WinTricks Forum - Visualizza messaggio singolo

elena.del · 14-10-2013, 17.06.19

Ho eseguito una scansione con Combofix in quanto durante la navigazione si aprivano finestre indesiderate. La scansione è durata circa 10 minuti come previsto e sul momento sembrava che il problema si fosse risolto. Il giorno seguente tutto è ritornato come prima. Vorrei che gentilmente qualcuno mi aiutasse a leggere il log e mi desse qualche dritta su come intervenire per risolvere il problema. Grazie

ComboFix 13-10-12.01 - User 13/10/2013 11.49.39.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.767.434 [GMT 2:00]
Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe
AV: F-Secure Client Security 9.32 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 9.32 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\documents and settings\User\Dati applicazioni\Toolbar4
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\omesuperv.exe
c:\documents and settings\User\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\9346a1ed70701672.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d730a96304873fa8.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SETAE.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Creati Da 2013-09-13 al 2013-10-13 )))))))))))))))))))))))))))))))))))
.
.
2013-10-13 09:40 . 2013-10-13 09:40 -------- d-----w- C:\QuickSeeker20130820
2013-10-13 09:40 . 2013-10-13 09:40 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Context2pro
2013-10-13 07:04 . 2013-10-13 07:04 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Snz
2013-10-10 15:45 . 2013-10-12 07:21 -------- d-----w- C:\CONTI
2013-10-10 15:01 . 2013-10-10 15:01 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-10 13:29 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-10-10 13:24 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-10-10 13:24 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2013-10-10 13:24 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-10-06 10:06 . 2013-10-03 17:24 475736 ----a-w- c:\windows\system32\drivers\0518893drv.sys
2013-10-04 05:03 . 2013-10-03 17:24 133208 ----a-w- c:\windows\system32\drivers\89277119.sys
2013-10-03 18:10 . 2013-10-03 18:10 -------- d-----w- c:\documents and settings\User\Dati applicazioni\F-Secure
2013-10-01 09:08 . 2013-10-01 09:08 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\F-Secure
2013-10-01 09:08 . 2013-10-01 09:20 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2013-10-01 09:07 . 2012-06-26 16:25 82992 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2013-10-01 09:05 . 2013-10-01 09:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\fssg
2013-10-01 09:05 . 2013-10-01 09:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\F-Secure
2013-10-01 08:57 . 2013-10-01 09:20 -------- d-----w- c:\programmi\F-Secure
2013-10-01 08:45 . 2013-10-01 08:45 -------- d-----w- c:\programmi\File comuni\Java
2013-10-01 08:45 . 2013-10-01 08:44 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-01 08:44 . 2013-10-01 08:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-01 08:44 . 2013-10-01 08:44 -------- d-----w- c:\programmi\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2013-10-10 15:01 . 2012-04-21 08:01 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-10 15:01 . 2011-10-29 17:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-01 08:44 . 2012-12-17 15:49 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-01 08:44 . 2011-10-27 15:41 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-23 18:24 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:24 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-09-23 18:24 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:24 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-09-09 17:27 . 2013-09-09 17:25 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-08-29 07:01 . 2008-04-14 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2008-04-14 12:00 391168 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2008-04-14 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2011-10-28 16:03 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2008-04-14 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2008-04-14 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-18 23:18 . 2013-07-18 23:18 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNativ e_v0300.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\El dosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 11:12 159488 ----a-w- c:\windows\system32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-06-26 17:22 2090848 ----a-w- c:\programmi\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-06-26 17:22 2090848 ----a-w- c:\programmi\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-06-26 17:22 2090848 ----a-w- c:\programmi\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-06-26 17:22 2090848 ----a-w- c:\programmi\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-06-26 17:22 2090848 ----a-w- c:\programmi\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"HP Officejet 4620 series (NET)"="c:\programmi\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" [2011-12-18 1820520]
"DataMgr"="c:\documents and settings\User\Dati applicazioni\DataMgr\DataMgr.exe" [2012-09-25 168264]
"SugarSync"="c:\programmi\SugarSync\SugarSync. exe" [2013-06-26 12419424]
"SSync"="c:\documents and settings\User\Dati applicazioni\SSync\SSync.exe" [2013-04-09 36864]
"SCheck"="c:\documents and settings\User\Dati applicazioni\SCheck\SCheck.exe" [2013-04-09 36864]
"Snoozer"="c:\documents and settings\User\Dati applicazioni\Snz\Snz.exe" [2013-10-11 1226845]
"Intermediate"="c:\documents and settings\User\Dati applicazioni\Intermediate\Intermediate.exe" [2013-04-09 36864]
"QuickSeeker20130820-Protector"="c:\quickseeker20130820\Protector.exe" [2013-08-12 244736]
"QuickSeeker20130820-Connector"="c:\quickseeker20130820\Connector.exe" [2013-08-12 258560]
"contextfr"="c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Context2pro\contextfr.exe" [2013-08-21 557656]
"conadvanced"="c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Context2pro\conadvanced.exe" [2013-08-21 586840]
"contextprod"="c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Context2pro\contextprod.exe" [2013-08-21 586840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2013-07-02 254336]
"F-Secure Manager"="c:\programmi\F-Secure\Common\FSM32.EXE" [2012-06-26 306928]
"F-Secure TNB"="c:\programmi\F-Secure\FSGUI\TNBUtil.exe" [2012-06-26 1654512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/it.special-uninstallation-feedback-appf?lic=NFVORUYtUEI2M0YtWDlaQVMtQU8zVEItSEk5Sk8tM 0xQMkM&inst=NzctOTEyMjI0MTQzLVNUMTJGT0krMS1ERFQrMC 1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1834&m id=9eb7f81036ce47d18c0ed1422c239701-06ce4fc639803a2e3563922518183d8e94088cb9" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\
Monitora avvisi inchiostro - HP Officejet 4620 series.lnk - c:\windows\system32\RunDll32.exe "c:\programmi\HP\HP Officejet 4620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN23H110P205RT;CONNECTION=USB;MONITOR =1; [2008-4-14 33280]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\system32\SSCbFsMntNtf3.dll [2013-01-30 159488]
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 89277119;89277119;c:\windows\system32\drivers\8927 7119.sys [04/10/2013 7.03.11 133208]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [01/10/2013 11.08.10 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [01/10/2013 11.07.24 82992]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.s ys [09/09/2013 19.25.59 13560]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programmi\F-Secure\HIPS\drivers\fshs.sys [01/10/2013 11.07.07 71664]
R2 fsdevcon;F-Secure Device Control Daemon;c:\programmi\F-Secure\Device Control\fsdevcon32.exe [01/10/2013 11.07.11 403184]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programmi\F-Secure\Anti-Virus\minifilter\fsgk.sys [01/10/2013 11.06.38 145856]
R3 FSORSPClient;F-Secure ORSP Client;c:\programmi\F-Secure\ORSP Client\fsorsp.exe [01/10/2013 11.07.13 60352]
R3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\drivers\sscbfs3.sys [14/07/2013 18.27.09 295936]
S1 0518893drv;0518893drv;c:\windows\system32\drivers\ 0518893drv.sys [06/10/2013 12.06.31 475736]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.s ys [09/09/2013 19.46.11 41584]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\programmi\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\programmi\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\programmi\F-Secure\Anti-Virus\win2k\fsfilter.sys [01/10/2013 11.06.39 41072]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programmi\F-Secure\Anti-Virus\win2k\fsrec.sys [01/10/2013 11.06.39 26352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-08 13:41 1185744 ----a-w- c:\programmi\Google\Chrome\Application\30.0.1599.6 9\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-21 15:01]
.
2013-10-13 c:\windows\Tasks\At1.job
- c:\programmi\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18 15:58]
.
2013-10-10 c:\windows\Tasks\At2.job
- c:\programmi\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18 15:58]
.
2013-10-10 c:\windows\Tasks\At3.job
- c:\programmi\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18 15:58]
.
2013-10-06 c:\windows\Tasks\At4.job
- c:\programmi\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18 15:58]
.
2013-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-10-28 16:39]
.
2013-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-10-28 16:39]
.
2013-10-13 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2013-10-01 16:25]
.
2013-10-13 c:\windows\Tasks\User_Feed_Synchronization-{74C8190D-E0A7-4AEE-8A6F-14617F365B55}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
2013-10-13 c:\windows\Tasks\User_Feed_Synchronization-{9B85148B-D59E-4B1A-B1F4-C0477B1498D3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = www.quick-seeker.com/sf
LSP: c:\programmi\F-Secure\FSPS\program\fslsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\fx4xcxf5.def ault-1380646727234\
FF - prefs.js: browser.startup.homepage - hxxp://www.repubblica.it/
FF - ExtSQL: 2013-08-22 15:15; om@offermosquito.com; c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\fx4xcxf5.def ault-1380646727234\extensions\om@offermosquito.com.xpi
FF - ExtSQL: 2013-10-01 11:15; litmus-ff@f-secure.com; c:\programmi\F-Secure\NRS\litmus-ff@f-secure.com
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-OMESupervisor - c:\documents and settings\User\Impostazioni locali\Dati applicazioni\omesuperv.exe
c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\_uninst_20089580.lnk - c:\documents and settings\User\Impostazioni locali\Temp\_uninst_20089580.bat
AddRemove-fbDownloader - c:\documents and settings\User\Impostazioni locali\Dati applicazioni\fbDownloader\Uninstall.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-13 11:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
************************************************** ************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,0f,0e ,89,78,99,1e,41,bc,2d,d9,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,0f,0e ,89,78,99,1e,41,bc,2d,d9,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'lsass.exe'(552)
c:\programmi\F-Secure\FSPS\program\fslsp.dll
.
Ora fine scansione: 2013-10-13 12:03:49
ComboFix-quarantined-files.txt 2013-10-13 10:03
.
Pre-Run: 14.680.899.584 byte disponibili
Post-Run: 16.036.577.280 byte disponibili
.
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect /bootlog
[spybotsd]
timeout.old=30
.
- - End Of File - - 3AB48B731C2443B6F516456E4FF3AA87
828E02D5C4A4FBE53441EE9DBEE51F43

14-10-2013, 17.06.19	#1
elena.del Newbie Registrato: 14-10-2013 Messaggi: 2	analisi log Combofix Ho eseguito una scansione con Combofix in quanto durante la navigazione si aprivano finestre indesiderate. La scansione è durata circa 10 minuti come previsto e sul momento sembrava che il problema si fosse risolto. Il giorno seguente tutto è ritornato come prima. Vorrei che gentilmente qualcuno mi aiutasse a leggere il log e mi desse qualche dritta su come intervenire per risolvere il problema. Grazie ComboFix 13-10-12.01 - User 13/10/2013 11.49.39.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.767.434 [GMT 2:00] Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe AV: F-Secure Client Security 9.32 Disabled/Updated {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: F-Secure Client Security 9.32 Enabled {D4747503-0346-49EB-9262-997542F79BF4} . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) ) . . c:\documents and settings\User\Dati applicazioni\Toolbar4 c:\documents and settings\User\Impostazioni locali\Dati applicazioni\omesuperv.exe c:\documents and settings\User\WINDOWS c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\9346a1ed70701672.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d730a96304873fa8.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\SET59.tmp c:\windows\system32\SET5B.tmp c:\windows\system32\SET5F.tmp c:\windows\system32\SET60.tmp c:\windows\system32\SET67.tmp c:\windows\system32\SETAE.tmp c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Creati Da 2013-09-13 al 2013-10-13 ))))))))))))))))))))))))))))))))))) . . 2013-10-13 09:40 . 2013-10-13 09:40 -------- d-----w- C:\QuickSeeker20130820 2013-10-13 09:40 . 2013-10-13 09:40 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Context2pro 2013-10-13 07:04 . 2013-10-13 07:04 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Snz 2013-10-10 15:45 . 2013-10-12 07:21 -------- d-----w- C:\CONTI 2013-10-10 15:01 . 2013-10-10 15:01 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-10-10 13:29 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys 2013-10-10 13:24 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys 2013-10-10 13:24 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys 2013-10-10 13:24 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys 2013-10-06 10:06 . 2013-10-03 17:24 475736 ----a-w- c:\windows\system32\drivers\0518893drv.sys 2013-10-04 05:03 . 2013-10-03 17:24 133208 ----a-w- c:\windows\system32\drivers\89277119.sys 2013-10-03 18:10 . 2013-10-03 18:10 -------- d-----w- c:\documents and settings\User\Dati applicazioni\F-Secure 2013-10-01 09:08 . 2013-10-01 09:08 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\F-Secure 2013-10-01 09:08 . 2013-10-01 09:20 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys 2013-10-01 09:07 . 2012-06-26 16:25 82992 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2013-10-01 09:05 . 2013-10-01 09:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\fssg 2013-10-01 09:05 . 2013-10-01 09:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\F-Secure 2013-10-01 08:57 . 2013-10-01 09:20 -------- d-----w- c:\programmi\F-Secure 2013-10-01 08:45 . 2013-10-01 08:45 -------- d-----w- c:\programmi\File comuni\Java 2013-10-01 08:45 . 2013-10-01 08:44 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-10-01 08:44 . 2013-10-01 08:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-10-01 08:44 . 2013-10-01 08:44 -------- d-----w- c:\programmi\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ) . 2013-10-10 15:01 . 2012-04-21 08:01 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-10-10 15:01 . 2011-10-29 17:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-01 08:44 . 2012-12-17 15:49 868264 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-10-01 08:44 . 2011-10-27 15:41 790440 ----a-w- c:\windows\system32\deployJava1.dll 2013-09-23 18:24 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-09-23 18:24 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-09-23 18:24 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-09-23 18:24 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll 2013-09-23 18:06 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec 2013-09-09 17:27 . 2013-09-09 17:25 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-08-29 07:01 . 2008-04-14 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys 2013-08-09 01:56 . 2008-04-14 12:00 391168 ----a-w- c:\windows\system32\themeui.dll 2013-08-09 00:55 . 2008-04-14 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-08-09 00:55 . 2011-10-28 16:03 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-08-09 00:55 . 2008-04-14 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-08-05 13:30 . 2008-04-14 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll 2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-07-18 23:18 . 2013-07-18 23:18 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNativ e_v0300.dll . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . Nota i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\El dosIconOverlay] @="{69925D1B-6A0F-4413-861A-81AB98039DB9}" [HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}] 2013-01-30 11:12 159488 ----a-w- c:\windows\system32\SSCbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2013-06-26 17:22 2090848 ----a-w- c:\programmi\SugarSync\SugarSyncShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2013-06-26 17:22 2090848 ----a-w- c:\programmi\SugarSync\SugarSyncShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncRoot] @="{39D54CC2-69CF-43b4-B167-577D25E7F496}" [HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}] 2013-06-26 17:22 2090848 ----a-w- c:\programmi\SugarSync\SugarSyncShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2013-06-26 17:22 2090848 ----a-w- c:\programmi\SugarSync\SugarSyncShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncSharedPending] @="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}" [HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}] 2013-06-26 17:22 2090848 ----a-w- c:\programmi\SugarSync\SugarSyncShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "HP Officejet 4620 series (NET)"="c:\programmi\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" [2011-12-18 1820520] "DataMgr"="c:\documents and settings\User\Dati applicazioni\DataMgr\DataMgr.exe" [2012-09-25 168264] "SugarSync"="c:\programmi\SugarSync\SugarSync. exe" [2013-06-26 12419424] "SSync"="c:\documents and settings\User\Dati applicazioni\SSync\SSync.exe" [2013-04-09 36864] "SCheck"="c:\documents and settings\User\Dati applicazioni\SCheck\SCheck.exe" [2013-04-09 36864] "Snoozer"="c:\documents and settings\User\Dati applicazioni\Snz\Snz.exe" [2013-10-11 1226845] "Intermediate"="c:\documents and settings\User\Dati applicazioni\Intermediate\Intermediate.exe" [2013-04-09 36864] "QuickSeeker20130820-Protector"="c:\quickseeker20130820\Protector.exe" [2013-08-12 244736] "QuickSeeker20130820-Connector"="c:\quickseeker20130820\Connector.exe" [2013-08-12 258560] "contextfr"="c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Context2pro\contextfr.exe" [2013-08-21 557656] "conadvanced"="c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Context2pro\conadvanced.exe" [2013-08-21 586840] "contextprod"="c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Context2pro\contextprod.exe" [2013-08-21 586840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2013-07-02 254336] "F-Secure Manager"="c:\programmi\F-Secure\Common\FSM32.EXE" [2012-06-26 306928] "F-Secure TNB"="c:\programmi\F-Secure\FSGUI\TNBUtil.exe" [2012-06-26 1654512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/it.special-uninstallation-feedback-appf?lic=NFVORUYtUEI2M0YtWDlaQVMtQU8zVEItSEk5Sk8tM 0xQMkM&inst=NzctOTEyMjI0MTQzLVNUMTJGT0krMS1ERFQrMC 1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1834&m id=9eb7f81036ce47d18c0ed1422c239701-06ce4fc639803a2e3563922518183d8e94088cb9" [?] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\ Monitora avvisi inchiostro - HP Officejet 4620 series.lnk - c:\windows\system32\RunDll32.exe "c:\programmi\HP\HP Officejet 4620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN23H110P205RT;CONNECTION=USB;MONITOR =1; [2008-4-14 33280] . [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\SharedTaskScheduler] "{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 159488] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad] "EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\system32\SSCbFsMntNtf3.dll [2013-01-30 159488] . [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= . R0 89277119;89277119;c:\windows\system32\drivers\8927 7119.sys [04/10/2013 7.03.11 133208] R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [01/10/2013 11.08.10 44240] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [01/10/2013 11.07.24 82992] R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.s ys [09/09/2013 19.25.59 13560] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programmi\F-Secure\HIPS\drivers\fshs.sys [01/10/2013 11.07.07 71664] R2 fsdevcon;F-Secure Device Control Daemon;c:\programmi\F-Secure\Device Control\fsdevcon32.exe [01/10/2013 11.07.11 403184] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programmi\F-Secure\Anti-Virus\minifilter\fsgk.sys [01/10/2013 11.06.38 145856] R3 FSORSPClient;F-Secure ORSP Client;c:\programmi\F-Secure\ORSP Client\fsorsp.exe [01/10/2013 11.07.13 60352] R3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\drivers\sscbfs3.sys [14/07/2013 18.27.09 295936] S1 0518893drv;0518893drv;c:\windows\system32\drivers\ 0518893drv.sys [06/10/2013 12.06.31 475736] S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.s ys [09/09/2013 19.46.11 41584] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\programmi\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\programmi\Lavasoft\Ad-Aware\KernExplorer.sys [?] S4 F-Secure Filter;F-Secure File System Filter;c:\programmi\F-Secure\Anti-Virus\win2k\fsfilter.sys [01/10/2013 11.06.39 41072] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programmi\F-Secure\Anti-Virus\win2k\fsrec.sys [01/10/2013 11.06.39 26352] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-08 13:41 1185744 ----a-w- c:\programmi\Google\Chrome\Application\30.0.1599.6 9\Installer\chrmstp.exe . Contenuto della cartella 'Scheduled Tasks' . 2013-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-21 15:01] . 2013-10-13 c:\windows\Tasks\At1.job - c:\programmi\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18 15:58] . 2013-10-10 c:\windows\Tasks\At2.job - c:\programmi\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18 15:58] . 2013-10-10 c:\windows\Tasks\At3.job - c:\programmi\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18 15:58] . 2013-10-06 c:\windows\Tasks\At4.job - c:\programmi\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18 15:58] . 2013-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programmi\Google\Update\GoogleUpdate.exe [2011-10-28 16:39] . 2013-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programmi\Google\Update\GoogleUpdate.exe [2011-10-28 16:39] . 2013-10-13 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2013-10-01 16:25] . 2013-10-13 c:\windows\Tasks\User_Feed_Synchronization-{74C8190D-E0A7-4AEE-8A6F-14617F365B55}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . 2013-10-13 c:\windows\Tasks\User_Feed_Synchronization-{9B85148B-D59E-4B1A-B1F4-C0477B1498D3}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Scansione supplementare ------- . uStart Page = www.quick-seeker.com/sf LSP: c:\programmi\F-Secure\FSPS\program\fslsp.dll TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\fx4xcxf5.def ault-1380646727234\ FF - prefs.js: browser.startup.homepage - hxxp://www.repubblica.it/ FF - ExtSQL: 2013-08-22 15:15; om@offermosquito.com; c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\fx4xcxf5.def ault-1380646727234\extensions\om@offermosquito.com.xpi FF - ExtSQL: 2013-10-01 11:15; litmus-ff@f-secure.com; c:\programmi\F-Secure\NRS\litmus-ff@f-secure.com . - - - - CHIAVI ORFANE RIMOSSE - - - - . Toolbar-Locked - (no file) HKCU-Run-OMESupervisor - c:\documents and settings\User\Impostazioni locali\Dati applicazioni\omesuperv.exe c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\_uninst_20089580.lnk - c:\documents and settings\User\Impostazioni locali\Temp\_uninst_20089580.bat AddRemove-fbDownloader - c:\documents and settings\User\Impostazioni locali\Dati applicazioni\fbDownloader\Uninstall.exe . . . ************************************************ ******************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-10-13 11:59 Windows 5.1.2600 Service Pack 3 NTFS . scansione processi nascosti ... . scansione entrate autostart nascoste ... . Scansione files nascosti ... . Scansione completata con successo Files nascosti: 0 . ********************************************** ********************** . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.1] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.1\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.2] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.2\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,0f,0e ,89,78,99,1e,41,bc,2d,d9,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:0 1,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,0f,0e ,89,78,99,1e,41,bc,2d,d9,\ . --------------------- Dlls caricate dai processi in esecuzione --------------------- . - - - - - - - > 'lsass.exe'(552) c:\programmi\F-Secure\FSPS\program\fslsp.dll . Ora fine scansione: 2013-10-13 12:03:49 ComboFix-quarantined-files.txt 2013-10-13 10:03 . Pre-Run: 14.680.899.584 byte disponibili Post-Run: 16.036.577.280 byte disponibili . WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect /bootlog [spybotsd] timeout.old=30 . - - End Of File - - 3AB48B731C2443B6F516456E4FF3AA87 828E02D5C4A4FBE53441EE9DBEE51F43