11/2009 23:18:56 (DIR) ---- 0 days old -- C:\WINDOWS
09/04/2009 20:40:13 -- 10/11/2009 23:18:28 (DIR) HS-- 0 days old -- C:\System Volume Information
09/04/2009 20:42:38 -- 09/11/2009 01:03:27 (DIR) --R- 1 days old -- C:\Programmi
09/04/2009 20:40:13 -- 07/11/2009 20:32:30 (DIR) ---- 3 days old -- C:\Documents and Settings
09/04/2009 20:33:43 -- 10/11/2009 23:13:232145386496 HS-A 0 days old -- C:\pagefile.sys
08/11/2009 23:21:52 -- 08/11/2009 23:21:52 13853 ---A 2 days old -- C:\ComboFix.txt
09/04/2009 20:39:26 -- 07/11/2009 23:00:28 211 HS-- 3 days old -- C:\boot.ini
06/11/2009 09:06:21 -- 07/11/2009 19:33:38 4252 ---A 3 days old -- C:\aaw7boot.log
02/03/2006 13:00:00 -- 07/11/2009 13:15:28 251072 HSRA 3 days old -- C:\ntldr
---- recent files in C:\DOCUME~1\user\IMPOST~1\Temp\
10/11/2009 23:33:29 -- 10/11/2009 23:35:50 (DIR) ---- 0 days old -- C:\DOCUME~1\user\IMPOST~1\Temp\nsqB.tmp
10/11/2009 23:33:29 -- 10/11/2009 23:33:29 16384 ---A 0 days old -- C:\DOCUME~1\user\IMPOST~1\Temp\~DF53C7.tmp
10/11/2009 23:33:29 -- 10/11/2009 23:33:29 51 ---A 0 days old -- C:\DOCUME~1\user\IMPOST~1\Temp\systemscan.ini
10/11/2009 22:50:27 -- 10/11/2009 23:13:32 1940 ---A 0 days old -- C:\DOCUME~1\user\IMPOST~1\Temp\AdobeARM.log
---- recent files in C:\WINDOWS\
08/11/2009 23:21:55 -- 10/11/2009 23:31:59 (DIR) ---- 0 days old -- C:\WINDOWS\temp
07/11/2009 13:50:12 -- 10/11/2009 23:14:35 (DIR) ---- 0 days old -- C:\WINDOWS\Prefetch
09/04/2009 20:33:43 -- 09/11/2009 22:41:00 (DIR) H--- 1 days old -- C:\WINDOWS\inf
09/04/2009 18:49:01 -- 09/11/2009 11:34:35 (DIR) ---- 1 days old -- C:\WINDOWS\Registration
09/04/2009 20:33:43 -- 09/11/2009 00:42:23 (DIR) ---- 1 days old -- C:\WINDOWS\system32
09/04/2009 20:33:43 -- 09/11/2009 00:42:22 (DIR) ---- 1 days old -- C:\WINDOWS\Help
09/04/2009 20:33:43 -- 09/11/2009 00:42:21 (DIR) ---- 1 days old -- C:\WINDOWS\Cursors
08/11/2009 23:08:24 -- 09/11/2009 00:03:14 (DIR) ---- 1 days old -- C:\WINDOWS\ERDNT
09/04/2009 18:49:50 -- 08/11/2009 23:17:44 (DIR) -S-- 2 days old -- C:\WINDOWS\Tasks
09/04/2009 20:33:43 -- 08/11/2009 23:11:59 (DIR) ---- 2 days old -- C:\WINDOWS\AppPatch
09/04/2009 20:33:43 -- 08/11/2009 16:09:57 (DIR) ---- 2 days old -- C:\WINDOWS\Debug
09/04/2009 18:51:50 -- 08/11/2009 15:23:53 (DIR) H--- 2 days old -- C:\WINDOWS\$hf_mig$
08/11/2009 15:13:48 -- 08/11/2009 15:23:45 (DIR) ---- 2 days old -- C:\WINDOWS\ie8updates
09/04/2009 20:33:43 -- 08/11/2009 15:16:25 (DIR) ---- 2 days old -- C:\WINDOWS\Media
08/11/2009 15:10:46 -- 08/11/2009 15:13:02 (DIR) H--- 2 days old -- C:\WINDOWS\ie8
09/04/2009 20:42:42 -- 07/11/2009 20:28:24 (DIR) HS-- 3 days old -- C:\WINDOWS\Installer
07/11/2009 14:03:32 -- 07/11/2009 14:03:33 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB967715$
07/11/2009 14:03:32 -- 07/11/2009 14:03:32 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB960225$
07/11/2009 14:03:31 -- 07/11/2009 14:03:31 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB958690$
07/11/2009 13:59:37 -- 07/11/2009 14:03:30 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB958687$
07/11/2009 14:03:30 -- 07/11/2009 14:03:30 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB958644$
07/11/2009 14:03:28 -- 07/11/2009 14:03:29 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB957097$
07/11/2009 13:59:37 -- 07/11/2009 14:03:26 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB956841$
07/11/2009 13:59:37 -- 07/11/2009 14:03:25 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB956803$
07/11/2009 13:59:37 -- 07/11/2009 14:03:24 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB956802$
07/11/2009 13:59:37 -- 07/11/2009 14:03:24 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB955069$
07/11/2009 13:59:37 -- 07/11/2009 14:03:23 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB954600$
07/11/2009 13:59:37 -- 07/11/2009 14:03:23 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB952954$
07/11/2009 14:03:21 -- 07/11/2009 14:03:22 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB951748$
07/11/2009 14:03:22 -- 07/11/2009 14:03:22 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB952287$
07/11/2009 13:59:36 -- 07/11/2009 14:03:20 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB951376-v2$
07/11/2009 14:03:20 -- 07/11/2009 14:03:20 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB951698$
07/11/2009 13:59:35 -- 07/11/2009 14:03:19 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB951066$
07/11/2009 13:59:35 -- 07/11/2009 14:03:18 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB950974$
07/11/2009 14:03:18 -- 07/11/2009 14:03:18 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB950762$
07/11/2009 14:03:17 -- 07/11/2009 14:03:17 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB946648$
07/11/2009 13:59:35 -- 07/11/2009 14:03:16 (DIR) H--- 3 days old -- C:\WINDOWS\$NtUninstallKB938464-v2$
09/04/2009 20:33:43 -- 07/11/2009 14:01:12 (DIR) ---- 3 days old -- C:\WINDOWS\ime
09/04/2009 20:33:43 -- 07/11/2009 14:01:08 (DIR) ---- 3 days old -- C:\WINDOWS\msagent
10/04/2009 13:33:25 -- 07/11/2009 14:01:07 (DIR) ---- 3 days old -- C:\WINDOWS\network diagnostic
09/04/2009 20:33:43 -- 07/11/2009 14:01:06 (DIR) ---- 3 days old -- C:\WINDOWS\PeerNet
09/04/2009 20:33:43 -- 07/11/2009 14:01:05 (DIR) ---- 3 days old -- C:\WINDOWS\system
09/04/2009 18:49:46 -- 07/11/2009 14:01:05 (DIR) ---- 3 days old -- C:\WINDOWS\srchasst
09/04/2009 20:33:43 -- 07/11/2009 13:59:42 (DIR) ---- 3 days old -- C:\WINDOWS\WinSxS
07/11/2009 13:59:38 -- 07/11/2009 13:59:38 (DIR) ---- 3 days old -- C:\WINDOWS\ServicePackFiles
09/04/2009 20:33:43 -- 07/11/2009 13:59:32 (DIR) -SR- 3 days old -- C:\WINDOWS\Fonts
11/04/2009 13:14:50 -- 07/11/2009 13:14:45 (DIR) ---- 3 days old -- C:\WINDOWS\l2schemas
06/11/2009 15:22:22 -- 06/11/2009 15:22:41 (DIR) ---- 4 days old -- C:\WINDOWS\pss
06/11/2009 09:01:27 -- 06/11/2009 09:01:28 (DIR) H--- 4 days old -- C:\WINDOWS\$NtUninstallKB963093$
05/11/2009 13:07:46 -- 05/11/2009 13:07:55 (DIR) H--- 5 days old -- C:\WINDOWS\$NtUninstallKB940157$
05/11/2009 13:07:29 -- 05/11/2009 13:07:30 (DIR) H--- 5 days old -- C:\WINDOWS\$NtUninstallKB915800-v4$
12/08/2009 22:14:39 -- 01/11/2009 00:35:46 (DIR) -SR- 9 days old -- C:\WINDOWS\assembly
12/08/2009 22:13:11 -- 14/10/2009 16:39:00 (DIR) ---- 27 days old -- C:\WINDOWS\Microsoft.NET
14/10/2009 16:17:25 -- 14/10/2009 16:17:25 (DIR) H--- 27 days old -- C:\WINDOWS\$NtUninstallKB958869$
14/10/2009 16:16:02 -- 14/10/2009 16:16:03 (DIR) H--- 27 days old -- C:\WINDOWS\$NtUninstallKB969059$
14/10/2009 16:15:57 -- 14/10/2009 16:15:58 (DIR) H--- 27 days old -- C:\WINDOWS\$NtUninstallKB954155_WM9$
14/10/2009 16:15:52 -- 14/10/2009 16:15:53 (DIR) H--- 27 days old -- C:\WINDOWS\$NtUninstallKB974112$
14/10/2009 16:15:46 -- 14/10/2009 16:15:47 (DIR) H--- 27 days old -- C:\WINDOWS\$NtUninstallKB975025$
14/10/2009 16:15:08 -- 14/10/2009 16:15:09 (DIR) H--- 27 days old -- C:\WINDOWS\$NtUninstallKB974571$
14/10/2009 16:12:46 -- 14/10/2009 16:12:48 (DIR) H--- 27 days old -- C:\WINDOWS\$NtUninstallKB971486$
14/10/2009 16:12:39 -- 14/10/2009 16:12:40 (DIR) H--- 27 days old -- C:\WINDOWS\$NtUninstallKB973525$
14/10/2009 16:11:55 -- 14/10/2009 16:11:56 (DIR) H--- 27 days old -- C:\WINDOWS\$NtUninstallKB975467$
17/09/2009 10:49:53 -- 21/09/2009 22:41:08 (DIR) ---- 50 days old -- C:\WINDOWS\Minidump
17/09/2009 11:01:39 -- 17/09/2009 11:01:40 (DIR) H--- 54 days old -- C:\WINDOWS\$NtUninstallKB968816_WM9$
17/09/2009 11:01:35 -- 17/09/2009 11:01:36 (DIR) H--- 54 days old -- C:\WINDOWS\$NtUninstallKB956844$
17/09/2009 11:00:44 -- 17/09/2009 11:00:45 (DIR) H--- 54 days old -- C:\WINDOWS\$NtUninstallKB971961$
10/11/2009 23:18:56 -- 10/11/2009 23:32:54 3629 ---A 0 days old -- C:\WINDOWS\setupapi.log
06/11/2009 18:40:09 -- 10/11/2009 23:14:22 1275197 ---A 0 days old -- C:\WINDOWS\WindowsUpdate.log
10/11/2009 22:50:22 -- 10/11/2009 23:13:28 0 ---A 0 days old -- C:\WINDOWS\0.log
09/04/2009 18:53:31 -- 10/11/2009 23:13:25 2048 -S-A 0 days old -- C:\WINDOWS\bootstat.dat
06/11/2009 19:02:12 -- 10/11/2009 23:12:30 12042 ---A 0 days old -- C:\WINDOWS\SchedLgU.Txt
02/03/2006 13:00:00 -- 08/11/2009 23:15:47 227 ---A 2 days old -- C:\WINDOWS\system.ini
08/11/2009 19:11:31 -- 08/11/2009 19:11:31 60416 ---A 2 days old -- C:\WINDOWS\ALCFDRTM.EXE
08/11/2009 19:11:31 -- 08/11/2009 19:11:31 60416 ---A 2 days old -- C:\WINDOWS\ALCFDRTM.VER
02/03/2006 13:00:00 -- 07/11/2009 23:00:28 552 ---A 3 days old -- C:\WINDOWS\win.ini
23/08/2009 20:20:32 -- 05/11/2009 11:11:42 2802 ---A 5 days old -- C:\WINDOWS\Sobotta.sam
23/08/2009 20:13:51 -- 05/11/2009 10:35:31 29 ---A 5 days old -- C:\WINDOWS\BSL.INI
18/09/2009 13:51:56 -- 23/10/2009 17:12:57 69 ---A 18 days old -- C:\WINDOWS\NeroDigital.ini
17/09/2009 12:05:50 -- 17/09/2009 12:05:50 4767 ---A 54 days old -- C:\WINDOWS\Irremote.ini
---- recent files in C:\WINDOWS\system\
---- recent files in C:\WINDOWS\system32\
09/04/2009 20:40:40 -- 10/11/2009 23:18:54 (DIR) ---- 0 days old -- C:\WINDOWS\system32\CatRoot2
09/04/2009 18:49:31 -- 10/11/2009 23:18:28 (DIR) ---- 0 days old -- C:\WINDOWS\system32\Restore
09/04/2009 20:33:43 -- 09/11/2009 11:34:50 (DIR) ---- 1 days old -- C:\WINDOWS\system32\config
09/04/2009 20:33:43 -- 09/11/2009 11:34:35 (DIR) ---- 1 days old -- C:\WINDOWS\system32\wbem
09/04/2009 20:33:43 -- 08/11/2009 23:21:57 (DIR) ---- 2 days old -- C:\WINDOWS\system32\drivers
09/04/2009 20:33:43 -- 08/11/2009 15:23:57 (DIR) HSR- 2 days old -- C:\WINDOWS\system32\dllcache
09/04/2009 20:40:40 -- 08/11/2009 15:19:24 (DIR) ---- 2 days old -- C:\WINDOWS\system32\CatRoot
10/04/2009 13:36:14 -- 08/11/2009 15:16:26 (DIR) ---- 2 days old -- C:\WINDOWS\system32\it-it
06/11/2009 02:24:15 -- 07/11/2009 19:35:48 (DIR) ---- 3 days old -- C:\WINDOWS\system32\DRVSTORE
11/04/2009 13:14:49 -- 07/11/2009 14:01:34 (DIR) ---- 3 days old -- C:\WINDOWS\system32\bits
11/04/2009 13:14:49 -- 07/11/2009 14:01:31 (DIR) ---- 3 days old -- C:\WINDOWS\system32\it
09/04/2009 20:33:43 -- 07/11/2009 14:01:31 (DIR) ---- 3 days old -- C:\WINDOWS\system32\usmt
09/04/2009 18:47:59 -- 07/11/2009 14:00:18 (DIR) ---- 3 days old -- C:\WINDOWS\system32\Com
09/04/2009 20:33:43 -- 07/11/2009 13:59:48 (DIR) ---- 3 days old -- C:\WINDOWS\system32\Setup
09/04/2009 20:33:43 -- 07/11/2009 13:59:48 (DIR) ---- 3 days old -- C:\WINDOWS\system32\oobe
09/04/2009 20:33:43 -- 07/11/2009 13:59:48 (DIR) ---- 3 days old -- C:\WINDOWS\system32\npp
05/11/2009 13:08:09 -- 05/11/2009 13:08:09 (DIR) ---- 5 days old -- C:\WINDOWS\system32\GroupPolicy
09/04/2009 18:50:21 -- 17/09/2009 11:50:47 (DIR) ---- 54 days old -- C:\WINDOWS\system32\DirectX
10/04/2009 10:51:22 -- 10/11/2009 23:13:36 215715 ---A 0 days old -- C:\WINDOWS\system32\nvapps.xml
02/03/2006 13:00:00 -- 10/11/2009 22:20:48 13646 ---A 0 days old -- C:\WINDOWS\system32\wpa.dbl
08/11/2009 19:11:34 -- 08/11/2009 19:11:34 940794 ---A 2 days old -- C:\WINDOWS\system32\LoopyMusic.wav
08/11/2009 19:11:34 -- 08/11/2009 19:11:34 146650 ---A 2 days old -- C:\WINDOWS\system32\BuzzingBee.wav
09/04/2009 20:40:12 -- 07/11/2009 14:04:43 2146464 ---A 3 days old -- C:\WINDOWS\system32\FNTCACHE.DAT
02/03/2006 13:00:00 -- 07/11/2009 13:54:51 505290 ---A 3 days old -- C:\WINDOWS\system32\perfh010.dat
02/03/2006 13:00:00 -- 07/11/2009 13:54:50 88994 ---A 3 days old -- C:\WINDOWS\system32\perfc010.dat
02/03/2006 13:00:00 -- 07/11/2009 13:54:50 435396 ---A 3 days old -- C:\WINDOWS\system32\perfh009.dat
02/03/2006 13:00:00 -- 07/11/2009 13:54:50 68292 ---A 3 days old -- C:\WINDOWS\system32\perfc009.dat
07/11/2009 13:21:26 -- 07/11/2009 13:21:26 160 ---A 3 days old -- C:\WINDOWS\system32\spdwnwxp.log
09/04/2009 20:42:42 -- 05/11/2009 13:08:38 1104624 ---A 5 days old -- C:\WINDOWS\system32\PerfStringBackup.INI
02/03/2006 13:00:00 -- 22/10/2009 10:16:23 5939712 ---- 19 days old -- C:\WINDOWS\system32\mshtml.dll
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 1107 ---A 28 days old -- C:\WINDOWS\system32\EPPICPresetData_GE.dat
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 1129 ---A 28 days old -- C:\WINDOWS\system32\EPPICPresetData_FR.dat
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 1120 ---A 28 days old -- C:\WINDOWS\system32\EPPICPresetData_IT.dat
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 1104 ---A 28 days old -- C:\WINDOWS\system32\EPPICPresetData_EN.dat
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 1129 ---A 28 days old -- C:\WINDOWS\system32\EPPICPresetData_CF.dat
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 1136 ---A 28 days old -- C:\WINDOWS\system32\EPPICPresetData_ES.dat
13/10/2009 18:11:05 -- 31/05/2005 23:30:00 97 ---A 28 days old -- C:\WINDOWS\system32\PICSDK.ini
13/10/2009 18:11:05 -- 01/06/2005 03:10:00 495616 ---A 28 days old -- C:\WINDOWS\system32\PICSDK2.dll
13/10/2009 18:11:05 -- 01/06/2005 02:10:00 77824 ---A 28 days old -- C:\WINDOWS\system32\PICEntry.dll
13/10/2009 18:11:05 -- 31/05/2005 23:10:00 73728 ---A 28 days old -- C:\WINDOWS\system32\PICSDK.dll
13/10/2009 18:11:05 -- 31/05/2005 23:20:00 111932 ---A 28 days old -- C:\WINDOWS\system32\EPPICPrinterDB.dat
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 1139 ---A 28 days old -- C:\WINDOWS\system32\EPPICPresetData_PT.dat
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 114688 ---A 28 days old -- C:\WINDOWS\system32\EpPicPrt.dll
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 27417 ---A 28 days old -- C:\WINDOWS\system32\EPPICPattern121.dat
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 26154 ---A 28 days old -- C:\WINDOWS\system32\EPPICPattern1.dat
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 31053 ---A 28 days old -- C:\WINDOWS\system32\EPPICPattern131.dat
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 2426 ---A 28 days old -- C:\WINDOWS\system32\EPPICLocal_TC.cfg
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 1139 ---A 28 days old -- C:\WINDOWS\system32\EPPICPresetData_BP.dat
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 65536 ---A 28 days old -- C:\WINDOWS\system32\EPPicMgr.dll
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 4943 ---A 28 days old -- C:\WINDOWS\system32\EPPICPattern6.dat
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 21390 ---A 28 days old -- C:\WINDOWS\system32\EPPICPattern5.dat
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 20148 ---A 28 days old -- C:\WINDOWS\system32\EPPICPattern2.dat
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 24903 ---A 28 days old -- C:\WINDOWS\system32\EPPICPattern3.dat
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 11811 ---A 28 days old -- C:\WINDOWS\system32\EPPICPattern4.dat
13/10/2009 18:11:05 -- 03/03/2004 05:10:00 1146 ---A 28 days old -- C:\WINDOWS\system32\EPPICPresetData_DU.dat
13/10/2009 18:11:04 -- 03/03/2004 05:10:00 6103 ---A 28 days old -- C:\WINDOWS\system32\EPPICLocal_ES.cfg
13/10/2009 18:11:04 -- 03/03/2004 05:10:00 13732 ---A 28 days old -- C:\WINDOWS\system32\EPPICLocal_EN.cfg
13/10/2009 18:11:04 -- 03/03/2004 05:10:00 5436 ---A 28 days old -- C:\WINDOWS\system32\EPPICLocal_SC.cfg
13/10/2009 18:11:04 -- 03/03/2004 05:10:00 6347 ---A 28 days old -- C:\WINDOWS\system32\EPPICLocal_BP.cfg
13/10/2009 18:11:04 -- 03/03/2004 05:10:00 6335 ---A 28 days old -- C:\WINDOWS\system32\EPPICLocal_GE.cfg
13/10/2009 18:11:04 -- 03/03/2004 05:10:00 6122 ---A 28 days old -- C:\WINDOWS\system32\EPPICLocal_DU.cfg
13/10/2009 18:11:04 -- 03/03/2004 05:10:00 6195 ---A 28 days old -- C:\WINDOWS\system32\EPPICLocal_CF.cfg
13/10/2009 18:11:04 -- 03/03/2004 05:10:00 2889 ---A 28 days old -- C:\WINDOWS\system32\EPPICLocal_RU.cfg
13/10/2009 18:11:04 -- 03/03/2004 05:10:00 6347 ---A 28 days old -- C:\WINDOWS\system32\EPPICLocal_PT.cfg
13/10/2009 18:11:04 -- 03/03/2004 05:10:00 6442 ---A 28 days old -- C:\WINDOWS\system32\EPPICLocal_IT.cfg
13/10/2009 18:11:04 -- 03/03/2004 05:10:00 6195 ---A 28 days old -- C:\WINDOWS\system32\EPPICLocal_FR.cfg
13/10/2009 18:11:04 -- 03/03/2004 05:10:00 5817 ---A 28 days old -- C:\WINDOWS\system32\EPPICLocal_KO.cfg
13/10/2009 18:10:39 -- 07/03/2005 18:44:18 45056 ---A 28 days old -- C:\WINDOWS\system32\PhDi2.sys
10/04/2009 13:33:29 -- 02/10/2009 19:01:58 25198016 ---A 39 days old -- C:\WINDOWS\system32\MRT.exe
17/09/2009 11:50:45 -- 31/03/2006 11:40:58 2388176 ---A 54 days old -- C:\WINDOWS\system32\d3dx9_30.dll
11/04/2009 13:08:05 -- 11/09/2009 15:17:34 136192 ---A 60 days old -- C:\WINDOWS\system32\msv1_0.dll
---- recent files in C:\WINDOWS\system32\drivers\
09/04/2009 20:33:43 -- 08/11/2009 23:15:22 (DIR) ---- 2 days old -- C:\WINDOWS\system32\drivers\etc
09/04/2009 18:57:21 -- 10/11/2009 23:12:50 532512 HS-A 0 days old -- C:\WINDOWS\system32\drivers\fidbox2.dat
09/04/2009 18:57:21 -- 10/11/2009 23:12:50 4996 HS-A 0 days old -- C:\WINDOWS\system32\drivers\fidbox2.idx
09/04/2009 18:57:21 -- 10/11/2009 23:12:50 2085920 HS-A 0 days old -- C:\WINDOWS\system32\drivers\fidbox.dat
09/04/2009 18:57:21 -- 10/11/2009 23:12:50 20520 HS-A 0 days old -- C:\WINDOWS\system32\drivers\fidbox.idx
08/11/2009 16:34:14 -- 10/09/2009 14:54:06 38224 ---A 2 days old -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
08/11/2009 15:40:51 -- 10/09/2009 14:53:50 19160 ---A 2 days old -- C:\WINDOWS\system32\drivers\mbam.sys
06/11/2009 02:24:00 -- 06/11/2009 02:23:55 93360 ---A 4 days old -- C:\WINDOWS\system32\drivers\SBREDrv.sys
09/04/2009 18:57:42 -- 14/10/2009 16:02:24 108059 ---A 27 days old -- C:\WINDOWS\system32\drivers\klin.dat
09/04/2009 18:57:42 -- 14/10/2009 16:02:23 95259 ---A 27 days old -- C:\WINDOWS\system32\drivers\klick.dat
---- recent files in C:\WINDOWS\temp\
---- recent files in C:\Programmi\
09/04/2009 20:42:38 -- 09/11/2009 23:23:14 (DIR) ---- 1 days old -- C:\Programmi\File comuni
08/11/2009 15:40:51 -- 08/11/2009 16:34:21 (DIR) ---- 2 days old -- C:\Programmi\Malwarebytes' Anti-Malware
09/04/2009 18:49:14 -- 08/11/2009 15:16:25 (DIR) ---- 2 days old -- C:\Programmi\Internet Explorer
