Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » PROCEDURA MALWARE

PROCEDURA MALWARE Opzioni
Topic Precedente · Topic Sucessivo
atenace
Inviato: Saturday, March 02, 2013 4:49:47 PM
Rank: Newbie

Iscritto dal : 3/2/2013
Posts: 3
ComboFix 13-03-01.01 - HP_Administrator 02/03/2013 15.27.09.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.365 [GMT 1:00]
Eseguito da: c:\documents and settings\HP_Administrator\Documenti\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\HP_Administrator\Dati applicazioni\HPSU_48BitScanUpdate.log
c:\documents and settings\HP_Administrator\Impostazioni locali\Dati applicazioni\unins000.exe
c:\windows\IsUn0410.exe
c:\windows\system32\SET178.tmp
c:\windows\system32\SET17D.tmp
c:\windows\system32\SETD7.tmp
c:\windows\system32\SETD8.tmp
c:\windows\wininit.ini
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Creati Da 2013-02-02 al 2013-03-02 )))))))))))))))))))))))))))))))))))
.
.
2013-03-02 13:49 . 2013-03-02 13:49 -------- d-----w- c:\programmi\CCleaner
2013-03-02 08:28 . 2013-03-02 08:28 -------- d-----w- c:\documents and settings\HP_Administrator\Impostazioni locali\Dati applicazioni\PCHealth
2013-03-02 08:00 . 2013-03-02 08:00 -------- d-----w- c:\documents and settings\HP_Administrator\Dati applicazioni\Malwarebytes
2013-03-02 08:00 . 2013-03-02 08:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2013-03-02 08:00 . 2013-03-02 08:00 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2013-03-02 08:00 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-01 20:20 . 2013-02-08 00:45 6954968 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{E2A8577B-CF96-45DA-AC1E-8381FB396054}\mpengine.dll
2013-02-26 09:36 . 2013-02-26 09:36 -------- d-----w- c:\documents and settings\HP_Administrator\Impostazioni locali\Dati applicazioni\Sun
2013-02-24 20:20 . 2013-02-24 20:20 -------- dc----w- C:\2dbef71f1476f4fa345339531c55
2013-02-24 20:13 . 2013-02-24 20:13 -------- d-----w- c:\programmi\FirstRowSportApp.com
2013-02-24 20:01 . 2013-02-24 20:01 -------- dc----w- C:\02a0f0303a80f53d7bfa03
2013-02-24 10:56 . 2013-03-02 07:47 -------- dc----w- C:\Firefox
2013-02-24 10:45 . 2013-02-24 10:44 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-08 14:01 . 2013-02-08 21:37 -------- d-----w- c:\windows\system32\drivers\NIS\1309010.00E
2013-02-02 12:26 . 2013-02-02 12:26 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-02 14:07 . 2012-12-18 07:09 38400 ----a-w- c:\windows\system32\pcdhdm.cpl
2013-02-24 10:44 . 2012-07-07 16:53 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-24 10:44 . 2012-02-18 10:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-24 10:44 . 2010-04-17 12:56 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-08 00:45 . 2007-02-28 18:14 6954968 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-26 03:55 . 2004-09-06 21:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-17 00:28 . 2009-10-03 09:44 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 08:26 . 2012-09-15 06:10 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 08:26 . 2011-08-26 09:02 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-07 07:24 . 2004-09-06 21:00 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:24 . 2004-09-07 04:00 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:09 . 2004-09-06 21:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-09-06 21:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:06 . 2004-09-06 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:06 . 2004-09-06 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:06 . 2004-09-06 21:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:41 . 2004-09-06 21:00 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2004-09-06 21:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2007-04-06 21:59 . 2007-04-06 15:49 45091385 ----a-w- c:\programmi\nero 6 0 0 9+nero vision express 2+incd 4 0 1 21+keygen.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-20 7622656]
"DMAScheduler"="c:\programmi\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\programmi\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"PCDrSmartMonitor"="c:\programmi\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" [2006-05-10 376832]
"nwiz"="nwiz.exe" [2006-06-20 1519616]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-03-21 385024]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-16 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-12-26 155648]
.
c:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-23 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-23 27136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-21 16:56 385024 ----a-w- c:\programmi\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 10:27 17877168 ----a-r- c:\programmi\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\Maxthon3\\Bin\\Maxthon.exe"=
"c:\\Programmi\\Maxthon3\\Bin\\MxUp.exe"=
"c:\\Programmi\\Maxthon3\\Modules\\MxMiniThunder\\ThunderMini.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1309010.00E\symds.sys [08/02/2013 15.03.16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1309010.00E\symefa.sys [08/02/2013 15.03.16 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130208.001\BHDrvx86.sys [12/02/2013 22.04.27 997464]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1309010.00E\ccsetx86.sys [08/02/2013 15.03.15 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1309010.00E\ironx86.sys [08/02/2013 15.03.15 149624]
R2 MBAMScheduler;MBAMScheduler;c:\programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe [02/03/2013 9.00.01 398184]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [02/03/2013 9.00.01 682344]
R2 NIS;Norton Internet Security;c:\programmi\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [08/02/2013 15.02.22 138272]
R2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;c:\program files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [04/01/2013 14.37.33 792608]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 18.19.58 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [03/02/2013 14.40.52 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130301.002\IDSXpx86.sys [02/03/2013 8.52.05 373728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [02/03/2013 9.00.00 21104]
R3 PCD5SRVC{8A863ACB-F5F6CC6A-05010004};PCD5SRVC{8A863ACB-F5F6CC6A-05010004} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [10/05/2006 23.26.40 21248]
S2 PowerOffer Service;Pos Service;c:\documents and settings\HP_Administrator\Impostazioni locali\Dati applicazioni\PosService\Pos.exe [18/06/2012 0.43.25 169472]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [31/01/2013 10.38.54 3289208]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [09/11/2012 11.21.24 160944]
S2 SoftwareUpd;Software Upd;c:\documents and settings\HP_Administrator\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe [18/06/2012 0.38.36 161280]
S3 DiskDoctorService;Norton Disk Doctor Service;c:\program files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [04/01/2013 14.37.36 1147424]
S3 SpeedDiskService;Norton SpeedDisk Service;c:\program files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [04/01/2013 14.37.35 1160224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-15 08:26]
.
2013-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1623848258-2002740325-1171847282-1007Core.job
- c:\documents and settings\HP_Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-07-07 17:40]
.
2013-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1623848258-2002740325-1171847282-1007UA.job
- c:\documents and settings\HP_Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-07-07 17:40]
.
2013-03-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
2013-03-02 c:\windows\Tasks\NUAutoUpdate.job
- c:\program files\Symantec\Norton Utilities 16\SULauncher.exe [2013-01-04 21:49]
.
2013-03-01 c:\windows\Tasks\NUSchedule.job
- c:\program files\Symantec\Norton Utilities 16\nu.exe [2013-01-04 21:49]
.
2013-03-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1623848258-2002740325-1171847282-1007.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2013-02-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1623848258-2002740325-1171847282-1007.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2013-03-02 c:\windows\Tasks\RegistryBooster.job
- c:\programmi\Uniblue\RegistryBooster\rbmonitor.exe [2011-06-23 12:39]
.
2013-03-02 c:\windows\Tasks\User_Feed_Synchronization-{B06ADC73-1C79-42B1-9DAE-C3085357F00A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=IT_IT&c=64&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=IT_IT&c=64&bd=PAVILION&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Cerca nel web - c:\programmi\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0CF7416A-7241-4A51-8C83-EE53315F0065}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8B08CE58-42B7-4BB8-8AD4-513397CFB525}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C77628E9-0078-442E-BC57-47617C91EDF5}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F60180DF-B4A6-4FC1-825E-329B01ACDCFC}: NameServer = 8.8.8.8,8.8.4.4
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - hxxp://it.pixaco.de/static/download/pixacodndupload.cab
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-PosService - (no file)
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0410.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\documents and settings\HP_Administrator\Impostazioni locali\Dati applicazioni\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-02 15:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\programmi\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\programmi\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{8A863ACB-F5F6CC6A-05010004}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2013-03-02 16:02:00
ComboFix-quarantined-files.txt 2013-03-02 15:01
.
Pre-Run: 81.226.579.968 byte disponibili
Post-Run: 81.468.575.744 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 29B6D7304A019408EC66BA18D1ADBF29
Torna in alto
 
Sponsor
Inviato: Saturday, March 02, 2013 4:49:47 PM

 
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » PROCEDURA MALWARE


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.