Benvenuto Ospite

Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » help help help

4 pages: [1] 2 3 4

help help help

Opzioni

Topic Precedente · Topic Sucessivo

ragioniere

Inviato: Thursday, August 06, 2009 9:38:27 PM

Rank: AiutAmico

Iscritto dal : 11/5/2006
Posts: 114

Per il problema posto prima, riguardo al processo sospetto, ho iniziato a fare varie scansioni con malware bits e simili senza trovare nulla.allora avendo come antivirus avg ho usato la sua scansione antirookit e al termine della quale mi trova in c:windows/ sistem 32/drivers/aui8fzzf.SYS--Infezione: drivers nascosto---Risultato: l'oggetto è nascosto.
Se lo elimino mi dice di riavviare.ma al riavvio e a scansione nuova me lo ritrova.
Allora sto' cercando di trovare un altro programma antirookit su internet compatibile con vista 32 bit per fare una scansione, ma non lo trovo, per vedere se è un falso positivo o no di avg--------------------------helpppppppppppppppppppppp Pray

Pray

Sponsor

Inviato: Thursday, August 06, 2009 9:38:27 PM

ecofive

Inviato: Thursday, August 06, 2009 9:51:05 PM

Rank: AiutAmico

Iscritto dal : 6/20/2008
Posts: 7,111

Prova con questo: scarica il file e fai doppio clic su di esso. Non occorre installazione.
http://www.freedrweb.com/cureit/

Ciao.

ragioniere

Inviato: Thursday, August 06, 2009 10:03:54 PM

Rank: AiutAmico

Iscritto dal : 11/5/2006
Posts: 114

ti ringrazio la scansione non ha trovato nulla ma era normale l'antivirus non ti trova il rookit.

wolfestein

Inviato: Thursday, August 06, 2009 10:04:15 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,948

In questi casi prima di operare è necessario disattivare il ripristino di sistema altrimenti al riavvio il malware si rigenera.

ragioniere

Inviato: Thursday, August 06, 2009 10:05:24 PM

Rank: AiutAmico

Iscritto dal : 11/5/2006
Posts: 114

ok mo' provo un attimo wolf grazie

wolfestein

Inviato: Thursday, August 06, 2009 10:08:00 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,948

Meglio ancora se fai le scansioni in provvisoria

ragioniere

Inviato: Thursday, August 06, 2009 10:19:32 PM

Rank: AiutAmico

Iscritto dal : 11/5/2006
Posts: 114

disattivato e ritrovato,altro indizio ogni volta ha cambiato il percorso,nessuno sa dirmi una scansione antirookit con un programma apposito per vista 32 bit?

wolfestein

Inviato: Thursday, August 06, 2009 10:32:29 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,948

ragioniere ha scritto:

disattivato e ritrovato,altro indizio ogni volta ha cambiato il percorso,nessuno sa dirmi una scansione antirookit con un programma apposito per vista 32 bit?

Apri un'altro post e metti un log di Hijack vedrai che r16 o pidue ti troveranno la soluzione.

ragioniere

Inviato: Thursday, August 06, 2009 10:37:51 PM

Rank: AiutAmico

Iscritto dal : 11/5/2006
Posts: 114

Grazie wolf ma sto' leggendo in rete che Hijack non rileva i rookit,grazie cmq ma nella mia ignoranza in materia sto' pensando sempre piu' ad un falso positivo poi se gli esperti mi aiutano è un immenso piacere Pray

Pray

r16

Inviato: Thursday, August 06, 2009 11:07:42 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Fai una scansione con Combofix:

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)

ragioniere

Inviato: Thursday, August 06, 2009 11:12:36 PM

Rank: AiutAmico

Iscritto dal : 11/5/2006
Posts: 114

Drool

agli ordini capo,ci sentiamo a fine scansione.

ragioniere

Inviato: Thursday, August 06, 2009 11:19:41 PM

Rank: AiutAmico

Iscritto dal : 11/5/2006
Posts: 114

Brick wall

non riesco a disattivare avg sto' vedendo tutte le opzioni.come devo fare r16???

r16

Inviato: Thursday, August 06, 2009 11:22:49 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

http://www.avg-antivirus.it/support/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=295

ragioniere

Inviato: Thursday, August 06, 2009 11:24:21 PM

Rank: AiutAmico

Iscritto dal : 11/5/2006
Posts: 114

ho chiuso tutti i processi relativi ad avg....proseguo

ragioniere

Inviato: Friday, August 07, 2009 12:01:35 AM

Rank: AiutAmico

Iscritto dal : 11/5/2006
Posts: 114

r16 mi si è bloccato tutto,dopo la scansione se tento di aprire un browser ne avevo due mi dà l'errore è stat tentata un operazione su una chiave di registro di sistema segnata per l'eliminazione helpppppppppppppp sto' dgt con un altro pc

r16

Inviato: Friday, August 07, 2009 12:04:59 AM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Spegni il pc e riavvialo.
Vai a vedere in C:\ComboFix.txt se trovi il log di Combofix.