07/11/2009 23:02:47 -- 07/11/2009 23:02:47 (DIR) ---- 3 days old -- C:\Programmi\Trend Micro
09/04/2009 18:48:32 -- 07/11/2009 14:03:17 (DIR) ---- 3 days old -- C:\Programmi\Messenger
09/04/2009 18:48:36 -- 07/11/2009 14:03:16 (DIR) ---- 3 days old -- C:\Programmi\Windows Media Player
09/04/2009 18:49:38 -- 07/11/2009 14:01:17 (DIR) ---- 3 days old -- C:\Programmi\Movie Maker
09/04/2009 18:49:27 -- 07/11/2009 14:01:16 (DIR) ---- 3 days old -- C:\Programmi\NetMeeting
09/04/2009 18:49:25 -- 07/11/2009 14:01:15 (DIR) ---- 3 days old -- C:\Programmi\Outlook Express
09/04/2009 18:48:04 -- 07/11/2009 14:01:13 (DIR) ---- 3 days old -- C:\Programmi\Windows NT
05/11/2009 13:08:11 -- 06/11/2009 09:01:29 (DIR) ---- 4 days old -- C:\Programmi\Windows Desktop Search
12/08/2009 20:03:10 -- 31/10/2009 23:26:57 (DIR) ---- 10 days old -- C:\Programmi\CCleaner
16/10/2009 17:00:01 -- 16/10/2009 17:00:01 (DIR) ---- 25 days old -- C:\Programmi\Adobe
09/04/2009 19:36:47 -- 15/10/2009 09:23:27 (DIR) ---- 26 days old -- C:\Programmi\SUPERAntiSpyware
13/10/2009 18:10:33 -- 13/10/2009 18:10:33 (DIR) ---- 28 days old -- C:\Programmi\Panasonic
09/04/2009 19:07:29 -- 13/10/2009 18:10:32 (DIR) H--- 28 days old -- C:\Programmi\InstallShield Installation Information
28/09/2009 12:01:05 -- 28/09/2009 12:01:05 (DIR) ---- 43 days old -- C:\Programmi\Microsoft Silverlight
12/08/2009 22:20:01 -- 18/09/2009 18:00:15 (DIR) ---- 53 days old -- C:\Programmi\Free Video Converter
18/09/2009 10:32:42 -- 18/09/2009 10:32:42 (DIR) ---- 53 days old -- C:\Programmi\MSXML 4.0
17/09/2009 11:51:33 -- 17/09/2009 12:04:52 (DIR) ---- 54 days old -- C:\Programmi\Nero
17/09/2009 12:03:26 -- 17/09/2009 12:03:26 (DIR) ---- 54 days old -- C:\Programmi\Windows Sidebar
---- recent files in C:\Programmi\File comuni\
09/04/2009 18:49:19 -- 07/11/2009 14:01:19 (DIR) ---- 3 days old -- C:\Programmi\File comuni\System
09/04/2009 19:25:02 -- 16/10/2009 17:00:18 (DIR) ---- 25 days old -- C:\Programmi\File comuni\Adobe
17/09/2009 11:51:05 -- 17/09/2009 11:56:03 (DIR) ---- 54 days old -- C:\Programmi\File comuni\Nero
09/04/2009 20:42:38 -- 17/09/2009 11:50:23 (DIR) ---- 54 days old -- C:\Programmi\File comuni\Microsoft Shared
---- recent files in C:\Documents and Settings\user\Dati applicazioni\
08/11/2009 16:34:23 -- 08/11/2009 16:34:23 (DIR) ---- 2 days old -- C:\Documents and Settings\user\Dati applicazioni\Malwarebytes
08/10/2009 15:39:38 -- 07/11/2009 19:36:08 (DIR) ---- 3 days old -- C:\Documents and Settings\user\Dati applicazioni\uTorrent
06/11/2009 02:53:43 -- 06/11/2009 20:05:30 (DIR) ---- 4 days old -- C:\Documents and Settings\user\Dati applicazioni\Adobe
06/10/2009 19:51:02 -- 06/11/2009 20:03:47 (DIR) ---- 4 days old -- C:\Documents and Settings\user\Dati applicazioni\Real
05/11/2009 13:09:14 -- 05/11/2009 13:09:14 (DIR) ---- 5 days old -- C:\Documents and Settings\user\Dati applicazioni\Windows Search
05/11/2009 13:09:06 -- 05/11/2009 13:09:06 (DIR) ---- 5 days old -- C:\Documents and Settings\user\Dati applicazioni\Windows Desktop Search
20/04/2009 13:17:04 -- 01/11/2009 09:56:36 (DIR) ---- 9 days old -- C:\Documents and Settings\user\Dati applicazioni\dvdcss
13/10/2009 18:11:24 -- 13/10/2009 18:11:24 (DIR) ---- 28 days old -- C:\Documents and Settings\user\Dati applicazioni\Panasonic
09/04/2009 18:55:25 -- 07/10/2009 16:54:18 (DIR) -S-- 34 days old -- C:\Documents and Settings\user\Dati applicazioni\Microsoft
17/09/2009 12:21:01 -- 28/09/2009 10:01:24 (DIR) ---- 43 days old -- C:\Documents and Settings\user\Dati applicazioni\Nero
17/09/2009 08:52:28 -- 17/09/2009 08:52:28 (DIR) ---- 54 days old -- C:\Documents and Settings\user\Dati applicazioni\Help
18/09/2009 16:18:07 -- 23/10/2009 17:13:11 239 ---A 18 days old -- C:\Documents and Settings\user\Dati applicazioni\default.rss
18/09/2009 16:30:41 -- 18/09/2009 16:30:41 0 ---A 53 days old -- C:\Documents and Settings\user\Dati applicazioni\downloads.m3u
---- recent files in C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\
08/11/2009 13:42:35 -- 08/11/2009 13:42:35 (DIR) ---- 2 days old -- C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
09/04/2009 18:55:25 -- 08/11/2009 13:42:30 (DIR) ---- 2 days old -- C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft
06/11/2009 20:05:30 -- 07/11/2009 20:28:44 (DIR) ---- 3 days old -- C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Adobe
10/04/2009 10:33:52 -- 06/11/2009 20:03:53 (DIR) ---- 4 days old -- C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google
19/09/2009 19:21:21 -- 31/10/2009 22:08:45 (DIR) ---- 10 days old -- C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Paint.NET
18/09/2009 16:29:17 -- 18/09/2009 16:29:17 (DIR) ---- 53 days old -- C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Nero
17/09/2009 08:52:28 -- 17/09/2009 08:52:28 (DIR) ---- 54 days old -- C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Help
10/04/2009 10:30:26 -- 09/11/2009 11:48:23 119808 ---A 1 days old -- C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
07/10/2009 11:14:25 -- 08/11/2009 01:25:12 4316016 H--A 2 days old -- C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\IconCache.db
10/04/2009 13:21:58 -- 13/10/2009 18:14:32 70016 ---A 28 days old -- C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
===================== DUPLICATE FILES IN BAK FOLDERS =====================
No BAK folders found
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"AVP"="\"C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe\""
"SoundMan"="SOUNDMAN.EXE"
"GrooveMonitor"="\"C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
"AliceRE_McciTrayApp"="C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE"
"Adobe Reader Speed Launcher"="\"C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe\""
"Adobe ARM"="\"C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe\""
"Malwarebytes Anti-Malware (reboot)"="\"C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe\" /runcleanupscript"
[Run\OptionalComponents]
@=""
[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[Run]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[Run]
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
[Windows]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%Systemroot%\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @=expand:"%systemroot%\system32\stobject.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
#### HKCR\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServer32 @="C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
#### HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\InprocServer32 @="C:\Programmi\SUPERAntiSpyware\SASSEH.DLL"
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""
#### HKCR\CLSID\{56F9679E-7826-4C84-81F3-532071A8BCC5}\InprocServer32 @="C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota disco Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"="C:\WINDOWS\system32\iedkcs32.dll"
[Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
"@="Windows Search Group Policy Extension"
"DllName"=expand:"%SystemRoot%\System32\srchadmin.dll"
[Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
"@="Internet Explorer User Accelerators"
"DllName"="C:\WINDOWS\system32\iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="C:\WINDOWS\system32\iedkcs32.dll"
"@="Internet Explorer Branding"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
"@="802.3 Group Policy"
"DllName"=expand:"dot3gpclnt.dll"
[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installazione software"
"DllName"=expand:"appmgmts.dll"
[Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
"@="Internet Explorer Machine Accelerators"
"DllName"="C:\WINDOWS\system32\iedkcs32.dll"
[Winlogon\Notify]
[Winlogon\Notify\!SASWinLogon]
"DllName"="C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL"
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
[Winlogon\Notify\dimsntfy]
"DllName"=expand:"%SystemRoot%\System32\dimsntfy.dll"
[Winlogon\Notify\klogon]
"DllName"="C:\WINDOWS\system32\klogon.dll"
@=""
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
"BuildNumber"=dword:00000a28
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
[runonceex]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
[RunServicesOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
"WiseStubReboot"="MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I \"C:\Programmi\File comuni\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI\" TRANSFORMS=\"C:\Programmi\File comuni\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST\" WISE_SETUP_EXE_PATH=\"c:\nvidia\winxp\182.50\english\PhysX_9.09.0203_SystemSoftware.exe\""
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
[RunServicesOnce]
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
[Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
#### HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InprocServer32 @="C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll"
@="AcroIEHelperStub"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
#### HKCR\CLSID\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\InprocServer32 @="C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll"
@="IEVkbdBHO"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
#### HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\InprocServer32 @="C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll"
@=""
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----
[MSConfig]
[MSConfig\services]
[MSConfig\startupfolder]
[MSConfig\startupreg]
[MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000000
-----HKCU\Control Panel\Desktop\-----
[Desktop]
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" /S"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----
[Lsa]
[Lsa\AccessProviders]
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
"DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
[SharedAccess\Epoch]
"Epoch"=dword:00002290
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
[SharedAccess\Parameters\FirewallPolicy\RestrictedServices]
[SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static]
[SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"SearchIndexer-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer|"
"SearchIndexer-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer|"
"SearchFilterHost-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost|"
"SearchFilterHost-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost|"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programmi\Microsoft Office\Office12\GROOVE.EXE"="C:\Programmi\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
[AU]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[Security Center\Monitoring]
[Security Center\Monitoring\AhnlabAntiVirus]
[Security Center\Monitoring\ComputerAssociatesAntiVirus]
[Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
@=""
[Security Center\Monitoring\McAfeeAntiVirus]
[Security Center\Monitoring\McAfeeFirewall]
[Security Center\Monitoring\PandaAntiVirus]
[Security Center\Monitoring\PandaFirewall]
[Security Center\Monitoring\SophosAntiVirus]
[Security Center\Monitoring\SymantecAntiVirus]
[Security Center\Monitoring\SymantecFirewall]
[Security Center\Monitoring\TinyFirewall]
[Security Center\Monitoring\TrendAntiVirus]
[Security Center\Monitoring\TrendFirewall]
[Security Center\Monitoring\ZoneLabsFirewall]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{D0795EB1-36DD-4EEC-BBD8-AEA951F1AB9A}"
[SystemRestore\SnapshotCallbacks]
@=""
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
[AdvancedOptions]
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
-----HKLM\Software\Microsoft\Active Setup\Installed Components-----
[Installed Components]
[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="Internet Explorer - Aggiornamento versione"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Windows Media Player"
"ComponentID"="WMPACCESS"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="\"C:\WINDOWS\system32\rundll32.exe\" \"C:\WINDOWS\system32\iedkcs32.dll\",BrandIEActiveSetup SIGNUP"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personalizzazione del browser"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\system32\msjava.dll"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendering grafica vettoriale (VML)"
"ComponentID"="MSVML"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Binding dati Dynamic HTML per Java"
"ComponentID"="TridataJava"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Creazione avanzata"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classi Java DirectAnimation"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.8"
"ComponentID"="MSVBScript"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"KeyFileName"="C:\Programmi\Messenger\msmsgs.exe"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"
[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
"@="Web Folders"
"ComponentID"="WebFolders"
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Rubrica 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"
"ComponentID"="DOTNETFRAMEWORKS"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
[Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Utilità di pianificazione"
"ComponentID"="MSTASK"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"
-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services
Result compared: Identical
-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {4C24F5DE-3187-4673-8AF9-D9A29A05EE12} REG_BINARY 0F000000000000000000000000000000D8E6F94AF9000000000000000000000000000000D8E6F94A01000000000000000000000000000000D8E6F94A2B000000000000000000000000000000D8E6F94A2C000000000000000000000000000000D8E6F94A06000000000000000000000000000000D8E6F94A
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {4C24F5DE-3187-4673-8AF9-D9A29A05EE12} REG_BINARY 0F0000000000000000000000000000002FD0F94AF90000000000000000000000000000002FD0F94A010000000000000000000000000000002FD0F94A2B0000000000000000000000000000002FD0F94A2C0000000000000000000000000000002FD0F94A060000000000000000000000000000002FD0F94A
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\esent.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\esent.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\ServiceModel 3.0.0.0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\kl1 InData REG_BINARY C40A1F0600000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\kl1 InData REG_BINARY BF0AF60500000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 8848 (0x2290)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 8838 (0x2286)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sr Start REG_DWORD 0 (0x0)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\sr Start REG_DWORD 4 (0x4)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sr ImagePath REG_EXPAND_SZ system32\DRIVERS\sr.sys
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\sr ImagePath REG_EXPAND_SZ \SystemRoot\system32\DRIVERS\sr.sys
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sr\Parameters FirstRun REG_DWORD 0 (0x0)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\sr\Parameters FirstRun REG_DWORD 1 (0x1)
Result compared: Different
===================== Advanced startup entries analysis =====================
HKLM\SOFTWARE\Microsoft\windows\currentversion\run
AVP = "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- 25/04/2008 17:21:30 -- 09/04/2009 19:05:36 -- 201992
MD5: 47fe9cea9bb87ea5e0803e2846f7bf36 SHA1: 315c8d45360f6b1dbc87a79cbb748ee03c98b69c
[1] .text [2] .rdata [3] .data [4] .rsrc [5] .reloc
SoundMan = SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE -- 09/04/2009 19:07:30 -- 09/04/2009 19:09:04 -- 86016
MD5: 0d034e8c4f88c5b2b0c1af3cf438cc4f SHA1: 4ec36b2ed506af0927e5a25154d4177e2a83dafb
[1] .text [2] .rdata [3] .data [4] .sxdata [5] .rsrc
GrooveMonitor = "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe -- 25/10/2008 10:44:34 -- 25/10/2008 10:44:34 -- 31072
MD5: 644795f6985c740f5e36e9336b837d0b SHA1: d2f5f78d437d81ba678f61ae2eeb966ac0715091
[1] .text [2] .rdata [3] .data [4] .rsrc
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\RUNDLL32.EXE -- 02/03/2006 13:00:00 -- 14/04/2008 03:14:18 -- 33280
MD5: d51a4b912a90554b580a2401dfab02a5 SHA1: a00ad46557f1d98e2a798e9a0655920ff4f4e174
[1] .text [2] .data [3] .rsrc
nwiz = nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe -- 27/03/2009 09:03:00 -- 27/03/2009 09:03:00 -- 1657376
MD5: d13797a3c0f9ead4e902ed794112c4ac SHA1: 40cfab32be634b817a574a7cb040d6c368319bf1
[1] .text [2] .rdata [3] .data [4] .rsrc
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\RUNDLL32.EXE -- 02/03/2006 13:00:00 -- 14/04/2008 03:14:18 -- 33280
MD5: d51a4b912a90554b580a2401dfab02a5 SHA1: a00ad46557f1d98e2a798e9a0655920ff4f4e174
[1] .text [2] .data [3] .rsrc
AliceRE_McciTrayApp = C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE -- 20/04/2009 21:03:10 -- 21/11/2006 15:26:22 -- 936960
MD5: 731be35a5e9bd8aa44b15cd3fa927e9f SHA1: 121db870bee19ba3aeb1a2d0d54be80f304724d5
[1] .text [2] .rdata [3] .data [4] .rsrc
Adobe Reader Speed Launcher = "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe -- 03/10/2009 03:08:38 -- 03/10/2009 03:08:38 -- 35696
MD5: 33e5a8fc8eb0ee42478f8538d0215d8f SHA1: 59faa4839591b954fe58e5e4db744fecc00cae46
[1] .text [2] .rdata [3] .data [4] .rsrc
Adobe ARM = "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe -- 04/09/2009 11:08:30 -- 04/09/2009 11:08:30 -- 935288
MD5: 3103fe27c967675b019e880aa6da3d6d SHA1: 79a198f891f7def459fe866679034ecf2f6f9347
[1] .text [2] .rdata [3] .data [4] .rsrc [5] .reloc
Malwarebytes Anti-Malware (reboot) = "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe -- 08/11/2009 16:34:14 -- 10/09/2009 14:53:56 -- 1312080
MD5: c5fcc0b761069fabd59e41b7c3280ddf SHA1: 1277ba9e91c2670b0836103030910ddc224eaa70
[1] .text [2] .data [3] .rsrc
HKLM\SOFTWARE\Microsoft\windows\currentversion\policies\explorer\run
HKCU\SOFTWARE\Microsoft\windows\currentversion\run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe -- 02/03/2006 13:00:00 -- 14/04/2008 03:14:03 -- 15360
MD5: f53cddef33a4c41336a782be3d170158 SHA1: 964cca35d3109f49a6f6ebaba820637a5943b43b
[1] .text [2] .data [3] .rsrc
HKCU\SOFTWARE\Microsoft\windows\currentversion\policies\explorer\run
===================== AUTOPLAY SETTINGS =====================
~~~~~~~~~~~~~~~~~~~~~ Registry setting ~~~~~~~~~~~~~~~~~~~~~
(note: default values should be 91 or 95)
-----HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----
[Explorer]
"NoDriveTypeAutoRun"=dword:00000143
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----
[Explorer]
"NoDriveTypeAutoRun"=dword:00000143
Autorun is enabled on:
DRIVE_UNKNOWN = False
DRIVE_NO_ROOT_DIR = False
DRIVE_REMOVABLE = True
DRIVE_FIXED = True
DRIVE_REMOTE = True
DRIVE_CDROM = True
DRIVE_RAMDISK = False
RESERVED = True
~~~~~~~~~~~~~~~~~~~~~ Autorun.inf files ~~~~~~~~~~~~~~~~~~~~~
### C:\Programmi\Nero\Nero 9\Nero Burning ROM\SecurDisc\Autorun.inf
open=discinfo.exe
### C:\Programmi\Nero\Nero 9\Nero Express\SecurDisc\Autorun.inf
open=discinfo.exe
### F:\PROGRAMMI DA INSTALLARE\NeroExpress\Autorun.inf
open=Setupx.exe
===================== SCHEDULED JOBS =====================
jobs found in C:\WINDOWS:
02/03/2006 13.00.00 65 byte 1349 days old -- C:\WINDOWS\tasks\desktop.ini
10/11/2009 23.13.26 6 byte 0 days old -- C:\WINDOWS\tasks\SA.DAT
~~~~~~~~~~~~~~~~~~~~~
Active jobs:
~~~~~~~~~~~~~~~~~~~~~
Most recent (50) lines in jobs scheduled log:
"$~$Sys0$.job" (rundll32.exe)
Avviata 07/11/2009 13.12.57
"$~$Sys0$.job" (rundll32.exe)
Terminata 07/11/2009 13.12.57
Esito: Operazione completata con un codice di uscita (0).
===================== LIST OF ALL SERVICES & DRIVERS =====================
-----HKLM\system\currentcontrolset\services-----
000) "Abiosdsk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
001) "abp480n5"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
002) "ACPI" - Driver ACPI Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\ACPI.sys
---> TYPE = KERNEL_DRIVER
003) "ACPIEC"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
004) "adpu160m"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
005) "aec" - Eliminatore di eco acustico del kernel Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\aec.sys
---> TYPE = KERNEL_DRIVER
006) "AFD" - AFD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys
---> TYPE = KERNEL_DRIVER
007) "Aha154x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
008) "aic78u2"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
009) "aic78xx"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
010) "ALCXWDM" - Service for Realtek AC97 Audio (WDM)
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\ALCXWDM.SYS
---> TYPE = KERNEL_DRIVER
011) "AliIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
012) "amsint"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
013) "asc"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
014) "asc3350p"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
015) "asc3550"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
016) "AsyncMac" - Driver per supporti asincroni RAS
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\asyncmac.sys
---> TYPE = KERNEL_DRIVER
017) "atapi" - Controller disco rigido IDE/ESDI standard
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\atapi.sys
---> TYPE = KERNEL_DRIVER
018) "Atdisk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
019) "Atmarpc" - Protocollo client ARP ATM
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\atmarpc.sys
---> TYPE = KERNEL_DRIVER
020) "audstub" - Driver stub audio
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\audstub.sys
---> TYPE = KERNEL_DRIVER
021) "Beep"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
022) "catchme"
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\ComboFix\catchme.sys
---> TYPE = KERNEL_DRIVER
023) "cbidf2k"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
024) "cd20xrnt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
025) "Cdaudio"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
026) "Cdfs"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER
027) "Cdrom" - Driver del CD-ROM
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\cdrom.sys
---> TYPE = KERNEL_DRIVER
028) "Changer"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
029) "CmdIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
030) "Cpqarray"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
031) "dac2w2k"
---> STAT = (RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
032) "dac960nt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
033) "Disk" - Driver del disco
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\disk.sys
---> TYPE = KERNEL_DRIVER
034) "dmboot"
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmboot.sys
---> TYPE = KERNEL_DRIVER
035) "dmio"
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmio.sys
---> TYPE = KERNEL_DRIVER
036) "dmload"
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmload.sys
---> TYPE = KERNEL_DRIVER
037) "DMusic" - Sintetizzatore DLS Microsoft Kernel
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\DMusic.sys
---> TYPE = KERNEL_DRIVER
038) "dpti2o"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
039) "drmkaud" - Decodificatore audio DRM del kernel Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\drmkaud.sys
---> TYPE = KERNEL_DRIVER
040) "Fastfat"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER
041) "Fdc" - Driver controller disco floppy
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\fdc.sys
---> TYPE = KERNEL_DRIVER
042) "Fips"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
043) "Flpydisk" - Driver disco floppy
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\flpydisk.sys
---> TYPE = KERNEL_DRIVER
044) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\fltmgr.sys
---> TYPE = FILE_SYSTEM_DRIVER
045) "Ftdisk" - Driver archiviazione volumi
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\ftdisk.sys
---> TYPE = KERNEL_DRIVER
046) "Gpc" - Utilità di classificazione pacchetti generica
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\msgpc.sys
---> TYPE = KERNEL_DRIVER
047) "HidUsb" - Driver di classe HID Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\hidusb.sys
---> TYPE = KERNEL_DRIVER
048) "hpn"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
049) "HTTP" - HTTP
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\HTTP.sys
---> TYPE = KERNEL_DRIVER
050) "i2omgmt"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
051) "i2omp"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
052) "i8042prt" - Driver di porta mouse PS/2 e tastiera i8042
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\i8042prt.sys
---> TYPE = KERNEL_DRIVER
053) "Imapi" - Driver filtro masterizzazione CD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\imapi.sys
---> TYPE = KERNEL_DRIVER
054) "ini910u"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
055) "IntelIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
056) "intelppm" - Driver processore Intel
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\intelppm.sys
---> TYPE = KERNEL_DRIVER
057) "Ip6Fw" - Driver Windows Firewall IPv6
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ip6fw.sys
---> TYPE = KERNEL_DRIVER
058) "IpFilterDriver" - Driver filtro traffico IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ipfltdrv.sys
---> TYPE = KERNEL_DRIVER
059) "IpInIp" - Driver tunnel IP in IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\ipinip.sys
---> TYPE = KERNEL_DRIVER
060) "IpNat" - Traduttore indirizzi di rete IP
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ipnat.sys
---> TYPE = KERNEL_DRIVER
061) "IPSec" - Driver IPSEC
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\ipsec.sys
---> TYPE = KERNEL_DRIVER
062) "IRENUM" - Servizio enumeratore infrarossi
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\irenum.sys
---> TYPE = KERNEL_DRIVER
063) "isapnp" - Driver bus PnP ISA/EISA
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\isapnp.sys
---> TYPE = KERNEL_DRIVER
064) "Kbdclass" - Driver classe tastiera
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\kbdclass.sys
---> TYPE = KERNEL_DRIVER
065) "kbdhid" - Driver di tastiera HID
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\kbdhid.sys
---> TYPE = KERNEL_DRIVER
066) "kl1" - Kl1
---> STAT = Started by "IoInitSystem" function
---> FILE = system32\drivers\kl1.sys
---> TYPE = KERNEL_DRIVER
067) "klbg" - Kaspersky Lab Boot Guard Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\klbg.sys
---> TYPE = FILE_SYSTEM_DRIVER
068) "KLIF" - Kaspersky Lab Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\klif.sys
---> TYPE = FILE_SYSTEM_DRIVER
069) "klim5" - Kaspersky Anti-Virus NDIS Filter
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\klim5.sys
---> TYPE = KERNEL_DRIVER
070) "kmixer" - Mixer wave audio del kernel Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\kmixer.sys
---> TYPE = KERNEL_DRIVER
071) "KSecDD"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER
072) "lbrtfdc"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
073) "mnmdd"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
074) "Modem"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
075) "Mouclass" - Driver classe mouse
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\mouclass.sys
---> TYPE = KERNEL_DRIVER
076) "MountMgr" - Gestore installazione (Mounting)
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER
077) "mraid35x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
078) "MRxDAV" - Redirector del client WebDav
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mrxdav.sys
---> TYPE = FILE_SYSTEM_DRIVER
079) "MRxSmb" - MRXSMB
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\mrxsmb.sys
---> TYPE = FILE_SYSTEM_DRIVER
080) "Msfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER
081) "MSKSSRV" - Proxy di servizio di flusso Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSKSSRV.sys
---> TYPE = KERNEL_DRIVER
082) "MSPCLOCK" - Proxy clock di flusso Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPCLOCK.sys
---> TYPE = KERNEL_DRIVER
083) "MSPQM" - Proxy di gestione qualità di flusso Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPQM.sys
---> TYPE = KERNEL_DRIVER
084) "mssmbios" - Driver BIOS Microsoft System Management
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\mssmbios.sys
---> TYPE = KERNEL_DRIVER
085) "Mup" - Mup
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = FILE_SYSTEM_DRIVER
086) "NDIS" - Driver di sistema NDIS
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER
087) "NdisTapi" - Driver TAPI NDIS di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndistapi.sys
---> TYPE = KERNEL_DRIVER
088) "Ndisuio" - Protocollo I/O modalità utente su NDIS
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndisuio.sys
---> TYPE = KERNEL_DRIVER
089) "NdisWan" - Driver WAN NDIS di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ndiswan.sys
---> TYPE = KERNEL_DRIVER
090) "NDProxy" - multi:Proxy NDIS\00\00
---> STAT = (RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
091) "NetBIOS" - Interfaccia NetBIOS
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\netbios.sys
---> TYPE = FILE_SYSTEM_DRIVER
092) "NetBT" - NetBios su Tcpip
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\netbt.sys
---> TYPE = KERNEL_DRIVER
093) "Npfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER
094) "Ntfs"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER
095) "Null"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
096) "nv"
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\nv4_mini.sys
---> TYPE = KERNEL_DRIVER
097) "NwlnkFlt" - Driver filtro traffico IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\nwlnkflt.sys
---> TYPE = KERNEL_DRIVER
098) "NwlnkFwd" - Driver inoltratore traffico IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\nwlnkfwd.sys
---> TYPE = KERNEL_DRIVER
099) "Parport" - Driver della porta parallela
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\parport.sys
---> TYPE = KERNEL_DRIVER
100) "PartMgr" - Gestore partizioni
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER
101) "ParVdm"
---> STAT = (RUNNING) Started automatically
---> TYPE = KERNEL_DRIVER
102) "PCI" - Driver bus PCI
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\pci.sys
---> TYPE = KERNEL_DRIVER
103) "PCIDump"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
104) "PCIIde"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\pciide.sys
---> TYPE = KERNEL_DRIVER
105) "Pcmcia"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
106) "PDCOMP"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
107) "PDFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
108) "PDRELI"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
109) "PDRFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
110) "perc2"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
111) "perc2hib"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
112) "PptpMiniport" - WAN Miniport (PPTP)
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspptp.sys
---> TYPE = KERNEL_DRIVER
113) "PSched" - Utilità di pianificazione pacchetti QoS
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\psched.sys
---> TYPE = KERNEL_DRIVER
114) "PSI" - PSI
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\psi_mf.sys
---> TYPE = FILE_SYSTEM_DRIVER
115) "Ptilink" - Driver Direct Parallel Link
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\ptilink.sys
---> TYPE = KERNEL_DRIVER
116) "ql1080"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
117) "Ql10wnt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
118) "ql12160"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
119) "ql1240"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
120) "ql1280"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
121) "RasAcd" - Driver connessione automatica Accesso remoto
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\rasacd.sys
---> TYPE = KERNEL_DRIVER
122) "Rasl2tp" - WAN Miniport (L2TP)
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\rasl2tp.sys
---> TYPE = KERNEL_DRIVER
123) "RasPppoe" - Driver PPPOE di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspppoe.sys
---> TYPE = KERNEL_DRIVER
124) "Raspti" - Direct Parallel
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\raspti.sys
---> TYPE = KERNEL_DRIVER
125) "Rdbss" - Rdbss
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\rdbss.sys
---> TYPE = FILE_SYSTEM_DRIVER
126) "RDPCDD"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\RDPCDD.sys
---> TYPE = KERNEL_DRIVER
127) "RDPWD"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
128) "redbook" - Driver filtro riproduzione CD-ROM audio digitale
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\redbook.sys
---> TYPE = KERNEL_DRIVER
129) "rtl8139" - Driver NT scheda Fast Ethernet PCI Realtek basata su RTL8139
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\RTL8139.SYS
---> TYPE = KERNEL_DRIVER
130) "SASDIFSV" - SASDIFSV
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS
---> TYPE = KERNEL_DRIVER
131) "SASENUM" - SASENUM
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\Programmi\SUPERAntiSpyware\SASENUM.SYS
---> TYPE = KERNEL_DRIVER
132) "SASKUTIL" - SASKUTIL
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys
---> TYPE = KERNEL_DRIVER
133) "Secdrv" - Secdrv
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\secdrv.sys
---> TYPE = KERNEL_DRIVER
134) "serenum" - Driver filtro Serenum
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\serenum.sys
---> TYPE = KERNEL_DRIVER
135) "Serial" - Driver della porta seriale
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\serial.sys
---> TYPE = KERNEL_DRIVER
136) "Sfloppy"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER
137) "Simbad"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
138) "Sparrow"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
139) "splitter" - Frazionatore audio del kernel Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\splitter.sys
---> TYPE = KERNEL_DRIVER
140) "sr" - Driver filtro Ripristino configurazione di sistema
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\sr.sys
---> TYPE = FILE_SYSTEM_DRIVER
141) "Srv" - Srv
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\srv.sys
---> TYPE = FILE_SYSTEM_DRIVER
142) "swenum" - Driver bus software
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\swenum.sys
---> TYPE = KERNEL_DRIVER
143) "swmidi" - Sintetizzatore Wavetable GS kernel Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\swmidi.sys
---> TYPE = KERNEL_DRIVER
144) "symc810"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
145) "symc8xx"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
146) "sym_hi"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
147) "sym_u3"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
148) "sysaudio" - Periferica audio di sistema Microsoft Kernel
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\sysaudio.sys
---> TYPE = KERNEL_DRIVER
149) "Tcpip" - Driver protocollo TCP/IP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\tcpip.sys
---> TYPE = KERNEL_DRIVER
150) "TDPIPE"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
151) "TDTCP"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
152) "TermDD" - Driver della periferica terminale
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = system32\DRIVERS\termdd.sys
---> TYPE = KERNEL_DRIVER
153) "TosIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
154) "uagp35" - Filtro Microsoft AGPv3.5
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\uagp35.sys
