Telefonino.net network
 
| HOMEPAGE | INDICE FORUM | REGOLAMENTO | ::. NEI PREFERITI .:: | RSS Forum | RSS News | NEWS web | NEWS software |
| PUBBLICITA' | | ARTICOLI | WIN XP | VISTA | WIN 7 | REGISTRI | SOFTWARE | MANUALI | RECENSIONI | LINUX | HUMOR | HARDWARE | DOWNLOAD | | CERCA nel FORUM » |

Torna indietro   WinTricks Forum > Antivirus&Sicurezza > Virus

Notices

Rispondi
 
Strumenti discussione
Vecchio 14-10-2013, 17.06.19   #1
elena.del
Newbie
 
Registrato: 14-10-2013
Messaggi: 2
elena.del promette bene
analisi log Combofix

Ho eseguito una scansione con Combofix in quanto durante la navigazione si aprivano finestre indesiderate. La scansione è durata circa 10 minuti come previsto e sul momento sembrava che il problema si fosse risolto. Il giorno seguente tutto è ritornato come prima. Vorrei che gentilmente qualcuno mi aiutasse a leggere il log e mi desse qualche dritta su come intervenire per risolvere il problema. Grazie

ComboFix 13-10-12.01 - User 13/10/2013 11.49.39.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.767.434 [GMT 2:00]
Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe
AV: F-Secure Client Security 9.32 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 9.32 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\documents and settings\User\Dati applicazioni\Toolbar4
c:\documents and settings\User\Impostazioni locali\Dati applicazioni\omesuperv.exe
c:\documents and settings\User\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\9346a1ed70701672.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d730a96304873fa8.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SETAE.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Creati Da 2013-09-13 al 2013-10-13 )))))))))))))))))))))))))))))))))))
.
.
2013-10-13 09:40 . 2013-10-13 09:40 -------- d-----w- C:\QuickSeeker20130820
2013-10-13 09:40 . 2013-10-13 09:40 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Context2pro
2013-10-13 07:04 . 2013-10-13 07:04 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Snz
2013-10-10 15:45 . 2013-10-12 07:21 -------- d-----w- C:\CONTI
2013-10-10 15:01 . 2013-10-10 15:01 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-10 13:29 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-10-10 13:24 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-10-10 13:24 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2013-10-10 13:24 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-10-06 10:06 . 2013-10-03 17:24 475736 ----a-w- c:\windows\system32\drivers\0518893drv.sys
2013-10-04 05:03 . 2013-10-03 17:24 133208 ----a-w- c:\windows\system32\drivers\89277119.sys
2013-10-03 18:10 . 2013-10-03 18:10 -------- d-----w- c:\documents and settings\User\Dati applicazioni\F-Secure
2013-10-01 09:08 . 2013-10-01 09:08 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\F-Secure
2013-10-01 09:08 . 2013-10-01 09:20 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2013-10-01 09:07 . 2012-06-26 16:25 82992 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2013-10-01 09:05 . 2013-10-01 09:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\fssg
2013-10-01 09:05 . 2013-10-01 09:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\F-Secure
2013-10-01 08:57 . 2013-10-01 09:20 -------- d-----w- c:\programmi\F-Secure
2013-10-01 08:45 . 2013-10-01 08:45 -------- d-----w- c:\programmi\File comuni\Java
2013-10-01 08:45 . 2013-10-01 08:44 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-01 08:44 . 2013-10-01 08:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-01 08:44 . 2013-10-01 08:44 -------- d-----w- c:\programmi\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2013-10-10 15:01 . 2012-04-21 08:01 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-10 15:01 . 2011-10-29 17:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-01 08:44 . 2012-12-17 15:49 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-01 08:44 . 2011-10-27 15:41 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-23 18:24 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:24 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-09-23 18:24 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:24 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-09-09 17:27 . 2013-09-09 17:25 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-08-29 07:01 . 2008-04-14 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2008-04-14 12:00 391168 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2008-04-14 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2011-10-28 16:03 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2008-04-14 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2008-04-14 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-18 23:18 . 2013-07-18 23:18 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNativ e_v0300.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\El dosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 11:12 159488 ----a-w- c:\windows\system32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-06-26 17:22 2090848 ----a-w- c:\programmi\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-06-26 17:22 2090848 ----a-w- c:\programmi\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-06-26 17:22 2090848 ----a-w- c:\programmi\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-06-26 17:22 2090848 ----a-w- c:\programmi\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-06-26 17:22 2090848 ----a-w- c:\programmi\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"HP Officejet 4620 series (NET)"="c:\programmi\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" [2011-12-18 1820520]
"DataMgr"="c:\documents and settings\User\Dati applicazioni\DataMgr\DataMgr.exe" [2012-09-25 168264]
"SugarSync"="c:\programmi\SugarSync\SugarSync. exe" [2013-06-26 12419424]
"SSync"="c:\documents and settings\User\Dati applicazioni\SSync\SSync.exe" [2013-04-09 36864]
"SCheck"="c:\documents and settings\User\Dati applicazioni\SCheck\SCheck.exe" [2013-04-09 36864]
"Snoozer"="c:\documents and settings\User\Dati applicazioni\Snz\Snz.exe" [2013-10-11 1226845]
"Intermediate"="c:\documents and settings\User\Dati applicazioni\Intermediate\Intermediate.exe" [2013-04-09 36864]
"QuickSeeker20130820-Protector"="c:\quickseeker20130820\Protector.exe" [2013-08-12 244736]
"QuickSeeker20130820-Connector"="c:\quickseeker20130820\Connector.exe" [2013-08-12 258560]
"contextfr"="c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Context2pro\contextfr.exe" [2013-08-21 557656]
"conadvanced"="c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Context2pro\conadvanced.exe" [2013-08-21 586840]
"contextprod"="c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Context2pro\contextprod.exe" [2013-08-21 586840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2013-07-02 254336]
"F-Secure Manager"="c:\programmi\F-Secure\Common\FSM32.EXE" [2012-06-26 306928]
"F-Secure TNB"="c:\programmi\F-Secure\FSGUI\TNBUtil.exe" [2012-06-26 1654512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/it.special-uninstallation-feedback-appf?lic=NFVORUYtUEI2M0YtWDlaQVMtQU8zVEItSEk5Sk8tM 0xQMkM&inst=NzctOTEyMjI0MTQzLVNUMTJGT0krMS1ERFQrMC 1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1834&m id=9eb7f81036ce47d18c0ed1422c239701-06ce4fc639803a2e3563922518183d8e94088cb9" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\
Monitora avvisi inchiostro - HP Officejet 4620 series.lnk - c:\windows\system32\RunDll32.exe "c:\programmi\HP\HP Officejet 4620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN23H110P205RT;CONNECTION=USB;MONITOR =1; [2008-4-14 33280]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\system32\SSCbFsMntNtf3.dll [2013-01-30 159488]
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 89277119;89277119;c:\windows\system32\drivers\8927 7119.sys [04/10/2013 7.03.11 133208]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [01/10/2013 11.08.10 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [01/10/2013 11.07.24 82992]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.s ys [09/09/2013 19.25.59 13560]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programmi\F-Secure\HIPS\drivers\fshs.sys [01/10/2013 11.07.07 71664]
R2 fsdevcon;F-Secure Device Control Daemon;c:\programmi\F-Secure\Device Control\fsdevcon32.exe [01/10/2013 11.07.11 403184]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programmi\F-Secure\Anti-Virus\minifilter\fsgk.sys [01/10/2013 11.06.38 145856]
R3 FSORSPClient;F-Secure ORSP Client;c:\programmi\F-Secure\ORSP Client\fsorsp.exe [01/10/2013 11.07.13 60352]
R3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\drivers\sscbfs3.sys [14/07/2013 18.27.09 295936]
S1 0518893drv;0518893drv;c:\windows\system32\drivers\ 0518893drv.sys [06/10/2013 12.06.31 475736]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.s ys [09/09/2013 19.46.11 41584]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\programmi\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\programmi\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\programmi\F-Secure\Anti-Virus\win2k\fsfilter.sys [01/10/2013 11.06.39 41072]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programmi\F-Secure\Anti-Virus\win2k\fsrec.sys [01/10/2013 11.06.39 26352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-08 13:41 1185744 ----a-w- c:\programmi\Google\Chrome\Application\30.0.1599.6 9\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-21 15:01]
.
2013-10-13 c:\windows\Tasks\At1.job
- c:\programmi\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18 15:58]
.
2013-10-10 c:\windows\Tasks\At2.job
- c:\programmi\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18 15:58]
.
2013-10-10 c:\windows\Tasks\At3.job
- c:\programmi\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18 15:58]
.
2013-10-06 c:\windows\Tasks\At4.job
- c:\programmi\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-18 15:58]
.
2013-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-10-28 16:39]
.
2013-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-10-28 16:39]
.
2013-10-13 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2013-10-01 16:25]
.
2013-10-13 c:\windows\Tasks\User_Feed_Synchronization-{74C8190D-E0A7-4AEE-8A6F-14617F365B55}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
2013-10-13 c:\windows\Tasks\User_Feed_Synchronization-{9B85148B-D59E-4B1A-B1F4-C0477B1498D3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = www.quick-seeker.com/sf
LSP: c:\programmi\F-Secure\FSPS\program\fslsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\fx4xcxf5.def ault-1380646727234\
FF - prefs.js: browser.startup.homepage - hxxp://www.repubblica.it/
FF - ExtSQL: 2013-08-22 15:15; om@offermosquito.com; c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\fx4xcxf5.def ault-1380646727234\extensions\om@offermosquito.com.xpi
FF - ExtSQL: 2013-10-01 11:15; litmus-ff@f-secure.com; c:\programmi\F-Secure\NRS\litmus-ff@f-secure.com
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-OMESupervisor - c:\documents and settings\User\Impostazioni locali\Dati applicazioni\omesuperv.exe
c:\documents and settings\User\Menu Avvio\Programmi\Esecuzione automatica\_uninst_20089580.lnk - c:\documents and settings\User\Impostazioni locali\Temp\_uninst_20089580.bat
AddRemove-fbDownloader - c:\documents and settings\User\Impostazioni locali\Dati applicazioni\fbDownloader\Uninstall.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-13 11:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
************************************************** ************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,0f,0e ,89,78,99,1e,41,bc,2d,d9,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,0f,0e ,89,78,99,1e,41,bc,2d,d9,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'lsass.exe'(552)
c:\programmi\F-Secure\FSPS\program\fslsp.dll
.
Ora fine scansione: 2013-10-13 12:03:49
ComboFix-quarantined-files.txt 2013-10-13 10:03
.
Pre-Run: 14.680.899.584 byte disponibili
Post-Run: 16.036.577.280 byte disponibili
.
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect /bootlog
[spybotsd]
timeout.old=30
.
- - End Of File - - 3AB48B731C2443B6F516456E4FF3AA87
828E02D5C4A4FBE53441EE9DBEE51F43
elena.del non è collegato   Rispondi citando
Vecchio 14-10-2013, 20.44.26   #2
xilo76
Forum supporter
Global Moderator
 
Registrato: 23-08-2007
Messaggi: 2.703
xilo76 è conosciuto da tuttixilo76 è conosciuto da tuttixilo76 è conosciuto da tuttixilo76 è conosciuto da tutti
Rif: analisi log Combofix

Prima farei un po' di pulizie automaticamente... Se poi i problemi rimangono, ci guarderemo.

Esegui un Avvio Pulito (cliccami) (o fai partire windows in modalità provvisoria), poi prova questi software che potrebbero togliere le infezioni in modo automatico, aggiornando PRIMA le definizioni (non è richiesto solo per adwcleaner e MS safety scanner), facendo la scansione COMPLETA del sistema (almeno il drive/hard disk/partizione di sistema):
xilo76 non è collegato   Rispondi citando
Rispondi


Utenti attualmente attivi che stanno leggendo questa discussione: 1 (0 utenti e 1 ospiti)
 
Strumenti discussione

Regole di scrittura
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is ON
Gli smilies sono ON
[IMG] è ON
Il codice HTML è OFF

Vai al forum

Discussioni simili
Discussione Autore discussione Forum Risposte Ultimo messaggio
ComboFix 13.5.15.1 WinTricks News SOFTWARE 3 14-10-2013 17.34.19
Laboratorio analisi del sangue sotto pelle WinTricks News dal WEB 8 24-03-2013 12.47.06
Combofix scansione Sator Sicurezza&Privacy 0 10-11-2009 10.29.45
Scrivere documento di analisi di un progetto shadowDK Chiacchiere in libertà 2 03-06-2008 14.38.19
Malombra: cercasi analisi accurata.. Dark! Chiacchiere in libertà 6 16-05-2005 15.20.34

Orario GMT +2. Ora sono le: 22.53.43.


E' vietata la riproduzione, anche solo in parte, di contenuti e grafica.
Copyright © 1999-2017 Edizioni Master S.p.A. p.iva: 02105820787 • Tutti i diritti sono riservati
L'editore NON si assume nessuna responsabilità dei contenuti pubblicati sul forum in quanto redatti direttamente dagli utenti.
Questi ultimi sono responsabili dei contenuti da loro riportati nelle discussioni del forum
Powered by vBulletin - 2010 Copyright © Jelsoft Enterprises Limited.