help...problema virus

[Lillo80]

Salve a tutti. avrei bisogno di un aiuto. da qualche giorno mentre utilizzo
google chrome si aprono delle pagine pubblicitarie fastidiosissime da sole. io utilizzo windows xp.. ho letto che molti hanno risolto il tutto cn combofix..ho fatto la scansione posso allegarvi il file della scansione? .. grz anticipatamente

 

[Federico83]

sposto nella sezione adatta

 

[Lillo80]

sorry :)

POSTO IL REPORT:

ComboFix 13-01-15.02 - User 16/01/2013 14.25.40.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3070.2419 [GMT 1:00]
Eseguito da: c:\documents and settings\User\Documenti\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-12-16 al 2013-01-16 )))))))))))))))))))))))))))))))))))
.
.
2013-01-14 12:00 . 2013-01-14 12:11 -------- d-----w- c:\windows\system32\NtmsData
2013-01-14 11:43 . 2013-01-14 11:50 -------- d-----w- C:\combo_fix13-01-04.01
2013-01-12 12:25 . 2013-01-12 12:25 -------- d-----w- c:\programmi\File comuni\Skype
2013-01-12 12:25 . 2013-01-12 12:26 -------- d-----r- c:\programmi\Skype
2013-01-12 12:12 . 2013-01-16 12:15 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Lollipop
2013-01-10 11:09 . 2013-01-10 11:09 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Avira
2013-01-10 11:04 . 2013-01-10 11:04 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2013-01-10 11:04 . 2013-01-10 11:04 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2013-01-10 11:04 . 2013-01-10 11:09 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\AskToolbar
2013-01-10 11:04 . 2013-01-10 11:04 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\RealNetworks
2013-01-10 11:04 . 2013-01-10 11:04 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2013-01-10 11:03 . 2013-01-10 11:03 -------- d-----w- c:\programmi\Ask.com
2013-01-10 11:03 . 2013-01-10 11:03 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\AskToolbar
2013-01-10 11:03 . 2013-01-10 11:03 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\APN
2013-01-10 11:02 . 2012-12-07 07:40 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-01-10 11:02 . 2012-12-07 07:40 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-01-10 11:02 . 2012-12-07 07:40 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-31 13:54 . 2012-12-31 13:54 -------- d-----w- c:\documents and settings\User\Dati applicazioni\RealNetworks
2012-12-31 13:53 . 2012-12-31 13:53 -------- d-----w- c:\programmi\RealNetworks
2012-12-31 13:53 . 2012-12-31 13:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\RealNetworks
2012-12-31 13:53 . 2012-12-31 13:53 153296 ----a-w- c:\programmi\Mozilla Firefox\plugins\nppl3260.dll
2012-12-31 13:52 . 2012-12-31 13:52 124056 ----a-w- c:\programmi\Mozilla Firefox\plugins\nprpplugin.dll
2012-12-18 20:07 . 2012-12-18 20:07 106240 ----a-w- c:\programmi\Mozilla Firefox\plugins\nppdf32.dll
2012-12-18 20:07 . 2012-12-18 20:07 106240 ----a-w- c:\programmi\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 19:47 . 2012-04-03 13:54 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 19:47 . 2011-06-23 09:57 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-31 13:52 . 2008-03-05 19:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-12-31 13:52 . 2008-03-05 19:33 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-16 12:23 . 2004-08-19 15:37 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2009-01-16 23:41 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2008-08-29 19:06 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-06 00:41 . 2004-08-19 15:37 290560 ----a-w- c:\windows\system32\atmfd(2).dll
2012-11-02 02:02 . 2004-08-19 15:39 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2007-10-27 03:14 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2007-10-27 03:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 12:17 . 2007-10-27 03:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 00:35 . 2007-10-27 03:14 385024 ----a-w- c:\windows\system32\html.iec
2012-06-17 19:15 . 2011-06-24 23:43 85472 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2012-12-20 1521952]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2011-01-29 16:06 2447360 ----a-w- c:\programmi\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\programmi\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programmi\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programmi\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 68856]
"lollipop"="c:\documents and settings\user\impostazioni locali\dati applicazioni\lollipop\lollipop.exe" [2013-01-12 1679360]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2013-01-08 18708224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-04 122880]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"TkBellExe"="c:\programmi\real\realplayer\update\realsched.exe" [2012-12-31 295072]
"ApnUpdater"="c:\programmi\Ask.com\Updater\Updater.exe" [2012-12-20 1574176]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2012-12-07 384800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2012-11-23 22:54 3262816 ----a-w- c:\programmi\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clip2Net]
2009-10-07 22:44 1635328 ----a-w- c:\programmi\Clip2Net\clip2net.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2011-07-24 00:33 2844848 ----a-w- c:\programmi\DAP\DAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Game Fire]
2011-03-08 11:26 46592 ----a-w- c:\programmi\Smart PC Utilities\Game Fire\GFTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-12-04 18:11 122880 ----a-w- c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2008-11-11 10:06 33521664 ----a-w- c:\programmi\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:11 3872080 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MzCpuAccelerator]
2009-01-10 18:10 199680 ----a-w- c:\programmi\Mz_CpuAcc\MzCpuAccelerator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-10-07 12:33 13574144 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-10-07 12:33 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-10-07 12:33 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2009-04-29 10:28 468408 ----a-w- c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-01-04 21:10 1354736 ----a-w- c:\programmi\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-20 23:00 68856 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-12-31 13:52 295072 ----a-w- c:\programmi\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Steam Client Service"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"Skype C2C Service"=2 (0x2)
"ServiceLayer"=3 (0x3)
"RealNetworks Downloader Resolver Service"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"AntiVirWebService"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Steam\\steamapps\\common\\warincbattlezone\\WarInc.exe"=
"c:\\Programmi\\Steam\\Steam.exe"=
"c:\\Programmi\\Steam\\steamapps\\common\\warincbattlezone\\rsupdate.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/01/2013 12.02.48 36552]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [10/01/2013 12.02.50 85280]
R2 AntiVirWebService;Avira Web Protection;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [10/01/2013 12.02.48 565024]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [02/12/2008 18.46.24 878976]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [05/03/2008 20.26.40 36864]
S3 netr73;D-Link DWA-111 Wireless G USB Adapter Driver;c:\windows\system32\drivers\netr73.sys [24/02/2009 19.04.47 256000]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\programmi\RealNetworks\RealDownloader\rndlresolversvc.exe [29/11/2012 20.31.04 38608]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/12/2012 14.26.20 3290896]
S4 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [08/01/2013 14.41.40 161536]
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:47]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-04-25 15:26]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-04-25 15:26]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1644491937-725345543-1004Core.job
- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-07-22 15:36]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1644491937-725345543-1004UA.job
- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-07-22 15:36]
.
2013-01-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
2013-01-16 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-842925246-1644491937-725345543-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-01-14 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-842925246-1644491937-725345543-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-01-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-01-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1644491937-725345543-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-01-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-01-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1644491937-725345543-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-01-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2012-12-20 20:56]
.
2013-01-11 c:\windows\Tasks\UpdateCheck.job
- c:\programmi\Smart PC Utilities\Game Fire\UpdateCheck.exe [2011-03-08 13:40]
.
2013-01-16 c:\windows\Tasks\User_Feed_Synchronization-{6073BF1C-8553-4860-B5E7-9335725B78F5}.job
- c:\windows\system32\msfeedssync.exe [2007-10-27 02:31]
.
2013-01-16 c:\windows\Tasks\User_Feed_Synchronization-{BC5BB0D8-13D6-4F59-A3A0-0155AEFE8F49}.job
- c:\windows\system32\msfeedssync.exe [2007-10-27 02:31]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = local
IE: &Clean Traces - c:\programmi\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programmi\DAP\dapextie.htm
IE: Download &all with DAP - c:\programmi\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\User\Menu Avvio\Programmi\IMVU\Run IMVU.lnk
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\8fqx2x5u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://it.msn.com/?pc=UP21&ocid=UP21DHP&dt=011213
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=011213&q=
FF - ExtSQL: !HIDDEN! 2009-03-23 13:44; {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}; c:\programmi\Mozilla Firefox\extensions\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}
FF - ExtSQL: !HIDDEN! 2009-08-27 03:57; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extentions.y2layers.installId - 3305e8c1-98f1-4262-9bfd-9774b99d944e
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-01-16 14:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @DenieD: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,d6,05,77,ae,d2,41,4d,af,c0,86,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,d6,05,77,ae,d2,41,4d,af,c0,86,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,0d,88,f3,7e,d4,d0,4d,b4,d0,90,\
.
[HKEY_USERS\S-1-5-21-842925246-1644491937-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:f1,e0,3e,8c,35,2f,47,c5,69,f0,c6,54,6a,80,6a,07,7b,09,74,c4,45,
5d,8b,f6,41,89,c8,b8,0e,65,ca,06,d3,3c,b2,33,ed,d5,5e,f9,ef,c1,c4,19,39,84,\
"rkeysecu"=hex:29,d0,93,d3,6a,d0,8f,2c,b5,2e,fa,a0,80,97,9d,5e
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'lsass.exe'(700)
c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(3620)
c:\windows\system32\WININET.dll
c:\programmi\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
Ora fine scansione: 2013-01-16 14:30:36
ComboFix-quarantined-files.txt 2013-01-16 13:30
.
Pre-Run: 267.500.294.144 byte disponibili
Post-Run: 267.476.242.432 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /execute /fastdetect /usepmtimer
.
- - End Of File - - 6536CA97FE2E51230F6BED0417B792CC

 

[tecnico24]

Ciao.
C'è la discussione ufficiale
http://www.tomshw.it/forum/sicurezza/276953-apertura-pagine-pubblicitarie-postate-qui.html
leggi le istruzioni del post #1 e allega i due report
chiudo.