Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Virus w32/Patched.UB

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Virus w32/Patched.UB

Postdi s@ly » 30/07/12 18:03

Ciao a tutti mi chiamo Silvia e ho bisogno del vostro aiuto.
Da alcuni giorni Avira mi segnala insistentemente la presenza del virus w32/Patched.UB in C:\Windows\System32\services.exe.
Non sono riuscita a cancellarlo, chiedo quindi AIUTO per poter definitivamente eliminare questo incubo!
Il mio sistema operativo è windows vista , considerando la mia appena sufficiente conoscenza in materia avrei bisogno di una spiegazione semplice e molta pazienza. Grazie!
s@ly
Utente Junior
 
Post: 12
Iscritto il: 30/07/12 17:37

Sponsor
 

Re: Virus w32/Patched.UB

Postdi COCCOBELLO » 30/07/12 19:47

ciao silvia ;)
visto che da come dici sei poco pratica :)
segu questa guida che è anche illustrata,per fare una scansione con Combofix,e alla fine posta sul forum il report che rilascia
http://windowsguide.altervista.org/combofix/
Avatar utente
COCCOBELLO
Utente Senior
 
Post: 2026
Iscritto il: 06/08/11 13:53

Re: Virus w32/Patched.UB

Postdi s@ly » 30/07/12 22:18

ComboFix 12-07-30.01 - EURONICS 30/07/2012 22.17.05.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3070.1923 [GMT 2:00]
Eseguito da: c:\users\EURONICS\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DealPly
c:\program files\DealPly\sqlite3.dll
c:\program files\OfferBox
c:\users\EURONICS\AppData\Local\realwsd.dat
c:\users\EURONICS\AppData\Local\realwsd_nav.dat
c:\users\EURONICS\AppData\Local\realwsd_navps.dat
c:\users\EURONICS\AppData\Roaming\OfferBox
c:\users\EURONICS\AppData\Roaming\OfferBox\config.xml
c:\users\EURONICS\AppData\Roaming\OfferBox\http_app.offerbox.com\download.profile.sxe
c:\users\EURONICS\AppData\Roaming\OfferBox\http_app.offerbox.com\update.sxe
c:\users\EURONICS\AppData\Roaming\OfferBox\http_app.offerbox.com\update.xml
c:\users\EURONICS\AppData\Roaming\Virouh
c:\users\EURONICS\AppData\Roaming\Virouh\ahpim.owu
c:\windows\assembly\GAC\Desktop.ini
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-28 al 2012-07-30 )))))))))))))))))))))))))))))))))))
.
.
2012-07-30 20:43 . 2012-07-30 20:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-30 20:43 . 2012-07-30 20:46 -------- d-----w- c:\users\EURONICS\AppData\Local\temp
2012-07-26 12:50 . 2012-07-26 12:50 -------- d-----w- c:\users\EURONICS\AppData\Roaming\Avira
2012-07-26 12:39 . 2012-02-03 13:26 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-26 12:39 . 2012-02-03 13:26 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-26 12:39 . 2012-02-03 13:26 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-26 12:39 . 2012-07-26 12:39 -------- d-----w- c:\programdata\Avira
2012-07-26 12:39 . 2012-07-26 12:39 -------- d-----w- c:\program files\Avira
2012-07-22 20:27 . 2012-07-22 20:27 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-19 12:36 . 2012-07-27 17:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-11 15:16 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 12:47 . 2012-07-11 12:47 -------- d-----w- c:\users\EURONICS\AppData\Roaming\Owulo
2012-07-11 12:47 . 2012-07-11 12:47 -------- d-----w- c:\users\EURONICS\AppData\Roaming\Uryq
2012-07-11 12:29 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-07-11 12:29 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-11 12:29 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-11 12:23 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 12:23 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 12:23 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 12:23 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 12:23 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 12:23 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-30 20:45 . 2008-06-12 21:40 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-07-27 17:10 . 2011-08-08 07:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-27 19:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 19:16 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 19:15 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 19:15 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-27 19:16 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-27 19:16 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-27 19:15 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-27 19:15 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-27 19:15 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-30 17:51 . 2012-05-30 17:51 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-30 17:51 . 2012-05-30 17:51 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-30 14:29 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-30 14:29 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-23 09:18 . 2007-10-25 15:26 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-05-15 06:37 . 2012-06-16 08:38 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32 . 2012-06-16 08:37 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32 . 2012-06-16 08:37 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31 . 2012-06-16 08:37 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31 . 2012-06-16 08:37 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01 . 2012-06-16 08:37 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26 . 2012-06-16 08:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23 . 2012-06-16 08:37 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-05 39408]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2012-05-23 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-08-28 655360]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-04-22 33136]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-04-22 37232]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AliceRV_McciTrayApp"="c:\program files\Alice ti aiuta\McciTrayApp.exe" [2007-01-23 1001472]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-05-30 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
.
c:\users\EURONICS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 17:10]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 17:59]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 17:59]
.
2012-07-30 c:\windows\Tasks\User_Feed_Synchronization-{299048C0-E9AA-4A53-BE52-8938AAB7F4DC}.job
- c:\windows\system32\msfeedssync.exe [2012-06-16 03:24]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/ig
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 85.37.17.13 85.38.28.81
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-10 - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Media Finder - c:\program files\Media Finder\MF.exe
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
HKLM-Run-NPSStartup - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-30 22:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
.
C:\ADSM_PData_0150
.
Scansione completata con successo
Files nascosti: 1
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1102491298-60992507-1726504797-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2b,23,7e,a4,d4,0a,1d,87,52,38,78,7f,19,61,11,fa,15,40,c6,11,f7,3b,7f,
a1,e0,a2,c6,bc,f4,44,b0,31,f3,ac,ad,6c,4f,56,a5,70,6c,9f,09,73,f0,09,2f,83,\
"??"=hex:f4,02,d2,e8,c8,ab,aa,2a,e0,0b,d9,f2,cc,bd,9f,4e
.
[HKEY_USERS\S-1-5-21-1102491298-60992507-1726504797-1000\Software\SecuROM\License information*]
"datasecu"=hex:5b,85,ec,eb,b7,54,5b,f1,2f,ea,80,5f,e5,f3,73,79,05,36,d0,3c,7b,
dc,c8,09,f2,85,4d,e7,0b,c5,d8,2e,bb,4e,83,7b,ab,b8,24,ce,41,43,e1,2f,8d,ef,\
"rkeysecu"=hex:d8,ef,39,5d,dc,cd,1b,7e,60,cc,c6,c9,d7,9b,f8,97
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(3796)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\ASUS\SmartLogon\smartlogon.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\P4G\BatteryLife.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-30 22:56:41 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-30 20:56
.
Pre-Run: 38.384.992.256 byte disponibili
Post-Run: 39.191.396.352 byte disponibili
.
- - End Of File - - 31BFED77F5CC8BA2CD69624FAE2360AC
s@ly
Utente Junior
 
