Condividi:        

combofix ha rilevato un virus su syst32 su windows.

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

combofix ha rilevato un virus su syst32 su windows.

Postdi momoland » 07/05/14 09:09

Buon giorno a tutti. da qualche giorno ho notato che ho problemi con la connessione ad internet ed allora ho pensato di fare sia una scansione con l'antivirus avast, il quale ha rilevato 4 virus, successivamente eliminati. il problema sembrava risolto ma il giorno dopo avevo di nuovo lo stesso problema. allora ho usato combofix il quale mi ha rilevato un virus su c:\windows\system32\eucedit.exe. mi sapete dire come eliminare il virus?
grazie

questo è il risultato della scansione:
ComboFix 14-05-05.01 - utente 07/05/2014 9.18.41.8.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2006.1550 [GMT 2:00]
Eseguito da: c:\documents and settings\utente\Documenti\Download\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\eudcedit.exe . . . è infetto!!
.
.
((((((((((((((((((((((((( Files Creati Da 2014-04-07 al 2014-05-07 )))))))))))))))))))))))))))))))))))
.
.
2014-05-05 08:49 . 2014-05-05 08:49 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\DropboxMaster
2014-05-02 09:48 . 2014-05-02 09:48 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-02 09:48 . 2014-05-02 09:48 43152 ----a-w- c:\windows\avastSS.scr
2014-04-28 19:36 . 2014-04-28 19:36 17931952 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-04-28 10:42 . 2014-04-28 11:05 -------- d-----w- C:\F24
2014-04-28 10:38 . 2014-04-14 18:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-14 07:41 . 2014-04-14 07:41 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-02 09:48 . 2013-12-23 08:19 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-05-02 09:48 . 2013-12-23 08:19 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-05-02 09:48 . 2013-12-23 08:19 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-02 09:48 . 2013-12-23 08:19 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-02 09:48 . 2013-12-23 08:19 411552 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-05-02 09:48 . 2013-12-23 08:19 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-05-02 09:48 . 2013-12-23 08:19 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-05-02 09:48 . 2013-04-25 13:24 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-02 09:48 . 2014-03-29 11:07 252464 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2014-04-28 19:36 . 2012-11-16 12:05 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-28 19:36 . 2011-11-03 13:56 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-14 17:47 . 2011-11-03 14:24 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-03-31 22:29 . 2014-03-31 22:29 55232 ----a-w- c:\windows\system32\drivers\tStLib.sys
2014-03-29 11:06 . 2014-03-29 11:07 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-03-29 11:06 . 2014-03-29 11:06 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2014-03-06 17:58 . 2009-08-29 07:49 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2009-08-29 07:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 17:58 . 2009-03-08 04:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2009-03-08 04:33 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2009-03-08 04:35 385024 ----a-w- c:\windows\system32\html.iec
2014-02-26 23:28 . 2014-03-29 10:54 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-07 06:36 . 2009-07-17 15:56 1879040 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-18 . 393AA70EB9F05EFC1F9B471DE4A2F08A . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\programmi\adawaretb\adawareDx.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-02 09:48 260976 ----a-w- c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\utente\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\utente\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\utente\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\utente\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cacaoweb"="c:\programmi\cacaoweb\cacaoweb.exe" [BU]
"Samsung Drive Manager"="c:\programmi\Clarus\Samsung Drive Manager\Drive Manager.exe" [BU]
"Media Finder"="c:\programmi\Media Finder\Media Finder.exe" [BU]
"Clownfish"="c:\programmi\Clownfish\Clownfish.exe" [2013-08-21 1277688]
"uTorrent"="c:\documents and settings\utente\Dati applicazioni\uTorrent\uTorrent.exe" [2014-04-29 1270352]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atchk"="c:\programmi\Intel\AMT\atchk.exe" [2007-06-07 408344]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"JobHisInit"="c:\programmi\RDS\RMClient\JobHisInit.exe" [2007-08-30 229481]
"MplSetUp"="c:\programmi\RDS\RMClient\MplSetUp.exe" [2007-08-30 49254]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\programmi\AVAST Software\Avast\AvastUI.exe" [2014-05-02 3873704]
"mobilegeni daemon"="c:\programmi\Mobogenie\DaemonProcess.exe" [BU]
"IDProtect Monitor"="c:\programmi\Athena\IDProtect Client\Utils\IDProtect Monitor.exe" [2010-12-02 323664]
"bit4id csp store register (M)"="c:\windows\system32\bit4upki-store.dll" [2010-08-10 151552]
"SDTray"="c:\programmi\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\utente\Menu Avvio\Programmi\Esecuzione automatica\
Dropbox.lnk - c:\documents and settings\utente\Dati applicazioni\Dropbox\bin\Dropbox.exe /systemstartup [2014-4-18 33604728]
OpenOffice.org 3.3.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2012-2-5 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NAUpdate"=2 (0x2)
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Documents and Settings\\utente\\Dati applicazioni\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\utente\\Dati applicazioni\\Dropbox\\bin\\Dropbox.exe"=
"h:\\eMule AdunanzA\\eMule_AdnzA.exe"=
"h:\\eMule AdunanzA\\LinkCreator.exe"=
"c:\\Programmi\\XMind\\XMind.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\utente\\Dati applicazioni\\Tencent\\QQ\\STemp\\SetupEx~0\\QQSetupEx.exe"=
"c:\\Programmi\\Tencent\\QQIntl\\Bin\\QQ.exe"=
"c:\\Programmi\\File comuni\\Tencent\\QQDownload\\119\\Tencentdl.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1022:TCP"= 1022:TCP:Driver Twain
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [29/03/2014 13.06.42 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [29/03/2014 13.07.10 252464]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [27/03/2013 22.13.17 13560]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [29/03/2014 13.07.10 26136]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [26/03/2012 18.07.15 101720]
R1 tStLib;tStLib;c:\windows\system32\drivers\tStLib.sys [01/04/2014 0.29.07 55232]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [03/11/2011 12.25.09 36608]
