Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

problema bagle

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

problema bagle

Messaggioda ares84 » mar ott 13, 2009 6:50 pm

salve a tutti ho un problema relativo a bagle
il virus credo sia stato rimosso(sono state ristabilite le varie funzioni)
ho eseguito varie scansioni con:
findykill

----------------- FindyKill V4.707 ------------------

* User : bartolo - PC-BARTOLO
* executed from : C:\Program Files\FindyKill
* Update on 06/12/08 par Chiquitine29
* Start at 19:41:11 the 12/10/2009
* Windows Vista - Internet Explorer 7.0.6001.18000


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\SupportAppXL\cdrom_mon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\Windows


»»»» Supression files in C:\Windows\Prefetch


»»»» Supression files in C:\Windows\system32


»»»» Supression files in C:\Windows\system32\drivers


»»»» Supression files in C:\Users\bartolo\AppData\Roaming


»»»» Supression files in C:\Users\bartolo\AppData\Local\Temp


»»»» Supression files in C:\Users\bartolo\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registry / Infected keys ] ----------------


--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Wlansvc - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Unit… fissa
D: - Unit… fissa
E: - Unit… CD-ROM

+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------

C:\ProgramData\Adobe\Photoshop Elements\6.0\Locale\it_IT\Photo Creations Metadata\backgrounds\Cracked Paint.xml
C:\ProgramData\Adobe\Photoshop Elements\6.0\Photo Creations\backgrounds\Cracked Paint.jpg


---------------- ! End of report ! ------------------

combofix

ComboFix 09-10-11.03 - bartolo 12/10/2009 21.54.44.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.39.1040.18.3000.2226 [GMT 2:00]
Eseguito da: c:\users\bartolo\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Creati Da 2009-09-12 al 2009-10-12 )))))))))))))))))))))))))))))))))))
.

2009-10-12 19:59 . 2009-10-12 19:59 -------- d-----w- c:\users\bartolo\AppData\Local\temp
2009-10-12 19:59 . 2009-10-12 19:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-12 19:59 . 2009-10-12 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-12 18:55 . 2009-10-12 18:55 -------- d-----w- c:\programdata\Avg7
2009-10-12 18:41 . 2009-10-12 18:41 -------- d-----w- c:\users\bartolo\AppData\Roaming\r2 Studios
2009-10-12 18:41 . 2009-10-12 18:41 -------- d-----w- c:\programdata\r2 Studios
2009-10-12 18:41 . 2009-10-12 18:41 -------- d-----w- c:\program files\r2 Studios
2009-10-12 17:19 . 2009-10-12 17:43 -------- d-----w- c:\program files\FindyKill

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 19:51 . 2009-10-12 19:51 4096 ----a-w- c:\windows\system32\09FB7.tmp
2009-10-12 19:44 . 2008-05-23 02:23 661876 ----a-w- c:\windows\system32\perfh010.dat
2009-10-12 19:44 . 2008-05-23 02:23 119742 ----a-w- c:\windows\system32\perfc010.dat
2009-10-12 18:57 . 2009-10-12 18:57 4096 ----a-w- c:\windows\system32\0A581.tmp
2009-10-12 18:45 . 2009-10-12 18:45 4096 ----a-w- c:\windows\system32\0B48F.tmp
2009-10-12 18:37 . 2009-10-12 18:37 4096 ----a-w- c:\windows\system32\0ADCB.tmp
2009-10-12 18:33 . 2009-02-06 19:36 -------- d-----w- c:\program files\YKill
2009-10-12 18:26 . 2009-10-12 18:26 4096 ----a-w- c:\windows\system32\0AA90.tmp
2009-10-12 17:48 . 2009-07-10 15:06 -------- d-----w- c:\program files\Spyware Terminator
2009-10-12 17:45 . 2009-10-12 17:45 4096 ----a-w- c:\windows\system32\0AF13.tmp
2009-10-12 17:40 . 2009-10-12 17:40 4096 ----a-w- c:\windows\system32\090F8.tmp
2009-10-12 17:39 . 2009-10-12 17:39 4096 ----a-w- c:\windows\system32\09923.tmp
2009-10-12 17:24 . 2009-10-12 17:24 4096 ----a-w- c:\windows\system32\0A5DF.tmp
2009-10-12 17:22 . 2009-10-12 17:22 4096 ----a-w- c:\windows\system32\09CBB.tmp
2009-10-12 17:00 . 2009-10-12 17:00 4096 ----a-w- c:\windows\system32\09F0C.tmp
2009-10-12 15:45 . 2009-10-12 15:45 4096 ----a-w- c:\windows\system32\0B682.tmp
2009-10-12 14:01 . 2008-11-29 23:10 -------- d-----w- c:\program files\Alice MOBILE
2009-10-12 13:56 . 2009-10-12 13:56 4096 ----a-w- c:\windows\system32\0A15D.tmp
2009-10-12 13:52 . 2009-10-12 13:52 4096 ----a-w- c:\windows\system32\01DAD.tmp
2009-10-12 12:58 . 2009-10-12 12:58 4096 ----a-w- c:\windows\system32\0C4D4.tmp
2009-10-12 11:14 . 2009-10-12 11:14 4096 ----a-w- c:\windows\system32\0B36.tmp
2009-10-12 09:42 . 2009-10-12 09:42 4096 ----a-w- c:\windows\system32\0D5D4.tmp
2009-10-11 14:02 . 2009-10-11 14:02 4096 ----a-w- c:\windows\system32\04F28.tmp
2009-10-11 13:14 . 2009-10-11 13:14 4096 ----a-w- c:\windows\system32\06FA3.tmp
2009-10-11 10:16 . 2009-10-11 10:16 4096 ----a-w- c:\windows\system32\0AD1F.tmp
2009-10-11 09:48 . 2009-10-11 09:48 4096 ----a-w- c:\windows\system32\0BE5E.tmp
2009-10-11 09:43 . 2009-10-11 09:43 4096 ----a-w- c:\windows\system32\0CBD6.tmp
2009-10-11 09:35 . 2009-10-11 09:35 4096 ----a-w- c:\windows\system32\0E0CC.tmp
2009-10-11 09:31 . 2009-10-11 09:31 4096 ----a-w- c:\windows\system32\0EF3D.tmp
2009-10-11 09:01 . 2009-10-11 09:01 4096 ----a-w- c:\windows\system32\0A2D.tmp
2009-10-11 08:56 . 2009-10-11 08:56 4096 ----a-w- c:\windows\system32\0FF64.tmp
2009-10-10 15:42 . 2009-10-10 15:42 4096 ----a-w- c:\windows\system32\022DB.tmp
2009-10-10 14:29 . 2009-10-10 14:29 4096 ----a-w- c:\windows\system32\04E6D.tmp
2009-10-10 13:44 . 2009-10-10 13:44 4096 ----a-w- c:\windows\system32\0B94.tmp
2009-10-10 10:22 . 2009-07-10 15:06 -------- d-----w- c:\programdata\Spyware Terminator
2009-10-10 09:12 . 2009-10-10 09:12 4096 ----a-w- c:\windows\system32\0E7ED.tmp
2009-10-09 22:09 . 2009-10-09 22:09 4096 ----a-w- c:\windows\system32\0CA21.tmp
2009-10-09 22:02 . 2009-04-19 12:07 5972 ----a-w- c:\users\bartolo\AppData\Local\d3d9caps.dat
2009-10-09 22:02 . 2009-10-09 22:02 4096 ----a-w- c:\windows\system32\0D2A9.tmp
2009-10-09 19:37 . 2009-10-09 19:37 4096 ----a-w- c:\windows\system32\0B3F3.tmp
2009-10-09 19:14 . 2009-10-09 19:14 4096 ----a-w- c:\windows\system32\0DCD6.tmp
2009-10-09 18:55 . 2009-10-09 18:55 4096 ----a-w- c:\windows\system32\0F45C.tmp
2009-10-09 09:42 . 2009-10-09 09:42 4096 ----a-w- c:\windows\system32\03E.tmp
2009-10-08 19:35 . 2009-10-08 19:35 4096 ----a-w- c:\windows\system32\0CFEB.tmp
2009-10-08 19:28 . 2009-10-08 19:28 4096 ----a-w- c:\windows\system32\0E030.tmp
2009-10-08 19:23 . 2009-10-08 19:23 4096 ----a-w- c:\windows\system32\05F7D.tmp
2009-10-08 14:22 . 2009-10-08 14:22 4096 ----a-w- c:\windows\system32\0B78B.tmp
2009-10-08 09:47 . 2009-10-08 09:47 4096 ----a-w- c:\windows\system32\0A727.tmp
2009-10-08 09:43 . 2009-10-08 09:43 4096 ----a-w- c:\windows\system32\0A524.tmp
2009-10-07 17:36 . 2009-10-07 17:36 4096 ----a-w- c:\windows\system32\08E4A.tmp
2009-10-07 16:23 . 2009-10-07 16:23 4096 ----a-w- c:\windows\system32\0F3DF.tmp
2009-10-07 16:14 . 2009-10-07 16:14 4096 ----a-w- c:\windows\system32\08111.tmp
2009-10-05 22:11 . 2009-02-22 20:09 -------- d-----w- c:\users\bartolo\AppData\Roaming\OpenOffice.org2
2009-08-16 17:39 . 2009-02-23 19:58 -------- d-----w- c:\program files\DivX
2009-08-16 17:39 . 2009-08-16 17:39 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-29 09:01 . 2009-07-29 09:01 410984 ----a-w- c:\windows\system32\deploytk.dll
2008-01-21 02:33 . 2008-01-21 02:33 168096 --sha-r- c:\windows\System32\txckpc.dll
2008-05-23 02:27 . 2008-05-23 02:27 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-04 6265376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\SPYWAR~1\sp_rsdel.exe "\??\c:\progra~2\SPYWAR~1\sp_rsdel.dat\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{201B09D1-A7D5-4642-92F6-AA839BC5315D}"= Profile=Private|c:\program files\CyberLink\PowerCinema\PowerCinema.exe:CyberLink PowerCinema
"{BFB57D9B-989A-42BB-8519-1800089BB6BE}"= Profile=Private|c:\program files\CyberLink\PowerCinema\PCMService.exe:CyberLink PowerCinema Resident Program
"{799F97D9-23D4-4F5C-A5B6-BF20821C52CF}"= Profile=Private|c:\program files\CyberLink\PowerCinema\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{C53E5065-55C0-4567-975F-7A1D0CAAD44F}"= Profile=Private|c:\program files\CyberLink\PowerCinema\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{734A10BF-E193-4B8E-8A66-0B2F161BAB2B}"= Profile=Private|c:\program files\CyberLink\PlayMovie\PlayMovie.exe:CyberLink PlayMovie
"{AF226ED1-552B-4A7B-BC57-CEC8A2FE30C0}"= Profile=Private|c:\program files\CyberLink\PlayMovie\PMVService.exe:CyberLink PlayMovie Resident Program
"{6D972E2C-5F9E-42AD-AB43-CD1CCF97ACA9}"= Disabled:UDP:0:dwgkqb
"{DC59357F-02FE-47CE-8466-FDE37AE0FAF9}"= Disabled:c:\program files\CyberLink\PowerCinema\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{5F5624ED-888F-461F-920B-CD45A0C0D647}"= Disabled:c:\program files\CyberLink\PowerCinema\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{1E13B0EF-2308-43E8-93D8-7284C63978B2}"= Disabled:c:\program files\CyberLink\PlayMovie\PlayMovie.exe:CyberLink PlayMovie
"{35DF0EF9-B1E1-487B-9B51-BED6145D105D}"= Disabled:c:\program files\CyberLink\PlayMovie\PMVService.exe:CyberLink PlayMovie Resident Program
"{7FFD16E3-CDB2-4E1C-81EE-4D9EC3E355F4}"= Disabled:c:\program files\CyberLink\PowerCinema\PowerCinema.exe:CyberLink PowerCinema
"{87C44FFF-9224-4D21-8FB2-C2DA41353E14}"= Disabled:c:\program files\CyberLink\PowerCinema\PCMService.exe:CyberLink PowerCinema Resident Program
"{6D4054EA-C659-4BFB-B168-EDE19A78EC8D}"= Disabled:UDP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{5A99678E-81A8-4377-8DB1-823C9864494A}"= Disabled:TCP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{51CCC068-09AF-47E6-8F9E-2637598F9D67}"= Disabled:UDP:f:\fairlight\PES2008.exe:Pro Evolution Soccer 2008
"{AB1C7168-F118-4622-B689-CD07F08FE91D}"= Disabled:TCP:f:\fairlight\PES2008.exe:Pro Evolution Soccer 2008
"{E4294748-BE76-416A-8079-58E4D2AFDE7C}"= UDP:4299:dwgkqb
"{7D28FBE3-963E-4491-B7B1-C2B5FEE762CA}"= UDP:d:\konami\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{56952C3C-1C7B-439A-9250-A2FD84FAC94F}"= TCP:d:\konami\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090331.003\IDSvix86.sys [02/04/2009 23.37.29 272432]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\programdata\Spyware Terminator\sp_rsdrv2.sys [10/07/2009 17.06.31 133120]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [22/05/2008 19.13.46 41456]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [06/02/2008 21.48.00 149352]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [23/05/2008 4.16.49 418816]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 12.31.18 41008]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 0.45.04 124832]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\System32\SupportAppXL\cdrom_mon.exe [14/01/2008 19.41.17 81920]
S2 nppom;Task Time;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 4.33.13 21504]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [12/01/2008 21.32.00 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/02/2009 1.00.46 101936]
S3 GoogleDesktopManager-071508-051939;Google Desktop Manager 5.7.807.15159;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22/05/2008 19.14.36 24064]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\System32\drivers\ONDAusbmdm6k.sys [17/01/2009 14.04.13 104960]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\System32\drivers\ONDAusbnet.sys [17/01/2009 14.04.13 110080]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\System32\drivers\ONDAusbnmea.sys [17/01/2009 14.04.13 104960]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\System32\drivers\ONDAusbser6k.sys [17/01/2009 14.04.13 104960]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nppom
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-12 c:\windows\Tasks\Garanzia estesa-bartolo.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-05-22 09:13]

2009-10-12 c:\windows\Tasks\Norton Internet Security - Scansione completa sistema - bartolo.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 07:05]

2009-10-12 c:\windows\Tasks\Recovery DVD Creator-bartolo.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-05-22 09:13]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
TCP: {2214BFD4-E56C-4A5C-8ACD-3A6A43A0D780} = 194.20.8.1,213.145.3.1
TCP: {B853A871-6D0D-4ABD-A079-98E70CCF3B79} = 85.37.17.39 85.38.28.71
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 21:59
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nppom]
"ServiceDll"="c:\windows\system32\txckpc.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-10-12 22.00.44
ComboFix-quarantined-files.txt 2009-10-12 20:00
ComboFix2.txt 2009-10-12 19:47

Pre-Run: 2.269.954.048 byte disponibili
Post-Run: 2.188.029.952 byte disponibili

501


avira scansione 1 http://www.mediafire.com/?sharekey=ef54 ... f6e8ebb871

avira scansione 2

Avira AntiVir Personal
Report file date: martedì 13 ottobre 2009 18:21

Scanning for 1794245 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Save mode
Username : bartolo
Computer name : PC-BARTOLO

Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 29/07/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21/07/2009 12:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 08:21:42
ANTIVIR2.VDF : 7.1.6.50 4333568 Bytes 29/09/2009 14:23:43
ANTIVIR3.VDF : 7.1.6.105 497152 Bytes 13/10/2009 14:23:51
Engineversion : 8.2.1.35
AEVDF.DLL : 8.1.1.2 106867 Bytes 13/10/2009 14:24:26
AESCRIPT.DLL : 8.1.2.35 483707 Bytes 13/10/2009 14:24:26
AESCN.DLL : 8.1.2.5 127346 Bytes 13/10/2009 14:24:24
AERDL.DLL : 8.1.3.2 479604 Bytes 13/10/2009 14:24:24
AEPACK.DLL : 8.2.0.0 422261 Bytes 13/10/2009 14:24:21
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23/07/2009 08:59:39
AEHEUR.DLL : 8.1.0.167 2011511 Bytes 13/10/2009 14:24:17
AEHELP.DLL : 8.1.7.0 237940 Bytes 13/10/2009 14:24:02
AEGEN.DLL : 8.1.1.67 364916 Bytes 13/10/2009 14:23:59
AEEMU.DLL : 8.1.1.0 393587 Bytes 13/10/2009 14:23:56
AECORE.DLL : 8.1.8.1 184693 Bytes 13/10/2009 14:23:53
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 14:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 09:19:48

Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +PCK,+SPR,

Start of the scan: martedì 13 ottobre 2009 18:21

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
17 processes with 17 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '39' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
[WARNING] The file could not be opened!
C:\Windows\SoftwareDistribution\Download\0e9370a08770d111869344b004225e2f\BITF108.tmp
[0] Archive type: CAB (Microsoft)
--> 140
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Windows\SoftwareDistribution\Download\24bb1bb4b381166d757197c114f8148c\BIT6C3.tmp
[0] Archive type: CAB (Microsoft)
--> x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813.manifest
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Windows\SoftwareDistribution\Download\9555a254feaf59bcc019795c7c8caebb\BITEEA6.tmp
[0] Archive type: CAB (Microsoft)
--> package_6_for_kb938464_bf~31bf3856ad364e35~x86~~6.0.1.5.mum
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Windows\SoftwareDistribution\Download\ad3465340368e5a3f2ea490617d37bff\BITC69A.tmp
[0] Archive type: CAB (Microsoft)
--> x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989.manifest
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Windows\SoftwareDistribution\Download\f06ae4b5ecb588d9072493a29aa9e6eb\BITAEA.tmp
[0] Archive type: CAB (Microsoft)
--> package_for_kb956391_server_bf~31bf3856ad364e35~x86~~6.0.1.2.mum
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Windows\System32\01238.tmp
[DETECTION] Contains recognition pattern of the RKIT/Conficker.A root kit
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!

Beginning disinfection:
C:\Windows\System32\01238.tmp
[DETECTION] Contains recognition pattern of the RKIT/Conficker.A root kit
[NOTE] The file was moved to '4b06aeab.qua'!


End of the scan: martedì 13 ottobre 2009 18:44
Used time: 23:23 Minute(s)

The scan has been done completely.

14447 Scanned directories
262273 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
262269 Files not concerned
3045 Archives were scanned
13 Warnings
2 Notes
non aveva rimosso una cosa e non ci è ancora riuscito

ho fatto una scansione anche con gmer(se serve posto il log non lo posto perché supero il num max di caratteri)

alla fine ho poi usato baglerestore ma ce un problema che permane:
nonstante abbia disabilitato il controllo account utente e come se fosse attivo(ogni volta devo confermare) e anche se il profilo e configurato come administrator e come se nono lo fosse e non posso eseguire certe operazioni(e non mi permette di eliminare certi file)

è ancora prensente qualche residuo non ancora individuato?
Ci sono che conosciamo cose che non conosciamo e in mezzo ci sono le porte
Avatar utente
ares84
Aficionado
Aficionado
 
Messaggi: 89
Iscritto il: mer nov 22, 2006 11:37 am
Località: palermo
Top

Re: problema bagle

Messaggioda Amantide » ven ott 16, 2009 9:41 pm

Hai eseguito tutte le scansione dalla modalità normale?

Intanto copia ed incolla il seguente testo su blocconote e salva il file su desktop con il nome CFScript.txt.
Codice: Seleziona tutto
File::
c:\windows\System32\txckpc.dll
c:\windows\system32\09FB7.tmp
c:\windows\system32\0A581.tmp
c:\windows\system32\0B48F.tmp
c:\windows\system32\0ADCB.tmp
c:\windows\system32\0AA90.tmp
c:\windows\system32\0AF13.tmp
c:\windows\system32\090F8.tmp
c:\windows\system32\09923.tmp
c:\windows\system32\0A5DF.tmp
c:\windows\system32\09CBB.tmp
c:\windows\system32\09F0C.tmp
c:\windows\system32\0B682.tmp
c:\windows\system32\0A15D.tmp
c:\windows\system32\01DAD.tmp
c:\windows\system32\0C4D4.tmp
c:\windows\system32\0B36.tmp
c:\windows\system32\0D5D4.tmp
c:\windows\system32\04F28.tmp
c:\windows\system32\06FA3.tmp
c:\windows\system32\0AD1F.tmp
c:\windows\system32\0BE5E.tmp
c:\windows\system32\0CBD6.tmp
c:\windows\system32\0E0CC.tmp
c:\windows\system32\0EF3D.tmp
c:\windows\system32\0A2D.tmp
c:\windows\system32\0FF64.tmp
c:\windows\system32\022DB.tmp
c:\windows\system32\04E6D.tmp
c:\windows\system32\0B94.tmp
c:\windows\system32\0E7ED.tmp
c:\windows\system32\0CA21.tmp
c:\windows\system32\0D2A9.tmp
c:\windows\system32\0B3F3.tmp
c:\windows\system32\0DCD6.tmp
c:\windows\system32\0F45C.tmp
c:\windows\system32\03E.tmp
c:\windows\system32\0CFEB.tmp
c:\windows\system32\0E030.tmp
c:\windows\system32\05F7D.tmp
c:\windows\system32\0B78B.tmp
c:\windows\system32\0A727.tmp
c:\windows\system32\0A524.tmp
c:\windows\system32\08E4A.tmp
c:\windows\system32\0F3DF.tmp
c:\windows\system32\08111.tmp

Driver::
dwgkqb
nppom


Adesso riavvia il PC in modalità provvisoria, per maggiore efficenza, e trascina il file CFScript.txt sull'icona di ComboFix. Aspetta il termine della scansione e posta il nuovo log di Combofix.


Il file C:\Windows\System32\drivers\sptd.sys invece è il falso positivo.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Re: problema bagle

Messaggioda ares84 » lun ott 19, 2009 12:04 pm

si se non ricordo male ho fatto tutte le scansioni in modalita normale, tranne una con findykill in mod provvisoria

qui ce il nuovo log di combofix

ComboFix 09-10-18.04 - bartolo 19/10/2009 12.50.19.1.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.39.1040.18.3000.2656 [GMT 2:00]
Eseguito da: c:\users\bartolo\Desktop\ComboFix.exe
Opzioni usate :: c:\users\bartolo\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_nppom


((((((((((((((((((((((((( Files Creati Da 2009-09-19 al 2009-10-19 )))))))))))))))))))))))))))))))))))
.

2009-10-19 10:54 . 2009-10-19 10:58 -------- d-----w- c:\users\bartolo\AppData\Local\temp
2009-10-19 10:54 . 2009-10-19 10:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-19 10:54 . 2009-10-19 10:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-13 17:01 . 2009-10-13 17:01 -------- d-----w- c:\programdata\is-8JK12
2009-10-13 17:01 . 2009-10-19 10:46 53008416 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-13 17:01 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\69270539.sys
2009-10-13 14:20 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-13 14:20 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-13 14:20 . 2009-10-13 14:20 -------- d-----w- c:\programdata\Avira
2009-10-13 14:20 . 2009-10-13 14:20 -------- d-----w- c:\program files\Avira
2009-10-12 20:20 . 2009-10-12 20:20 -------- d-----w- c:\users\bartolo\AppData\Roaming\CyberLink
2009-10-12 18:55 . 2009-10-12 18:55 -------- d-----w- c:\programdata\Avg7
2009-10-12 18:41 . 2009-10-12 18:41 -------- d-----w- c:\users\bartolo\AppData\Roaming\r2 Studios
2009-10-12 18:41 . 2009-10-12 18:41 -------- d-----w- c:\programdata\r2 Studios
2009-10-12 18:41 . 2009-10-12 18:41 -------- d-----w- c:\program files\r2 Studios
2009-10-12 17:19 . 2009-10-13 16:54 -------- d-----w- c:\program files\FindyKill

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 10:53 . 2008-05-23 02:23 661876 ----a-w- c:\windows\system32\perfh010.dat
2009-10-19 10:53 . 2008-05-23 02:23 119742 ----a-w- c:\windows\system32\perfc010.dat
2009-10-19 10:46 . 2009-10-13 17:01 622268 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-19 10:24 . 2009-07-10 15:06 -------- d-----w- c:\programdata\Spyware Terminator
2009-10-19 10:24 . 2009-07-10 15:06 -------- d-----w- c:\program files\Spyware Terminator
2009-10-19 10:17 . 2008-11-29 23:10 -------- d-----w- c:\program files\Alice MOBILE
2009-10-12 22:34 . 2009-04-19 12:07 5972 ----a-w- c:\users\bartolo\AppData\Local\d3d9caps.dat
2009-10-12 18:33 . 2009-02-06 19:36 -------- d-----w- c:\program files\YKill
2009-10-05 22:11 . 2009-02-22 20:09 -------- d-----w- c:\users\bartolo\AppData\Roaming\OpenOffice.org2
2009-07-29 09:01 . 2009-07-29 09:01 410984 ----a-w- c:\windows\system32\deploytk.dll
2008-05-23 02:27 . 2008-05-23 02:27 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-04 6265376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090331.003\IDSvix86.sys [02/04/2009 23.37.29 272432]
S1 is-8JK12drv;is-8JK12drv;c:\windows\System32\drivers\69270539.sys [13/10/2009 19.01.45 148496]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\programdata\Spyware Terminator\sp_rsdrv2.sys [10/07/2009 17.06.31 133120]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [22/05/2008 19.13.46 41456]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 0.45.04 124832]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13/10/2009 16.20.26 108289]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\System32\SupportAppXL\cdrom_mon.exe [14/01/2008 19.41.17 81920]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [06/02/2008 21.48.00 149352]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [12/01/2008 21.32.00 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/02/2009 1.00.46 101936]
S3 GoogleDesktopManager-071508-051939;Google Desktop Manager 5.7.807.15159;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22/05/2008 19.14.36 24064]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [23/05/2008 4.16.49 418816]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\System32\drivers\ONDAusbmdm6k.sys [17/01/2009 14.04.13 104960]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\System32\drivers\ONDAusbnet.sys [17/01/2009 14.04.13 110080]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\System32\drivers\ONDAusbnmea.sys [17/01/2009 14.04.13 104960]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\System32\drivers\ONDAusbser6k.sys [17/01/2009 14.04.13 104960]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 12.31.18 41008]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-19 c:\windows\Tasks\Garanzia estesa-bartolo.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-05-22 09:13]

2009-10-12 c:\windows\Tasks\Norton Internet Security - Scansione completa sistema - bartolo.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 07:05]

2009-10-19 c:\windows\Tasks\Recovery DVD Creator-bartolo.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-05-22 09:13]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
TCP: {2214BFD4-E56C-4A5C-8ACD-3A6A43A0D780} = 194.20.8.1,213.145.3.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 12:58
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-1906169502-3126458550-1391210706-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\combofix\CF12480.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Ora fine scansione: 2009-10-19 13.01.52 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-10-19 11:01
ComboFix2.txt 2009-10-13 11:17
ComboFix3.txt 2009-10-12 20:00
ComboFix4.txt 2009-10-12 19:47

Pre-Run: 6.092.201.984 byte disponibili
Post-Run: 2.680.848.384 byte disponibili

- - End Of File - - 5DE2C738879AF804AB500E5DDA8F7036
Ci sono che conosciamo cose che non conosciamo e in mezzo ci sono le porte
Avatar utente
ares84
Aficionado
Aficionado
 
Messaggi: 89
Iscritto il: mer nov 22, 2006 11:37 am
Località: palermo
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 11 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising