ciao r16
ho fatto quello che mi ai detto di seguito il log di malware bytes
Malwarebytes Anti-Malware (Prova) 1.61.0.1400
www.malwarebytes.orgVersione database: v2012.05.13.01
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
utente :: PC-UTENTE [amministratore]
Protezione: Attivata
13/05/2012 11.01.48
mbam-log-2012-05-13 (11-01-48).txt
Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 328613
Tempo impiegato: 2 ore, 22 minuti, 12 secondi
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
File rilevati: 0
(non sono stati rilevati elementi nocivi)
(fine)
e questo e il log di combofix
ComboFix 12-05-13.02 - utente 13/05/2012 14.58.41.1.1 - x86
Microsoft® Windows Vistaâ„¢ Business 6.0.6002.2.1252.39.1040.18.1526.572 [GMT 2:00]
Eseguito da: c:\users\utente\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\OfferBox
c:\program files\OfferBox\install.log
c:\program files\OfferBox\install.xml
c:\program files\OfferBox\language.xml
c:\program files\OfferBox\OfferBox.exe
c:\program files\OfferBox\OfferBoxHTTPProxy.exe
c:\program files\OfferBox\uninstaller.exe
c:\users\utente\AppData\Roaming\OfferBox
c:\windows\Temp\log.txt
.
.
((((((((((((((((((((((((( Files Creati Da 2012-04-13 al 2012-05-13 )))))))))))))))))))))))))))))))))))
.
.
2012-05-13 13:16 . 2012-05-13 13:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-12 11:34 . 2012-05-12 11:34 -------- d-----w- c:\users\utente\AppData\Roaming\Malwarebytes
2012-05-12 11:34 . 2012-05-12 11:34 -------- d-----w- c:\programdata\Malwarebytes
2012-05-12 11:34 . 2012-05-12 11:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-12 11:34 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-27 15:18 . 2012-04-27 15:18 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-04-27 15:18 . 2012-04-27 15:18 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-04-27 15:18 . 2012-04-27 15:18 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-04-24 18:04 . 2012-04-24 18:05 -------- d-----w- c:\program files\HOEPLI Esercitazioni Office 2007
2012-04-20 17:30 . 2012-04-20 17:30 250 ----a-w- C:\user.js
2012-04-20 17:30 . 2012-04-20 17:30 -------- d-----w- c:\program files\BabylonToolbar
2012-04-20 17:30 . 2012-04-20 17:30 -------- d-----w- c:\program files\GPLGS
2012-04-20 17:30 . 2011-10-04 20:42 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-04-20 17:29 . 2012-04-20 17:29 -------- d-----w- C:\Program1
2012-04-20 17:29 . 2012-04-20 17:29 -------- d-----w- c:\program files\PDFCreator
2012-04-20 17:29 . 2012-04-20 17:29 -------- d-----w- c:\users\utente\AppData\Local\Babylon
2012-04-20 17:29 . 2012-04-20 17:29 -------- d-----w- c:\users\utente\AppData\Roaming\Babylon
2012-04-20 17:29 . 2012-04-20 17:29 -------- d-----w- c:\programdata\Babylon
2012-04-16 11:14 . 2012-03-11 21:13 33984 ----a-w- c:\windows\system32\cmdcsr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-07 09:50 . 2011-09-30 13:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-06 14:46 . 2011-06-04 14:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-24 10:12 . 2012-03-24 10:12 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-24 10:11 . 2012-03-24 10:11 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-24 10:11 . 2012-03-24 10:11 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-24 10:11 . 2012-03-24 10:11 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-24 10:11 . 2012-03-24 10:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-24 10:11 . 2012-03-24 10:11 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-24 10:11 . 2012-03-24 10:11 367104 ----a-w- c:\windows\system32\html.iec
2012-03-24 10:11 . 2012-03-24 10:11 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-24 10:11 . 2012-03-24 10:11 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-24 10:11 . 2012-03-24 10:11 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-24 10:11 . 2012-03-24 10:11 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-24 10:11 . 2012-03-24 10:11 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-24 10:11 . 2012-03-24 10:11 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-24 10:11 . 2012-03-24 10:11 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-24 10:11 . 2012-03-24 10:11 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-24 10:11 . 2012-03-24 10:11 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-24 10:11 . 2012-03-24 10:11 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-24 10:08 . 2012-03-24 10:08 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-03-24 10:08 . 2012-03-24 10:08 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-03-24 10:08 . 2012-03-24 10:08 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-03-24 10:08 . 2012-03-24 10:08 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-03-24 10:08 . 2012-03-24 10:08 98816 ----a-w- c:\windows\system32\mfps.dll
2012-03-24 10:08 . 2012-03-24 10:08 2873344 ----a-w- c:\windows\system32\mf.dll
2012-03-24 10:08 . 2012-03-24 10:08 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-03-24 10:08 . 2012-03-24 10:08 586240 ----a-w- c:\windows\system32\stobject.dll
2012-03-24 10:07 . 2012-03-24 10:07 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-24 10:07 . 2012-03-24 10:07 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-03-24 10:07 . 2012-03-24 10:07 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-03-24 10:07 . 2012-03-24 10:07 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-24 10:07 . 2012-03-24 10:07 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-03-24 10:07 . 2012-03-24 10:07 37376 ----a-w- c:\windows\system32\cdd.dll
2012-03-24 10:07 . 2012-03-24 10:07 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-03-24 10:07 . 2012-03-24 10:07 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-03-24 10:07 . 2012-03-24 10:07 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-03-24 10:07 . 2012-03-24 10:07 258048 ----a-w- c:\windows\system32\winspool.drv
2012-03-24 10:07 . 2012-03-24 10:07 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-03-24 10:07 . 2012-03-24 10:07 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-03-24 10:06 . 2012-03-24 10:06 4096 ----a-w- c:\windows\system32\drivers\it-IT\dxgkrnl.sys.mui
2012-03-24 10:06 . 2012-03-24 10:06 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-03-24 10:06 . 2012-03-24 10:06 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-03-24 10:06 . 2012-03-24 10:06 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-03-24 10:06 . 2012-03-24 10:06 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-24 10:06 . 2012-03-24 10:06 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-03-24 10:06 . 2012-03-24 10:06 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-24 10:06 . 2012-03-24 10:06 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-11 21:13 . 2011-01-06 16:36 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-11 21:13 . 2011-01-06 16:36 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-01-06 16:36 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-01-06 16:36 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2010-12-29 00:42 301224 ----a-w- c:\windows\system32\guard32.dll
2012-02-29 15:11 . 2012-04-12 01:19 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 01:19 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-12 01:19 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-12 01:19 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-12 01:21 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 01:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 01:21 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 01:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-05 07:34 . 2012-04-27 15:18 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-24 12:58 . 2010-03-16 14:01 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-01-24 15:45 89008 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-02-08 15:47 721288 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-09 15:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll" [2011-01-24 89008]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-24 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-04-09 1557160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FAXRX.lnk - c:\program files\Brother\Brmfl07b\FAXRX.exe [2010-3-16 512000]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Sommario di OneNote.onetoc2 [2010-12-7 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-04 14:33]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-04 14:33]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.babylon.com/?affID=110819&tl=gbn269661&babsrc=HP_ss&mntrId=224f03ad00000000000000234d53116b
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vz32&d=0310&m=extensa_5220
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:56847
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3776555D-C2EF-47A0-9E87-86793F9E47FE}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{BD91BB5B-420A-401C-AC86-54A99BF3BCA1}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\liyx39le.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tl=gbn269661
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 224f03ad00000000000000234d53116b
FF - user.js: extensions.BabylonToolbar_i.hardId - 224f03ad00000000000000234d53116b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15450
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:30
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-10 - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-offerbox - c:\program files\OfferBox\OfferBox.exe
AddRemove-OfferBox - c:\program files\OfferBox\uninstaller.exe
AddRemove-PDF Creator - c:\program\uninstpw.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-05-13 15:17
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\guard32.dll
.
Ora fine scansione: 2012-05-13 15:28:04
ComboFix-quarantined-files.txt 2012-05-13 13:27
.
Pre-Run: 24.634.761.216 byte disponibili
Post-Run: 26.433.421.312 byte disponibili
.
- - End Of File - - 85DA7EE3784F338E60EE9FC29B7EF69A