Post: 12
Iscritto il: 30/07/12 17:37

Re: Virus w32/Patched.UB

Postdi s@ly » 30/07/12 22:22

Ecco qua ... da quando ho fatto la scansione con Combofix , Avira non mi ha più segnalato il virus.
s@ly
Utente Junior
 
Post: 12
Iscritto il: 30/07/12 17:37

Re: Virus w32/Patched.UB

Postdi COCCOBELLO » 31/07/12 09:31

;) ok
ora scarica questo tool BlitzBlank e salvalo sul Desktop
http://www.emsisoft.com/en/software/blitzblank/

lo lanci con tasto destro Esegui come Amministratore
clicca sulla voce Script
e copia\incolla dentro questo che vedi sotto in grassetto
DeleteFolder:
c:\windows\system32\%APPDATA%


e clicca su Execute Now
e Riavvia il pc quando ti sarà chiesto
Avatar utente
COCCOBELLO
Utente Senior
 
Post: 2026
Iscritto il: 06/08/11 13:53

Re: Virus w32/Patched.UB

Postdi s@ly » 31/07/12 10:23

Fatto. Ho concluso la procedura?
s@ly
Utente Junior
 
Post: 12
Iscritto il: 30/07/12 17:37

Re: Virus w32/Patched.UB

Postdi COCCOBELLO » 31/07/12 10:56

ok
si se non riscontri più problemi è conclusa ;)
Avatar utente
COCCOBELLO
Utente Senior
 