---> TYPE = KERNEL_DRIVER
155) "Udfs"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER
156) "ultra"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER
157) "Update" - Driver aggiornamento microcodice
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\update.sys
---> TYPE = KERNEL_DRIVER
158) "usbehci" - Driver Miniport controller enhanced host USB 2.0 Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbehci.sys
---> TYPE = KERNEL_DRIVER
159) "usbhub" - Driver hub USB standard Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbhub.sys
---> TYPE = KERNEL_DRIVER
160) "USBSTOR" - Driver archiviazione di massa USB
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\USBSTOR.SYS
---> TYPE = KERNEL_DRIVER
161) "usbuhci" - Driver Miniport Controller Universal Host USB Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\usbuhci.sys
---> TYPE = KERNEL_DRIVER
162) "VgaSave" - Controller video VGA.
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\vga.sys
---> TYPE = KERNEL_DRIVER
163) "ViaIde"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\DRIVERS\viaide.sys
---> TYPE = KERNEL_DRIVER
164) "VolSnap"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER
165) "Wanarp" - Driver ARP IP di accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\wanarp.sys
---> TYPE = KERNEL_DRIVER
166) "WDICA"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER
167) "wdmaud" - Driver di compatibilità audio Microsoft WINMM WDM
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\wdmaud.sys
---> TYPE = KERNEL_DRIVER
-----HKLM\system\currentcontrolset\services-----
000) "Alerter" - Avvisi
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
001) "ALG" - Servizio Gateway di livello applicazione
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe
---> TYPE = OWN_SERVICE
002) "AppMgmt" - Gestione applicazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
003) "aspnet_state" - ASP.NET State Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
---> TYPE = OWN_SERVICE
004) "AudioSrv" - Audio Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
005) "AVP" - Kaspersky Anti-Virus
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe\ -r
---> TYPE = OWN_SERVICE
006) "BITS" - Servizio trasferimento intelligente in background
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
007) "Browser" - Browser di computer
---> STAT = (NOT RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
008) "CiSvc" - Servizio di indicizzazione
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\cisvc.exe
---> TYPE = SHARE_SERVICE
009) "ClipSrv" - ClipBook
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\clipsrv.exe
---> TYPE = OWN_SERVICE
010) "clr_optimization_v2.0.50727_32" - .NET Runtime Optimization Service v2.0.50727_X86
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
---> TYPE = OWN_SERVICE
011) "COMSysApp" - Applicazione di sistema COM+
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
---> TYPE = OWN_SERVICE
012) "CryptSvc" - CryptSvc
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
013) "DcomLaunch" - Utilità di avvio processo server DCOM
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch
---> TYPE = SHARE_SERVICE
014) "Dhcp" - Client DHCP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
015) "dmadmin" - Servizio amministrativo di Gestione disco logico
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dmadmin.exe /com
---> TYPE = SHARE_SERVICE
016) "dmserver" - Gestione dischi logici
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
017) "Dnscache" - Client DNS
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k NetworkService
---> TYPE = SHARE_SERVICE
018) "Dot3svc" - Configurazione automatica reti cablate
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k dot3svc
---> TYPE = SHARE_SERVICE
019) "EapHost" - Servizio Extensible Authentication Protocol
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k eapsvcs
---> TYPE = SHARE_SERVICE
020) "ERSvc" - Servizio di segnalazione errori
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
021) "Eventlog" - Registro eventi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> TYPE = SHARE_SERVICE
022) "EventSystem" - Sistema di eventi COM+
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
023) "FastUserSwitchingCompatibility" - Compatibilità di Cambio rapido utente
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
024) "FontCache3.0.0.0" - Windows Presentation Foundation Font Cache 3.0.0.0
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
---> TYPE = OWN_SERVICE
025) "helpsvc" - Guida in linea e supporto tecnico
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
026) "HidServ" - HID Input Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
027) "hkmsvc" - Servizio gestione chiavi e certificati di integrità
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
028) "HTTPFilter" - SSL HTTP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter
---> TYPE = SHARE_SERVICE
029) "idsvc" - Windows CardSpace
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\
---> TYPE = SHARE_SERVICE
030) "ImapiService" - Servizio COM di masterizzazione CD IMAPI
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\imapi.exe
---> TYPE = OWN_SERVICE
031) "lanmanserver" - Server
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
032) "lanmanworkstation" - Workstation
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
033) "LmHosts" - Helper NetBIOS di TCP/IP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
034) "Messenger" - Messenger
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
035) "Microsoft Office Groove Audit Service" - Microsoft Office Groove Audit Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe\
---> TYPE = OWN_SERVICE
036) "mnmsrvc" - Condivisione desktop remoto di NetMeeting
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\mnmsrvc.exe
---> TYPE = OWN_SERVICE
037) "MSDTC" - Distributed Transaction Coordinator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msdtc.exe
---> TYPE = OWN_SERVICE
038) "MSIServer" - Windows Installer
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\msiexec.exe /V
---> TYPE = SHARE_SERVICE
039) "napagent" - Agente protezione accesso alla rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
040) "Nero BackItUp Scheduler 4.0" - Nero BackItUp Scheduler 4.0
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
---> TYPE = OWN_SERVICE
041) "NetDDE" - DDE di rete
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
---> TYPE = SHARE_SERVICE
042) "NetDDEdsdm" - DDE DSDM di rete
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
---> TYPE = SHARE_SERVICE
043) "Netlogon" - Accesso rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE
044) "Netman" - Connessioni di rete
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
045) "NetTcpPortSharing" - Net.Tcp Port Sharing Service
---> STAT = (NOT RUNNING) Disabled
---> FILE = \C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\
---> TYPE = SHARE_SERVICE
046) "Network WanMiniport First Position" - Network WanMiniport First Position
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
---> TYPE = OWN_SERVICE
047) "Nla" - NLA (Network Location Awareness)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
048) "NtLmSsp" - Provider supporto protezione LM NT
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE
049) "NtmsSvc" - Archivi rimovibili
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
050) "NVSvc" - NVIDIA Display Driver Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\nvsvc32.exe
---> TYPE = OWN_SERVICE
051) "odserv" - Microsoft Office Diagnostics Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE\
---> TYPE = OWN_SERVICE
052) "ose" - Office Source Engine
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE\
---> TYPE = OWN_SERVICE
053) "PlugPlay" - Plug and Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> TYPE = SHARE_SERVICE
054) "PolicyAgent" - Servizi IPSEC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE
055) "ProtectedStorage" - Archiviazione protetta
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE
056) "RasAuto" - Auto Connection Manager di Accesso remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
057) "RasMan" - Connection Manager di Accesso remoto
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
058) "RDSessMgr" - Gestione sessione di assistenza mediante desktop remoto
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\sessmgr.exe
---> TYPE = OWN_SERVICE
059) "RemoteAccess" - Routing e Accesso remoto
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
060) "RpcLocator" - RPC Locator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\locator.exe
---> TYPE = OWN_SERVICE
061) "RpcSs" - RPC (Remote Procedure Call)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss
---> TYPE = OWN_SERVICE
062) "RSVP" - QoS RSVP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\rsvp.exe
---> TYPE = OWN_SERVICE
063) "SamSs" - Gestione account di protezione (SAM)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = SHARE_SERVICE
064) "SCardSvr" - smart card
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\SCardSvr.exe
---> TYPE = SHARE_SERVICE
065) "Schedule" - Utilità di pianificazione
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
066) "seclogon" - Secondary Logon
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
067) "SENS" - Notifica eventi di sistema
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
068) "SharedAccess" - Windows Firewall / Condivisione connessione Internet (ICS)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
069) "ShellHWDetection" - Rilevamento hardware shell
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
070) "Spooler" - Spooler di stampa
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\spoolsv.exe
---> TYPE = OWN_SERVICE
071) "srservice" - Servizio Ripristino configurazione di sistema
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
072) "SSDPSRV" - Servizio di rilevamento SSDP
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
073) "stisvc" - Acquisizione di immagini di Windows (WIA)
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k imgsvc
---> TYPE = SHARE_SERVICE
074) "SwPrv" - MS Software Shadow Copy Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{0EC766CF-0FB1-482A-BC5E-2AE2A7C43B36}
---> TYPE = OWN_SERVICE
075) "SysmonLog" - Avvisi e registri di prestazioni
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\smlogsvc.exe
---> TYPE = OWN_SERVICE
076) "TapiSrv" - Telefonia
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
077) "TermService" - Servizi terminal
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch
---> TYPE = SHARE_SERVICE
078) "Themes" - Temi
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
079) "TrkWks" - Manutenzione collegamenti distribuiti client
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
080) "upnphost" - Host di periferiche Plug and Play universali
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = SHARE_SERVICE
081) "UPS" - Gruppo di continuità
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\ups.exe
---> TYPE = OWN_SERVICE
082) "VSS" - Copia replicata del volume
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\vssvc.exe
---> TYPE = OWN_SERVICE
083) "W32Time" - Ora di Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
084) "WebClient" - WebClient
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService
---> TYPE = OWN_SERVICE
085) "winmgmt" - Strumentazione gestione Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
086) "Winsock"
---> STAT = (RUNNING) Started manually
---> TYPE = ADAPTER
087) "WmdmPmSN" - Servizio Numero di serie per dispositivi multimediali portatili
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
088) "WmiApSrv" - Scheda WMI Performance
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\wbem\wmiapsrv.exe
---> TYPE = OWN_SERVICE
089) "wscsvc" - Centro sicurezza PC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
090) "WSearch" - Windows Search
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\SearchIndexer.exe /Embedding
---> TYPE = OWN_SERVICE
091) "wuauserv" - Aggiornamenti automatici
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
092) "WZCSVC" - Zero Configuration reti senza fili
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
093) "xmlprov" - Servizio Provisioning di rete
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = SHARE_SERVICE
===================== SVCHOST INSTANCES =====================
HTTPFilter
+---- HTTPFilter
+---- %SystemRoot%\System32\w3ssl.dll
LocalService
+---- Alerter
+---- %SystemRoot%\system32\alrsvc.dll
+---- WebClient
+---- %SystemRoot%\System32\webclnt.dll
+---- LmHosts
+---- %SystemRoot%\System32\lmhsvc.dll
+---- RemoteRegistry
+---- upnphost
+---- %SystemRoot%\System32\upnphost.dll
+---- SSDPSRV
+---- %SystemRoot%\System32\ssdpsrv.dll
NetworkService
+---- DnsCache
+---- %SystemRoot%\System32\dnsrslvr.dll
netsvcs
+---- 6to4
+---- AppMgmt
+---- %SystemRoot%\System32\appmgmts.dll
+---- AudioSrv
+---- %SystemRoot%\System32\audiosrv.dll
+---- Browser
+---- %SystemRoot%\System32\browser.dll
+---- CryptSvc
+---- %SystemRoot%\System32\cryptsvc.dll
+---- DMServer
+---- %SystemRoot%\System32\dmserver.dll
+---- DHCP
+---- %SystemRoot%\System32\dhcpcsvc.dll
+---- ERSvc
+---- %SystemRoot%\System32\ersvc.dll
+---- EventSystem
+---- C:\WINDOWS\system32\es.dll
+---- FastUserSwitchingCompatibility
+---- %SystemRoot%\System32\shsvcs.dll
+---- HidServ
+---- %SystemRoot%\System32\hidserv.dll
+---- Ias
+---- Iprip
+---- Irmon
+---- LanmanServer
+---- %SystemRoot%\System32\srvsvc.dll
+---- LanmanWorkstation
+---- %SystemRoot%\System32\wkssvc.dll
+---- Messenger
+---- %SystemRoot%\System32\msgsvc.dll
+---- Netman
+---- %SystemRoot%\System32\netman.dll
+---- Nla
+---- %SystemRoot%\System32\mswsock.dll
+---- Ntmssvc
+---- %SystemRoot%\system32\ntmssvc.dll
+---- NWCWorkstation
+---- Nwsapagent
+---- Rasauto
+---- %SystemRoot%\System32\rasauto.dll
+---- Rasman
+---- %SystemRoot%\System32\rasmans.dll
+---- Remoteaccess
+---- %SystemRoot%\System32\mprdim.dll
+---- Schedule
+---- %SystemRoot%\system32\schedsvc.dll
+---- Seclogon
+---- %SystemRoot%\System32\seclogon.dll
+---- SENS
+---- %SystemRoot%\system32\sens.dll
+---- Sharedaccess
+---- %SystemRoot%\System32\ipnathlp.dll
+---- SRService
+---- %SystemRoot%\system32\srsvc.dll
+---- Tapisrv
+---- %SystemRoot%\System32\tapisrv.dll
+---- Themes
+---- %SystemRoot%\System32\shsvcs.dll
+---- TrkWks
+---- %SystemRoot%\system32\trkwks.dll
+---- W32Time
+---- %systemroot%\system32\w32time.dll
+---- WZCSVC
+---- %SystemRoot%\System32\wzcsvc.dll
+---- Wmi
+---- WmdmPmSp
+---- winmgmt
+---- %SystemRoot%\system32\wbem\WMIsvc.dll
+---- wscsvc
+---- %SYSTEMROOT%\system32\wscsvc.dll
+---- xmlprov
+---- %SystemRoot%\System32\xmlprov.dll
+---- BITS
+---- %systemroot%\system32\qmgr.dll
+---- wuauserv
+---- C:\WINDOWS\system32\wuauserv.dll
+---- ShellHWDetection
+---- %SystemRoot%\System32\shsvcs.dll
+---- helpsvc
+---- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
+---- WmdmPmSN
+---- C:\WINDOWS\system32\mspmsnsv.dll
+---- napagent
+---- %SystemRoot%\System32\qagentrt.dll
+---- hkmsvc
+---- %SystemRoot%\System32\kmsvc.dll
DcomLaunch
+---- DcomLaunch
+---- %SystemRoot%\system32\rpcss.dll
+---- TermService
+---- %SystemRoot%\System32\termsrv.dll
rpcss
+---- RpcSs
+---- %SystemRoot%\System32\rpcss.dll
imgsvc
+---- StiSvc
+---- %SystemRoot%\system32\wiaservc.dll
termsvcs
+---- TermService
+---- %SystemRoot%\System32\termsrv.dll
eapsvcs
+---- eaphost
+---- %SystemRoot%\System32\eapsvc.dll
dot3svc
+---- dot3svc
+---- %SystemRoot%\System32\dot3svc.dll
===================== LOADED MODULES =====================
*** NOTE *** Process uuoywfrygn.exe belongs to SystemScan
Already known legit dlls are not shown
System pid: 4
Command line: <no command line>
smss.exe pid: 536
Command line: \SystemRoot\System32\smss.exe
Base Size Version Path
0x48580000 0xf000 \SystemRoot\System32\smss.exe
csrss.exe pid: 584
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x75af0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\CSRSRV.dll
0x75b00000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\basesrv.dll
0x75b10000 0x4b000 5.01.2600.5512 C:\WINDOWS\system32\winsrv.dll
winlogon.exe pid: 608
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x77690000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x10000000 0xcc000 1.00.0000.1054 C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
0x01120000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x47190000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\dimsntfy.dll
0x354d0000 0x33000 8.00.0000.0357 C:\WINDOWS\system32\klogon.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
services.exe pid: 652
Command line: C:\WINDOWS\system32\services.exe
Base Size Version Path
0x01000000 0x1d000 5.01.2600.5755 C:\WINDOWS\system32\services.exe
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x77b40000 0x54000 5.01.2600.5512 C:\WINDOWS\system32\SCESRV.dll
0x77690000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x7dbb0000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\umpnpmgr.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x474b0000 0xf000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcAdProc.dll
0x772d0000 0x11000 5.01.2600.5512 C:\WINDOWS\system32\eventlog.dll
lsass.exe pid: 664
Command line: C:\WINDOWS\system32\lsass.exe
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\lsass.exe
0x753e0000 0xb6000 5.01.2600.5834 C:\WINDOWS\system32\LSASRV.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x743d0000 0x6e000 5.01.2600.5512 C:\WINDOWS\system32\SAMSRV.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x4d200000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\msprivs.dll
0x71c80000 0x4c000 5.01.2600.5834 C:\WINDOWS\system32\kerberos.dll
0x74440000 0x65000 5.01.2600.5512 C:\WINDOWS\system32\netlogon.dll
0x76780000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\w32time.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x767b0000 0x28000 5.01.2600.5834 C:\WINDOWS\system32\schannel.dll
0x7e8c0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\wdigest.dll
0x7d520000 0x31000 5.01.2600.5512 C:\WINDOWS\system32\scecli.dll
0x74360000 0x30000 5.01.2600.5512 C:\WINDOWS\system32\ipsecsvc.dll
0x77690000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x756d0000 0xd0000 5.01.2600.5512 C:\WINDOWS\system32\oakley.DLL
0x742f0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\WINIPSEC.DLL
0x74320000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\pstorsvc.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x74340000 0x1b000 5.01.2600.5512 C:\WINDOWS\system32\psbase.dll
0x68100000 0x26000 5.01.2600.5507 C:\WINDOWS\system32\dssenh.dll
svchost.exe pid: 824
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x77690000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x76ae0000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
svchost.exe pid: 932
Command line: C:\WINDOWS\system32\svchost -k rpcss
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
svchost.exe pid: 972
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76ee0000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll
0x4cf40000 0xb000 5.01.2600.5512 c:\windows\system32\EapolQec.dll
0x76ae0000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x745c0000 0x16000 5.01.2600.5512 c:\windows\system32\QUtil.dll
0x76030000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll
0x72960000 0xa000 5.01.2600.5512 c:\windows\system32\dot3api.dll
0x01620000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x767b0000 0x28000 5.01.2600.5834 C:\WINDOWS\System32\SCHANNEL.dll
0x76760000 0x13000 5.01.2600.5512 c:\windows\system32\NTDSAPI.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\System32\cryptdll.dll
0x6ff20000 0x6b000 6.07.2600.5512 c:\windows\system32\qmgr.dll
0x776e0000 0x44000 2001.12.4414.0706 c:\windows\system32\es.dll
0x74ed0000 0xc000 5.01.2600.5512 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x68dc0000 0x9000 5.01.2600.5512 c:\windows\system32\hidserv.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\System32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76bc0000 0x2e000 5.01.2600.5512 C:\WINDOWS\System32\credui.dll
0x73640000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\dot3dlg.dll
0x5ad00000 0x28000 5.01.2600.5512 C:\WINDOWS\System32\OneX.DLL
0x71680000 0x22000 5.01.2600.5512 C:\WINDOWS\System32\eappcfg.dll
0x73b40000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\eappprxy.dll
0x76780000 0x2d000 5.01.2600.5512 c:\windows\system32\w32time.dll
0x4f120000 0x28000 5.01.2600.5512 c:\windows\system32\wbem\wmisvc.dll
0x50000000 0x5000 5.04.3790.5512 c:\windows\system32\wuauserv.dll
0x50040000 0x1d9000 7.04.7600.0226 C:\WINDOWS\system32\wuaueng.dll
0x750e0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\Cabinet.dll
0x604f0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\mspatcha.dll
0x77690000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x742f0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\WINIPSEC.DLL
0x58080000 0x36000 5.01.2600.5512 C:\WINDOWS\System32\unimdm.tsp
0x58100000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\kmddsp.tsp
0x580e0000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\ndptsp.tsp
0x58110000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\ipconf.tsp
0x58130000 0x46000 5.01.2600.5512 C:\WINDOWS\System32\h323.tsp
0x58120000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\hidphone.tsp
0x71c80000 0x4c000 5.01.2600.5834 C:\WINDOWS\system32\kerberos.dll
0x723c0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\RASQEC.DLL
0x68100000 0x26000 5.01.2600.5507 C:\WINDOWS\System32\dssenh.dll
0x70040000 0x9e000 2001.12.4414.0700 C:\WINDOWS\System32\catsrvut.dll
0x70100000 0x3d000 2001.12.4414.0700 C:\WINDOWS\System32\catsrv.dll
0x61df0000 0x9000 2001.12.4414.0700 C:\WINDOWS\System32\MfcSubs.dll
0x74e60000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
svchost.exe pid: 1032
Command line: C:\WINDOWS\system32\svchost.exe -k LocalService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
spoolsv.exe pid: 1184
Command line: C:\WINDOWS\system32\spoolsv.exe
Base Size Version Path
0x01000000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\spoolsv.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x00980000 0x9000 0.03.6414.1000 C:\WINDOWS\system32\msonpmon.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x3f420000 0x1b000 6.01.2600.5635 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
0x00da0000 0x9000 0.03.4518.1014 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
svchost.exe pid: 1296
Command line: C:\WINDOWS\system32\svchost.exe -k LocalService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x00950000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
avp.exe pid: 1416
Command line: "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r
NBService.exe pid: 1492
Command line: "C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe"
Base Size Version Path
0x00400000 0xe3000 4.00.0001.0102 C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x59e60000 0xa1000 5.01.2600.5512 C:\WINDOWS\system32\dbghelp.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x10000000 0x118000 4.00.0001.0102 C:\Programmi\File comuni\Nero\Nero BackItUp 4\NB.dll
0x69940000 0x16000 5.01.2600.5512 C:\WINDOWS\system32\Faultrep.dll
0x00a20000 0x6d000 4.00.0001.0102 C:\Programmi\File comuni\Nero\Nero BackItUp 4\LBFC.dll
0x73540000 0x47000 5.01.2600.5512 C:\WINDOWS\system32\mstask.dll
0x76760000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x01220000 0x42000 4.00.0001.0102 C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBBurn.dll
0x01270000 0x27000 9.00.0000.0100 C:\Programmi\File comuni\Nero\Nero BackItUp 4\NeroAPIGlueLayerUnicode.dll
srvany.exe pid: 1616
Command line: "C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe"
Base Size Version Path
0x01000000 0x4000 C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
nvsvc32.exe pid: 1636
Command line: C:\WINDOWS\system32\nvsvc32.exe
Base Size Version Path
0x00400000 0x2e000 6.14.0011.8250 C:\WINDOWS\system32\nvsvc32.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x00960000 0xa5000 6.14.0011.8250 C:\WINDOWS\system32\nvapi.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
WanMiniport1st_srv.exe pid: 1644
Command line: "C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe"
Base Size Version Path
0x00400000 0x11000 C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
searchindexer.exe pid: 1748
Command line: C:\WINDOWS\system32\SearchIndexer.exe /Embedding
Base Size Version Path
0x01000000 0x6e000 7.00.6001.16503 C:\WINDOWS\system32\SearchIndexer.exe
0x60000000 0x185000 7.00.6001.16503 C:\WINDOWS\system32\TQUERY.DLL
0x00400000 0xbb000 7.00.6001.16503 C:\WINDOWS\system32\PROPSYS.dll
0x004c0000 0x15e000 7.00.6001.16503 C:\WINDOWS\system32\MSSRCH.DLL
0x59e60000 0xa1000 5.01.2600.5512 C:\WINDOWS\system32\dbghelp.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x7d9b0000 0x166000 5.01.2600.5847 C:\WINDOWS\system32\query.dll
0x47060000 0x21000 1.00.1018.0000 C:\WINDOWS\system32\XmlLite.dll
0x10000000 0x3e000 7.00.6001.16503 C:\WINDOWS\system32\it-it\tQuery.dll.mui
0x01b70000 0xb000 7.00.6001.16503 C:\WINDOWS\system32\msscb.dll
0x5eb90000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\perfproc.dll
0x0bf30000 0xb000 7.00.6001.16503 C:\WINDOWS\system32\mssprxy.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x66a80000 0x72000 5.01.2600.0000 C:\WINDOWS\system32\infosoft.dll
explorer.exe pid: 1764
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0xff000 6.00.2900.5512 C:\WINDOWS\Explorer.EXE
0x75f30000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\BROWSEUI.dll
0x7e210000 0x171000 6.00.2900.5512 C:\WINDOWS\system32\SHDOCVW.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x661d0000 0x21f000 12.00.6421.1000 C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
0x68ef0000 0xf2000 12.00.6423.1000 C:\Programmi\Microsoft Office\Office12\GrooveUtil.DLL
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x68ff0000 0x7000 12.00.6413.1000 C:\Programmi\Microsoft Office\Office12\GrooveNew.DLL
0x7c630000 0x1b000 8.00.50727.4053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSImg32.dll
0x5ba40000 0x72000 6.00.2900.5512 C:\WINDOWS\system32\themeui.dll
0x60060000 0x33000 5.01.2600.5512 C:\WINDOWS\system32\msutb.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x65e50000 0x2d000 12.00.6421.1000 C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
0x74910000 0x114000 8.100.1048.0000 C:\WINDOWS\system32\msxml3.dll
0x76940000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x40260000 0xa93000 8.00.6001.18828 C:\WINDOWS\system32\ieframe.dll
0x76bc0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x72960000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x73640000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x5ad00000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x71680000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x73b40000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll
0x66b50000 0x17f000 12.00.6421.1000 C:\Programmi\Microsoft Office\Office12\GrooveMisc.dll
0x10000000 0x179000 6.14.0010.12095 C:\WINDOWS\system32\nview.dll
0x75d50000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x01770000 0x15000 6.14.0011.8250 C:\WINDOWS\system32\nvwddi.dll
0x761e0000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\stobject.dll
0x74a80000 0xa000 6.00.2900.5512 C:\WINDOWS\system32\BatMeter.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x02cb0000 0xf9000 12.00.6413.1000 C:\Programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll
0x032f0000 0x1f7000 6.02.0010.0031 C:\Programmi\File comuni\Nero\SMC\NeroDigitalExt.dll
0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ITA.DLL
0x03600000 0x5b000 9.01.0000.0163 C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
0x03670000 0x4c000 9.01.0000.0163 C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
0x036d0000 0xd37000 6.14.0011.8250 C:\WINDOWS\system32\nvcpl.dll
0x74c10000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x04450000 0xa5000 6.14.0011.8250 C:\WINDOWS\system32\nvapi.dll
0x04510000 0x73000 6.14.0010.12095 C:\WINDOWS\system32\nvshell.dll
0x045b0000 0x14000 1.00.0000.1012 C:\Programmi\SUPERAntiSpyware\SASSEH.DLL
0x045e0000 0x4d000 7.00.6001.18260 C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
0x75f10000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll
0x71ba0000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll
0x71c60000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll
0x71c20000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll
0x75f20000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll
0x71600000 0x13000 6.00.2900.5512 C:\WINDOWS\system32\browselc.dll
0x4b440000 0x86000 5.41.0015.1515 C:\WINDOWS\system32\MSFTEDIT.DLL
0x6c6b0000 0x4d000 5.01.2600.5512 C:\WINDOWS\system32\DUSER.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x4cf40000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\EapolQec.dll
0x745c0000 0x16000 5.01.2600.5512 C:\WINDOWS\system32\QUtil.dll
0x4f4b0000 0x61000 5.01.2600.5512 C:\WINDOWS\system32\wzcdlg.dll
avp.exe pid: 576
Command line: "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
SoundMan.exe pid: 628
Command line: "C:\WINDOWS\SOUNDMAN.EXE"
Base Size Version Path
0x00400000 0x17000 1.00.0000.0030 C:\WINDOWS\SOUNDMAN.EXE
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0x179000 6.14.0010.12095 C:\WINDOWS\system32\nview.dll
GrooveMonitor.exe pid: 792
Command line: "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
Base Size Version Path
0x00400000 0x8000 12.00.6413.1000 C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
0x68ef0000 0xf2000 12.00.6423.1000 C:\Programmi\Microsoft Office\Office12\GrooveUtil.DLL
0x00350000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x68ff0000 0x7000 12.00.6413.1000 C:\Programmi\Microsoft Office\Office12\GrooveNew.DLL
0x7c630000 0x1b000 8.00.50727.4053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x661d0000 0x21f000 12.00.6421.1000 C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSImg32.dll
0x65e50000 0x2d000 12.00.6421.1000 C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
0x10000000 0x179000 6.14.0010.12095 C:\WINDOWS\system32\nview.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x76940000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x74910000 0x114000 8.100.1048.0000 C:\WINDOWS\system32\msxml3.dll
rundll32.exe pid: 864
Command line: "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Base Size Version Path
0x01000000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\RUNDLL32.EXE
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x10000000 0x17000 6.14.0011.8250 C:\WINDOWS\system32\NvMcTray.dll
0x00a00000 0xa5000 6.14.0011.8250 C:\WINDOWS\system32\nvapi.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x00b50000 0x179000 6.14.0010.12095 C:\WINDOWS\system32\nview.dll
MCCITR~1.EXE pid: 872
Command line: "C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE"
Base Size Version Path
0x00400000 0xea000 5.00.0000.0055 C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x179000 6.14.0010.12095 C:\WINDOWS\system32\nview.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x5b160000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\VDMDBG.DLL
rundll32.exe pid: 888
Command line: rundll32.exe nview.dll,nViewInitialize
Base Size Version Path
0x01000000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\rundll32.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x10000000 0x179000 6.14.0010.12095 C:\WINDOWS\system32\nview.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x00ad0000 0x15000 6.14.0011.8250 C:\WINDOWS\system32\nvwddi.dll
0x00b30000 0xa5000 6.14.0011.8250 C:\WINDOWS\system32\nvapi.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x00de0000 0x73000 6.14.0010.12095 C:\WINDOWS\system32\nvshell.dll
ctfmon.exe pid: 1112
Command line: "C:\WINDOWS\system32\ctfmon.exe"
Base Size Version Path
0x00400000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\ctfmon.exe
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x60060000 0x33000 5.01.2600.5512 C:\WINDOWS\system32\MSUTB.dll
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
WindowsSearch.exe pid: 1256
Command line: "C:\Programmi\Windows Desktop Search\WindowsSearch.exe" /startup
Base Size Version Path
0x01000000 0x22000 7.00.6001.16503 C:\Programmi\Windows Desktop Search\WindowsSearch.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll
0x76330000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x00400000 0x28000 7.00.6001.16503 C:\WINDOWS\system32\uncdms.dll
0x00850000 0x46000 7.00.6001.16503 C:\WINDOWS\system32\oeph.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x6dd00000 0x58000 7.00.6001.18260 C:\WINDOWS\system32\mssph.dll
0x60000000 0x185000 7.00.6001.16503 C:\WINDOWS\system32\TQUERY.DLL
0x008b0000 0xbb000 7.00.6001.16503 C:\WINDOWS\system32\PROPSYS.dll
0x77690000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x62280000 0x1f000 1.00.2536.0000 C:\WINDOWS\system32\MAPI32.dll
0x10000000 0x4000 7.00.6001.16503 C:\Programmi\Windows Desktop Search\it-it\WindowsSearchRes.dll.mui
0x00c00000 0x20000 7.00.6001.16503 C:\Programmi\Windows Desktop Search\WindowsSearchRes.dll
0x00c20000 0x44000 7.00.6001.16503 C:\Programmi\Windows Desktop Search\WdsMktTools.dll
0x00c70000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x74910000 0x114000 8.100.1048.0000 C:\WINDOWS\system32\msxml3.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x00f60000 0xb000 7.00.6001.16503 C:\WINDOWS\system32\mssprxy.dll
0x60700000 0x149000 6.00.2900.5843 C:\Programmi\Outlook Express\msoe.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x765d0000 0x22000 6.00.2900.5512 C:\WINDOWS\system32\MSOERT2.dll
0x60c40000 0x42000 6.00.2900.5512 C:\WINDOWS\system32\MSOEACCT.dll
0x75ca0000 0xae000 6.00.2900.5579 C:\WINDOWS\system32\INETCOMM.dll
0x717f0000 0x13000 6.00.2600.0000 C:\WINDOWS\system32\acctres.dll
0x00fd0000 0xf000 6.00.2900.5512 C:\WINDOWS\system32\inetres.dll
0x01730000 0x267000 6.00.2900.5512 C:\Programmi\Outlook Express\msoeres.dll
0x7e210000 0x171000 6.00.2900.5512 C:\WINDOWS\system32\SHDOCVW.DLL
0x40260000 0xa93000 8.00.6001.18828 C:\WINDOWS\system32\ieframe.dll
0x60cf0000 0xf000 6.00.2900.5512 C:\WINDOWS\system32\msident.dll
0x60ce0000 0x6000 6.00.2600.0000 C:\WINDOWS\system32\msidntld.dll
0x5e500000 0xd000 5.01.2600.5512 C:\WINDOWS\system32\PSTOREC.DLL
0x6d310000 0x19000 6.00.2900.5512 C:\Programmi\File comuni\System\directdb.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x75d50000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\mlang.dll
0x01e80000 0x179000 6.14.0010.12095 C:\WINDOWS\system32\nview.dll
ONENOTEM.EXE pid: 1384
Command line: "C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
Base Size Version Path
0x30000000 0x19000 12.00.6413.1000 C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x33d00000 0x2c5000 12.00.6413.1000 C:\Programmi\Microsoft Office\Office12\1040\ONINTL.DLL
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x10000000 0x179000 6.14.0010.12095 C:\WINDOWS\system32\nview.dll
psi.exe pid: 1348
Command line: "C:\Programmi\Secunia\PSI\psi.exe" --start-in-tray
Base Size Version Path
0x00400000 0xc7000 1.05.0000.0000 C:\Programmi\Secunia\PSI\psi.exe
0x4dd50000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\FLTLIB.DLL
0x00340000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
*** Loaded C:\WINDOWS\system32\ieframe.dll differs from file image:
*** File timestamp: Sat Aug 29 09:56:05 2009
*** Loaded image timestamp: Sat Aug 29 09:59:50 2009
*** 0x40260000 0xa93000 8.00.6001.18828 C:\WINDOWS\system32\ieframe.dll
0x3fac0000 0x5ad000 8.00.6001.18852 C:\WINDOWS\system32\mshtml.dll
0x00ff0000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x74680000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\msimtf.dll
0x767b0000 0x28000 5.01.2600.5834 C:\WINDOWS\system32\schannel.dll
0x75d50000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x358c0000 0x26000 8.00.0000.0357 C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\scrchpg.dll
0x35510000 0xa000 8.00.0000.0357 C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\klscav.dll
0x78130000 0x9b000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x35840000 0x14000 8.00.0000.0357 C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\prremote.dll
0x7c420000 0x87000 8.00.50727.3053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
0x357f0000 0x45000 8.00.0000.0357 C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\prloader.dll
0x36320000 0x30000 8.00.0000.0357 C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\prkernel.ppl
0x36220000 0x76000 8.00.0000.0357 c:\programmi\kaspersky lab\kaspersky anti-virus 2009\params.ppl
0x36470000 0x9000 8.00.0000.0357 c:\programmi\kaspersky lab\kaspersky anti-virus 2009\pxstub.ppl
0x36640000 0x6000 8.00.0000.0369 c:\programmi\kaspersky lab\kaspersky anti-virus 2009\tempfile.ppl
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x76bc0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x72960000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x73640000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x5ad00000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x71680000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x73b40000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll
0x4cf40000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\EapolQec.dll
0x745c0000 0x16000 5.01.2600.5512 C:\WINDOWS\system32\QUtil.dll
0x10000000 0x179000 6.14.0010.12095 C:\WINDOWS\system32\nview.dll
0x030f0000 0x15000 6.14.0011.8250 C:\WINDOWS\system32\nvwddi.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x68100000 0x26000 5.01.2600.5507 C:\WINDOWS\system32\dssenh.dll
0x76590000 0x13000 5.131.2600.5512 C:\WINDOWS\system32\cryptnet.dll
0x00ab0000 0x6a000 5.08.6001.18702 C:\WINDOWS\system32\vbscript.dll
0x03a90000 0x4a3000 10.00.0032.0018 C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx
0x73aa0000 0x15000 5.01.2600.5627 C:\WINDOWS\system32\mscms.dll
0x1b000000 0xc000 8.00.6001.18702 C:\WINDOWS\system32\ImgUtil.dll
0x35c50000 0x39000 8.00.6001.18702 C:\WINDOWS\system32\Dxtrans.dll
0x6d950000 0xa000 5.03.2600.5512 C:\WINDOWS\system32\ddrawex.dll
0x736d0000 0x4b000 5.03.2600.5512 C:\WINDOWS\system32\DDRAW.dll
0x73b30000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\DCIMAN32.dll
0x35cb0000 0x57000 8.00.6001.18702 C:\WINDOWS\system32\Dxtmsft.dll
0x74910000 0x114000 8.100.1048.0000 C:\WINDOWS\system32\msxml3.dll
0x067a0000 0x5b000 C:\Programmi\Secunia\PSI\psires.dll
alg.exe pid: 2080
Command line: C:\WINDOWS\System32\alg.exe
Base Size Version Path
0x01000000 0xd000 5.01.2600.5512 C:\WINDOWS\System32\alg.exe
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\System32\ATL.DLL
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\MSWSOCK.DLL
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x66750000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a10000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
wscntfy.exe pid: 2252
Command line: C:\WINDOWS\system32\wscntfy.exe
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\wscntfy.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x10000000 0x179000 6.14.0010.12095 C:\WINDOWS\system32\nview.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x00c80000 0x15000 6.14.0011.8250 C:\WINDOWS\system32\nvwddi.dll
sys38702.exe pid: 2300
Command line: "C:\Documents and Settings\user\Desktop\sys38702.exe"
Base Size Version Path
0x00400000 0x39000 C:\Documents and Settings\user\Desktop\sys38702.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x10000000 0x179000 6.14.0010.12095 C:\WINDOWS\system32\nview.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
runme.exe pid: 2372
Command line: runme.exe
Base Size Version Path
0x00400000 0x62000 3.06.0000.0002 C:\DOCUME~1\user\IMPOST~1\Temp\nsqB.tmp\runme.exe
0x73390000 0x153000 6.00.0098.0002 C:\WINDOWS\system32\MSVBVM60.DLL
0x10000000 0x179000 6.14.0010.12095 C:\WINDOWS\system32\nview.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x746b0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x752e0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x00f60000 0x15000 6.14.0011.8250 C:\WINDOWS\system32\nvwddi.dll
0x73510000 0x2a000 5.07.0000.18066 C:\WINDOWS\system32\scrrun.dll
0x01590000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x40070000 0x1e8000 8.00.6001.18828 C:\WINDOWS\system32\iertutil.dll
0x719d0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll
0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll
0x76750000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x76ae0000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x76bc0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x72960000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x73640000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x5ad00000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x71680000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x76030000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x73b40000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll
0x4cf40000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\EapolQec.dll
0x745c0000 0x16000 5.01.2600.5512 C:\WINDOWS\system32\QUtil.dll
cmd.exe pid: 3292
Command line: cmd /c uuoywfrygn.exe > tempd.txt
Base Size Version Path
0x4ad00000 0x63000 5.01.2600.5512 C:\WINDOWS\system32\cmd.exe
0x5cf90000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
uuoywfrygn.exe pid: 3448
Command line: uuoywfrygn.exe
Base Size Version Path
0x00400000 0x14000 2.25.0000.0000 C:\DOCUME~1\user\IMPOST~1\Temp\nsqB.tmp\uuoywfrygn.exe
0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
===================== NTFS ADS =====================
C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data:extended 1838 bytes
C:\Documents and Settings\user\Desktop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\user\Documenti\Immagini\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\user\Documenti\Musica\Thumbs.db:encryptable 0 bytes
C:\Programmi\Orban\AAC-aacPlus Plugin\Tuner2 - your ears will know.url:favicon 2238 bytes
===================== ENCRYPTED FILES =====================
===================== HIDDEN OBJECTS =====================
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000843
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
===================== RUSTOCK ROOTKIT DETECTION =====================
#### NOTHING FOUND ####
===================== MASTER BOOT RECORD =====================
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
===================== NETWORK SETTINGS =====================
~~~~~~~~~~~~~~~~~~~~~ Winsock Parameters ~~~~~~~~~~~~~~~~~~~~~
-----HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters\-----
[Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001]
"LibraryPath"="%SystemRoot%\System32\mswsock.dll"
[Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002]
"LibraryPath"="%SystemRoot%\System32\winrnr.dll"
[Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003]
"LibraryPath"="%SystemRoot%\System32\mswsock.dll"
[Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll
[Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll
[Parameters\Protocol_Catalog9\Catalog_Entries\000000000003]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll
[Parameters\Protocol_Catalog9\Catalog_Entries\000000000004]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\rsvpsp.dll
[Parameters\Protocol_Catalog9\Catalog_Entries\000000000005]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\rsvpsp.dll
[Parameters\Protocol_Catalog9\Catalog_Entries\000000000006]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll
[Parameters\Protocol_Catalog9\Catalog_Entries\000000000007]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll
[Parameters\Protocol_Catalog9\Catalog_Entries\000000000008]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll
[Parameters\Protocol_Catalog9\Catalog_Entries\000000000009]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll
[Parameters\Protocol_Catalog9\Catalog_Entries\000000000010]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll
[Parameters\Protocol_Catalog9\Catalog_Entries\000000000011]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll
[Parameters\Protocol_Catalog9\Catalog_Entries\000000000012]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll
[Parameters\Protocol_Catalog9\Catalog_Entries\000000000013]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll
[Parameters\Protocol_Catalog9\Catalog_Entries\000000000014]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll
[Parameters\Protocol_Catalog9\Catalog_Entries\000000000015]
### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll
~~~~~~~~~~~~~~~~~~~~~ TCP/IP network configuration ~~~~~~~~~~~~~~~~~~~~~
-----HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
\{FD6ABAD0-6242-4BBC-94C9-70F8FF1E7A77} NameServer= 192.168.1.1
~~~~~~~~~~~~~~~~~~~~~ Open ports ~~~~~~~~~~~~~~~~~~~~~
Connessioni attive
Proto Indirizzo locale Indirizzo esterno Stato PID
TCP user-cb2d92193b:epmap 0.0.0.0:0 LISTENING 932
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]
TCP user-cb2d92193b:microsoft-ds 0.0.0.0:0 LISTENING 4
[Sistema]
TCP user-cb2d92193b:1032 0.0.0.0:0 LISTENING 2080
[alg.exe]
UDP user-cb2d92193b:microsoft-ds *:* 4
[Sistema]
UDP user-cb2d92193b:4500 *:* 664
[lsass.exe]
UDP user-cb2d92193b:isakmp *:* 664
[lsass.exe]
UDP user-cb2d92193b:1900 *:* 1032
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]
UDP user-cb2d92193b:1104 *:* 1348
[psi.exe]
UDP user-cb2d92193b:ntp *:* 972
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]
~~~~~~~~~~~~~~~~~~~~~ Shared Resources ~~~~~~~~~~~~~~~~~~~~~
Nome cond. Risorsa Nota
IPC$ IPC remoto
~~~~~~~~~~~~~~~~~~~~~ TRUSTED DOMAINS ~~~~~~~~~~~~~~~~~~~~~
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
~~~~~~~~~~~~~~~~~~~~~ TRUSTED IPs ~~~~~~~~~~~~~~~~~~~~~
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
~~~~~~~~~~~~~~~~~~~~~ RAS active connections ~~~~~~~~~~~~~~~~~~~~~
Nessuna connessione
~~~~~~~~~~~~~~~~~~~~~ Rasphone.pbk content ~~~~~~~~~~~~~~~~~~~~~
-----C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Connections\Pbk\rasphone.pbk
[Alice ADSL]
Encoding=1
Type=5
AutoLogon=0
UseRasCredentials=1
DialParamsUID=96875960
Guid=214FF6313CC3EB4A8CEACA9E092355E5
BaseProtocol=1
VpnStrategy=0
ExcludedProtocols=3
LcpExtensions=1
DataEncryption=8
SwCompression=1
NegotiateMultilinkAlways=0
SkipNwcWarning=0
SkipDownLevelDialog=0
SkipDoubleDialDialog=0
DialMode=1
DialPercent=75
DialSeconds=120
HangUpPercent=10
HangUpSeconds=120
OverridePref=15
RedialAttempts=3
RedialSeconds=300
IdleDisconnectSeconds=0
RedialOnLinkFailure=1
CallbackMode=0
CustomDialDll=
CustomDialFunc=
CustomRasDialDll=
AuthenticateServer=0
ShareMsFilePrint=0
BindMsNetClient=0
SharedPhoneNumbers=0
GlobalDeviceSettings=0
PrerequisiteEntry=
PrerequisitePbk=
PreferredPort=
PreferredDevice=
PreferredBps=0
PreferredHwFlow=0
PreferredProtocol=0
PreferredCompression=0
PreferredSpeaker=0
PreferredMdmProtocol=0
PreviewUserPw=1
PreviewDomain=0
PreviewPhoneNumber=0
ShowDialingProgress=1
ShowMonitorIconInTaskBar=1
CustomAuthKey=-1
AuthRestrictions=632
TypicalAuth=1
IpPrioritizeRemote=1
IpHeaderCompression=0
IpAddress=0.0.0.0
IpDnsAddress=0.0.0.0
IpDns2Address=0.0.0.0
IpWinsAddress=0.0.0.0
IpWins2Address=0.0.0.0
IpAssign=1
IpNameAssign=1
IpFrameSize=0
IpDnsFlags=0
IpNBTFlags=1
TcpWindowSize=0
UseFlags=1
IpSecFlags=0
IpDnsSuffix=
NETCOMPONENTS=
ms_server=0
ms_msclient=0
ms_psched=1
kl_klim5=1
MEDIA=rastapi
Port=PPPoE6-0
Device=Miniport WAN (PPPOE)
DEVICE=PPPoE
PhoneNumber=
AreaCode=
CountryCode=39
CountryID=39
UseDialingRules=0
Comment=
LastSelectedPhone=0
PromoteAlternates=0
TryNextAlternateOnFail=1
===================== HOSTS FILE =====================
127.0.0.1 localhost
===================== SUSPICIOUS FILES =====================
EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\
===================== UNINSTALL LIST =====================
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall-----
[Uninstall]
[Uninstall\AddressBook]
[Uninstall\Adobe Flash Player ActiveX]
"DisplayName"="Adobe Flash Player 10 ActiveX"
"DisplayIcon"="C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe"
"UninstallString"="C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe"
[Uninstall\Branding]
[Uninstall\CCleaner]
"DisplayName"="CCleaner (remove only)"
"UninstallString"="\"C:\Programmi\CCleaner\uninst.exe\""
[Uninstall\Connection Manager]
[Uninstall\DirectAnimation]
[Uninstall\DirectDrawEx]
[Uninstall\DVD Shrink_is1]
"DisplayName"="DVD Shrink 3.2"
"UninstallString"="\"C:\Programmi\DVD Shrink\unins000.exe\""
[Uninstall\DXM_Runtime]
[Uninstall\eMule]
"DisplayName"="eMule"
"UninstallString"="\"C:\Programmi\eMule\Uninstall.exe\""
[Uninstall\ENTERPRISE]
"DisplayIcon"="C:\Programmi\File comuni\Microsoft Shared\OFFICE12\Office Setup Controller\OSETUP.DLL,1"
"DisplayName"="Microsoft Office Enterprise 2007"
"UninstallString"="\"C:\Programmi\File comuni\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe\" /uninstall ENTERPRISE /dll OSETUP.DLL"
[Uninstall\FLAC]
"DisplayName"="FLAC Installer 1.1.2a (remove only)"
"UninstallString"="C:\Programmi\FLAC\uninstall.exe"
"DisplayIcon"="C:\Programmi\FLAC\flac.ico"
[Uninstall\Fontcore]
[Uninstall\HijackThis]
"DisplayName"="HijackThis 2.0.2"
"UninstallString"="\"C:\Programmi\Trend Micro\HijackThis\HijackThis.exe\" /uninstall"
"DisplayIcon"="C:\Programmi\Trend Micro\HijackThis\HijackThis.exe"
[Uninstall\ICW]
[Uninstall\IDNMitigationAPIs]
"DisplayName"="Microsoft Internationalized Domain Names Mitigation APIs"
"UninstallString"="\"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe\""
[Uninstall\IE40]
[Uninstall\IE4Data]
[Uninstall\IE5BAKEX]
[Uninstall\ie7]
"DisplayName"="Windows Internet Explorer 7"
"UninstallString"=""
"DisplayIcon"="C:\Programmi\Internet Explorer\iexplore.exe"
[Uninstall\ie8]
"DisplayName"="Windows Internet Explorer 8"
"UninstallString"="\"C:\WINDOWS\ie8\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\Internet Explorer\iexplore.exe"
[Uninstall\IEData]
[Uninstall\InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}]
"DisplayIcon"="C:\WINDOWS\Installer\{6580C5A3-2336-4EC5-85F1-3448C5F6208A}\setup2.ico"
"DisplayName"="Kaspersky Anti-Virus 2009"
"UninstallString"="MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}"
[Uninstall\KB884016]
[Uninstall\KB888111WXPSP2]
"DisplayName"="High Definition Audio Driver Package - KB888111"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe\""
[Uninstall\KB892130]
"DisplayName"="Windows Genuine Advantage Validation Tool (KB892130)"
"UninstallString"=""
[Uninstall\KB893803]
[Uninstall\KB915800-v4]
"DisplayName"="Hotfix for Windows XP (KB915800-v4)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe\""
[Uninstall\KB923561]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB923561)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe\""
[Uninstall\KB938127-v2-IE7]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127-v2)"
"UninstallString"="\"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"
[Uninstall\KB938464-v2]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB938464-v2)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe\""
[Uninstall\KB940157]
"DisplayName"="Windows Search 4.0"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%SystemRoot%\System32\srchadmin.dll"
[Uninstall\KB946648]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB946648)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe\""
[Uninstall\KB950760]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB950760)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe\""
[Uninstall\KB950762]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB950762)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe\""
[Uninstall\KB950974]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB950974)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe\""
[Uninstall\KB951066]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB951066)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe\""
[Uninstall\KB951376-v2]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB951376-v2)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe\""
[Uninstall\KB951698]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB951698)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe\""
[Uninstall\KB951748]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB951748)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe\""
[Uninstall\KB951978]
"DisplayName"="Aggiornamento per Windows XP (KB951978)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe\""
[Uninstall\KB952004]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB952004)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe\""
[Uninstall\KB952069_WM9]
"DisplayName"="Aggiornamento della protezione per Windows Media Player (KB952069)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""
[Uninstall\KB952287]
"DisplayName"="Aggiornamento rapido per Windows XP (KB952287)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe\""
[Uninstall\KB952954]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB952954)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe\""
[Uninstall\KB954155_WM9]
"DisplayName"="Aggiornamento della protezione per Windows Media Player (KB954155)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""
[Uninstall\KB954459]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB954459)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe\""
[Uninstall\KB954550-v5]
"DisplayName"="Hotfix for Windows XP (KB954550-v5)"
"UninstallString"=""
[Uninstall\KB954600]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB954600)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe\""
[Uninstall\KB955069]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB955069)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe\""
[Uninstall\KB955839]
"DisplayName"="Aggiornamento per Windows XP (KB955839)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe\""
[Uninstall\KB956390-IE7]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 7 (KB956390)"
"UninstallString"="\"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"
[Uninstall\KB956572]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB956572)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe\""
[Uninstall\KB956744]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB956744)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe\""
[Uninstall\KB956802]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB956802)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe\""
[Uninstall\KB956803]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB956803)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe\""
[Uninstall\KB956841]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB956841)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe\""
[Uninstall\KB956844]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB956844)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe\""
[Uninstall\KB957097]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB957097)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe\""
[Uninstall\KB958644]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB958644)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe\""
[Uninstall\KB958687]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB958687)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe\""
[Uninstall\KB958690]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB958690)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe\""
[Uninstall\KB958869]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB958869)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe\""
[Uninstall\KB959426]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB959426)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe\""
[Uninstall\KB960225]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB960225)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe\""
[Uninstall\KB960715]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB960715)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe\""
[Uninstall\KB960803]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB960803)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe\""
[Uninstall\KB960859]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB960859)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe\""
[Uninstall\KB961118]
"DisplayName"="Aggiornamento rapido per Windows XP (KB961118)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe\""
[Uninstall\KB961260-IE7]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 7 (KB961260)"
"UninstallString"="\"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"
[Uninstall\KB961371]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB961371)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe\""
[Uninstall\KB961373]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB961373)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe\""
[Uninstall\KB961501]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB961501)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe\""
[Uninstall\KB963027-IE7]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 7 (KB963027)"
"UninstallString"="\"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"
[Uninstall\KB963093]
"DisplayName"="Security Update for Windows Search 4 - KB963093"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe\""
[Uninstall\KB967715]
"DisplayName"="Aggiornamento per Windows XP (KB967715)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe\""
[Uninstall\KB968389]
"DisplayName"="Aggiornamento per Windows XP (KB968389)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe\""
[Uninstall\KB968537]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB968537)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe\""
[Uninstall\KB968816_WM9]
"DisplayName"="Aggiornamento della protezione per Windows Media Player (KB968816)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""
[Uninstall\KB969059]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB969059)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe\""
[Uninstall\KB969897-IE7]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 7 (KB969897)"
"UninstallString"="\"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"
[Uninstall\KB969898]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB969898)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe\""
[Uninstall\KB970238]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB970238)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe\""
[Uninstall\KB970653-v3]
"DisplayName"="Aggiornamento rapido per Windows XP (KB970653-v3)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe\""
[Uninstall\KB971486]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB971486)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe\""
[Uninstall\KB971557]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB971557)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe\""
[Uninstall\KB971633]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB971633)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe\""
[Uninstall\KB971657]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB971657)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe\""
[Uninstall\KB971961]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB971961)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe\""
[Uninstall\KB971961-IE8]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 8 (KB971961)"
"UninstallString"="\"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"
[Uninstall\KB972260-IE7]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 7 (KB972260)"
"UninstallString"="\"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"
[Uninstall\KB973346]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB973346)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe\""
[Uninstall\KB973354]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB973354)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe\""
[Uninstall\KB973507]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB973507)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe\""
[Uninstall\KB973525]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB973525)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe\""
[Uninstall\KB973540_WM9]
"DisplayName"="Aggiornamento della protezione per Windows Media Player (KB973540)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""
[Uninstall\KB973815]
"DisplayName"="Aggiornamento per Windows XP (KB973815)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe\""
[Uninstall\KB973869]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB973869)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe\""
[Uninstall\KB974112]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB974112)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe\""
[Uninstall\KB974455-IE7]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 7 (KB974455)"
"UninstallString"="\"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"
[Uninstall\KB974455-IE8]
"DisplayName"="Aggiornamento della protezione per Windows Internet Explorer 8 (KB974455)"
"UninstallString"="\"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"
[Uninstall\KB974571]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB974571)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe\""
[Uninstall\KB975025]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB975025)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe\""
[Uninstall\KB975364-IE8]
"DisplayName"="Aggiornamento per Windows Internet Explorer 8 (KB975364)"
"UninstallString"="\"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"
[Uninstall\KB975467]
"DisplayName"="Aggiornamento della protezione per Windows XP (KB975467)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe\""
[Uninstall\KB976749-IE7]
"DisplayName"="Aggiornamento per Windows Internet Explorer 7 (KB976749)"
"UninstallString"="\"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"
[Uninstall\KB976749-IE8]
"DisplayName"="Aggiornamento per Windows Internet Explorer 8 (KB976749)"
"UninstallString"="\"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe\""
"DisplayIcon"="C:\Programmi\internet explorer\iexplore.exe"
[Uninstall\Malwarebytes' Anti-Malware_is1]
"DisplayName"="Malwarebytes' Anti-Malware"
"DisplayIcon"="C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe"
"UninstallString"="\"C:\Programmi\Malwarebytes' Anti-Malware\unins001.exe\""
[Uninstall\Microsoft .NET Framework 3.5 SP1]
"DisplayIcon"="C:\WINDOWS\system32\msiexec.exe"
"DisplayName"="Microsoft .NET Framework 3.5 SP1"
"UninstallString"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe"
[Uninstall\MobileOptionPack]
[Uninstall\Monkey's Audio_is1]
"DisplayName"="Monkey's Audio"
"DisplayIcon"="C:\Programmi\Monkey's Audio\Monkey.ico"
"UninstallString"="\"C:\Programmi\Monkey's Audio\unins000.exe\""
[Uninstall\MPlayer2]
[Uninstall\MSI30-Beta1]
[Uninstall\MSI30-Beta2]
[Uninstall\MSI30-KB884016]
[Uninstall\MSI30-RC1]
[Uninstall\MSI30-RC2]
[Uninstall\MSI30a-KB884016]
[Uninstall\MSI31-Beta]
[Uninstall\MSI31-RC1]
[Uninstall\MsJavaVM]
[Uninstall\NetMeeting]
[Uninstall\NLSDownlevelMapping]
"DisplayName"="Microsoft National Language Support Downlevel APIs"
"UninstallString"="\"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe\""
[Uninstall\NVIDIA Drivers]
"DisplayIcon"="C:\WINDOWS\system32\nvuninst.exe"
"DisplayName"="NVIDIA Drivers"
"UninstallString"="C:\WINDOWS\system32\nvuninst.exe UninstallGUI"
[Uninstall\NVIDIA Drivers\SubComponents]
[Uninstall\OutlookExpress]
[Uninstall\PCHealth]
"UninstallString"="rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf"
[Uninstall\SchedulingAgent]
[Uninstall\Secunia PSI]
"DisplayName"="Secunia PSI"
"UninstallString"="\"C:\Programmi\Secunia\PSI\uninstall.exe\""
[Uninstall\VLC media player]
"DisplayName"="VLC media player 0.9.9"
"UninstallString"="C:\Programmi\VideoLAN\VLC\uninstall.exe"
"DisplayIcon"="C:\Programmi\VideoLAN\VLC\vlc.exe"
[Uninstall\WGA]
"DisplayName"="Windows Genuine Advantage Validation Tool (KB892130)"
[Uninstall\WIC]
[Uninstall\WinRAR archiver]
"DisplayName"="WinRAR gestione archivi"
"UninstallString"="C:\Programmi\WinRAR\uninstall.exe"
"DisplayIcon"="C:\Programmi\WinRAR\WinRAR.exe"
[Uninstall\{0711500B-9912-4D60-9A49-C577B4503D42}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_12\"
"DisplayName"="Nero Recode Help"
[Uninstall\{07FF7593-9DEA-40B5-9F87-F557E65BBF60}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_12\"
"DisplayName"="Nero Recode"
[Uninstall\{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_20\"
"DisplayName"="Nero InfoTool"
[Uninstall\{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_4\"
"DisplayName"="Nero BurningROM"
[Uninstall\{12345674-DE9A-677A-CCEE-666356D89777}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_22\"
"DisplayName"="Nero BurnRights"
[Uninstall\{18D10072035C4515918F7E37EAFAACFC}]
"DisplayName"="AutoUpdate"
[Uninstall\{1B040683-C390-4711-ABC7-DA8D85E470E7}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_4\"
"DisplayName"="NeroBurningROM"
[Uninstall\{2D3455A8-3B15-41A8-99F8-0D4215746463}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_15\"
"DisplayName"="Nero StartSmart"
[Uninstall\{3097B151-1F61-4211-A4CC-D70127B226AE}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_14\"
"DisplayName"="SoundTrax"
[Uninstall\{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}]
"InstallSource"="C:\WINDOWS\system32\"
"DisplayName"="WebFldrs XP"
[Uninstall\{3F30CC51-0788-487B-AA83-7214A239C0C0}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_50\"
"DisplayName"="Nero Disc Copy Gadget Help"
[Uninstall\{4D42353B-533F-4306-AD0B-7FEF292ADE04}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_5\"
"DisplayName"="Nero CoverDesigner Help"
[Uninstall\{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_63\"
"DisplayName"="Nero ControlCenter"
[Uninstall\{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_10\"
"DisplayName"="Nero PhotoSnap"
[Uninstall\{56BE5CC9-95E6-4128-ABEA-968414CA9C80}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_69\"
"DisplayName"="DolbyFiles"
[Uninstall\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_tpi_msxml-4\"
"UninstallString"=expand:"MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"
"DisplayName"="neroxml"
[Uninstall\{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_71\"
"DisplayName"="Nero Live Help"
[Uninstall\{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_16\"
"DisplayName"="Nero Vision"
[Uninstall\{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_21\"
"DisplayName"="Nero RescueAgent Help"
[Uninstall\{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_10\"
"DisplayName"="Nero PhotoSnap Help"
[Uninstall\{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_71\"
"DisplayName"="Nero Live"
[Uninstall\{6580C5A3-2336-4EC5-85F1-3448C5F6208A}]
"UninstallString"="MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}"
"InstallSource"="G:\"
"DisplayName"="Kaspersky Anti-Virus 2009"
[Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\IXP001.TMP\"
"UninstallString"=expand:"MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}"
"DisplayName"="Microsoft Visual C++ 2005 Redistributable"
[Uninstall\{75321954-2589-11DC-DDCC-E98356D81493}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_19\"
"DisplayName"="Nero DriveSpeed"
[Uninstall\{753973C4-B961-43BF-B2D4-3C8C92F7216E}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_19\"
"DisplayName"="Nero DriveSpeed"
[Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}]
"InstallSource"="e:\304ddbdb74a80912ec\"
"UninstallString"=expand:"MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}"
"DisplayName"="Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"
[Uninstall\{78523651-D8B1-11DC-CCEE-741589645873}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_57\"
"DisplayName"="Nero DiscSpeed"
[Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}]
"DisplayName"="DivX"
"DisplayIcon"="C:\Programmi\DivX\DivX\config.exe,0"
"UninstallString"="C:\Programmi\DivX\DivXCodecUninstall.exe /CODEC"
[Uninstall\{7db8bb8e-48e9-4355-842a-6f4932b97eb2}]
"DisplayName"="Nero 9"
"UninstallString"="C:\Programmi\File comuni\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER=\"9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A\""
[Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]
"InstallSource"="e:\4b8f33f317378a0d210ef2a2\"
"UninstallString"=expand:"MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}"
"DisplayName"="MSXML 4.0 SP2 (KB954430)"
[Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
"InstallSource"="e:\33b227e63e1ba6c71725c657\"
"UninstallString"=expand:"MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"
"DisplayName"="Microsoft Silverlight"
[Uninstall\{8ADFC4160D694100B5B8A22DE9DCABD9}]
"DisplayName"="DivX Player"
"DisplayIcon"="C:\Programmi\DivX\DivX Player\DivX Player.exe,0"
"UninstallString"="C:\Programmi\DivX\DivXPlayerUninstall.exe /PLAYER"
[Uninstall\{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_13\"
"DisplayName"="Nero ShowTime"
[Uninstall\{90120000-0010-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-0010-0410-0000-0000000FF1CE}-C\"
"DisplayName"="Microsoft Software Update for Web Folders (Italian) 12"
[Uninstall\{90120000-0015-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-0015-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-0015-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Access MUI (Italian) 2007"
[Uninstall\{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}]
"DisplayName"="Microsoft Office 2007 Service Pack 2 (SP2)"
"UninstallString"="msiexec /package {90120000-0015-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}"
[Uninstall\{90120000-0016-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-0016-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-0016-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Excel MUI (Italian) 2007"
[Uninstall\{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}]
"DisplayName"="Microsoft Office 2007 Service Pack 2 (SP2)"
"UninstallString"="msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}"
[Uninstall\{90120000-0018-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-0018-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-0018-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office PowerPoint MUI (Italian) 2007"
[Uninstall\{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}]
"DisplayName"="Microsoft Office 2007 Service Pack 2 (SP2)"
"UninstallString"="msiexec /package {90120000-0018-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}"
[Uninstall\{90120000-0019-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-0019-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-0019-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Publisher MUI (Italian) 2007"
[Uninstall\{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}]
"DisplayName"="Microsoft Office 2007 Service Pack 2 (SP2)"
"UninstallString"="msiexec /package {90120000-0019-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}"
[Uninstall\{90120000-001A-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-001A-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-001A-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Outlook MUI (Italian) 2007"
[Uninstall\{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}]
"DisplayName"="Microsoft Office 2007 Service Pack 2 (SP2)"
"UninstallString"="msiexec /package {90120000-001A-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}"
[Uninstall\{90120000-001B-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-001B-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-001B-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Word MUI (Italian) 2007"
[Uninstall\{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}]
"DisplayName"="Microsoft Office 2007 Service Pack 2 (SP2)"
"UninstallString"="msiexec /package {90120000-001B-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}"
[Uninstall\{90120000-001F-0407-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-002C-0410-0000-0000000FF1CE}-C\Proof.de\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Proof (German) 2007"
[Uninstall\{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}]
"DisplayName"="Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"
"UninstallString"="msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}"
[Uninstall\{90120000-001F-0409-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-002C-0410-0000-0000000FF1CE}-C\Proof.en\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Proof (English) 2007"
[Uninstall\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}]
"DisplayName"="Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"
"UninstallString"="msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}"
[Uninstall\{90120000-001F-040C-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-002C-0410-0000-0000000FF1CE}-C\Proof.fr\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Proof (French) 2007"
[Uninstall\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}]
"DisplayName"="Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"
"UninstallString"="msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}"
[Uninstall\{90120000-001F-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-002C-0410-0000-0000000FF1CE}-C\Proof.it\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Proof (Italian) 2007"
[Uninstall\{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}]
"DisplayName"="Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"
"UninstallString"="msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}"
[Uninstall\{90120000-002C-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-002C-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-002C-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Proofing (Italian) 2007"
[Uninstall\{90120000-0030-0000-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Enterprise 2007"
[Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}]
"DisplayName"="Microsoft Office 2007 Service Pack 2 (SP2)"
"UninstallString"="msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}"
[Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}]
"DisplayName"="Security Update for Microsoft Office Outlook 2007 (KB972363)"
"UninstallString"="msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}"
[Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}]
"DisplayName"="Security Update for Microsoft Office system 2007 (972581)"
"UninstallString"="msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}"
[Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}]
"DisplayName"="Security Update for Microsoft Office system 2007 (KB969613)"
"UninstallString"="msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}"
[Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}]
"DisplayName"="Security Update for 2007 Microsoft Office System (KB969559)"
"UninstallString"="msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}"
[Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}]
"DisplayName"="Security Update for Microsoft Office Visio Viewer 2007 (KB973709)"
"UninstallString"="msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}"
[Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7559E742-FF9F-4FAE-B279-008ED296CB4D}]
"DisplayName"="Security Update for Microsoft Office PowerPoint 2007 (KB957789)"
"UninstallString"="msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}"
[Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}]
"DisplayName"="Security Update for Microsoft Office Publisher 2007 (KB969693)"
"UninstallString"="msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}"
[Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C03803BD-745A-46F8-8557-817DED578780}]
"DisplayName"="Security Update for Microsoft Office Excel 2007 (KB969682)"
"UninstallString"="msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}"
[Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C05FBAD5-A211-4E86-BB51-7E07B80C9233}]
"DisplayName"="Update for Outlook 2007 Junk Email Filter (KB974810)"
"UninstallString"="msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C05FBAD5-A211-4E86-BB51-7E07B80C9233}"
[Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}]
"DisplayName"="Update for 2007 Microsoft Office System (KB967642)"
"UninstallString"="msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}"
[Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C66E4A6C-6E07-4C63-8CCD-2493B5087C73}]
"DisplayName"="Security Update for 2007 Microsoft Office System (KB969679)"
"UninstallString"="msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}"
[Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CF3D6499-709C-43D0-8908-BC5652656050}]
"DisplayName"="Security Update for Microsoft Office Word 2007 (KB969604)"
"UninstallString"="msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}"
[Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}]
"DisplayName"="Security Update for Microsoft Office system 2007 (KB974234)"
"UninstallString"="msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}"
[Uninstall\{90120000-0044-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-0044-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-0044-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office InfoPath MUI (Italian) 2007"
[Uninstall\{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}]
"DisplayName"="Microsoft Office 2007 Service Pack 2 (SP2)"
"UninstallString"="msiexec /package {90120000-0044-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}"
[Uninstall\{90120000-006E-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-006E-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-006E-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Shared MUI (Italian) 2007"
[Uninstall\{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}]
"DisplayName"="Microsoft Office 2007 Service Pack 2 (SP2)"
"UninstallString"="msiexec /package {90120000-006E-0410-0000-0000000FF1CE} /uninstall {0A75DA12-55CB-4DE5-8B6A-74D97847204E}"
[Uninstall\{90120000-00A1-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-00A1-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-00A1-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office OneNote MUI (Italian) 2007"
[Uninstall\{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}]
"DisplayName"="Microsoft Office 2007 Service Pack 2 (SP2)"
"UninstallString"="msiexec /package {90120000-00A1-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}"
[Uninstall\{90120000-00BA-0410-0000-0000000FF1CE}]
"InstallSource"="C:\MSOCache\All Users\{90120000-00BA-0410-0000-0000000FF1CE}-C\"
"UninstallString"=expand:"MsiExec.exe /X{90120000-00BA-0410-0000-0000000FF1CE}"
"DisplayName"="Microsoft Office Groove MUI (Italian) 2007"
[Uninstall\{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}]
"DisplayName"="Microsoft Office 2007 Service Pack 2 (SP2)"
"UninstallString"="msiexec /package {90120000-00BA-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}"
[Uninstall\{943CC0C0-2253-4FE0-9493-DD386F7857FD}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_6\"
"DisplayName"="Nero Express"
[Uninstall\{948FFAAE-C57F-447B-9B07-3721E950BFDC}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_13\"
"DisplayName"="Nero ShowTime"
[Uninstall\{961D53EA-40DC-4156-AD74-25684CE05F81}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_30\"
"DisplayName"="Nero Installer"
[Uninstall\{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_63\"
"DisplayName"="Nero ControlCenter"
[Uninstall\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\Setup.exe\" -l0x9 Package"
"DisplayName"="PHOTOfunSTUDIO -viewer-"
"DisplayIcon"="C:\Programmi\Panasonic\PHOTOfunSTUDIO -viewer-\phoebe5.exe"
[Uninstall\{9D631F25-22DC-4AB2-B700-F94758B7CE9C}]
"InstallSource"="C:\Documents and Settings\user\Desktop\converter lolli\"
"UninstallString"=expand:"MsiExec.exe /I{9D631F25-22DC-4AB2-B700-F94758B7CE9C}"
"DisplayName"="CUE Splitter"
[Uninstall\{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_61\"
"DisplayName"="Advertising Center"
[Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}]
"InstallSource"="e:\9d281728e23389c562d1dc95c411\dotnetfx30\"
"UninstallString"=expand:"MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}"
"DisplayName"="Microsoft .NET Framework 3.0 Service Pack 2"
[Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483]
[Uninstall\{A73BEC3C-40A0-480E-87EF-EFCD33629088}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_6\"
"DisplayName"="NeroExpress"
[Uninstall\{A8399F58-234A-48C6-BA55-30C15738BF3C}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_5\"
"DisplayName"="Nero CoverDesigner"
[Uninstall\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_tpi_imagxpress-7.0.74.0\"
"DisplayName"="ImagXpress"
[Uninstall\{A9D65D46-3708-4F5B-9117-0199C7098D11}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{A9D65D46-3708-4F5B-9117-0199C7098D11}\Setup.exe\" -l0x10 "
"DisplayName"="WanMiniport1st"
[Uninstall\{AAA12554-2589-11DC-92EF-E98356D81493}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_20\"
"DisplayName"="Nero InfoTool"
[Uninstall\{AABBCC54-D8B1-11DC-92EF-E98356D81493}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_57\"
"DisplayName"="Nero DiscSpeed"
[Uninstall\{AC76BA86-7AD7-1040-7B44-A92000000001}]
"InstallSource"="C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Adobe\Updater6\Install\reader9rdr-it_IT\"
"UninstallString"=expand:"MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A92000000001}"
"DisplayName"="Adobe Reader 9.2 - Italiano"
[Uninstall\{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_17\"
"DisplayName"="Nero WaveEditor"
[Uninstall\{B96C2601-52F5-4D5D-816A-63469EA311EF}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_14\"
"DisplayName"="\"Nero SoundTrax Help"
[Uninstall\{BCCB055C-7F64-4B13-90F5-078DE693EE00}]
"InstallSource"="C:\WINDOWS\SoftwareDistribution\Download\290d79743eba0c1f7762f825bf61596c\img\"
"UninstallString"=expand:"MsiExec.exe /I{BCCB055C-7F64-4B13-90F5-078DE693EE00}"
"DisplayName"="OGA Notifier 1.7.0105.35.0"
[Uninstall\{BCD82AB5-670D-4242-90FA-1F97103C16CD}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_64\"
"DisplayName"="Movie Templates - Starter Kit"
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
"InstallSource"="e:\9d281728e23389c562d1dc95c411\dotnetfx20\"
"UninstallString"=expand:"MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}"
"DisplayName"="Microsoft .NET Framework 2.0 Service Pack 2"
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003]
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780]
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922]
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748]
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272]
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137]
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677]
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300]
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990]
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832]
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860]
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541]
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542]
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543]
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129]
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481]
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043]
[Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417]
[Uninstall\{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_62\"
"DisplayName"="Menu Templates - Starter Kit"
[Uninstall\{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_21\"
"DisplayName"="Nero Rescue Agent"
[Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}]
"DisplayIcon"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe,0"
"InstallSource"="C:\Programmi\File comuni\Wise Installation Wizard\"
"UninstallString"=expand:"MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"
"DisplayName"="SUPERAntiSpyware Free Edition"
[Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}]
"InstallSource"="C:\WINDOWS\TEMP\IXP07568.tmp\dotnetfx35\x86\"
"UninstallString"=expand:"MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"
"DisplayName"="Microsoft .NET Framework 3.5 SP1"
[Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003]
[Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595]
"DisplayName"="Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)"
"UninstallString"="C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=\"\""
[Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484]
"DisplayName"="Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)"
"UninstallString"="C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=\"\""
[Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043]
[Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707]
"DisplayName"="Update for Microsoft .NET Framework 3.5 SP1 (KB963707)"
"UninstallString"="C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=\"\""
[Uninstall\{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_15\"
"DisplayName"="Nero StartSmart Help"
[Uninstall\{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1]
"DisplayName"="Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0"
"UninstallString"="\"C:\Programmi\Orban\AAC-aacPlus Plugin\unins000.exe\""
[Uninstall\{DDC5AF8D-A320-4A8C-805D-9063C6352127}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{DDC5AF8D-A320-4A8C-805D-9063C6352127}\setup.exe\" -l0x10 -uninst"
"DisplayName"="Installazione Guidata Alice ADSL"
"DisplayIcon"="C:\Programmi\Telecom Italia\AdslWizzy\alice.ico"
[Uninstall\{E4A8DD87-A746-4443-BF25-CAF99CED6767}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_50\"
"DisplayName"="Nero Disc Copy Gadget"
[Uninstall\{E86156E5-9859-440D-8876-26CED1349802}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_17\"
"DisplayName"="Nero WaveEditor Help"
[Uninstall\{EA9FFE54-D8B1-11DC-92EF-E98356D81493}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_hlp_22\"
"DisplayName"="Nero BurnRights"
[Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}]
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe\" -l0x10 -removeonly"
"InstallSource"="C:\Documents and Settings\user\Desktop\ALC880\ALC880\"
"DisplayName"="Realtek High Definition Audio Driver"
"DisplayIcon"="C:\WINDOWS\RtlUpd.exe"
[Uninstall\{F333A33D-125C-32A2-8DCE-5C5D14231E27}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\mia43.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\mFileBagIDE.dll\bag\"
"UninstallString"=expand:"MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}"
"DisplayName"="Visual C++ 2008 x86 Runtime - (v9.0.30729)"
[Uninstall\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01]
"DisplayName"="Visual C++ 2008 x86 Runtime - v9.0.30729.01"
"UninstallString"="C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=\"\""
[Uninstall\{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}]
"InstallSource"="C:\DOCUME~1\user\IMPOST~1\Temp\NERO1002529\unit_app_16\"
"DisplayName"="Nero Vision"
[Uninstall\{FB08F381-6533-4108-B7DD-039E11FBC27E}]
"DisplayName"="Realtek AC'97 Audio"
"UninstallString"="RunDll32 C:\PROGRA~1\FILECO~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup \"C:\Programmi\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe\" -l0x10 -removeonly"
"InstallSource"="C:\Documents and Settings\user\Desktop\realtek\realtek\"
"DisplayIcon"="C:\WINDOWS\Alcrmv.exe"
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall-----
===================== HIJACKTHIS LOG =====================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.46.21, on 10/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmi\Secunia\PSI\psi.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\user\Desktop\sys38702.exe
C:\DOCUME~1\user\IMPOST~1\Temp\nsqB.tmp\runme.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Programmi\File comuni\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Programmi\File comuni\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.50\english\PhysX_9.09.0203_SystemSoftware.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Secunia PSI.lnk = C:\Programmi\Secunia\PSI\psi.exe
O4 - Global Startup: Windows Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240059505000O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{FD6ABAD0-6242-4BBC-94C9-70F8FF1E7A77}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6791 bytes
==========================================
Scan completed in 10,4 minutes
End of report
~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:
* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman:
www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell:
www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer:
www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log
Thanks to all of them for their hard work
