Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Problema Virus.. Report di ComboFix cosa eliminare?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Problema Virus.. Report di ComboFix cosa eliminare?

Postdi Thalion » 02/11/12 10:23

Da tempo ho dei virus sul pc segnalati da Avira, ho seguito le indicazioni di @FrancescoFDAC un altro topic e ho fatto la scansione con ComboFix..cosa devo eliminare? Rispondetemi presto non ne posso più! Ecco il report di ComboFix:

ComboFix 12-10-31.03 - Simone2 02/11/2012 9:58.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.2047.1247 [GMT 1:00]
Eseguito da: c:\users\Simone2\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
c:\windows\Installer\{52175ddb-ab89-40f2-d975-4c614953e4b1}\@
c:\windows\Installer\{52175ddb-ab89-40f2-d975-4c614953e4b1}\U\00000001.@
c:\windows\Installer\{52175ddb-ab89-40f2-d975-4c614953e4b1}\U\80000000.@
c:\windows\Installer\{52175ddb-ab89-40f2-d975-4c614953e4b1}\U\800000cb.@
c:\windows\IsUn0410.exe
c:\windows\system32\Oleaut32.1
.
La copia infetta di c:\windows\system32\services.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Boonty Games
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-02 al 2012-11-02 )))))))))))))))))))))))))))))))))))
.
.
2012-11-02 09:07 . 2012-11-02 09:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-02 09:07 . 2012-11-02 09:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-02 08:37 . 2012-11-02 08:37 -------- d-----w- C:\adobeTemp
2012-11-02 08:31 . 2012-11-02 08:31 -------- d-----w- c:\users\Simone2
2012-10-30 17:12 . 2012-11-01 09:12 -------- d-----w- c:\program files\Ask.com
2012-10-29 13:43 . 2012-11-01 09:11 -------- d-----w- c:\users\Simon2
2012-10-28 14:04 . 2012-10-28 14:04 -------- d-----w- c:\programdata\NCH Software
2012-10-28 14:04 . 2012-10-29 13:19 -------- d-----w- c:\program files\NCH Software
2012-10-25 13:12 . 2012-10-25 13:12 -------- d-----w- C:\found.000
2012-10-19 14:49 . 2012-10-24 13:10 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-12 13:16 . 2012-10-15 13:14 -------- d-----w- c:\program files\WebSite X5 v9 - Free
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-11 10:45 . 2012-09-11 10:45 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-09-11 10:45 . 2012-09-11 10:45 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-09-07 08:38 . 2012-09-07 08:38 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-09-07 08:31 . 2012-09-07 08:32 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-07 08:31 . 2012-06-01 13:28 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-07 08:31 . 2011-05-01 14:34 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-06 17:51 . 2012-09-06 17:51 138904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-09-06 17:51 . 2012-09-06 17:51 281872 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-06 17:51 . 2012-09-06 17:51 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-08-22 13:45 . 2012-08-29 19:25 6100328 ----a-w- c:\windows\system32\nvopencl.dll
2012-08-22 13:45 . 2012-08-29 19:25 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-08-22 13:45 . 2012-08-29 19:25 7626088 ----a-w- c:\windows\system32\nvcuda.dll
2012-08-22 13:45 . 2012-08-29 19:25 2573672 ----a-w- c:\windows\system32\nvcuvid.dll
2012-08-22 13:45 . 2012-08-29 19:25 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-08-22 13:45 . 2012-08-29 19:25 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-08-22 13:45 . 2012-08-29 19:24 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-08-22 13:45 . 2011-12-29 14:05 19828584 ----a-w- c:\windows\system32\nvoglv32.dll
2012-08-22 13:45 . 2011-10-09 11:20 1010536 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-22 13:45 . 2011-02-24 16:10 2422120 ----a-w- c:\windows\system32\nvapi.dll
2012-08-22 13:45 . 2009-06-10 21:19 15291752 ----a-w- c:\windows\system32\nvd3dum.dll
2012-08-22 11:47 . 2011-01-07 20:06 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-22 11:47 . 2011-01-07 20:06 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-08-22 11:47 . 2011-01-07 20:06 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-22 11:47 . 2011-01-07 20:06 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-22 11:46 . 2011-01-07 20:06 3963240 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-22 11:46 . 2011-01-07 20:06 2836840 ----a-w- c:\windows\system32\nvsvc.dll
2012-11-01 09:52 . 2012-11-01 09:52 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-02 348664]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-9-30 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 kbewmwnu;kbewmwnu;c:\windows\system32\drivers\kbewmwnu.sys [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BthAvrcp;Profilo Bluetooth AVRCP;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Classic\safedrv.sys [x]
R3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AFS;AFS; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Scansione supplementare -------
.
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 78.46.86.74 92.48.119.73
FF - ProfilePath - c:\users\Simone2\AppData\Roaming\Mozilla\Firefox\Profiles\heqbzlf3.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-10 - (no file)
Toolbar-!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-CorelDRAW Graphics Suite 11b - (no file)
HKLM-Run-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
AddRemove-PunkBusterSvc - c:\program files\GAMERSFIRST\APB RELOADED\Binaries\pbsvc_apb.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b5e8a4c.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2012-11-02 10:15:21 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-11-02 09:15
.
Pre-Run: 219.116.285.952 byte disponibili
Post-Run: 219.012.362.240 byte disponibili
.
- - End Of File - - DDF117677ACF75F71DBB67B2BC081C6D
Thalion
Newbie
 
