virus che non riesco ad eliminare

**ViolettVale** · 15-10-2011, 15:49

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\3.bin\mwssvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
Parte 3:
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 20626 bytes

Vi ringrazio tantissimo in anticipo.
Son davvero disperata :asd:

Grazie ^_^

**menatwork** · 15-10-2011, 16:03

ciao, manca la parte finale del log per ora segui questa procedura attentamente

Apri HiJackThis -> Clicca Do a scan only -> Metti la spunta a fianco delle righe che ti segnalo qui sotto -> Clicca su Fix Checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R3 - URLSearchHook: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Program Files (x86)\Softonic_Italia\tbSoft.dll

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSSRCAS.DLL (file missing)

R3 - URLSearchHook: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files (x86)\PHPNukeIT\tbPHPN.dll

R3 - URLSearchHook: Messenger Plus Toolbar - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files (x86)\Messenger_Plus\prxtbMess.dll

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files (x86)\ShoppingReport\Bin\2.6.79\ShoppingReport.dll (file missing)

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

O2 - BHO: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Program Files (x86)\Softonic_Italia\tbSoft.dll

O2 - BHO: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files (x86)\Hotbar\bin\11.0.175.0\HostIE.dll (file missing)

O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll

O2 - BHO: Messenger Plus - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files (x86)\Messenger_Plus\prxtbMess.dll

O3 - Toolbar: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files (x86)\Hotbar\bin\11.0.175.0\HostIE.dll (file missing)

O3 - Toolbar: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Program Files (x86)\Softonic_Italia\tbSoft.dll

O3 - Toolbar: PHPNukeIT Toolbar - {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - C:\Program Files (x86)\PHPNukeIT\tbPHPN.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx. dll

O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files (x86)\Hotbar\bin\11.0.175.0\HotbarSA.exe"

O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKCU\..\Run: [PopularScreensaversWallpaper] rundll32 C:\PROGRA~2\MYWEBS~1\bar\3.bin\F3SCRCTR.DLL,LES

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

scarica combofix sul desktop

alla richiesta se vuoi installare la recovery console clicca su NO

esegui ComboFix.exe

segui le instruzioni

finita la scansione portati in C:\ e allega nella tua prossima risposta, il contenuto del file di testo Combofix.txt

**ViolettVale** · 16-10-2011, 00:58

Ciao, grazie mille per la risposta!
Al termine dell'operazione con HiJackThis mi è comparsa questa finestra di errore:

Quindi non capisco se i file da fixare siano o meno andati a buon fine....