ragioniere

Inviato: Friday, August 07, 2009 12:05:34 AM

Rank: AiutAmico

Iscritto dal : 11/5/2006
Posts: 114

non mi fa fare neanche un ripristino dà lo stesso errore.........

ragioniere

Inviato: Friday, August 07, 2009 12:06:58 AM

Rank: AiutAmico

Iscritto dal : 11/5/2006
Posts: 114

in c programmi non cè la cartella combo c'è il log ma idem se ci clicco dà sempre l'errore su citato...sto' riavviando...

ragioniere

Inviato: Friday, August 07, 2009 12:12:54 AM

Rank: AiutAmico

Iscritto dal : 11/5/2006
Posts: 114

ComboFix 09-08-06.01 - Administrator 06/08/2009 23.32.00.1.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.39.1040.18.3326.2207 [GMT 2:00]
Eseguito da: c:\users\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\windows\Installer\187d4.msi
c:\windows\Installer\617657.msi
c:\windows\system32\2c682.vbs

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RelevantKnowledge

((((((((((((((((((((((((( Files Creati Da 2009-07-06 al 2009-08-06 )))))))))))))))))))))))))))))))))))
.

2009-08-06 19:57 . 2009-08-06 19:57 -------- d-----w- c:\users\Administrator\DoctorWeb
2009-08-06 18:21 . 2009-08-06 18:21 -------- d-----w- c:\program files\Softwin
2009-08-06 18:19 . 2009-08-06 18:19 -------- d-----w- c:\users\Administrator\Pavark
2009-08-06 18:15 . 2009-08-06 18:15 -------- d-----w- c:\program files\Sophos
2009-08-05 18:49 . 2009-08-06 11:08 -------- d-----w- c:\progra~2\NOS
2009-08-05 18:49 . 2009-08-06 11:08 -------- d-----w- c:\program files\NOS
2009-08-05 12:29 . 2009-08-06 17:19 -------- d-----w- c:\program files\Poker Club by Lottomatica
2009-08-04 16:11 . 2009-08-04 16:11 -------- d-----w- C:\Realtek_Audio_V6015591_Vista
2009-08-04 16:11 . 2009-08-04 16:11 -------- d-----w- C:\RealtekHD_Audio_V51005628_V6015628
2009-07-28 16:36 . 2009-07-28 16:37 5214320 ----a-w- c:\users\Administrator\AppData\Roaming\Maxthon2\Temp\MxSetup.exe
2009-07-27 20:37 . 2009-07-28 08:22 -------- d-----w- c:\program files\HomeKeylogger
2009-07-21 04:59 . 2009-07-21 04:59 3560880 ----a-w- c:\users\Administrator\AppData\Roaming\Maxthon2\Maxthon.exe
2009-07-15 17:14 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 17:14 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 17:14 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 17:14 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 17:14 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-12 19:23 . 2009-07-12 19:23 -------- d-----w- c:\program files\WOT
2009-07-12 11:49 . 2009-07-12 11:51 -------- d-----w- c:\users\Administrator\AppData\Roaming\vlc
2009-07-12 11:49 . 2009-07-12 11:51 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\vlc
2009-07-11 07:33 . 2009-07-11 07:33 -------- d-----w- c:\program files\Unlocker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 21:38 . 2008-07-21 17:27 9 ----a-w- c:\windows\mvraidver.dat
2009-08-06 21:37 . 2008-07-27 07:26 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-06 21:30 . 2009-03-10 18:59 -------- d-----w- c:\users\Administrator\AppData\Roaming\MxBoost
2009-08-06 21:30 . 2009-03-10 18:59 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\MxBoost
2009-08-06 21:12 . 2006-11-06 01:51 709236 ----a-w- c:\windows\system32\perfh010.dat
2009-08-06 21:12 . 2006-11-06 01:51 141512 ----a-w- c:\windows\system32\perfc010.dat
2009-08-06 20:41 . 2009-03-27 20:33 117760 ----a-w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-06 20:15 . 2008-10-30 18:33 -------- d-----w- c:\progra~2\avg8
2009-08-06 17:56 . 2008-07-26 17:02 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-08-06 17:44 . 2008-09-14 21:09 -------- d-----w- c:\program files\a-squared Free
2009-08-06 17:31 . 2009-05-31 09:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 15:01 . 2008-07-28 21:05 -------- d-----w- c:\program files\DC++
2009-08-05 13:47 . 2008-07-19 21:09 143512 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-05 13:47 . 2008-07-19 21:09 143512 ----a-w- c:\users\ADMINI~1\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-05 11:10 . 2008-07-28 16:16 -------- d-----w- c:\program files\Java
2009-08-05 08:23 . 2009-01-04 22:25 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-08-03 11:36 . 2009-05-31 09:11 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-05-31 09:11 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 06:59 . 2009-04-12 18:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 08:36 . 2008-10-30 18:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 08:36 . 2008-10-30 18:33 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 08:36 . 2008-10-30 18:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-29 17:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-28 16:37 . 2009-06-02 20:10 122843 ----a-w- c:\users\Administrator\AppData\Roaming\Maxthon2\MaxthonUINST.exe
2009-07-28 16:37 . 2009-03-10 18:58 -------- d-----w- c:\users\Administrator\AppData\Roaming\Maxthon2
2009-07-28 16:37 . 2009-03-10 18:58 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\Maxthon2
2009-07-28 11:22 . 2008-07-26 08:00 -------- d-----w- c:\users\Administrator\AppData\Roaming\uTorrent
2009-07-28 11:22 . 2008-07-26 08:00 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\uTorrent
2009-07-25 03:23 . 2008-11-23 17:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 17:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 17:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 17:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 17:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-20 17:10 . 2008-10-30 19:37 -------- d-----w- c:\program files\TVUPlayer
2009-07-14 19:07 . 2008-07-29 08:43 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-07 17:07 . 2009-05-10 22:07 -------- d-----w- c:\users\Administrator\AppData\Roaming\IrfanView
2009-07-07 17:07 . 2009-05-10 22:07 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\IrfanView
2009-07-07 17:07 . 2008-08-07 19:07 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools
2009-07-07 17:07 . 2008-08-07 19:07 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\DAEMON Tools
2009-07-07 17:07 . 2009-07-05 07:02 -------- d--h--w- c:\progra~2\~0
2009-07-07 17:07 . 2009-01-04 22:25 -------- d-----w- c:\program files\Realtek
2009-07-07 17:07 . 2008-07-21 15:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 16:52 . 2009-07-07 16:52 -------- d--h--w- c:\program files\Temp
2009-07-05 14:03 . 2009-07-05 14:03 -------- d-----w- c:\program files\THQ
2009-07-05 07:02 . 2009-07-05 07:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\Uniblue
2009-07-05 07:02 . 2009-07-05 07:02 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\Uniblue
2009-07-03 19:37 . 2009-07-03 19:37 -------- d-----w- c:\program files\Smart PC Solutions
2009-07-03 17:41 . 2009-07-03 17:38 -------- d-----w- c:\program files\Video Strip Poker
2009-07-02 17:50 . 2009-07-02 17:50 -------- d-----w- c:\program files\Formosoft
2009-07-01 21:35 . 2009-06-27 08:59 -------- d-----w- c:\progra~2\Messenger Plus!
2009-06-30 20:05 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-06-30 20:05 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-06-30 20:05 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-06-30 20:05 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-06-30 20:05 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-30 20:05 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-06-30 20:03 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-30 19:53 . 2006-11-02 12:35 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-30 19:12 . 2009-06-24 14:04 -------- d-----w- c:\program files\Electronic Arts
2009-06-30 17:14 . 2009-06-30 17:14 -------- d-----w- c:\program files\Infogrames
2009-06-30 02:22 . 2009-06-30 02:22 95488 ----a-w- c:\users\Administrator\AppData\Roaming\Maxthon2\MxHttpRq.dll
2009-06-30 02:22 . 2009-06-30 02:22 91392 ----a-w- c:\users\Administrator\AppData\Roaming\Maxthon2\mxtool.dll
2009-06-30 02:22 . 2009-06-30 02:22 87376 ----a-w- c:\users\Administrator\AppData\Roaming\Maxthon2\MxSk.dll
2009-06-30 02:22 . 2009-06-30 02:22 87296 ----a-w- c:\users\Administrator\AppData\Roaming\Maxthon2\mxtool2.dll
2009-06-30 02:22 . 2009-06-30 02:22 797440 ----a-w- c:\users\Administrator\AppData\Roaming\Maxthon2\MxUI.dll
2009-06-30 02:22 . 2009-06-30 02:22 79104 ----a-w- c:\users\Administrator\AppData\Roaming\Maxthon2\maxzlib.dll
2009-06-30 02:22 . 2009-06-30 02:22 78136 ----a-w- c:\users\Administrator\AppData\Roaming\Maxthon2\maxupdate.exe
2009-06-30 02:22 . 2009-06-30 02:22 615680 ----a-w- c:\users\Administrator\AppData\Roaming\Maxthon2\MxProxy2.dll
2009-06-30 02:22 . 2009-06-30 02:22 54528 ----a-w- c:\users\Administrator\AppData\Roaming\Maxthon2\MxExt.dll
2009-06-30 02:22 . 2009-06-30 02:22 50512 ----a-w- c:\users\Administrator\AppData\Roaming\Maxthon2\mxpp.dll
2009-06-30 02:22 . 2009-06-30 02:22 398592 ----a-w- c:\users\Administrator\AppData\Roaming\Maxthon2\mxdb.dll
2009-06-30 02:22 . 2009-06-30 02:22 107856 ----a-w- c:\users\Administrator\AppData\Roaming\Maxthon2\MxFav.dll
2009-06-27 09:04 . 2008-07-29 08:43 -------- d-----w- c:\program files\Windows Live
2009-06-27 08:43 . 2009-06-27 08:43 -------- d-----w- c:\program files\Messenger Plus! Live(13)
2009-06-27 08:41 . 2009-06-27 06:40 -------- d-----w- c:\program files\Windows Live(16)
2009-06-27 08:35 . 2009-06-27 06:19 -------- d-----w- c:\progra~2\WLInstaller
2009-06-27 06:40 . 2009-06-27 06:40 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-06-27 06:31 . 2009-06-27 06:31 -------- d-----w- c:\program files\VS Revo Group
2009-06-24 14:17 . 2009-06-24 14:16 -------- d-----w- c:\progra~2\Electronic Arts
2009-06-24 14:12 . 2009-06-24 14:12 10134 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-24 14:12 . 2009-06-24 14:12 -------- d-----w- c:\program files\Microsoft WSE
2009-06-24 09:54 . 2009-06-24 09:54 427384 ----a-w- c:\users\Administrator\AppData\Roaming\Maxthon2\Modules\MxWebBoost\MxWebBoost.dll
2009-06-16 19:58 . 2008-10-28 18:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\Azureus
2009-06-16 19:58 . 2008-10-28 18:02 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\Azureus
2009-06-16 19:58 . 2008-07-21 08:15 -------- d-----w- c:\users\Administrator\AppData\Roaming\Ahead
2009-06-16 19:58 . 2008-07-21 08:15 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\Ahead
2009-06-16 19:58 . 2009-05-15 20:03 -------- d-----w- c:\program files\CrystalDiskInfo27
2009-06-16 19:58 . 2009-05-03 16:13 -------- d-----w- c:\program files\Rohos
2009-06-16 19:58 . 2009-01-04 14:52 -------- d-----w- c:\program files\VirtualDJ
2009-06-16 19:58 . 2008-10-28 18:01 -------- d-----w- c:\program files\Vuze
2009-06-16 19:58 . 2008-08-31 20:08 -------- d-----w- c:\program files\TVAnts
2009-06-16 19:58 . 2008-08-06 05:07 -------- d-----w- c:\program files\ENCICLOPEDIA MEDICA 2007
2009-06-16 19:58 . 2008-07-21 17:23 -------- d-----w- c:\progra~2\ASUS
2009-06-16 19:41 . 2008-11-25 20:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\Digital Support
2009-06-16 19:41 . 2008-11-25 20:23 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\Digital Support
2009-06-16 18:07 . 2009-06-16 18:01 -------- d-----w- c:\users\Administrator\AppData\Roaming\Nimi
2009-06-16 18:07 . 2009-06-16 18:01 -------- d-----w- c:\users\ADMINI~1\AppData\Roaming\Nimi
2009-06-16 18:04 . 2009-06-16 18:04 8192 ---h--w- c:\users\Administrator\AppData\Roaming\Maxthon2\niminovc.dll
2009-06-16 17:40 . 2009-06-16 17:33 -------- d-----w- c:\progra~2\Pinnacle VideoSpin
2009-06-16 17:33 . 2008-10-20 17:58 -------- d-----w- c:\program files\Pinnacle
2008-07-21 08:21 . 2008-07-21 08:21 24 --sha-w- c:\windows\SD845C329(124).tmp
2008-07-21 08:21 . 2008-07-21 08:21 24 --sha-w- c:\windows\SD845C329(130).tmp
2008-07-21 08:21 . 2008-07-21 08:21 24 --sh--w- c:\windows\SD845C329.tmp
2007-05-20 22:01 . 2007-05-20 21:24 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-08 24576]
"V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-06-28 32768]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-31 2000152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"HomeKeyLogger"="c:\program files\HomeKeylogger\KeyLogger.exe" [2007-08-04 28160]
"AsioReg"="CTASIO.DLL" - c:\windows\System32\ctasio.dll [2007-04-09 79872]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CtHelper.exe [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2007-04-09 19968]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-20 6144000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\nnnoOffd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b2,a8,17,76,bf,f9,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1978596039-4068159482-2631118307-500]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{91629DFA-3C92-48B0-80CC-8CAFC83C99F9}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F7E1AF7E-BE6C-43A8-9754-01D07305EFD8}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{18A20360-D42D-474A-B8A8-E6522F692BFB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{987C5954-0232-4185-910B-94DFAA45A95F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DCA1A2E0-B470-4D0C-95BF-4EB79F84F472}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{931B8578-C2C2-4C35-805F-7D4501B10411}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"TCP Query User{D64DC4AB-CEFF-468E-A205-C38E09B03A46}c:\\program files\\marvell\\61xx\\apache2\\bin\\apache.exe"= UDP:c:\program files\marvell\61xx\apache2\bin\apache.exe:Apache HTTP Server
"UDP Query User{4AE9C2E7-C710-4509-9A5B-0E4FD48FEFAA}c:\\program files\\marvell\\61xx\\apache2\\bin\\apache.exe"= TCP:c:\program files\marvell\61xx\apache2\bin\apache.exe:Apache HTTP Server
"{7B587EB7-155A-4CB0-B479-6A88A1B78575}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{B5EA20AD-CA88-4CB3-9ED0-51EA4DD0787E}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{EC761CF1-7347-4001-914A-7A37E2A9DADA}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{EA671EE8-E8AC-4E12-8A7E-9F6B391980A1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{31499527-AA7A-4AC1-BEA3-EA491AF5B929}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{1A70DB6D-EECA-4E07-9301-B2DF11E287FB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{70C1BC5C-CFC2-48AB-B9F7-245B1D812F6E}"= UDP:c:\program files\SightSpeed\SightSpeed.exe:SightSpeed
"{F12BBE8A-3A73-4EA6-8537-D2DA7294D3DE}"= TCP:c:\program files\SightSpeed\SightSpeed.exe:SightSpeed
"{FBA86C94-9929-44FF-8B68-0EC5CC22828B}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{3036EE7F-38CC-4E29-946F-3BD324FD638B}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{242FA4CF-01CF-4AF2-A1AB-F3352045B497}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{5DBF1098-B52C-4132-9F11-CDF6321D2A62}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{56387049-CD5E-4868-A6BD-6A2D8FFA3C2C}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{36660081-23AD-4549-BAD6-7B4F08FDF2B9}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{53A97603-D6D0-4579-A864-49AC9BECB864}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{DAEBBBE3-950F-4695-9E72-6568C207174F}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{8E63B63F-C149-41EA-9E97-F5D631145FCC}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{BC09ADE7-CD84-4177-BB6B-B8D685096470}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{557AB44C-F409-4346-886C-8C76D7D3B519}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{C78D968B-A1D9-4112-B951-2B3A8DCE37A5}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{BE6275B8-C889-4C1F-A6E0-48F79E5B448A}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{525E8B15-C32F-4C51-99F6-FDE36DD61E2C}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{AD149124-FF29-4A5E-932E-F83E93038850}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{89B5C6AE-90E6-4C5B-8127-5DAEB3069861}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{A094EA17-AEAB-4D64-B8FC-57ED37D7C116}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{0AA940FA-8BE8-4104-805C-268D2FEDC4B2}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{4BFF9CD9-4B18-4B04-93B1-A532E976E0BF}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{2A55BE56-02D2-4F02-ACBA-CC8EDF43018F}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{CE830121-90E3-4377-93A9-7B9BA0953949}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{CED4F1D0-DAC8-4CC7-8CE6-68ABD9DDA7EC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{E886C83C-5681-4344-9787-CF7537D78DF0}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{F97DB21C-2BF5-4950-8597-6ADE1838725A}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{FB3E1863-EE1A-4A0B-A12C-294990CF0708}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"UDP Query User{E1063D23-EE38-4B50-9D8C-6260B938549A}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"TCP Query User{AB0D69AF-E780-4590-894F-AEFDB924344C}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{ED0C665C-53E6-4E56-A1AA-E499DE0C9718}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{972B6805-4B1B-4E1B-B615-B2827C28181C}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{0B132BA0-0E84-4EF1-B2A7-D3D98A96B573}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{8C92FCFF-8B0E-49F8-AA03-47098F535D96}c:\\users\\administrator\\desktop\\radioplay.exe"= UDP:c:\users\administrator\desktop\radioplay.exe:radioplay.exe
"UDP Query User{7A4B2FBA-15D7-4044-BF6B-9D0B3CCE418D}c:\\users\\administrator\\desktop\\radioplay.exe"= TCP:c:\users\administrator\desktop\radioplay.exe:radioplay.exe
"TCP Query User{B1B3769C-2E92-45D1-B3C9-1D85DA098E56}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{F8E9C419-7900-4604-8CD4-CF34D1C8F257}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{7F00955E-082D-4955-B293-761E1EA9C1E9}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{B2091610-B97E-4B8B-9FEA-BFFC1E0F4E6B}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{9EE76E6A-9F5A-4F02-A5F3-B44B6F8CEF3C}c:\\users\\administrator\\appdata\\local\\temp\\arc51eb\\mirc6.21-italiano-tuttoirc\\mirc.exe"= UDP:c:\users\administrator\appdata\local\temp\arc51eb\mirc6.21-italiano-tuttoirc\mirc.exe:mirc.exe
"UDP Query User{D2DB817D-0169-4167-96CC-72B2E56F7090}c:\\users\\administrator\\appdata\\local\\temp\\arc51eb\\mirc6.21-italiano-tuttoirc\\mirc.exe"= TCP:c:\users\administrator\appdata\local\temp\arc51eb\mirc6.21-italiano-tuttoirc\mirc.exe:mirc.exe
"TCP Query User{46926EB1-21CD-47F6-8F0D-282728F93939}c:\\users\\administrator\\appdata\\local\\temp\\arcf566\\mirc6.21-italiano-tuttoirc\\mirc.exe"= UDP:c:\users\administrator\appdata\local\temp\arcf566\mirc6.21-italiano-tuttoirc\mirc.exe:mirc.exe
"UDP Query User{8789738A-B9DB-4022-9339-112BF616054E}c:\\users\\administrator\\appdata\\local\\temp\\arcf566\\mirc6.21-italiano-tuttoirc\\mirc.exe"= TCP:c:\users\administrator\appdata\local\temp\arcf566\mirc6.21-italiano-tuttoirc\mirc.exe:mirc.exe