Post: 2026
Iscritto il: 06/08/11 13:53

Re: Virus w32/Patched.UB

Postdi s@ly » 31/07/12 14:45

Ti ringrazio tantISSIMO ! Per ora sembra tutto ok.
s@ly
Utente Junior
 
Post: 12
Iscritto il: 30/07/12 17:37

Re: Virus w32/Patched.UB

Postdi COCCOBELLO » 31/07/12 17:40

prego ;) :)
Avatar utente
COCCOBELLO
Utente Senior
 
Post: 2026
Iscritto il: 06/08/11 13:53

Re: Virus w32/Patched.UB

Postdi ersCi » 20/08/12 22:36

COCCOBELLO ha scritto:;) ok
ora scarica questo tool BlitzBlank e salvalo sul Desktop
http://www.emsisoft.com/en/software/blitzblank/

lo lanci con tasto destro Esegui come Amministratore
clicca sulla voce Script
e copia\incolla dentro questo che vedi sotto in grassetto
DeleteFolder:
c:\windows\system32\%APPDATA%


e clicca su Execute Now
e Riavvia il pc quando ti sarà chiesto


Salve,
ho lo stesso problema ed ho eseguito Combofix ottendo il log seguente

Potrebbe indicarmi se posso proseguire con Blitzblank come indicato in questo post?
In teoria ho giá provato a scaricarlo, salvarlo sul Desktop ed eseguirlo ma ottengo un messaggio di errore "Il nome della directory non è valido".

Grazie mille

ComboFix 12-08-20.02 - hp 20.08.2012 22:57:09.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1453 [GMT 2:00]
ausgeführt von:: c:\users\hp\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\hp\4.0
c:\windows\Installer\{34e5133b-e74d-900d-0087-4fab5717a9e9}\@
c:\windows\Installer\{34e5133b-e74d-900d-0087-4fab5717a9e9}\n
c:\windows\Installer\{34e5133b-e74d-900d-0087-4fab5717a9e9}\U\00000001.@
c:\windows\Installer\{34e5133b-e74d-900d-0087-4fab5717a9e9}\U\80000000.@
c:\windows\Installer\{34e5133b-e74d-900d-0087-4fab5717a9e9}\U\800000cb.@
c:\windows\system32\KBL.LOG
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\32788r22fwjfw\HarddiskVolumeShadowCopy9_!Windows!System32!services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-20 bis 2012-08-20 ))))))))))))))))))))))))))))))
.
.
2012-08-20 21:05 . 2012-08-20 21:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-20 15:12 . 2012-08-20 15:12 -------- d-----w- c:\users\hp\AppData\Roaming\Avira
2012-08-20 15:02 . 2012-07-18 16:04 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-20 15:02 . 2012-07-18 16:04 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-20 15:02 . 2012-07-18 16:04 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-20 15:02 . 2012-08-20 15:02 -------- d-----w- c:\programdata\Avira
2012-08-20 15:02 . 2012-08-20 15:02 -------- d-----w- c:\program files\Avira
2012-08-17 21:56 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{964E6EB9-B074-40CD-92DD-5D8F25B8590F}\mpengine.dll
2012-08-16 21:23 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 15:51 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 20:57 . 2012-04-13 20:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 20:57 . 2011-05-18 06:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:10 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-22 14:32 . 2012-07-10 19:58 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 14:15 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 14:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 14:15 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-21 13:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 13:50 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 13:49 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 13:49 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 13:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 13:50 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 13:49 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 13:49 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 13:49 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-11 14:15 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 14:15 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2010-03-16 20:33 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-24 21:29 . 2011-05-31 08:07 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\hp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\hp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\hp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"Facebook Update"="c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SmileboxTray"="c:\users\hp\AppData\Roaming\Smilebox\SmileboxTray.exe" [2012-07-02 305000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-12-16 220744]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
.
c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\hp\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 20:57]
.
2012-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1693892409-4069339663-186479969-1000Core.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-19 21:12]
.
2012-08-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1693892409-4069339663-186479969-1000UA.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-19 21:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 5.0\resources\de-de\local\search.html
IE: Free YouTube to MP3 Converter - c:\users\hp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.gwdg.de/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\lc8ugzp0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
------- Dateityp-Verknüpfung -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Nero MediaHome 4 - c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3080)
c:\users\hp\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-20 23:17:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-20 21:14
.
Vor Suchlauf: 8 Verzeichnis(se), 158.242.635.776 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 159.891.542.016 Bytes frei
.
- - End Of File - - 8380DFCC9645BA14CAC7F6D10EDEFBEB
ersCi
Newbie
 
Post: 2
Iscritto il: 20/08/12 21:27

Re: Virus w32/Patched.UB

Postdi FrancescoFDAC » 21/08/12 08:11

@ s@ly:

Elimina queste due cartelle:
c:\users\EURONICS\AppData\Roaming\Owulo
c:\users\EURONICS\AppData\Roaming\Uryq

Ripeti una scansione con Avira, e allega il log.

@ersCi:

Apri un topic tutto tuo, non accodarti a questo.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Virus w32/Patched.UB

Postdi Elena1959 » 05/10/12 11:04

cIAO a tutti!
Ho lo stesso problema di Silvia... grazie in anticipo per l'aiuto :-)

Eccovi il report :

ComboFix 12-10-04.02 - Principale 05/10/2012 11:01:14.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.2047.890 [GMT 2:00]
Eseguito da: c:\users\Principale\Downloads\Programs\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BasicScan
c:\program files\BasicScan\uninstall.exe
c:\program files\BrowserCompanion
c:\program files\BrowserCompanion\blabbers-ch.crx
c:\program files\BrowserCompanion\blabbers-ff-full.xpi
c:\program files\BrowserCompanion\jsloader.dll
c:\program files\BrowserCompanion\logo.ico
c:\program files\BrowserCompanion\tdataprotocol.dll
c:\program files\BrowserCompanion\toolbar.dll
c:\program files\BrowserCompanion\uninstall.exe
c:\program files\BrowserCompanion\updatebhoWin32.dll
c:\program files\BrowserCompanion\updater.ini
c:\program files\BrowserCompanion\widgetserv.exe
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\FireFoxExtensionWithFF8Fix.exe
c:\program files\Complitly\FireFoxUninstaller.exe
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\support@Complitly.com\chrome.manifest
c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\support@Complitly.com\install.rdf
c:\program files\Complitly\System.Data.SQLite.dll
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\asmcf.dat
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\ncncf.dat
c:\program files\RelevantKnowledge\nscf.dat
c:\program files\RelevantKnowledge\rlcm.txt
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\Toolbar
c:\program files\Toolbar\3d_large_3.bmp
c:\program files\Toolbar\3d_largeHot_3.bmp
c:\program files\Toolbar\3d_small_3.bmp
c:\program files\Toolbar\3d_smallHot_3.bmp
c:\program files\Toolbar\3d_style_3.tbi
c:\program files\Uninstall.exe
c:\programdata\7f6c08ff26520f5cbec3fdc86850793b_c
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\users\Principale\AppData\Roaming\inst.exe
c:\users\Principale\AppData\Roaming\OfferBox
c:\users\Principale\AppData\Roaming\OfferBox\config.xml
c:\users\Principale\AppData\Roaming\OfferBox\http_app.offerbox.com\country.sxe
c:\users\Principale\AppData\Roaming\OfferBox\http_app.offerbox.com\extracountry.sxe
c:\users\Principale\AppData\Roaming\OfferBox\http_app.offerbox.com\history.db
c:\users\Principale\AppData\Roaming\OfferBox\http_app.offerbox.com\profile.sxe
c:\users\Principale\AppData\Roaming\OfferBox\http_app.offerbox.com\update.sxe
c:\users\Principale\AppData\Roaming\OfferBox\http_app.offerbox.com\update.xml
c:\users\Principale\AppData\Roaming\t09u9zn3.bat
c:\users\Principale\AppData\Roaming\vso_ts_preview.xml
c:\windows\Installer\{51813aa7-2db4-89f1-d93b-566c54f7872a}\@
c:\windows\Installer\{51813aa7-2db4-89f1-d93b-566c54f7872a}\U\00000001.@
c:\windows\Installer\{51813aa7-2db4-89f1-d93b-566c54f7872a}\U\80000000.@
c:\windows\Installer\{51813aa7-2db4-89f1-d93b-566c54f7872a}\U\800000cb.@
c:\windows\IsUn0410.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xe9h8uyk
.
.
((((((((((((((((((((((((( Files Creati Da 2012-09-05 al 2012-10-05 )))))))))))))))))))))))))))))))))))
.
.
2012-10-05 09:14 . 2012-10-05 09:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-05 09:14 . 2012-10-05 09:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-04 14:54 . 2012-10-04 14:54 -------- d-----w- c:\users\Principale\AppData\Roaming\Avira
2012-10-04 14:48 . 2012-10-04 14:48 -------- d-----w- c:\users\Principale\AppData\Local\AskToolbar
2012-10-04 14:48 . 2012-10-04 14:48 -------- d-----w- c:\program files\Ask.com
2012-10-04 14:48 . 2012-10-04 14:49 -------- d-----w- c:\programdata\Avira
2012-10-04 14:48 . 2012-10-04 14:48 -------- d-----w- c:\program files\Avira
2012-10-04 14:48 . 2012-06-05 22:40 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-04 14:48 . 2012-06-05 22:40 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-04 14:48 . 2012-06-05 22:40 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-04 08:54 . 2012-10-04 08:54 -------- d-----w- c:\users\Principale\AppData\Roaming\RealNetworks
2012-10-01 13:55 . 2012-10-01 13:55 -------- d-----w- c:\users\Principale\AppData\Roaming\AVG2013
2012-10-01 13:54 . 2012-10-01 13:54 -------- d-----w- c:\users\Principale\AppData\Roaming\TuneUp Software
2012-10-01 13:50 . 2012-10-04 14:47 -------- d-----w- c:\programdata\AVG2013
2012-09-25 15:17 . 2012-10-01 14:08 -------- d-----w- c:\users\Principale\AppData\Local\Avg2013
2012-09-25 15:17 . 2012-09-25 15:17 -------- d-----w- c:\users\Principale\AppData\Local\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-05 01:42 . 2012-04-06 06:06 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-05 01:42 . 2012-03-02 18:26 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-03 15:18 . 2012-09-03 15:18 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-03 15:18 . 2012-03-03 02:21 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-03 19:08 . 2012-05-03 19:07 3487128 ----a-w- c:\program files\IDMan.exe
2012-05-02 09:31 . 2012-05-03 19:07 383840 ----a-w- c:\program files\IDMIECC64.dll
2012-05-02 09:31 . 2012-05-03 19:07 226736 ----a-w- c:\program files\IDMIECC.dll
2012-04-23 11:26 . 2012-05-03 19:07 96056 ----a-w- c:\program files\idmwfp32.sys
2012-04-23 11:26 . 2012-05-03 19:07 176408 ----a-w- c:\program files\idmtdi64.sys
2012-04-23 11:26 . 2012-05-03 19:07 154272 ----a-w- c:\program files\idmwfp64.sys
2012-04-23 11:26 . 2012-05-03 19:07 108448 ----a-w- c:\program files\idmtdi32.sys
2012-04-19 13:37 . 2012-05-03 19:07 92448 ----a-w- c:\program files\idmbrbtn64.dll
2012-04-19 13:37 . 2012-05-03 19:07 78504 ----a-w- c:\program files\idmbrbtn.dll
2012-04-19 13:32 . 2012-05-03 19:07 153224 ----a-w- c:\program files\IDMNetMon64.dll
2012-04-19 13:32 . 2012-05-03 19:07 116632 ----a-w- c:\program files\IDMNetMon.dll
2012-04-03 12:31 . 2012-05-03 19:07 405344 ----a-w- c:\program files\IDMGrHlp.exe
2012-03-30 09:09 . 2012-05-03 19:07 38304 ----a-w- c:\program files\idmmkb.dll
2012-02-22 13:08 . 2012-05-03 19:07 88416 ----a-w- c:\program files\IDMGetAll64.dll
2012-02-22 13:07 . 2012-05-03 19:07 54624 ----a-w- c:\program files\IDMGetAll.dll
2012-02-22 13:07 . 2012-05-03 19:07 148832 ----a-w- c:\program files\downlWithIDM64.dll
2012-02-22 13:07 . 2012-05-03 19:07 95584 ----a-w- c:\program files\downlWithIDM.dll
2012-02-08 00:49 . 2012-05-03 19:07 22376 ----a-w- c:\program files\IDMShellExt.dll
2012-02-08 00:49 . 2012-05-03 19:07 23432 ----a-w- c:\program files\IDMShellExt64.dll
2011-02-11 17:35 . 2012-05-03 19:07 50736 ----a-w- c:\program files\IDMFType64.dll
2011-02-11 17:35 . 2012-05-03 19:07 42472 ----a-w- c:\program files\idmftype.dll
2011-01-24 06:56 . 2012-05-03 19:07 64352 ----a-w- c:\program files\IDMIntegrator64.exe
2010-05-25 12:28 . 2012-05-03 19:07 263600 ----a-w- c:\program files\IEMonitor.exe
2009-09-16 11:29 . 2012-05-03 19:07 83376 ----a-w- c:\program files\idmfsa.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 01:14 . !HASH: COULD NOT OPEN FILE !!!!! . 259072 . . [------] . . c:\windows\System32\services.exe
[7] 2009-07-14 . 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 . 259072 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-20 11:18 1519824 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-04-24 12:24 1310000 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-04-24 1310000]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-01-31 17147528]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-05-25 3487128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 1681408]
"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-05-02 931584]
"Otshot"="c:\program files\otshot\otshot.exe" [2009-10-25 4276224]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-06-04 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-02 348664]
.
c:\users\Principale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
tcbhn.lnk - c:\users\Principale\AppData\Roaming\BrowserCompanion\tcbhn.exe [2012-3-27 692888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
20Dollars2Surf.lnk - c:\program files\20Dollars2Surf\20dollars2surf.exe [2012-3-13 89088]
Ulead Photo Express SE Calendar Checker.lnk - c:\program files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2012-3-3 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Servizio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 01:42]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-23 00:54]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-23 00:54]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=18&barid={4DFDA241-D094-44FB-A769-DE70BD5D4C7B}
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=Ot ... c=lnkry&q={searchTerms}&s=web&as=0&t=0
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Scarica con IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Scarica con Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: Scarica tutti i link con IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
SafeBoot-MsMpSvc
AddRemove-BrowserCompanion - c:\program files\BrowserCompanion\uninstall.exe
AddRemove-Internet Download Manager - c:\program files\Uninstall.exe
AddRemove-Ulead Photo Express 3.0 SE - c:\windows\IsUn0410.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"=hex:51,66,7a,6c,4c,1d,38,12,f1,24,4e,
ea,29,46,6a,01,e6,5b,85,f6,0f,f0,fe,79
"{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"=hex:51,66,7a,6c,4c,1d,38,12,66,de,32,
90,6d,dd,6f,02,d6,dc,61,9f,95,f2,0a,b2
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}"=hex:51,66,7a,6c,4c,1d,38,12,4a,94,5d,
df,2a,bb,93,08,e3,6a,3b,f5,24,5d,8e,ad
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{64182481-4F71-486B-A045-B233BD0DA8FC}"=hex:51,66,7a,6c,4c,1d,38,12,ef,27,0b,
60,43,01,05,0d,df,53,f1,73,b8,53,ec,e8
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}"=hex:51,66,7a,6c,4c,1d,38,12,95,22,87,
ed,ef,26,9e,05,cb,ba,f4,42,79,f0,6b,0e
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{929801A8-4AEF-4D12-BE31-D85BF666452B}"=hex:51,66,7a,6c,4c,1d,38,12,c6,02,8b,
96,dd,04,7c,08,c1,27,9b,1b,f3,38,01,3f
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:70,f1,ac,96,3e,26,cd,01
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.032"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.abr"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ani"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.arw"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bay"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bmp"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cr2"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.crw"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cs1"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cur"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcr"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcx"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dib"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djv"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djvu"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dng"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.emf"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.eps"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.erf"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fff"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fpx"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.gif"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.hdr"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icl"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icn"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iff"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iw4"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2c"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2k"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jbr"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jfif"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jif"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jp2"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpc"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpe"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpeg"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpg"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpk"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpx"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kdc"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.lbm"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mef"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mos"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mrw"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nef"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nrw"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.orf"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbm"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbr"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcd"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pct"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcx"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pef"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pgm"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pic"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pict"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.png"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ppm"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psd"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psp"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspbrush"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspimage"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raf"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ras"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raw"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgb"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rle"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rw2"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rwl"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sgi"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sr2"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.srf"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tga"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.thm"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tif"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tiff"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttc"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttf"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbm"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbmp"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wmf"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xif"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):50,01,24,34,49,45,7c,8e,a8,f6,03,83,ae,9c,2d,47,4a,f0,8a,c7,62,
91,bd,b3,7a,2d,01,0d,f7,71,2d,dc,dc,1f,16,ae,32,3d,26,35,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2257347111-4096185322-1227690118-1001_Classes\CLSID\{84b0de17-c1af-4f5c-a69f-fe928a5cf5e3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bb
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(3836)
c:\program files\Internet Download Manager\idmmkb.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\system32\DllHost.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\AUDIODG.EXE
.
**************************************************************************
.
Ora fine scansione: 2012-10-05 11:29:15 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-10-05 09:29
.
Pre-Run: 138.523.131.904 byte disponibili
Post-Run: 138.065.367.040 byte disponibili
.
- - End Of File - - B5C2AB21EA29E16BF3C615D813029430
Elena1959
Newbie
 
Post: 1
Iscritto il: 05/10/12 10:55

Re: Virus w32/Patched.UB

Postdi FrancescoFDAC » 05/10/12 13:08

Elena, apri una nuova discussione, non scrivere in questa.

Francesco
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53


Torna a Sicurezza e Privacy


Topic correlati a "Virus w32/Patched.UB":


Chi c’è in linea

Visitano il forum: Nessuno e 8 ospiti