**menatwork** · 16-10-2011, 02:01

certo se mi dai una risposta ogni 9 ore andiamo bene

prosegui con combofix dopo pensiamo all'errore

**ViolettVale** · 16-10-2011, 11:32

Fatto, ecco il log:
(lo divido in 3 o 4 parti, dipende dalla lunghezza)
ComboFix 11-10-15.03 - Vale 16/10/2011 11:07:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4095.2099 [GMT 2:00]
Eseguito da: c:\users\Vale\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\program files (x86)\FunWebProducts
c:\program files (x86)\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}
c:\program files (x86)\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome.manifest
c:\program files (x86)\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome\bardiscover.jar
c:\program files (x86)\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults\preferences\prefs.js
c:\program files (x86)\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\install.rdf
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files (x86)\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files (x86)\MyWebSearch\bar\3.bin\CHROME.MANIFEST
c:\program files (x86)\MyWebSearch\bar\3.bin\chrome\M3FFXTBR.JAR
c:\program files (x86)\MyWebSearch\bar\3.bin\F3BKGERR.JPG
c:\program files (x86)\MyWebSearch\bar\3.bin\F3CJPEG.DLL
c:\program files (x86)\MyWebSearch\bar\3.bin\F3DTACTL.DLL
c:\program files (x86)\MyWebSearch\bar\3.bin\F3HISTSW.DLL
c:\program files (x86)\MyWebSearch\bar\3.bin\F3HTTPCT.DLL
c:\program files (x86)\MyWebSearch\bar\3.bin\F3IMSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\3.bin\F3PSSAVR.SCR
c:\program files (x86)\MyWebSearch\bar\3.bin\F3REGHK.DLL
c:\program files (x86)\MyWebSearch\bar\3.bin\F3RESTUB.DLL
c:\program files (x86)\MyWebSearch\bar\3.bin\F3SPACER.WMV
c:\program files (x86)\MyWebSearch\bar\3.bin\F3WALLPP.DAT
c:\program files (x86)\MyWebSearch\bar\3.bin\F3WPHOOK.DLL
c:\program files (x86)\MyWebSearch\bar\3.bin\FWPBUDDY.PNG
c:\program files (x86)\MyWebSearch\bar\3.bin\INSTALL.RDF
c:\program files (x86)\MyWebSearch\bar\3.bin\M3HIGHIN.EXE
c:\program files (x86)\MyWebSearch\bar\3.bin\M3HTml.dll
c:\program files (x86)\MyWebSearch\bar\3.bin\M3IDLE.DLL
c:\program files (x86)\MyWebSearch\bar\3.bin\M3IMPIPE.EXE
c:\program files (x86)\MyWebSearch\bar\3.bin\M3MSg.dll
c:\program files (x86)\MyWebSearch\bar\3.bin\M3SKPLAY.EXE
c:\program files (x86)\MyWebSearch\bar\3.bin\MWSSVC.EXE
c:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files (x86)\MyWebSearch\bar\icons\CM.ICO
c:\program files (x86)\MyWebSearch\bar\icons\MFC.ICO
c:\program files (x86)\MyWebSearch\bar\icons\PSS.ICO
c:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files (x86)\MyWebSearch\bar\icons\WB.ICO
c:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\program files (x86)\OfferBox
c:\program files (x86)\OfferBox\offerboxffx@offerbox.com\components \OfferBoxXpCom.dll
c:\program files (x86)\RelevantKnowledge
c:\program files (x86)\RelevantKnowledge\install.rdf
c:\program files (x86)\RelevantKnowledge\MSVCP71.DLL
c:\program files (x86)\RelevantKnowledge\MSVCR71.DLL
c:\program files (x86)\RelevantKnowledge\rloci.bin
c:\program files (x86)\save tube video company
c:\program files (x86)\ShoppingReport
c:\program files (x86)\ShoppingReport\Uninst.exe
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\HotbarSA
c:\programdata\HotbarSA\HotbarSA.dat
c:\programdata\HotbarSA\HotbarSA_hpk.dat
c:\programdata\HotbarSA\HotbarSA_kyf.dat
c:\programdata\HotbarSA\HotbarSAAbout.mht
c:\programdata\HotbarSA\HotbarSAau.dat
c:\programdata\HotbarSA\HotbarSAEULA.mht
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Games!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Weather.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\users\Vale\AppData\Roaming\.#
c:\users\Vale\AppData\Roaming\inst.exe
c:\users\Vale\AppData\Roaming\OfferBox
c:\users\Vale\AppData\Roaming\OfferBox\config.dat
c:\users\Vale\AppData\Roaming\OfferBox\config.xml
c:\users\Vale\AppData\Roaming\vso_ts_preview.xml
c:\users\Vale\AppData\Roaming\WeatherDPA
c:\windows\SysWow64\f3PSSavr.scr
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Files Creati Da 2011-09-16 al 2011-10-16 )))))))))))))))))))))))))))))))))))
.
.
2011-10-16 09:18 . 2011-10-16 09:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-15 13:42 . 2011-10-15 13:42 388096 ----a-r- c:\users\Vale\AppData\Roaming\Microsoft\Installer\ {45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-15 11:04 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D38F4F62-3AD6-410F-946B-148CFAA3A1D7}\mpengine.dll
2011-10-15 10:54 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-15 10:54 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-15 10:54 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-15 10:54 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-15 10:54 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-15 10:53 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-15 10:53 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-15 10:53 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-15 10:53 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-15 10:53 . 2011-09-29 07:23 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-10-15 10:50 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-15 10:50 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-15 10:50 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-15 10:41 . 2011-10-15 10:41 -------- d-----w- c:\program files (x86)\Sygate
2011-10-15 10:40 . 2011-10-15 10:40 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-10-12 05:26 . 2011-10-12 05:26 -------- d-----w- c:\program files (x86)\Trend Micro
2011-10-12 05:23 . 2011-10-12 05:23 -------- d-----w- c:\users\Vale\AppData\Roaming\EMCO
2011-10-12 05:23 . 2011-10-12 05:23 -------- d-----w- c:\program files\EMCO
2011-10-05 15:25 . 2011-10-05 15:28 -------- d-----w- C:\AbaEnglishMiniCourse
2011-10-02 12:25 . 2011-10-02 12:25 -------- d-----w- c:\users\Vale\AppData\Local\ACD Systems
2011-10-02 12:25 . 2011-10-02 12:25 -------- d-----w- c:\users\Vale\AppData\Roaming\ACD Systems
2011-10-02 12:23 . 2011-10-02 12:23 -------- d-----w- c:\programdata\ACD Systems
2011-10-02 12:23 . 2011-10-02 12:24 -------- d-----w- c:\program files (x86)\Common Files\ACD Systems
2011-10-02 12:23 . 2011-10-02 12:23 -------- d-----w- c:\program files (x86)\ACD Systems
2011-09-28 09:28 . 2011-09-28 09:28 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-09-26 16:17 . 2011-09-26 16:17 -------- d-----w- c:\program files (x86)\Movie Maker 2.6
2011-09-22 13:31 . 2011-09-22 13:36 -------- d-----w- c:\programdata\UraniumBackup
2011-09-22 13:31 . 2011-09-22 13:36 -------- d-----w- c:\program files (x86)\FreeSoft
2011-09-21 17:45 . 2011-09-21 17:45 -------- d-----w- c:\users\Vale\AppData\Local\TVU Networks
2011-09-21 17:45 . 2011-09-21 17:45 -------- d-----w- c:\programdata\TVU Networks
2011-09-21 17:43 . 2011-10-15 10:00 -------- d-----w- c:\users\Vale\AppData\Roaming\vlc
2011-09-21 17:42 . 2011-09-21 17:42 -------- d-----w- c:\program files (x86)\VideoLAN
2011-09-21 17:42 . 2011-09-21 17:42 715806 ----a-w- c:\windows\unins000.exe
2011-09-21 13:27 . 2011-09-21 13:27 -------- d-----w- c:\windows\it
2011-09-21 13:22 . 2011-09-21 13:22 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\906042761cc786101\MeshBetaRemover.exe
2011-09-17 21:37 . 2011-09-17 21:37 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2011-09-21 13:24 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2011-09-06 20:45 . 2010-06-22 08:34 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:38 . 2010-06-22 08:35 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-06-22 08:35 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-06-22 08:35 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-06-22 08:34 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2010-06-22 08:35 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-29 08:54 . 2011-07-29 08:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

**ViolettVale** · 16-10-2011, 11:32

Parte 2
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{08d495ab-a86c-47b0-82ef-da87bf92f730}"= "c:\program files (x86)\Messenger_Plus_Live_Italy\tbMes1.dll" [2010-05-13 2515552]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\program files (x86)\Softonic_Italia\tbSoft.dll" [2010-06-13 2734688]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\program files (x86)\PHPNukeIT\tbPHPN.dll" [2010-09-12 3863136]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"= "c:\program files (x86)\Messenger_Plus\prxtbMess.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{08d495ab-a86c-47b0-82ef-da87bf92f730}]
.
[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
.
[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
.
[HKEY_CLASSES_ROOT\clsid\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{08d495ab-a86c-47b0-82ef-da87bf92f730}]
2010-05-13 12:13 2515552 ----a-w- c:\program files (x86)\Messenger_Plus_Live_Italy\tbMes1.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
2010-09-12 14:02 3863136 ----a-w- c:\program files (x86)\PHPNukeIT\tbPHPN.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
2010-06-13 17:10 2734688 ----a-w- c:\program files (x86)\Softonic_Italia\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Messenger_Plus\prxtbMess.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-08-16 19:35 799472 ----a-w- c:\program files (x86)\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\Toolbar]
"{08d495ab-a86c-47b0-82ef-da87bf92f730}"= "c:\program files (x86)\Messenger_Plus_Live_Italy\tbMes1.dll" [2010-05-13 2515552]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\program files (x86)\Softonic_Italia\tbSoft.dll" [2010-06-13 2734688]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\program files (x86)\PHPNukeIT\tbPHPN.dll" [2010-09-12 3863136]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"= "c:\program files (x86)\Messenger_Plus\prxtbMess.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{08d495ab-a86c-47b0-82ef-da87bf92f730}]
.
[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
.
[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
.
[HKEY_CLASSES_ROOT\clsid\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-08 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"NBKeyScan"="c:\program files (x86)\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768]
.
c:\users\Vale\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
Widget vodafone.lnk - c:\program files (x86)\Widget vodafone.it\Widget vodafone.it.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\ windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datam ngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-29 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-29 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-09-17 23536]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.s ys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.e xe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Vale\Downlo ads\RealTemp_360\WinRing0x64.sys [2008-07-26 14544]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHl pa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCr eatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]
S2 TabletServicePen;TabletServicePen;c:\windows\syste m32\Pen_Tablet.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-29 07:06]
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-29 07:06]
.
2011-09-28 c:\windows\Tasks\HPCeeScheduleForVale.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
2011-09-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
2011-06-01 20:44 1793432 ----a-w- c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"combofix"="c:\combofix\CF32448.3XE" [2010-11-20 345088]
.

