Per offrirti il miglior servizio possibile questo sito utilizza cookies. Continuando la navigazione nel sito autorizzi l'uso dei cookies.
In order to give you a better service we use cookies. When navigating or using our services, you agree to our use of them.
Orario: 18-11-2017, 08:26 AM Benvenuto ospite! (Log inRegistrati)


Rispondi 
 
Valutazione discussione:
  • 0 voti - 0 media
  • 1
  • 2
  • 3
  • 4
  • 5


Rilevare intrusione informatica
08-02-2013, 07:08 PM (Questo messaggio è stato modificato l'ultima volta il: 09-02-2013 08:04 PM da mattia.)
Messaggio: #1
Rilevare intrusione informatica
Salve a tutti! Ho un problema di intrusione informatica. Volevo risalire all'accesso, ma mi ritrovo i file di log cancellati,da una certa data in poi.
Cercando in rete, ho trovato questo programmino: SuspectFile.

L'ho scaricato, fatto una scansione e questi sono i risultati:

Codice:
SystemScan - www.suspectfile.com - ver. 3.6.7 (code: holifay & bReAkdOWn)

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\betterdayz\Documenti\Downloads\sys25786.exe
Running in: User mode
Date: 08/02/2013
Time: 13.53.40
  
Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Streams
-Encrypted Files
-Hidden objects
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications

===================== ACCOUNTS ON THIS PC =====================


Users on this computer:
Is Admin? | Username
------------------
   Yes    | Administrator
   Yes    | betterdayz
          | Guest (Disabled)
          | HelpAssistant (Disabled)
          | SUPPORT_388945a0 (Disabled)

### users folders

30/11/2012 03.17.05 (DIR)        0 byte     70 days old -- All Users
30/11/2012 03.25.00 (DIR)        0 byte     70 days old -- Default User
30/11/2012 03.27.34 (DIR)        0 byte     70 days old -- NetworkService
30/11/2012 03.37.47 (DIR)        0 byte     70 days old -- LocalService
03/02/2013 22.46.09 (DIR)        0 byte      5 days old -- betterdayz

### startup files in users folders

C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\betterdayz\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
C:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini

===================== RECENT FILES =====================
Listing files newer than 60 days

---- recent files in C:\
30/11/2012 04:04:02 -- 08/02/2013 07:31:05     (DIR) ----   0 days old -- C:\WINDOWS
30/11/2012 04:10:46 -- 08/02/2013 07:27:52     (DIR) --R-   0 days old -- C:\Programmi
05/02/2013 18:43:32 -- 05/02/2013 18:43:32     (DIR) H-R-   2 days old -- C:\MSOCache
30/11/2012 04:06:47 -- 29/01/2013 13:32:50     (DIR) HS--  10 days old -- C:\System Volume Information
07/01/2013 18:43:49 -- 07/01/2013 18:43:49     (DIR) ----  31 days old -- C:\Log
11/12/2012 06:53:42 -- 11/12/2012 06:53:58     (DIR) ----  59 days old -- C:\output
30/11/2012 04:04:02 -- 08/02/2013 04:58:372145386496 HS-A   0 days old -- C:\pagefile.sys
30/11/2012 06:10:02 -- 07/02/2013 11:11:28       268 H--A   1 days old -- C:\sqmdata03.sqm
30/11/2012 06:10:02 -- 07/02/2013 11:11:28       244 H--A   1 days old -- C:\sqmnoopt03.sqm
30/11/2012 04:05:15 -- 07/02/2013 07:00:37       244 H--A   1 days old --C:\sqmnoopt02.sqm
30/11/2012 04:05:15 -- 07/02/2013 07:00:37       268 H--A   1 days old -- C:\sqmdata02.sqm
30/11/2012 03:53:51 -- 07/02/2013 00:56:58       268 H--A   1 days old -- C:\sqmdata01.sqm
30/11/2012 03:53:51 -- 07/02/2013 00:56:58       244 H--A   1 days old -- C:\sqmnoopt01.sqm
30/11/2012 03:41:50 -- 05/02/2013 19:25:33       268 H--A   2 days old -- C:\sqmdata00.sqm
30/11/2012 03:41:50 -- 05/02/2013 19:25:33       244 H--A   2 days old -- C:\sqmnoopt00.sqm
10/12/2012 12:48:21 -- 05/02/2013 02:37:46       268 H--A   3 days old -- C:\sqmdata19.sqm
10/12/2012 12:48:21 -- 05/02/2013 02:37:46       244 H--A   3 days old -- C:\sqmnoopt19.sqm
09/12/2012 03:23:28 -- 04/02/2013 06:45:19       244 H--A   4 days old -- C:\sqmnoopt18.sqm
09/12/2012 03:23:28 -- 04/02/2013 06:45:19       268 H--A   4 days old -- C:\sqmdata18.sqm
08/12/2012 19:48:46 -- 04/02/2013 02:39:50       268 H--A   4 days old -- C:\sqmdata17.sqm
08/12/2012 19:48:46 -- 04/02/2013 02:39:50       244 H--A   4 days old -- C:\sqmnoopt17.sqm
08/12/2012 07:38:40 -- 02/02/2013 20:40:19       268 H--A   5 days old -- C:\sqmdata16.sqm
08/12/2012 07:38:40 -- 02/02/2013 20:40:19       244 H--A   5 days old -- C:\sqmnoopt16.sqm
08/12/2012 00:45:30 -- 02/02/2013 01:24:05       268 H--A   6 days old -- C:\sqmdata15.sqm
08/12/2012 00:45:30 -- 02/02/2013 01:24:04       244 H--A   6 days old -- C:\sqmnoopt15.sqm
07/12/2012 01:01:52 -- 01/02/2013 03:34:12       268 H--A   7 days old -- C:\sqmdata14.sqm
07/12/2012 01:01:52 -- 01/02/2013 03:34:11       244 H--A   7 days old -- C:\sqmnoopt14.sqm
06/12/2012 19:21:29 -- 31/01/2013 21:55:20       268 H--A   7 days old -- C:\sqmdata13.sqm
06/12/2012 19:21:29 -- 31/01/2013 21:55:20       244 H--A   7 days old -- C:\sqmnoopt13.sqm
06/12/2012 15:17:32 -- 31/01/2013 18:21:24       244 H--A   7 days old -- C:\sqmnoopt12.sqm
06/12/2012 15:17:32 -- 31/01/2013 18:21:24       268 H--A   7 days old -- C:\sqmdata12.sqm
05/12/2012 07:17:29 -- 31/01/2013 05:13:47       244 H--A   8 days old -- C:\sqmnoopt11.sqm
05/12/2012 07:17:29 -- 31/01/2013 05:13:47       268 H--A   8 days old -- C:\sqmdata11.sqm
05/12/2012 02:33:56 -- 31/01/2013 01:39:10       244 H--A   8 days old -- C:\sqmnoopt10.sqm
05/12/2012 02:33:56 -- 31/01/2013 01:39:10       268 H--A   8 days old -- C:\sqmdata10.sqm
04/12/2012 19:46:35 -- 30/01/2013 01:43:57       244 H--A   9 days old -- C:\sqmnoopt09.sqm
04/12/2012 19:46:35 -- 30/01/2013 01:43:57       268 H--A   9 days old -- C:\sqmdata09.sqm
04/12/2012 08:40:01 -- 29/01/2013 14:55:50       244 H--A   9 days old -- C:\sqmnoopt08.sqm
04/12/2012 08:40:01 -- 29/01/2013 14:55:50       268 H--A   9 days old -- C:\sqmdata08.sqm
03/12/2012 09:42:54 -- 28/01/2013 05:52:10       268 H--A  11 days old -- C:\sqmdata07.sqm
03/12/2012 09:42:54 -- 28/01/2013 05:52:10       244 H--A  11 days old -- C:\sqmnoopt07.sqm
03/12/2012 09:36:42 -- 27/01/2013 04:58:57       268 H--A  12 days old -- C:\sqmdata06.sqm
03/12/2012 09:36:42 -- 27/01/2013 04:58:57       244 H--A  12 days old -- C:\sqmnoopt06.sqm
02/12/2012 04:11:46 -- 26/01/2013 20:24:32       268 H--A  12 days old -- C:\sqmdata05.sqm
02/12/2012 04:11:46 -- 26/01/2013 20:24:31       244 H--A  12 days old -- C:\sqmnoopt05.sqm
01/12/2012 07:27:10 -- 26/01/2013 17:05:45       268 H--A  12 days old -- C:\sqmdata04.sqm
01/12/2012 07:27:10 -- 26/01/2013 17:05:45       244 H--A  12 days old -- C:\sqmnoopt04.sqm
17/12/2012 22:54:28 -- 17/12/2012 22:54:28     12290 ---A  52 days old -- C:\drwtsn32.log

---- recent files in C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\
08/02/2013 13:53:04 -- 08/02/2013 13:53:40     (DIR) ----   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\nss991.tmp
08/02/2013 13:47:27 -- 08/02/2013 13:52:59     (DIR) ----   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\nss971.tmp
08/02/2013 11:05:12 -- 08/02/2013 11:05:12     (DIR) ----   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\CRX_75DAF8CB7768
08/02/2013 07:28:13 -- 08/02/2013 09:19:57     (DIR) ----   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\hsperfdata_betterdayz
07/02/2013 22:26:21 -- 07/02/2013 22:26:21     (DIR) ----   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\MozUpdater
05/02/2013 19:42:37 -- 05/02/2013 19:43:03     (DIR) ----   2 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\lilo.192
08/02/2013 13:53:05 -- 08/02/2013 13:53:05     16384 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\~DFBA29.tmp
08/02/2013 13:47:27 -- 08/02/2013 13:53:04        69 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\systemscan.ini
08/02/2013 13:47:28 -- 08/02/2013 13:47:28     16384 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\~DF155A.tmp
08/02/2013 13:03:20 -- 08/02/2013 13:03:20    262144 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\ILIST-00000000.tmp
08/02/2013 13:03:20 -- 08/02/2013 13:03:20    262144 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\ILIST-6E36D60E.tmp
08/02/2013 13:03:20 -- 08/02/2013 13:03:20    262144 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\ICACHE-55F8C5A0.tmp
08/02/2013 13:03:20 -- 08/02/2013 13:03:20    262144 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\ILIST-28CAE025.tmp
08/02/2013 13:03:20 -- 08/02/2013 13:03:20    262144 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\ICACHE-04044202.tmp
08/02/2013 13:03:20 -- 08/02/2013 13:03:20    262144 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\ILIST-22EF1586.tmp
08/02/2013 13:03:20 -- 08/02/2013 13:03:20    262144 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\ICACHE-14B5B6BB.tmp
08/02/2013 13:03:20 -- 08/02/2013 13:03:20    262144 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\ICACHE-19EE2C4D.tmp
08/02/2013 07:31:04 -- 08/02/2013 07:31:04        13 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\jawshtml.html
08/02/2013 07:23:34 -- 08/02/2013 07:28:25      1978 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\jusched.log
08/02/2013 07:28:24 -- 08/02/2013 07:28:24       222 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\AUCHECK_PARSER.txt
08/02/2013 07:28:24 -- 08/02/2013 07:28:24       294 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\JAUReg.log
08/02/2013 07:28:18 -- 08/02/2013 07:28:18         0 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\RD21D.tmp
08/02/2013 07:27:59 -- 08/02/2013 07:28:18      2653 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\java_install_reg.log
08/02/2013 07:27:59 -- 08/02/2013 07:28:12     29158 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\java_install.log
08/02/2013 07:24:25 -- 08/02/2013 07:27:45      4338 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\java_install_sp.log
08/02/2013 07:24:21 -- 08/02/2013 07:24:21     40960 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\88dc51.mst
08/02/2013 07:23:34 -- 08/02/2013 07:23:34      1154 ---A   0 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\jinstall.cfg
05/02/2013 18:40:32 -- 05/02/2013 21:35:53     92004 ---A   2 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\amt3.log
05/02/2013 18:41:10 -- 05/02/2013 19:41:44      6962 ---A   2 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\swtag.log
05/02/2013 18:42:58 -- 05/02/2013 18:46:03     52827 ---A   2 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\SetupExe(201302051842581BC).log
04/02/2013 02:00:00 -- 05/02/2013 02:37:34      4462 ---A   3 days old -- C:\DOCUME~1\BETTER~1\IMPOST~1\Temp\PDApp.log

---- recent files in C:\WINDOWS\
30/11/2012 03:37:49 -- 08/02/2013 13:53:15     (DIR) ----   0 days old -- C:\WINDOWS\Prefetch
30/11/2012 04:04:02 -- 08/02/2013 12:59:53     (DIR) ----   0 days old -- C:\WINDOWS\Temp
08/02/2013 07:31:05 -- 08/02/2013 07:31:05     (DIR) ----   0 days old -- C:\WINDOWS\Sun
30/11/2012 04:10:50 -- 08/02/2013 07:28:24     (DIR) HS--   0 days old -- C:\WINDOWS\Installer
30/11/2012 04:04:02 -- 08/02/2013 07:28:19     (DIR) ----   0 days old -- C:\WINDOWS\system32
30/11/2012 03:49:44 -- 05/02/2013 18:45:26     (DIR) -SR-   2 days old -- C:\WINDOWS\assembly
30/11/2012 04:04:02 -- 05/02/2013 18:45:09     (DIR) ----   2 days old -- C:\WINDOWS\WinSxS
30/11/2012 04:04:02 -- 05/02/2013 18:44:50     (DIR) -SR-   2 days old -- C:\WINDOWS\Fonts
30/11/2012 03:15:53 -- 31/01/2013 22:09:42     (DIR) -S--   7 days old -- C:\WINDOWS\Tasks
30/11/2012 04:04:02 -- 31/01/2013 22:00:04     (DIR) H---   7 days old -- C:\WINDOWS\inf
30/11/2012 04:04:02 -- 23/01/2013 19:51:16     (DIR) ----  15 days old -- C:\WINDOWS\Debug
30/11/2012 03:37:50 -- 23/01/2013 12:28:10     (DIR) ----  16 days old -- C:\WINDOWS\SoftwareDistribution
30/11/2012 04:04:47 -- 19/01/2013 10:00:30     (DIR) ----  20 days old -- C:\WINDOWS\Motive
30/11/2012 04:04:02 -- 03/01/2013 18:27:38     (DIR) ----  35 days old -- C:\WINDOWS\repair
30/11/2012 03:14:43 -- 03/01/2013 18:27:36     (DIR) ----  35 days old -- C:\WINDOWS\Registration
30/11/2012 04:04:02 -- 02/01/2013 19:05:11     (DIR) ----  36 days old -- C:\WINDOWS\security
30/11/2012 03:16:52 -- 08/02/2013 13:45:21    456902 ---A   0 days old -- C:\WINDOWS\WindowsUpdate.log
26/01/2013 10:29:54 -- 08/02/2013 04:59:21     47183 ---A   0 days old -- C:\WINDOWS\setupapi.log
30/11/2012 04:12:58 -- 08/02/2013 04:58:42       159 ---A   0 days old -- C:\WINDOWS\wiadebug.log
30/11/2012 04:12:58 -- 08/02/2013 04:58:41        50 ---A   0 days old -- C:\WINDOWS\wiaservc.log
24/01/2013 08:09:33 -- 08/02/2013 04:58:40         0 ---A   0 days old -- C:\WINDOWS\0.log
30/11/2012 03:26:55 -- 08/02/2013 04:58:39      2048 -S-A   0 days old -- C:\WINDOWS\bootstat.dat
30/11/2012 03:37:48 -- 08/02/2013 01:48:22     32526 ---A   0 days old -- C:\WINDOWS\SchedLgU.Txt
31/01/2013 21:56:52 -- 31/01/2013 21:56:52         0 ---A   7 days old -- C:\WINDOWS\setuperr.log
31/01/2013 21:56:52 -- 31/01/2013 21:56:52        60 ---A   7 days old -- C:\WINDOWS\setupact.log
24/01/2013 11:20:27 -- 24/01/2013 13:15:29      1619 ---A  15 days old -- C:\WINDOWS\wmsetup.log
11/01/2013 23:07:58 -- 11/01/2013 23:08:09      1908 ---A  27 days old -- C:\WINDOWS\diagerr.xml
11/01/2013 23:07:58 -- 11/01/2013 23:08:09      2561 ---A  27 days old -- C:\WINDOWS\diagwrn.xml

---- recent files in C:\WINDOWS\system\

---- recent files in C:\WINDOWS\system32\
30/11/2012 04:10:07 -- 08/02/2013 04:59:21     (DIR) ----   0 days old -- C:\WINDOWS\system32\CatRoot2
30/11/2012 04:04:02 -- 05/02/2013 18:45:21     (DIR) ----   2 days old -- C:\WINDOWS\system32\config
30/11/2012 04:04:02 -- 31/01/2013 22:00:04     (DIR) ----   7 days old -- C:\WINDOWS\system32\drivers
26/01/2013 13:19:52 -- 26/01/2013 13:19:52     (DIR) ----  13 days old -- C:\WINDOWS\system32\appmgmt
01/01/2013 15:38:16 -- 19/01/2013 10:01:50     (DIR) ----  20 days old -- C:\WINDOWS\system32\NtmsData
30/11/2012 04:04:02 -- 29/12/2012 22:59:16     (DIR) HSR-  40 days old -- C:\WINDOWS\system32\dllcache
08/02/2013 07:28:19 -- 08/02/2013 07:28:01    262560 ---A   0 days old -- C:\WINDOWS\system32\javaws.exe
08/02/2013 07:28:19 -- 08/02/2013 07:28:01    143872 ---A   0 days old -- C:\WINDOWS\system32\javacpl.cpl
08/02/2013 07:28:19 -- 08/02/2013 07:28:00    782240 ---A   0 days old -- C:\WINDOWS\system32\deployJava1.dll
08/02/2013 07:28:19 -- 08/02/2013 07:28:00    861088 ---A   0 days old -- C:\WINDOWS\system32\npDeployJava1.dll
08/02/2013 07:28:12 -- 08/02/2013 07:28:01    174496 ---A   0 days old -- C:\WINDOWS\system32\java.exe
08/02/2013 07:28:12 -- 08/02/2013 07:28:05     94112 ---A   0 days old -- C:\WINDOWS\system32\WindowsAccessBridge.dll
08/02/2013 07:28:12 -- 08/02/2013 07:28:01    174496 ---A   0 days old -- C:\WINDOWS\system32\javaw.exe
30/11/2012 04:09:23 -- 05/02/2013 19:40:26   3454808 ---A   2 days old -- C:\WINDOWS\system32\FNTCACHE.DAT
29/01/2013 13:30:56 -- 29/01/2013 13:30:56       562 ---A  10 days old -- C:\WINDOWS\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
19/01/2013 09:59:14 -- 19/01/2013 09:59:14   1060864 ---A  20 days old -- C:\WINDOWS\system32\mfc71.dll
19/01/2013 09:59:14 -- 19/01/2013 09:59:14    348160 ---A  20 days old -- C:\WINDOWS\system32\msvcr71.dll
19/01/2013 09:59:13 -- 19/01/2013 09:59:13   1700352 ---A  20 days old -- C:\WINDOWS\system32\gdiplus.dll
31/08/2001 13:00:00 -- 18/01/2013 21:39:41      2206 ---A  20 days old -- C:\WINDOWS\system32\wpa.dbl
29/12/2012 22:59:11 -- 19/08/2004 15:39:24    159232 ---A  40 days old -- C:\WINDOWS\system32\ptpusd.dll
29/12/2012 22:59:11 -- 30/08/2001 23:07:58      5632 ---A  40 days old -- C:\WINDOWS\system32\ptpusb.dll

---- recent files in C:\WINDOWS\system32\drivers\
26/01/2013 12:06:13 -- 13/11/2009 12:08:30     20024 ---A  13 days old -- C:\WINDOWS\system32\drivers\rspmmfs.sys
29/12/2012 22:59:10 -- 03/08/2004 22:58:46     15104 ---A  40 days old -- C:\WINDOWS\system32\drivers\usbscan.sys

---- recent files in C:\WINDOWS\temp\
08/02/2013 07:28:19 -- 08/02/2013 07:28:19     16384 ---A   0 days old -- C:\WINDOWS\temp\Perflib_Perfdata_b14.dat

---- recent files in C:\Programmi\
03/12/2012 22:58:36 -- 08/02/2013 13:03:20     (DIR) ----   0 days old -- C:\Programmi\ScreenshotCaptor
30/11/2012 04:10:46 -- 08/02/2013 07:28:24     (DIR) ----   0 days old -- C:\Programmi\File comuni
08/02/2013 07:27:52 -- 08/02/2013 07:27:52     (DIR) ----   0 days old -- C:\Programmi\Java
01/02/2013 16:52:06 -- 08/02/2013 04:58:37     (DIR) ----   0 days old -- C:\Programmi\Mozilla Maintenance Service
06/02/2013 16:34:52 -- 07/02/2013 22:26:29     (DIR) ----   0 days old -- C:\Programmi\Mozilla Firefox
05/02/2013 18:45:13 -- 05/02/2013 18:45:14     (DIR) ----   2 days old -- C:\Programmi\Microsoft Works
05/02/2013 18:43:48 -- 05/02/2013 18:45:03     (DIR) ----   2 days old -- C:\Programmi\Microsoft Office
05/02/2013 18:44:45 -- 05/02/2013 18:44:45     (DIR) ----   2 days old -- C:\Programmi\Microsoft.NET
31/01/2013 22:09:38 -- 31/01/2013 22:10:31     (DIR) ----   7 days old -- C:\Programmi\Google
31/01/2013 21:59:31 -- 31/01/2013 21:59:31     (DIR) ----   7 days old -- C:\Programmi\ESET
26/01/2013 12:06:13 -- 26/01/2013 12:06:13     (DIR) ----  13 days old -- C:\Programmi\MultiMon
23/01/2013 19:49:58 -- 23/01/2013 19:49:59     (DIR) ----  15 days old -- C:\Programmi\CCleaner
07/01/2013 18:43:40 -- 22/01/2013 21:24:28     (DIR) ----  16 days old -- C:\Programmi\Stellar Phoenix Windows Data Recovery
12/01/2013 04:24:02 -- 20/01/2013 09:18:47     (DIR) ----  19 days old -- C:\Programmi\SoftLogica
19/01/2013 10:35:27 -- 19/01/2013 10:35:27     (DIR) ----  20 days old -- C:\Programmi\WinPcap
30/11/2012 04:04:05 -- 19/01/2013 10:01:01     (DIR) ----  20 days old -- C:\Programmi\Alice ti aiuta
16/12/2012 15:37:22 -- 17/01/2013 14:59:47     (DIR) ----  21 days old -- C:\Programmi\Adobe
16/12/2012 15:38:45 -- 16/12/2012 15:38:45     (DIR) ----  53 days old -- C:\Programmi\Adobe Media Player
11/12/2012 06:45:13 -- 16/12/2012 15:37:55     (DIR) ----  53 days old -- C:\Programmi\Morz Image Converter

---- recent files in C:\Programmi\File comuni\
08/02/2013 07:28:24 -- 08/02/2013 07:28:24     (DIR) ----   0 days old -- C:\Programmi\File comuni\Java
30/11/2012 04:10:46 -- 05/02/2013 18:45:13     (DIR) ----   2 days old -- C:\Programmi\File comuni\Microsoft Shared
05/02/2013 18:45:00 -- 05/02/2013 18:45:00     (DIR) ----   2 days old -- C:\Programmi\File comuni\DESIGNER
16/12/2012 15:35:23 -- 17/01/2013 14:59:20     (DIR) ----  21 days old -- C:\Programmi\File comuni\Adobe
17/01/2013 14:56:43 -- 17/01/2013 14:56:43     (DIR) ----  21 days old -- C:\Programmi\File comuni\Adobe AIR

---- recent files in C:\Documents and Settings\betterdayz\Dati applicazioni\
08/02/2013 07:23:34 -- 08/02/2013 07:23:34     (DIR) ----   0 days old -- C:\Documents and Settings\betterdayz\Dati applicazioni\Sun
30/11/2012 03:38:32 -- 05/02/2013 18:47:04     (DIR) -S--   2 days old -- C:\Documents and Settings\betterdayz\Dati applicazioni\Microsoft
30/11/2012 04:06:57 -- 05/02/2013 18:41:16     (DIR) ----   2 days old -- C:\Documents and Settings\betterdayz\Dati applicazioni\Adobe
01/02/2013 16:52:34 -- 01/02/2013 16:52:37     (DIR) ----   6 days old -- C:\Documents and Settings\betterdayz\Dati applicazioni\Mozilla
06/12/2012 07:27:20 -- 20/01/2013 09:20:43     (DIR) ----  19 days old -- C:\Documents and Settings\betterdayz\Dati applicazioni\PDF Reader
12/01/2013 04:22:03 -- 12/01/2013 04:24:02     (DIR) ----  27 days old -- C:\Documents and Settings\betterdayz\Dati applicazioni\GetRightToGo

---- recent files in C:\Documents and Settings\betterdayz\Impostazioni locali\Dati applicazioni\
08/02/2013 07:31:05 -- 08/02/2013 07:31:05     (DIR) ----   0 days old -- C:\Documents and Settings\betterdayz\Impostazioni locali\Dati applicazioni\Sun
30/11/2012 03:38:32 -- 06/02/2013 20:57:52     (DIR) ----   1 days old -- C:\Documents and Settings\betterdayz\Impostazioni locali\Dati applicazioni\Microsoft
05/02/2013 18:43:52 -- 05/02/2013 18:43:52     (DIR) ----   2 days old -- C:\Documents and Settings\betterdayz\Impostazioni locali\Dati applicazioni\Microsoft Help
30/11/2012 04:07:15 -- 31/01/2013 22:10:51     (DIR) ----   7 days old -- C:\Documents and Settings\betterdayz\Impostazioni locali\Dati applicazioni\Google
30/11/2012 04:07:03 -- 31/01/2013 22:09:35     (DIR) ----   7 days old -- C:\Documents and Settings\betterdayz\Impostazioni locali\Dati applicazioni\Deployment
31/01/2013 15:45:14 -- 31/01/2013 15:45:14     (DIR) ----   7 days old -- C:\Documents and Settings\betterdayz\Impostazioni locali\Dati applicazioni\ESET
21/01/2013 01:26:51 -- 21/01/2013 01:26:51     (DIR) ----  18 days old -- C:\Documents and Settings\betterdayz\Impostazioni locali\Dati applicazioni\Identities
20/01/2013 02:37:41 -- 20/01/2013 02:37:41     (DIR) ----  19 days old -- C:\Documents and Settings\betterdayz\Impostazioni locali\Dati applicazioni\Symantec
16/12/2012 15:35:07 -- 17/01/2013 15:20:07     (DIR) ----  21 days old -- C:\Documents and Settings\betterdayz\Impostazioni locali\Dati applicazioni\Adobe
19/01/2013 20:36:21 -- 07/02/2013 11:11:27   5882700 H--A   1 days old -- C:\Documents and Settings\betterdayz\Impostazioni locali\Dati applicazioni\IconCache.db
30/11/2012 03:54:42 -- 05/02/2013 18:47:27     23176 ---A   2 days old -- C:\Documents and Settings\betterdayz\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
11/01/2013 23:03:47 -- 23/01/2013 17:52:24      8192 ---A  15 days old -- C:\Documents and Settings\betterdayz\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
19/01/2013 11:29:06 -- 19/01/2013 11:29:06       218 ---A  20 days old -- C:\Documents and Settings\betterdayz\Impostazioni locali\Dati applicazioni\recently-used.xbel

===================== DUPLICATE FILES IN BAK FOLDERS =====================

No BAK folders found

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
  "StartCCC"="\"C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe\" MSRun"
  "AliceRE_McciTrayApp"="C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.E​XE"
  "RTHDCPL"="RTHDCPL.EXE"
  "Alcmtr"="ALCMTR.EXE"
  "AdobeAAMUpdater-1.0"="\"C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe\""
  "SwitchBoard"="C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe"
  "AdobeCS5ServiceManager"="\"C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe\" -launchedbylogin"
  "egui"="\"C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe\" /hide /waitservice"
  "SunJavaUpdateSched"="\"C:\Programmi\File comuni\Java\Java Update\jusched.exe\""

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
  "MsnMsgr"="\"C:\Programmi\MSN Messenger\MsnMsgr.Exe\" /background"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
  "AppInit_DLLs"="   "

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectD​elayLoad-----

[ShellServiceObjectDelayLoad]
  "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    #### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
  "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    #### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
  "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    #### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
  "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    #### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
  "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    #### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
  "Shell"="Explorer.exe"
  "System"=""
  "Userinit"="C:\WINDOWS\system32\userinit.exe,"
  "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
  "UIHost"=expand:"logonui.exe"
  "LogonType"=dword:00000001
  "WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
  "@="Senza fili"
  "DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
  "@="Folder Redirection"
  "DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
  "@="Quota disco Microsoft"
  "DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
  "@="Utilità di pianificazione pacchetti QoS"
  "DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
  "@="Script"
  "DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
  "@="Internet Explorer Zonemapping"
  "DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
  "DllName"=expand:"scecli.dll"
  "@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
  "DllName"="iedkcs32.dll"
  "@="Internet Explorer Branding"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
  "DllName"=expand:"scecli.dll"
  "@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
  "@="Microsoft Offline Files"
  "DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
  "@="Installazione software"
  "DllName"=expand:"appmgmts.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
  "@="Protezione IP"
  "DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\AtiExtEvent]
  "DLLName"="Ati2evxx.dll"

[Winlogon\Notify\crypt32chain]
  "DllName"=expand:"crypt32.dll"

[Winlogon\Notify\cryptnet]
  "DllName"=expand:"cryptnet.dll"

[Winlogon\Notify\cscdll]
  "DLLName"="cscdll.dll"

[Winlogon\Notify\ScCertProp]
  "DLLName"="wlnotify.dll"

[Winlogon\Notify\Schedule]
  "DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\sclgntfy]
  "DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
  "DLLName"="WlNotify.dll"

[Winlogon\Notify\termsrv]
  "DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\WgaLogon]
  "DllName"=expand:"WgaLogon.dll"

[Winlogon\Notify\wlballoon]
  "DLLName"="wlnotify.dll"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
  "HelpAssistant"=dword:00000000
  "TsInternetUser"=dword:00000000
  "SQLAgentCmdExec"=dword:00000000
  "NetShowServices"=dword:00000000
  "IWAM_"=dword:00010000
  "IUSR_"=dword:00010000
  "VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
  "ParseAutoexec"="1"
  "ExcludeProfileDirs"="Impostazioni locali;Temporary Internet Files;Cronologia;Temp"
  "BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
  "Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
  "BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
  "Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
  "cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
  "wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersi​on\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersi​on\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersi​on\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTask​Scheduler-----

[SharedTaskScheduler]
  "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
    #### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
  "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"
    #### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    #### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Programmi\Java\jre7\bin\ssv.dll"
  "NoExplorer"=dword:00000001

[Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    #### HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InprocServer32 @="C:\Programmi\Java\jre7\bin\jp2ssv.dll"
  "NoExplorer"=dword:00000001

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
  "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
    #### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

-----HKCU\Control Panel\Desktop\-----

[Desktop]

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
  @="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
  @="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
  @="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
  @="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
  @="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
  @="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
  @="http://"

[URL\Prefixes]
  "ftp"="ftp://"
  "gopher"="gopher://"
  "home"="http://"
  "mosaic"="http://"
  "www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
  "ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
  "SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]
  "Name"="Digest"
  "Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]
  "Name"="DPA"
  "Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]
  "Name"="MSN"
  "Comment"="MSN Security Package"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
  "DependOnGroup"=multi:"\00"
  "DependOnService"=multi:"Netman\00WinMgmt\00\00"
  "Description"="Fornisce servizi di conversione indirizzi di rete, indirizzamento e risoluzione nomi e/o servizi di prevenzione intrusione per una rete domestica o una piccola rete aziendale."
  "DisplayName"="Windows Firewall / Condivisione connessione Internet (ICS)"
  "ErrorControl"=dword:00000001
  "ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
  "ObjectName"="LocalSystem"
  "Start"=dword:00000002
  "Type"=dword:00000020

[SharedAccess\Epoch]
  "Epoch"=dword:0000085f

[SharedAccess\Parameters]
  "ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List​]
  "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
  "C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
  "C:\Programmi\MSN Messenger\msncall.exe"="C:\Programmi\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
  "EnableFirewall"=dword:00000001
  "DoNotAllowExceptions"=dword:00000001
  "DisableNotifications"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\Li​st]
  "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disaxxxxx@xxxxxres.dll,-22019"
  "C:\Programmi\MSN Messenger\msnmsgr.exe"="C:\Programmi\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.0"
  "C:\Programmi\MSN Messenger\msncall.exe"="C:\Programmi\MSN Messenger\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)"
  "C:\Programmi\File comuni\Comodo\GeekBuddyRSP.exe"="C:\Programmi\File comuni\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP"

[SharedAccess\Setup]
  "ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
  "All"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
  "DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
  "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
  "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
  "EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
  "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
  "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
  "{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
  "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
  "FirstRunDisabled"=dword:00000001
  "UpdatesDisableNotify"=dword:00000000
  "AntiVirusDisableNotify"=dword:00000000
  "FirewallDisableNotify"=dword:00000000
  "AntiVirusOverride"=dword:00000000
  "FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
  "DisableSR"=dword:00000000
  "CreateFirstRunRp"=dword:00000001
  "DSMin"=dword:000000c8
  "DSMax"=dword:00000190
  "RPSessionInterval"=dword:00000000
  "RPGlobalInterval"=dword:00015180
  "RPLifeInterval"=dword:0076a700
  "CompressionBurst"=dword:0000003c
  "TimerInterval"=dword:00000078
  "DiskPercent"=dword:0000000c
  "ThawInterval"=dword:00000384
  "RestoreDiskSpaceError"=dword:00000000

[SystemRestore\Cfg]
  "DiskPercent"=dword:0000000c
  "MachineGuid"="{9489C349-EF18-430E-8D8B-78CBB3463570}"

[SystemRestore\SnapshotCallbacks]
  @=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints​2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
  "@="IE7 Uninstall Stub"
  "ComponentID"="IEUDINIT"
  "StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
  "Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
  "@="Microsoft Windows Media Player"
  "ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
  "@="Internet Explorer"
  "ComponentID"="IEACCESS"
  "StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
  "@="Browser Customizations"
  "ComponentiD"="BRANDING.CAB"
  "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
  "@="Personalizzazione del browser"
  "ComponentID"="BRANDING.CAB"
  "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
  "@="Outlook Express"
  "ComponentID"="OEACCESS"
  "StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
  "@="Microsoft VM"
  "ComponentID"="JAVAVM"
  "KeyFileName"="C:\WINDOWS\system32\msjava.dll"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
  "@="Rendering grafica vettoriale (VML)"
  "ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
    #### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
  "ComponentID"="NetShow"
  "StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
  "ComponentID"="Microsoft Windows Media Player"
  "StubPath"=""
  "@="Microsoft Windows Media Player 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
  "@="DirectAnimation"
  "ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
  "@="Themes Setup"
  "ComponentID"="Theme Component"
  "StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
  "@="Binding dati Dynamic HTML per Java"
  "ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
  "@="Offline Browsing Pack"
  "ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
  "@="Uniscribe"
  "ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
  "@="Creazione avanzata"
  "ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
  "@="Microsoft Outlook Express 6"
  "ComponentID"="MailNews"
  "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
  "@="NetMeeting 3.01"
  "ComponentID"="NetMeeting"
  "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
  "@="DirectShow"
  "ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
  "@="DirectDrawEx"
  "ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
  "@="Internet Explorer Help"
  "ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
  "@="Classi Java DirectAnimation"
  "ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
  "@="Microsoft Windows Script 5.6"
  "ComponentID"="MSVBScript"

[Installed Components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
  "@="Aggiornamento della protezione per Windows XP (KB923789)"
  "ComponentID"="KB923789"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
  "(Default)"="Internet Connection Wizard"
  "ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
  "@="Internet Explorer Setup Tools"
  "ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
  "@="Browsing Enhancements"
  "ComponentID"="ExtraPack"
  "KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    #### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
  "@="Microsoft Windows Media Player"
  "ComponentID"="Microsoft Windows Media Player"
  "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
  "@="MSN Site Access"
  "ComponentID"="MSN_Auth"

[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
  "ComponentID"=".NETFramework"
  "@=".NET Framework"

[Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
  "@="Web Folders"
  "ComponentID"="WebFolders"

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
  "@="Rubrica 6"
  "ComponentID"="WAB"
  "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
  "@="Windows Desktop Update"
  "ComponentID"="IE4Shell_NT"
  "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
  "@="Internet Explorer"
  "ComponentID"="BASEIE40_W2K"
  "StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
  "StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"
  "ComponentID"="DOTNETFRAMEWORKS"

[Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
  "@="Google Chrome"
  "StubPath"="\"C:\Programmi\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --multi-install --chrome"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
  "@="Dynamic HTML Data Binding"
  "ComponentID"="Tridata"

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
  "@="Internet Explorer Core Fonts"
  "ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
  "@="Utilità di pianificazione"
  "ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
  "ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  "@="Adobe Flash Player"
  "ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
  "@="HTML Help"
  "ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
  "@="Active Directory Service Interface"
  "ComponentID"="ADSI"

-----Comparing registry keys CCS1 vs CCS2 -----
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\BHDrvx86
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\ccHP
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\ClipSrv Start REG_DWORD 4 (0x4)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\ClipSrv Start REG_DWORD 2 (0x2)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {65B640D7-C698-4F45-B5C5-F4BB59B01C70} REG_BINARY FC000000000000000000000000000000C39FE5500600000000000000040000000000000079F1E550​C0A801010300000000000000040000000000000079F1E550C0A801010F0000000000000018000000​0000000079F1E550686F6D656E65742E74656C65636F6D6974616C69612E69740100000000000000​040000000000000079F1E550FFFFFF003300000000000000040000000000000079F1E55000005460​3600000000000000040000000000000079F1E550C0A8010135000000000000000100000000000000​79F1E55005000000
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {65B640D7-C698-4F45-B5C5-F4BB59B01C70} REG_BINARY FC00000000000000000000000000000025F2145106000000000000000400000000000000DE201551​C0A8010103000000000000000400000000000000DE201551C0A801010F0000000000000018000000​00000000DE201551686F6D656E65742E74656C65636F6D6974616C69612E69740100000000000000​0400000000000000DE201551FFFFFF0033000000000000000400000000000000DE20155100005460​36000000000000000400000000000000DE201551C0A8010135000000000000000100000000000000​DE20155105000000
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\eeCtrl
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\EraserUtilRebootDrv
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application Sources REG_MULTI_SZ WSH\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Product Activation\0Windows 3.1 Migration\0WebClient\0VSS\0VBRuntime\0usnsvc\0Userinit\0Userenv\0Tlntsvr\0Sysmon​Log\0Starter\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0Remote​ Assistance\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Off​line Files\0Oakley\0ntbackup\0Norton Internet Security\0MSSQLSERVER/MSDE\0MsiInstaller\0MSDTC Client\0MSDTC\0mnmsrvc\0Microsoft H.323 Telephony Service Provider\0Microsoft (R) Visual C# 2005 Compiler\0LoadPerf\0Java VM\0HelpSvc\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0DrWatson\0DiskQuota\0crypt32\0COM+\0COM\0Ci\0Chk​dsk\0AutoEnrollment\0Autochk\0ASP.NET 2.0.50727.0\0Application Management\0Application Hang\0Application Error\0.NET Runtime Optimization Service\0.NET Runtime 2.0 Error Reporting\0.NET Runtime\0Application\0\0
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application Sources REG_MULTI_SZ JavaQuickStarterService\0WSH\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Product Activation\0Windows 3.1 Migration\0WebClient\0VSSetup\0VSS\0VBRuntime\0usnsvc\0Userinit\0Userenv\0Tlntsv​r\0SysmonLog\0Starter\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0Remote​ Assistance\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Off​line Files\0Oakley\0Ntbackup.ini\0ntbackup\0MSSQLSERVER/MSDE\0MSSOAP\0MsiInstaller\0MSDTC Client\0MSDTC\0mnmsrvc\0Microsoft Office 12\0Microsoft H.323 Telephony Service Provider\0Microsoft (R) Visual C# 2005 Compiler\0LoadPerf\0Java VM\0HelpSvc\0GeekBuddyRSP\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0DrWatson\0DiskQuota\0crypt32\0COM+\0COM\0Ci\0Chk​dsk\0AutoEnrollment\0Autochk\0ASP.NET 2.0.50727.0\0Application Management\0Application Hang\0Application Error\0.NET Runtime Optimization Service\0.NET Runtime 2.0 Error Reporting\0.NET Runtime\0Application\0\0
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\Norto​n Internet Security
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\VBRun​time EventMessageFile REG_SZ C:\WINDOWS\system32\msvbvm60.dll
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\VBRun​time EventMessageFile REG_SZ C:\WINDOWS\system32\MSVBVM60.DLL
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security​
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security​ Account Manager
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Workstation\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0WgaNotify\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0UPS\0u​ltra\0udfs\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0​TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0SRTSP\0srserv​ice\0sr\0sparrow\0sndblst\0Simbad\0SideBySide\0sfloppy\0Setup\0Servizio di archivi rimovibili\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0RTLE8023xp\0RSVP\0RemoteAccess\0redbook\0Rdbss\0RasMan\0RasAuto\0ql12​80\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0Processor\0Print\0PptpMiniport\0Po​licyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport​\0OSPFMib\0OSPF\0null\0NtServicePack\0ntfs\0npfs\0Nla\0Netlogon\0NetDDE\0NetBT\0​NetBIOS\0NdisWan\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mo​uclass\0Modem\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdclass\0KB929969​\0isapnp\0irsir\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager​\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Internet Explorer 7 Disk\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0Http\0hpn\0ftdisk\0fs​_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmi​o\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide​\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0At​marpc\0ati2mtag\0Ati HotKey Poller\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Application Popup\0apphelp\0amsint\0ami0nt\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu​160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Workstation\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0WgaNotify\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0UPS\0u​ltra\0udfs\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0​TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr​\0sparrow\0sndblst\0Simbad\0SideBySide\0sfloppy\0Setup\0Servizio di archivi rimovibili\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0RTLE8023xp\0RSVP\0RemoteAccess\0redbook\0Rdbss\0RasMan\0RasAuto\0ql12​80\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0Processor\0Print\0PptpMiniport\0Po​licyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport​\0OSPFMib\0OSPF\0null\0NtServicePack\0ntfs\0npfs\0Nla\0Netlogon\0NetDDE\0NetBT\0​NetBIOS\0NdisWan\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mo​uclass\0Modem\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdclass\0KB929969​\0isapnp\0irsir\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager​\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Internet Explorer 7 Disk\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0Http\0hpn\0ftdisk\0fs​_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmi​o\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide​\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0At​marpc\0ati2mtag\0Ati HotKey Poller\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Application Popup\0apphelp\0amsint\0ami0nt\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu​160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\System\SRTSP
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\i8042prt\Parameters KeyboardFailedReset REG_DWORD 0 (0x0)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\IDSxpx86
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\lanmanserver\parameters Guid REG_BINARY D56DDAC9D045F0499541FE157AE7089D
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\lanmanserver\parameters Guid REG_BINARY E7021E025DC04A469C105478DAA1977B
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\MozillaMaintenance Description REG_SZ Mozilla Maintenance Service garantisce che sul computer sia sempre installata la versione più recente e più sicura di Mozilla Firefox. Mantenere Firefox costantemente aggiornato è fondamentale per la sicurezza durante la navigazione, per questo motivo Mozilla consiglia di lasciare attivo questo servizio.
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\MozillaMaintenance Description REG_SZ The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled.
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectorie​s
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\NAVENG
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\NAVEX15
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\Norton Internet Security
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\PerfDisk\Performance WbemAdapFileSignature REG_BINARY A369538A629E1F7C2EF8D18E6F9CBDB1
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\PerfDisk\Performance WbemAdapFileTime REG_BINARY 0089F850FA85C401
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\PerfDisk\Performance WbemAdapFileSize REG_DWORD 27136 (0x6A00)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\PerfDisk\Performance WbemAdapStatus REG_DWORD 0 (0x0)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\PerfNet\Performance WbemAdapFileSignature REG_BINARY 40234F0365CD9D92CEE459FE58FD1025
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\PerfNet\Performance WbemAdapFileTime REG_BINARY 0020CA751432C101
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\PerfNet\Performance WbemAdapFileSize REG_DWORD 17408 (0x4400)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\PerfNet\Performance WbemAdapStatus REG_DWORD 0 (0x0)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\PerfOS\Performance WbemAdapFileSignature REG_BINARY 4967673E8ED0786F88E2CB58786FAE7E
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\PerfOS\Performance WbemAdapFileTime REG_BINARY 0089F850FA85C401
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\PerfOS\Performance WbemAdapFileSize REG_DWORD 26624 (0x6800)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\PerfOS\Performance WbemAdapStatus REG_DWORD 0 (0x0)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\PerfProc\Performance WbemAdapFileSignature REG_BINARY C903E30BDB77AB0C730237F270EC3F90
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\PerfProc\Performance WbemAdapFileTime REG_BINARY 0089F850FA85C401
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\PerfProc\Performance WbemAdapFileSize REG_DWORD 35840 (0x8C00)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\PerfProc\Performance WbemAdapStatus REG_DWORD 0 (0x0)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 1091 (0x443)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 2143 (0x85F)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Parameters\Fi​rewallPolicy\StandardProfile\AuthorizedApplications\List C:\Programmi\File comuni\Comodo\GeekBuddyRSP.exe REG_SZ C:\Programmi\File comuni\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\Spooler\Performance WbemAdapFileSignature REG_BINARY A357128EEA84698DCF3ED33E521292CC
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\Spooler\Performance WbemAdapFileTime REG_BINARY 00FFA861FA85C401
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\Spooler\Performance WbemAdapFileSize REG_DWORD 146944 (0x23E00)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\Spooler\Performance WbemAdapStatus REG_DWORD 0 (0x0)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\SRTSP
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\SRTSPX
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\SYMDNS
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\SymEFA
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\SymEvent
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\SYMFW
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\SYMIDS
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\SymIM
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\SymIMMP
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\SYMNDIS
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\SYMREDRV
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\SYMTDI
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\SysmonLog Start REG_DWORD 3 (0x3)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\SysmonLog Start REG_DWORD 2 (0x2)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\TapiSrv\Performance WbemAdapFileSignature REG_BINARY B5D91042119372579F52237AFBA5AE7F
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\TapiSrv\Performance WbemAdapFileTime REG_BINARY 0020CA751432C101
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\TapiSrv\Performance WbemAdapFileSize REG_DWORD 5632 (0x1600)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\TapiSrv\Performance WbemAdapStatus REG_DWORD 0 (0x0)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters MaxUserPort REG_DWORD 65534 (0xFFFE)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters TcpTimedWaitDelay REG_DWORD 30 (0x1E)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters StrictTimeWaitSeqCheck REG_DWORD 1 (0x1)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interface​s\{65B640D7-C698-4F45-B5C5-F4BB59B01C70} LeaseObtainedTime REG_DWORD 1357225241 (0x50E59D19)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interface​s\{65B640D7-C698-4F45-B5C5-F4BB59B01C70} LeaseObtainedTime REG_DWORD 1360317566 (0x5114CC7E)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interface​s\{65B640D7-C698-4F45-B5C5-F4BB59B01C70} T1 REG_DWORD 1357236041 (0x50E5C749)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interface​s\{65B640D7-C698-4F45-B5C5-F4BB59B01C70} T1 REG_DWORD 1360328366 (0x5114F6AE)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interface​s\{65B640D7-C698-4F45-B5C5-F4BB59B01C70} T2 REG_DWORD 1357244141 (0x50E5E6ED)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interface​s\{65B640D7-C698-4F45-B5C5-F4BB59B01C70} T2 REG_DWORD 1360336466 (0x51151652)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interface​s\{65B640D7-C698-4F45-B5C5-F4BB59B01C70} LeaseTerminatesTime REG_DWORD 1357246841 (0x50E5F179)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interface​s\{65B640D7-C698-4F45-B5C5-F4BB59B01C70} LeaseTerminatesTime REG_DWORD 1360339166 (0x511520DE)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interface​s\{65B640D7-C698-4F45-B5C5-F4BB59B01C70} IPAutoconfigurationSeed REG_DWORD 1079886920 (0x405DC448)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interface​s\{65B640D7-C698-4F45-B5C5-F4BB59B01C70} IPAutoconfigurationSeed REG_DWORD -890041408 (0xCAF30BC0)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interface​s\{65B640D7-C698-4F45-B5C5-F4BB59B01C70} DhcpRetryTime REG_DWORD 10800 (0x2A30)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interface​s\{65B640D7-C698-4F45-B5C5-F4BB59B01C70} DhcpRetryStatus REG_DWORD 0 (0x0)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\UPS ObjectName REG_SZ NT AUTHORITY\LocalService
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\UPS ObjectName REG_EXPAND_SZ LocalSystem
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\UPS Port REG_SZ COM1
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\UPS Options REG_DWORD 126 (0x7E)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\UPS FirstMessageDelay REG_DWORD 5 (0x5)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\UPS MessageInterval REG_DWORD 120 (0x78)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\W32Time\TimeProviders\NtpC​lient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7bfd57b\0\0\0\0\0\0\0\0\0\0\0\0
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\W32Time\TimeProviders\NtpC​lient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7c04c81\0\0\0\0\0\0\0\0\0\0\0\0
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\{65B640D7-C698-4F45-B5C5-F4BB59B01C70}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1357225241 (0x50E59D19)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\{65B640D7-C698-4F45-B5C5-F4BB59B01C70}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1360317566 (0x5114CC7E)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\{65B640D7-C698-4F45-B5C5-F4BB59B01C70}\Parameters\Tcpip T1 REG_DWORD 1357236041 (0x50E5C749)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\{65B640D7-C698-4F45-B5C5-F4BB59B01C70}\Parameters\Tcpip T1 REG_DWORD 1360328366 (0x5114F6AE)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\{65B640D7-C698-4F45-B5C5-F4BB59B01C70}\Parameters\Tcpip T2 REG_DWORD 1357244141 (0x50E5E6ED)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\{65B640D7-C698-4F45-B5C5-F4BB59B01C70}\Parameters\Tcpip T2 REG_DWORD 1360336466 (0x51151652)
< Value:  HKEY_LOCAL_MACHINE\system\controlset001\services\{65B640D7-C698-4F45-B5C5-F4BB59B01C70}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1357246841 (0x50E5F179)
> Value:  HKEY_LOCAL_MACHINE\system\controlset002\services\{65B640D7-C698-4F45-B5C5-F4BB59B01C70}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1360339166 (0x511520DE)

Result compared: Different
Trova tutti i messaggi di questo utente
Cita questo messaggio nella tua risposta
08-02-2013, 07:08 PM

04-08-2017, 09:31 AM (Questo messaggio è stato modificato l'ultima volta il: 04-08-2017 09:33 AM da Nlfyskiod.)
Messaggio: #2
RE: Rilevare intrusione informatica
Se virus informatici e la migliore uccisione online, penso, ma i computer sono stati attaccati, è possibile utilizzare alcuni dei software Registrati al forum qui per vedere questo link. di Internet, l'invasione della situazione in realtà non sapeva come, quindi è ancora un buon on-line regolarmente uccidere. .......
Trova tutti i messaggi di questo utente
Cita questo messaggio nella tua risposta
04-08-2017, 04:08 PM
Messaggio: #3
RE: Rilevare intrusione informatica
Nlfyskiod sei un bot o una personare reale? Il thread è vecchio più di 4 anni ed il tuo italiano è molto strano sembri uno straniero. Quindi tutto lascia pensare ad un bot. Dacci una mano a capire, perchè qui i bot non sono ben visti.
Trova tutti i messaggi di questo utente
Cita questo messaggio nella tua risposta
Rispondi 



Discussioni simili
Discussione: Autore Risposte: Letto: Ultimo messaggio
  controllo intrusione rete wireless shyne 5 1,436 20-09-2008 06:56 PM
Ultimo messaggio: shyne
  Avviso di intrusione virus con kis 6 simone89 4 818 13-05-2007 04:29 PM
Ultimo messaggio: Markino
  Rilevare i Virus invisibili - RootKit mattia 3 613 18-03-2007 12:20 PM
Ultimo messaggio: golden

Vai al forum:


Powered by MyBB, © 2002-2017 MyBB Group. myBB new designed for MyBB
Modifiche a cura di Mattia - Copyright 2007-2017 Methack.it
Questo sito e tutti i suoi contenuti sono pubblicati sotto licenza Creative Commons 2.5.