S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [23/12/2013 10.19.39 49944]
S0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [23/12/2013 10.19.40 180632]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/12/2013 10.19.40 776976]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/12/2013 10.19.39 411552]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [18/08/2009 14.50.49 9472]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [02/05/2014 11.48.53 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [23/12/2013 10.19.38 67824]
S2 avast! Firewall;avast! Firewall;c:\programmi\AVAST Software\Avast\afwServ.exe [29/03/2014 13.06.42 109048]
S2 NAUpdate;@c:\programmi\Nero\Update\NASvc.exe,-200;c:\programmi\Nero\Update\NASvc.exe [23/09/2011 19.37.42 641832]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programmi\Spybot - Search & Destroy 2\SDFSSvc.exe [31/03/2014 23.11.15 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe [31/03/2014 23.11.18 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\programmi\Spybot - Search & Destroy 2\SDWSCSvc.exe [31/03/2014 23.11.19 168384]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 10.58.16 3275136]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [23/10/2013 9.15.08 172192]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\programmi\Intel\AMT\UNS.exe [03/11/2011 12.16.00 2521880]
S3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\drivers\aswTap.sys [22/11/2013 10.34.41 35272]
S3 EZUSB;EZUSB PC/SC Smart Card Reader;c:\windows\system32\drivers\ezusb.sys [09/11/2011 10.50.27 56716]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [14/12/2011 9.36.59 89600]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [03/04/2013 13.32.02 41584]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [28/09/2009 10.55.38 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [16/11/2011 11.22.08 24880]
S3 swyetskp;swyetskp; [x]
S4 gwoetowj;gwoetowj;c:\windows\system32\drivers\gwoetowj.sys [23/10/2013 9.01.53 403440]
S4 TeamViewer6;TeamViewer 6;c:\docume~1\ADMINI~1\IMPOST~1\Temp\TeamViewer\Version6\TeamViewer_Service.exe --> c:\docume~1\ADMINI~1\IMPOST~1\Temp\TeamViewer\Version6\TeamViewer_Service.exe [?]
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-16 19:37]
.
2014-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2014-05-06 c:\windows\Tasks\avast! Emergency Update.job
- c:\programmi\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-02 09:48]
.
2014-05-05 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDUpdate.exe [2014-03-31 12:08]
.
2014-05-05 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job
- c:\windows\system32\xp_eos.exe [2014-03-29 23:28]
.
2014-04-08 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job
- c:\windows\system32\xp_eos.exe [2014-03-29 23:28]
.
2014-05-07 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDImmunize.exe [2014-03-31 12:07]
.
2014-05-02 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDScan.exe [2014-03-31 12:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: Download with &Media Finder - c:\programmi\Media Finder\hook.html
IE: {{CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} -
TCP: Interfaces\{C79E3A71-725B-4492-88F8-A62AF852B956}: NameServer = 205.210.42.205,64.68.200.200
FF - ProfilePath - c:\documents and settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\gq1o68j0.default\
FF - prefs.js: browser.search.selectedEngine - Ixquick HTTPS
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=ir ... 221425&ir=
FF - prefs.js: network.proxy.ftp - 183.207.228.6
FF - prefs.js: network.proxy.ftp_port - 8000
FF - prefs.js: network.proxy.http - 183.207.228.6
FF - prefs.js: network.proxy.http_port - 8000
FF - prefs.js: network.proxy.socks - 183.207.228.6
FF - prefs.js: network.proxy.socks_port - 8000
FF - prefs.js: network.proxy.ssl - 183.207.228.6
FF - prefs.js: network.proxy.ssl_port - 8000
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2013-09-02 19:48; 39ffxtbr@MapsGalaxy_39.com; c:\programmi\MapsGalaxy_39\bar\1.bin
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 44337a0e000000000000001e9012985f
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15784
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.011:43
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - 44337a0e000000000000001e9012985f
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16109
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.311:01
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
FF - user.js: extensions.irmysearch.aflt - ir_14_14_ff
FF - user.js: extensions.irmysearch.instlRef - 140305_b
FF - user.js: extensions.irmysearch.cr - 1763221425
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtC0EzytDtCtBzyzzyD0FyB0AtD0EtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzy0CtC0AtAyEzytGyEyCzyyEtG0B0ByEyEtGzyyCzzzytGtDyB0AtA0FtA0FyBtC0FyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0F0D0DyDtA0AtG0D0ByB0EtG0ByC0C0BtGtA0Dzz0AtGtB0FtC0E0BtCyDzztBtA0AyC2Q
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=ir ... 221425&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=ir ... 221425&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=ir ... 425&ir=&q=
FF - user.js: extensions.mysearchdial.id - 001E9012985F7A0E
FF - user.js: extensions.mysearchdial.instlDay - 16160
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.022:57
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - ir_14_14_ff
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 140305_b
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial.cr - 1763221425
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtC0EzytDtCtBzyzzyD0FyB0AtD0EtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzy0CtC0AtAyEzytGyEyCzyyEtG0B0ByEyEtGzyyCzzzytGtDyB0AtA0FtA0FyBtC0FyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtC0F0D0DyDtA0AtG0D0ByB0EtG0ByC0C0BtGtA0Dzz0AtGtB0FtC0E0BtCyDzztBtA0AyC2Q
FF - user.js: extensions.mysearchdial.AL - 2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-07 09:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(256)
c:\windows\system32\WININET.dll
c:\documents and settings\utente\Dati applicazioni\Dropbox\bin\DropboxExt.22.dll
c:\windows\system32\msi.dll
.
Ora fine scansione: 2014-05-07 09:24:53
ComboFix-quarantined-files.txt 2014-05-07 07:24
ComboFix2.txt 2014-05-05 15:03
ComboFix3.txt 2013-07-06 07:48
ComboFix4.txt 2013-04-24 17:02
ComboFix5.txt 2014-05-07 07:17
.
Pre-Run: 185.964.244.992 byte disponibili
Post-Run: 185.957.683.200 byte disponibili
.
- - End Of File - - 702B9639F8AC21539B22B8F52DFE5DD2
828E02D5C4A4FBE53441EE9DBEE51F43
momoland
Utente Junior
 
Post: 13
Iscritto il: 13/02/10 19:22

Sponsor
 

Re: combofix ha rilevato un virus su syst32 su windows.

Postdi momoland » 07/05/14 09:50

questo è invece il risultato della scansione con hijackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10.48.44, on 07/05/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVAST Software\Avast\AvastSvc.exe
C:\Programmi\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\AMT\atchksrv.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\Intel\AMT\LMS.exe
C:\Programmi\Nero\Update\NASvc.exe
C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\AMT\UNS.exe
C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\AMT\atchk.exe
C:\Programmi\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\AVAST Software\Avast\AvastUI.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe
C:\Programmi\Clownfish\Clownfish.exe
C:\Documents and Settings\utente\Dati applicazioni\uTorrent\uTorrent.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Documents and Settings\utente\Dati applicazioni\Dropbox\bin\Dropbox.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy 2\SDScan.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programmi\adawaretb\adawareDx.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [atchk] "C:\Programmi\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [JobHisInit] C:\Programmi\RDS\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Programmi\RDS\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Programmi\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Programmi\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [IDProtect Monitor] "C:\Programmi\Athena\IDProtect Client\Utils\IDProtect Monitor.exe"
O4 - HKLM\..\Run: [bit4id csp store register (M)] "RUNDLL32.EXE" "C:\WINDOWS\system32\bit4upki-store.dll",RegisterMyPhysicalStore
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\RunOnce: [SpybotDeletingE1250] "C:\Programmi\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [cacaoweb] "C:\Programmi\cacaoweb\cacaoweb.exe" -noplayer
O4 - HKCU\..\Run: [Samsung Drive Manager] C:\Programmi\Clarus\Samsung Drive Manager\Drive Manager.exe -Hide
O4 - HKCU\..\Run: [Media Finder] "C:\Programmi\Media Finder\Media Finder.exe" /opentotray
O4 - HKCU\..\Run: [Clownfish] "C:\Programmi\Clownfish\Clownfish.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\utente\Dati applicazioni\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingF8996] "C:\Programmi\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\WINDOWS\SchedLgU.Txt"
O4 - HKUS\S-1-5-21-117609710-630328440-1801674531-500\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /minimized /regrun (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\utente\Dati applicazioni\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: Download with &Media Finder - C:\Programmi\Media Finder\hook.html
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Site Finder - {CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C79E3A71-725B-4492-88F8-A62AF852B956}: NameServer = 205.210.42.205,64.68.200.200
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Programmi\Intel\AMT\atchksrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Programmi\AVAST Software\Avast\afwServ.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Programmi\Intel\AMT\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Programmi\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Programmi\Nero\Update\NASvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Programmi\Intel\AMT\UNS.exe

--
End of file - 9886 bytes
momoland
Utente Junior
 
Post: 13
Iscritto il: 13/02/10 19:22


Torna a Sicurezza e Privacy


Topic correlati a "combofix ha rilevato un virus su syst32 su windows.":

aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1
Windows Update
Autore: gele
Forum: Sistemi Operativi Windows
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 70 ospiti