**ViolettVale** · 16-10-2011, 11:33

Parte 3:

------- Scansione supplementare -------
.
uStart Page = hxxp://search.findeer.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Vale\AppData\Roaming\Mozilla\Firefox\Prof iles\yh2znuku.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&SearchSource=3&q={s earchTerms}
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-PopularScreensaversWallpaper - c:\progra~2\MYWEBS~1\bar\3.bin\F3SCRCTR.DLL
Wow6432Node-HKCU-Run-EleFunAnimatedWallpaper - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-PoService - (no file)
Wow6432Node-HKLM-Run-Amazing3DAquariumWallpaper - (no file)
Toolbar-10 - (no file)
WebBrowser-{08D495AB-A86C-47B0-82EF-DA87BF92F730} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{4EDD5C14-2D22-4D7A-9748-C975A7FD933B} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF} - (no file)
WebBrowser-{B760D5A4-8D24-4CB6-942E-D6BB540AD88C} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\Alwil Software\Avast4\ashShA64.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\P CDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.032"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.int"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jp2"

**ViolettVale** · 16-10-2011, 11:34

Parte 4 (ne metto anche una quinta)
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-2017547316-3722385757-1459706894-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pict"
.

**ViolettVale** · 16-10-2011, 11:36

Parte 5:
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2017547316-3722385757-1459706894-1000)
"Progid"="ACDSee Photo Manager 12.png"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.THM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xpm"

**ViolettVale** · 16-10-2011, 11:36

Ultima parte (era lunghissimo):
.
[HKEY_USERS\S-1-5-21-2017547316-3722385757-1459706894-1000\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{220991A2-F847-7F7C-BB2D-9C419FF8B7C9}*]
"hanaajigandocchi"=hex:6b,61,68,62,6c,6b,67,61,6d, 61,64,63,6b,65,6d,67,66,6c,
67,64,6e,61,00,c0
"gagplmoacplfgp"=hex:61,63,6c,62,70,65,67,6c,63,66 ,6d,68,61,66,64,62,6b,6d,66,
61,69,6d,6f,68,66,67,70,6d,6a,68,70,63,66,65,66,6a ,6a,62,64,66,6b,63,63,67,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Google\Update\1.3.21.69\GoogleCrashHandler.e xe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
************************************************** ************************
.
Ora fine scansione: 2011-10-16 11:25:46 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-10-16 09:25
.
Pre-Run: 534.097.793.024 byte disponibili
Post-Run: 534.411.091.968 byte disponibili
.
- - End Of File - - 946F5B366AEE2F307E77E10AD0C10B2C

Ps., il mio pc dopo la scansione con combofix non trovava più nessun programma installato (come se fosse stato tutto eliminato), ho riavviato e ora li trova; solo che non mi visualizza più le icone... Come è possibile?

Discussione: virus che non riesco ad eliminare

Strumenti discussione

Ricerca discussione

Visualizza

Permessi di invio