Post: 5
Iscritto il: 02/11/12 09:44

Sponsor
 

Re: Problema Virus.. Report di ComboFix cosa eliminare?

Postdi shel » 02/11/12 11:36

ciao....che colpo di fortuna hai appena eliminato il rootkit zero access vediamo cosa rimane

disattiva il ripristino poi fai queste due scansioni

Scarica e installa malwarebytes.

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"

Esegui una "scansione completa" (seleziona l'opzione)

A scansione completa, fai clic su OK => Mostra i Risultati => ed elimina tutto cio' che rileva

Posta il rapporto



ScaricaOTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Problema Virus.. Report di ComboFix cosa eliminare?

Postdi Thalion » 02/11/12 14:12

Il rapporto di MalwareBytes:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Versione database: v2012.11.02.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Simone2 :: USER-PC [amministratore]

02/11/2012 11:51:00
mbam-log-2012-11-02 (11-51-00).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|G:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 441477
Tempo impiegato: 1 ore, 41 minuti, 15 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 4
C:\Qoobox\Quarantine\C\Windows\Installer\{52175ddb-ab89-40f2-d975-4c614953e4b1}\U\800000cb.@.vir (Rootkit.0Access) -> Spostato in quarantena ed eliminato con successo.
D:\Donatella\Desktop\installer_virtual_dj_Italian.exe (PUP.SmsPay.PGen) -> Spostato in quarantena ed eliminato con successo.
D:\simone\Desktop\giochi di simo\the sims 3 - crack (2).exe (Backdoor.Bifrose) -> Spostato in quarantena ed eliminato con successo.
D:\simone\Desktop\giochi di simo\the sims 3 - crack.exe (Backdoor.Bifrose) -> Spostato in quarantena ed eliminato con successo.

Per i due file che vengono dallo scan di OTL come te li faccio vedere? :)
Thalion
Newbie
 
Post: 5
Iscritto il: 02/11/12 09:44

Re: Problema Virus.. Report di ComboFix cosa eliminare?

Postdi shel » 02/11/12 17:33

allegali qui > www.wikisend.com
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56


Re: Problema Virus.. Report di ComboFix cosa eliminare?

Postdi shel » 02/11/12 18:33

apri otl e copia questo codice in rosso



:OTL
DRV - (kbewmwnu) -- C:\Windows\system32\drivers\kbewmwnu.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (GGSAFERDriver) -- C:\Program Files\Garena Classic\safedrv.sys File not found
DRV - (catchme) -- C:\Users\Simone2\AppData\Local\Temp\catchme.sys File not found
DRV - (adu4vt7k) -- File not found
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.46.86.74 92.48.119.73
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04FC0031-2638-426E-AE7D-416BA431B05D}: DhcpNameServer = 78.46.86.74 92.48.119.73
FF - user.js - File not found
[2012/11/02 09:46:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/30 18:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/11/02 09:48:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/02 09:48:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/02 09:48:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/02 09:48:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/02 09:48:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe


:Files
C:\Windows\Installer\{52175ddb-ab89-40f2-d975-4c614953e4b1}\L
C:\Windows\Installer\{52175ddb-ab89-40f2-d975-4c614953e4b1}\U
C:\Windows\assembly\Desktop.ini
ipconfig /flushdns /c

:commands
[purity]
[Reboot]





premi run fix e posta il nuovo log
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Problema Virus.. Report di ComboFix cosa eliminare?

Postdi Thalion » 02/11/12 18:47

========== OTL ==========
Service kbewmwnu stopped successfully!
Service kbewmwnu deleted successfully!
File C:\Windows\system32\drivers\kbewmwnu.sys File not found not found.
Service hwdatacard stopped successfully!
Service hwdatacard deleted successfully!
File system32\DRIVERS\ewusbmdm.sys File not found not found.
Service GGSAFERDriver stopped successfully!
Service GGSAFERDriver deleted successfully!
File C:\Program Files\Garena Classic\safedrv.sys File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\Simone2\AppData\Local\Temp\catchme.sys File not found not found.
Error: No service named adu4vt7k was found to stop!
Service\Driver key adu4vt7k not found.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{04FC0031-2638-426E-AE7D-416BA431B05D}\\DhcpNameServer| /E : value set successfully!
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine\C\Windows\System32 folder moved successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{52175ddb-ab89-40f2-d975-4c614953e4b1}\U folder moved successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{52175ddb-ab89-40f2-d975-4c614953e4b1} folder moved successfully.
C:\Qoobox\Quarantine\C\Windows\Installer folder moved successfully.
C:\Qoobox\Quarantine\C\Windows folder moved successfully.
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup folder moved successfully.
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs folder moved successfully.
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu folder moved successfully.
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows folder moved successfully.
C:\Qoobox\Quarantine\C\ProgramData\Microsoft folder moved successfully.
C:\Qoobox\Quarantine\C\ProgramData folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
Folder move failed. C:\Qoobox\BackEnv scheduled to be moved on reboot.
C:\Qoobox folder moved successfully.
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
C:\Windows\PEV.exe moved successfully.
C:\Windows\MBR.exe moved successfully.
C:\Windows\sed.exe moved successfully.
C:\Windows\grep.exe moved successfully.
C:\Windows\zip.exe moved successfully.
========== FILES ==========
C:\Windows\Installer\{52175ddb-ab89-40f2-d975-4c614953e4b1}\L folder moved successfully.
C:\Windows\Installer\{52175ddb-ab89-40f2-d975-4c614953e4b1}\U folder moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Simone2\Desktop\cmd.bat deleted successfully.
C:\Users\Simone2\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 11022012_184334

Files\Folders moved on Reboot...
File\Folder C:\Qoobox\BackEnv not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Thalion
Newbie
 
Post: 5
Iscritto il: 02/11/12 09:44

Re: Problema Virus.. Report di ComboFix cosa eliminare?

Postdi shel » 02/11/12 19:23

Perfetto

ora disattiva il ripristino lo riattiveremo alla fine

scarica e installa ccleaner
Importante:
In fase d’installazione togli la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)

Correzione errori File di Registro
CCleaner
Clicca i tasti:
- Registro (Secondo tasto in alto a Sinistra)
- Trova Problemi (Pulsante in basso Centrale)
- Ripara selezionati Pulsante in basso a Destra
- alla domanda:
- Vuoi eseguire il Backup delle modifiche del Registro”
- clicca:
- SI


- ScaricaATF-Cleaner
(Non richiede installazione)
Spunta la voce:
- Select all
Premi il tasto:
- Empty Select

esegui una nuova scansione con combofix e allega il risultato, caricalo su wikisend non devi incollarlo
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56


Re: Problema Virus.. Report di ComboFix cosa eliminare?

Postdi shel » 02/11/12 21:12

a me sembra tutto a posto

apri otl e clicca su cleanup rimuoverai i tool che hai scaricato, ripeti la pulizia con ccleaner, riattiva il ripristino e crea un nuovo punto, per sicurezza appena hai un po' di tempo fa una scansione con avira e vedi se rileva qualcosa

fammi sapere se il pc ora va meglio
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Problema Virus.. Report di ComboFix cosa eliminare?

Postdi aimo74 » 16/11/12 19:05

ciao , anche io ho un problema simile qualcuno mi può aiutare , premetto che di pc ne capisco poco :cry:
vi posto il log

ComboFix 12-11-16.02 - Utente 16/11/2012 18.03.10.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.383.131 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
La copia infetta di c:\windows\system32\msgsvc.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\erdnt\cache\msgsvc.dll
.
c:\windows\system32\drivers\usbehci.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-16 al 2012-11-16 )))))))))))))))))))))))))))))))))))
.
.
2012-11-10 13:04 . 2012-11-15 20:12 -------- d-----r- C:\Programmi
2012-11-10 13:01 . 2012-11-10 12:31 -------- d-----w- C:\Documents and Settings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\programmi\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SpywareTerminatorShield"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2012-11-09 2777296]
"SpywareTerminatorUpdater"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-11-09 3673808]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
.
c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
lolipop.lnk - c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Lollipop\lolipop.exe [2012-11-16 858112]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^caqoeck.lnk]
path=c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\caqoeck.lnk
backup=c:\windows\pss\caqoeck.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-04-21 16:03 94208 ----a-w- c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2002-12-31 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 12:03 36975 ----a-w- c:\programmi\Java\jre1.5.0_06\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/11/2012 17.19.45 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/11/2012 17.19.50 361032]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [15/11/2012 21.14.36 32768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/11/2012 17.19.50 21256]
R2 MBAMScheduler;MBAMScheduler;c:\programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe [13/11/2012 20.32.42 399432]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [13/11/2012 20.32.42 676936]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\programmi\Spyware Terminator\st_rsser.exe [15/11/2012 21.14.24 587472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13/11/2012 20.32.33 22856]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-11-16 c:\windows\Tasks\avast! Emergency Update.job
- c:\programmi\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-10 22:50]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-507921405-1060284298-1003Core.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-11-10 15:35]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-507921405-1060284298-1003UA.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-11-10 15:35]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/index.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-16 18:17
Windows 5.1.2600 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.EXE'(1676)
c:\windows\system32\MSCTF.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVAST Software\Avast\AvastSvc.exe
c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2012-11-16 18:22:53 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-11-16 17:22
ComboFix2.txt 2012-11-16 16:33
.
Pre-Run: 29.436.657.664 byte disponibili
Post-Run: 29.431.115.776 byte disponibili
.
- - End Of File - - E9995CB459D92D18D6BEBF0A21827B47
aimo74
Utente Junior
 
Post: 38
Iscritto il: 10/12/08 11:42

Re: Problema Virus.. Report di ComboFix cosa eliminare?

Postdi aimo74 » 16/11/12 19:06

grazie :D :D :D
aimo74
Utente Junior
 
Post: 38
Iscritto il: 10/12/08 11:42

Re: Problema Virus.. Report di ComboFix cosa eliminare?

Postdi Luke57 » 17/11/12 10:09

Ciao, sacarica otl.exe sul desktop
http://oldtimer.geekstogo.com/OTL.exe

Esegui il file OTL.exe
(Dopo aver eseguito OTL, sui sistemi Windows 7 e Windows Vista si dovrà rispondere in modo affermativo alla comparsa del messaggio di avviso di UAC.)

Metti la spunta nelle caselle:
"Scan all users"


Clicca su Run scan
Finita la scansione che potrebbe impiegare diverso tempo, OTL produrrà due file di log (OTL.txt ed Extras.txt), memorizzati nella medesima cartella del programma.


Zippali in un file e inseriscili qui:
http://wikisend.com/

(premendo Sfoglia e poi upload, dopo aver individuato il file medesimo)

fornendo nel prossimo post il link , che ti sarà assegnato dopo l'upload, per poterli vedere.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Problema Virus.. Report di ComboFix cosa eliminare?

Postdi aimo74 » 17/11/12 13:20

aimo74
Utente Junior
 
Post: 38
Iscritto il: 10/12/08 11:42

Re: Problema Virus.. Report di ComboFix cosa eliminare?

Postdi Luke57 » 17/11/12 15:56

Apri OTL.exe, Nel box bianco copia e incolla le scritte in neretto:

:OTL
PRC - [2012/11/17 12.20.46 | 000,950,272 | ---- | M] () -- C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Lollipop\lollipop.exe
O4 - Startup: C:\Documents and Settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\lollipop.lnk = C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Lollipop\lollipop.exe ()
[2012/11/10 18.31.52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Lollipop
[2012/11/17 13.02.53 | 000,001,140 | ---- | M] () -- C:\Documents and Settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\lollipop.lnk
[2012/11/10 17.31.11 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/10 13.34.21 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

:folders
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Lollipop

:commands
[purity]
[emptytemp]

Clicca sul pulsante RUN FIX .
Lascia fare la scansione senza interferire.
Il pc si riavvierà

Posta il log.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Problema Virus.. Report di ComboFix cosa eliminare?

Postdi aimo74 » 17/11/12 19:18

All processes killed
========== OTL ==========
No active process named lollipop.exe was found!
C:\Documents and Settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\lollipop.lnk moved successfully.
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Lollipop\lollipop.exe moved successfully.
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Lollipop folder moved successfully.
File C:\Documents and Settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\lollipop.lnk not found.
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\WINDOWS\assembly\Desktop.ini moved successfully.
Error: Unable to interpret <:folders> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Lollipop> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Utente
->Temp folder emptied: 671552 bytes
->Temporary Internet Files folder emptied: 547733 bytes
->Google Chrome cache emptied: 80696349 bytes
->Flash cache emptied: 348 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2987776 bytes
%systemroot%\System32 .tmp files removed: 2885 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 81,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11172012_191015

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
aimo74
Utente Junior
 
Post: 38
Iscritto il: 10/12/08 11:42


Torna a Sicurezza e Privacy


Topic correlati a "Problema Virus.. Report di ComboFix cosa eliminare?":

Problema Windows 10
Autore: asso1998
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 6 ospiti