"TCP Query User{EF03B01B-45AB-44D0-8904-7F92AD147A10}c:\\users\\administrator\\appdata\\local\\temp\\arc27bd\\ldcplusplus.exe"= UDP:c:\users\administrator\appdata\local\temp\arc27bd\ldcplusplus.exe:ldcplusplus.exe
"UDP Query User{4666F2A9-513F-41D3-BE24-C345A8E629B4}c:\\users\\administrator\\appdata\\local\\temp\\arc27bd\\ldcplusplus.exe"= TCP:c:\users\administrator\appdata\local\temp\arc27bd\ldcplusplus.exe:ldcplusplus.exe
"TCP Query User{65A8F9AF-8F7B-42AA-AB99-22AE5B503EC6}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{5C26A183-9ED5-45D1-B335-783E0A97CABA}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{D6B3BF4C-CF1E-41D3-B878-3C85FB36FE62}c:\\program files\\easymule\\emule.exe"= UDP:c:\program files\easymule\emule.exe:easyMule
"UDP Query User{0A580C7C-5D65-4362-BB6D-D43AC3DF37F9}c:\\program files\\easymule\\emule.exe"= TCP:c:\program files\easymule\emule.exe:easyMule
"{42DE6624-B609-416B-BBE5-5E0D47AA20F3}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{D754F787-538D-4EDC-9CAF-14D452FDD0CE}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"TCP Query User{4D688F56-DAC4-4204-BC79-C785C72CFAC9}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{6B847FBE-2B0B-4ACA-AA9A-63B72C8B18E6}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{117887F9-1FB7-46DB-A226-5307A24467D2}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{9FA642B0-D2E0-435B-B54C-AA39512186FE}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"{66EAD8BF-E323-4C13-A398-84DBDAAD1706}"= Disabled:UDP:c:\program files\PhotoJoy\Bin\PjImp.exe:PhotoJoy
"{4611F687-9AA6-49CF-B924-C112497EE637}"= Disabled:TCP:c:\program files\PhotoJoy\Bin\PjImp.exe:PhotoJoy
"{26D2EAB5-5C23-43D4-B99B-F940C80BC5F0}"= Disabled:UDP:c:\program files\PhotoJoy\Bin\PhotoJoy.exe:PhotoJoy
"{BD9400D9-3410-4B15-9925-F1645E6CBD1B}"= Disabled:TCP:c:\program files\PhotoJoy\Bin\PhotoJoy.exe:PhotoJoy
"{806F0B0C-E76E-4A6C-A13D-1E6E870D306B}"= Disabled:UDP:c:\program files\PhotoJoy\Bin\PjApp.exe:PhotoJoy
"{04904D03-AE58-4640-816F-891D0BFA638D}"= Disabled:TCP:c:\program files\PhotoJoy\Bin\PjApp.exe:PhotoJoy
"TCP Query User{B1104376-B8C3-4C08-921C-518499E928C6}c:\\users\\administrator\\appdata\\roaming\\maxthon2\\maxthon.exe"= UDP:c:\users\administrator\appdata\roaming\maxthon2\maxthon.exe:maxthon.exe
"UDP Query User{24B0474D-675C-4C0A-B787-A278D87FB87E}c:\\users\\administrator\\appdata\\roaming\\maxthon2\\maxthon.exe"= TCP:c:\users\administrator\appdata\roaming\maxthon2\maxthon.exe:maxthon.exe
"TCP Query User{1000E284-6C9C-44CD-AE30-33A17BFD20EA}c:\\users\\administrator\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= UDP:c:\users\administrator\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"UDP Query User{D771BD7E-E742-4A90-93F0-40E23F929B09}c:\\users\\administrator\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= TCP:c:\users\administrator\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"{EF9D000D-D3CE-43FF-8B58-70A4BB31B0EC}"= UDP:c:\program files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom
"{CEBA69B7-8769-45D1-AF09-6886A6F0EEF3}"= TCP:c:\program files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom
"{99235EEB-8370-4F44-B013-85E0F111842C}"= UDP:c:\program files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom
"{AB5B37A6-D93E-4E2A-AEDC-342AF176B775}"= TCP:c:\program files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom
"{9185FA0C-6AE2-4D9E-8BF1-BB6FD8729C47}"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\ARCE4E8\utorrent.exe:µTorrent (TCP-In)
"{A7654280-3E27-4C50-9AE0-59C7CDD2452F}"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\ARCE4E8\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{C6A84A7D-7697-4581-A92D-D4289B2EF207}c:\\users\\administrator\\appdata\\local\\temp\\arce4e8\\utorrent.exe"= UDP:c:\users\administrator\appdata\local\temp\arce4e8\utorrent.exe:utorrent.exe
"UDP Query User{B25BE730-B091-43BC-BB2D-EEA2AA50E6AA}c:\\users\\administrator\\appdata\\local\\temp\\arce4e8\\utorrent.exe"= TCP:c:\users\administrator\appdata\local\temp\arce4e8\utorrent.exe:utorrent.exe
"{9C54922F-ADF7-4318-9C82-EE3F27612BF9}"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\ARCE4E8\utorrent.exe:µTorrent (TCP-In)
"{C1B55348-8D6C-415C-A876-98F94C76E5FE}"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\ARCE4E8\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{A05D741A-A3DD-4B10-B1D2-B630B101C6B7}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{F2D698AA-722E-4497-BF13-56B9B2E2752F}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{7EA673C9-1244-4D01-9AD7-305C19CDFC1A}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{37D471C3-C070-49DE-96FC-7D445682F536}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{66205A2C-22D9-4B6E-B64D-4F452C3D82CD}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{1991A6EF-8B1E-46CF-BA1E-45BF820B35F5}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{9BA53811-1FF3-4DEB-AD8A-927F40BEA509}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{E29F5604-126F-45EC-971D-C7324B526FCA}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"{33801D00-BDDC-4B1A-9D25-BEE33EDE58CC}"= UDP:4662:eMule
"{2F39E12F-AEEF-47B7-A736-8E75B73ABF6C}"= TCP:4672:eMule
"TCP Query User{99591E3E-7DF6-4F36-BCCD-8D665AF25B60}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{E8EF139C-FA0A-4FC1-81EC-506E4F6D79D6}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{012CB50D-2A6E-4CB3-B5D4-4089F2472D50}c:\\users\\administrator\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= UDP:c:\users\administrator\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"UDP Query User{5DD8D983-04FF-496C-A4F4-C704BDC48A16}c:\\users\\administrator\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= TCP:c:\users\administrator\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"TCP Query User{9381E056-53B7-491B-A6D7-410EBC9ED5C9}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{24B04C5B-3435-49AA-99C9-B9B0739EB544}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{61BFF70D-9F15-4642-BE06-09539D58CE12}"= Disabled:UDP:c:\program files\PhotoJoy\Bin\PhotoJoy.exe:PhotoJoy
"{BEA7A251-0266-4091-BB4B-31C934DC7271}"= Disabled:TCP:c:\program files\PhotoJoy\Bin\PhotoJoy.exe:PhotoJoy
"{7B0D9E9E-C2EF-4336-B39E-67F6C343A0C3}"= Disabled:UDP:c:\program files\PhotoJoy\Bin\PjApp.exe:PhotoJoy
"{7B13D1F9-4520-4E0C-9465-592AAA2B8F05}"= Disabled:TCP:c:\program files\PhotoJoy\Bin\PjApp.exe:PhotoJoy
"TCP Query User{3548E94B-847B-4D6E-9144-B3936AD76512}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{B1534CAC-1A69-4ED7-8C59-EB58AC96F777}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{76BBF3B9-741B-4FBB-8002-8EC0841EF2FB}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9E615DC4-88C6-4956-B045-215E145E1FAF}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{03024A1B-E9EE-4B8E-8623-2E991DF15E18}"= UDP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{F96B2E75-9B22-4F02-BEB2-EEFAEAF9E47E}"= TCP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{333C7BC0-D654-476F-9FD5-EC50F937893E}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{2DEFB16A-AA09-47D7-882E-DDF9EE39B1D2}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{8FB47BFE-C65E-4B87-96BC-DDC674E164C6}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{49796183-5F20-4158-A5BC-A646A7A5B9C7}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{E8F4B28A-A716-4292-BC8D-14515489D188}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{8C54B674-CAA0-4682-8990-D93AF004F3EC}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [30/10/2008 20.33.23 12552]
R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [15/06/2007 9.52.18 143256]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [05/05/2009 19.56.22 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [30/10/2008 20.33.17 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [30/10/2008 20.33.21 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [03/09/2008 14.07.14 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2008 14.07.12 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [08/01/2009 18.25.49 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/01/2009 18.25.53 297752]
R2 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [12/06/2007 20.54.12 61440]
R2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [23/05/2007 2.17.02 20539]
R2 RHDISK;RHDISK;c:\program files\Rohos\rhdisk.sys [03/05/2009 18.13.25 38264]
R3 V0220Dev;Live! Cam Video IM;c:\windows\System32\drivers\V0220Dev.sys [02/08/2008 10.02.35 146112]
R3 V0220Vfx;V0220VFX;c:\windows\System32\drivers\V0220Vfx.sys [02/08/2008 10.02.35 6272]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [03/09/2008 14.07.16 7408]
S4 HAQDE;HAQDE;c:\users\ADMINI~1\AppData\Local\Temp\HAQDE.exe [06/08/2009 20.57.41 404352]
S4 IJZFAJ;IJZFAJ;c:\users\ADMINI~1\AppData\Local\Temp\IJZFAJ.exe [06/08/2009 20.58.04 375680]
S4 Rohos Disk;Rohos Disk service;c:\program files\Rohos\agent.exe [03/05/2009 18.13.25 785448]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [26/07/2008 19.02.38 1153368]
S4 VundoFixSvc;VundoFix Service;VundoFixSVC.exe --> VundoFixSVC.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
TCP: {4D7F5B01-3478-4ADD-A227-4856158B1F73} = 192.168.0.1
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b4,d8,3c,13,69,96,0f,48,94,c6,30,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b4,d8,3c,13,69,96,0f,48,94,c6,30,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b4,d8,3c,13,69,96,0f,48,94,c6,30,\

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="3gpfile"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="3gpfile"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ac3file"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="alacfile"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]
@Denied: (2) (Administrator)
"Progid"="apefile"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aup\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="avifile"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="AVIfile"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\AbiWord.exe"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Microsoft Internet Mail Message"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EVO\UserChoice]
@Denied: (2) (Administrator)
"Progid"="evofile"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="flacfile"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="hdmovfile"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ifo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ifofile"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="m4afile"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]
@Denied: (2) (Administrator)
"Progid"="MatroskaVideo"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="MatroskaVideo"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="MP3File"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mp4file"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mpcfile"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="MPEGFile"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MSWMM\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ogmfile"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pps\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OpenOffice.org.Pps"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="RealMedia"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="RealMedia"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ttafile"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMAFile"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-1978596039-4068159482-2631118307-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,dd,f0,3d,5b,10,
e5,e5,7d,c8,28,51,af,b0,29,a3,98,3e,af,63,4b,26,6b,a3,5d,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,54,83,3d,f7,52,
2b,e1,df,71,3b,04,66,8b,46,0d,96,71,ba,ce,41,24,fc,b2,ec,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,a3,9e,86,f2,e8,
74,f4,72,25,da,ec,7e,55,20,c9,26,29,d3,de,f6,e4,e5,15,ac,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,c1,3a,e7,a4,df,
fa,40,ea,3e,1e,9e,e0,57,5a,93,61,b3,b5,c6,12,17,25,0c,38,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,27,05,aa,bc,d6,
ff,40,b6,cd,44,cd,b9,a6,33,6c,cd,c4,46,a4,e4,85,89,f3,22,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,a2,b6,d1,5f,84,
47,53,9d,b0,18,ed,a7,3f,8d,37,a4,4e,4b,b5,38,90,ec,87,63,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,3d,b4,39,e9,3b,
e3,13,15,31,77,e1,ba,b1,f8,68,02,9b,09,be,b7,b2,db,2a,89,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,af,45,a2,47,11,
40,3e,16,83,6c,56,8b,a0,85,96,ab,70,b4,84,1b,a2,5f,15,ea,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,b9,da,04,2b,88,
e4,f0,9a,51,fa,6e,91,28,9e,14,cc,de,d1,41,a0,c4,42,59,28,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,f1,cb,ce,b4,6a,
ed,7e,7e,b1,cd,45,5a,a8,c4,f8,b9,56,25,c7,96,b8,08,13,a9,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,31,78,57,83,5c,
75,c0,09,e3,0e,66,d5,eb,bc,2f,6b,c0,47,62,f7,d1,20,4e,e9,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,6b,c3,8a,ce,d7,
38,e7,c1,fa,ea,66,7f,d4,3b,6b,70,c6,09,64,e1,b1,18,10,6f,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\ABO7087\5&284a51da&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\ABO7087\5&284a51da&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\ABO7087\5&284a51da&0&UID257\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\ABO7087\5&284a51da&0&UID257\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\Default_Monitor\5&10e4041b&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\Default_Monitor\5&10e4041b&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\Default_Monitor\5&10e4041b&0&UID257\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\Default_Monitor\5&10e4041b&0&UID257\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\Default_Monitor\5&284a51da&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\Default_Monitor\5&284a51da&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\GSM42B9\5&284a51da&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\GSM42B9\5&284a51da&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HRT1701\5&284a51da&0&12345678&01&00\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HRT1701\5&284a51da&0&12345678&01&00\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HRT1701\5&284a51da&0&UID272\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HRT1701\5&284a51da&0&UID272\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP0B05\5&284a51da&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP0B05\5&284a51da&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP0B05\5&97d0555&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP0B05\5&97d0555&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A8\5&10e4041b&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A8\5&10e4041b&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A8\5&284a51da&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A8\5&284a51da&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A8\5&284a51da&0&UID257\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A8\5&284a51da&0&UID257\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-06 23.47.23 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-06 21:47

Pre-Run: 301.638.098.944 byte disponibili
Post-Run: 301.882.671.104 byte disponibili

718 --- E O F --- 2009-07-31 16:21

fiuuuuuuuuuu riavviando internet si è aperto e anche il log sto' dgt adesso dal pc di prima

Utenti presenti in questo topic

4 pages: [1] 2 3 4

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » help help help

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS :

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded