Condividi:        

PC moolto infetto

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

PC moolto infetto

Postdi Marco83 » 25/10/10 09:56

Ciao a tutti,
ho fatto una scansione con malwarebytes al Pc di un mio amico e tipo mi ha trovato 73 problemi. Ho rimosso tutto. Poi ho avviato anche ComboFix. Infine ho riscansionato con MB ma mi trova ancora una 40ina di problemi che non riesce a risolvere. Come posso fare? I sintomi del computer sono lentezza e a volte si blocca completamente...
Vi posto il log di Hijackthis.
Thank you in advance

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.51.29, on 25/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\EeePC\ACPI\AsTray.exe
C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
C:\Programmi\EeePC\ACPI\AsEPCMon.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Elantech\ETDCtrl.exe
C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AsusTray] C:\Programmi\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmi\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Programmi\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [Mobile Partner] "C:\Programmi\3 Internet\3 Internet.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1078081533-1390067357-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-21-1078081533-1390067357-725345543-500\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

--
End of file - 6395 bytes

Marco83
Utente Senior
 
Post: 166
Iscritto il: 12/09/06 16:32

Sponsor
 

Re: PC moolto infetto

Postdi Luke57 » 25/10/10 10:01

Ciao, posta il report di combofix (C:\combofix.txt)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: PC moolto infetto

Postdi Marco83 » 25/10/10 10:33

Eccolo sorry:

Codice: Seleziona tutto
ComboFix 10-10-23.02 - user 24/10/2010  23.33.19.1.2 - x86
Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2u923g01.exe
C:\3dcs9.exe
C:\autorun.inf
C:\bveijo.exe
C:\df.exe
C:\f2kmj.exe
C:\jofk1wf.exe
C:\mh.exe
C:\o1o.exe
C:\qkm.exe
C:\v1cbvsmq.exe
D:\1thes92p.exe
D:\2u923g01.exe
D:\3dcs9.exe
D:\9xf8.exe
D:\autorun.inf
D:\bbjl2g.exe
D:\bveijo.exe
D:\df.exe
D:\f2kmj.exe
D:\h0.exe
D:\io3yalc.exe
D:\ji83j.exe
D:\jofk1wf.exe
D:\mh.exe
D:\mje12tni.exe
D:\o1o.exe
D:\p6xebrnt.exe
D:\qkm.exe
D:\v1cbvsmq.exe
D:\ws.exe

.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AVPsys


(((((((((((((((((((((((((   Files Creati Da 2010-09-24 al 2010-10-24  )))))))))))))))))))))))))))))))))))
.

2010-10-21 13:34 . 2010-10-21 13:38   --------   d-----w-   c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Temp
2010-10-20 10:59 . 2001-08-17 19:52   18688   -c--a-w-   c:\windows\system32\dllcache\cdaudio.sys
2010-10-20 10:59 . 2001-08-17 19:52   18688   ----a-w-   c:\windows\system32\drivers\cdaudio.sys
2010-10-19 16:11 . 2010-10-19 16:32   97549   ----a-w-   c:\windows\system32\drivers\klick.dat
2010-10-19 16:11 . 2010-10-19 16:32   113933   ----a-w-   c:\windows\system32\drivers\klin.dat
2010-10-19 16:09 . 2010-10-24 21:21   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-10-19 16:09 . 2010-10-19 16:09   --------   d-----w-   c:\programmi\Kaspersky Lab
2010-10-19 15:26 . 2010-10-19 15:26   --------   d-----w-   c:\documents and settings\Administrator
2010-10-19 15:08 . 2010-10-19 15:08   --------   d-----w-   c:\documents and settings\user\Dati applicazioni\Malwarebytes
2010-10-19 15:08 . 2010-03-29 22:46   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-19 15:08 . 2010-10-19 15:08   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-10-19 15:08 . 2010-10-19 15:08   --------   d-----w-   c:\programmi\Malwarebytes' Anti-Malware
2010-10-19 15:08 . 2010-03-29 22:45   20824   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-10-19 14:37 . 2010-10-19 15:56   --------   d-----w-   c:\documents and settings\user\Dati applicazioni\U3
2010-10-13 06:13 . 2010-09-18 06:53   953856   -c----w-   c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 06:13 . 2010-09-18 06:53   974848   -c----w-   c:\windows\system32\dllcache\mfc42.dll
2010-10-13 06:12 . 2010-08-23 16:12   617472   -c----w-   c:\windows\system32\dllcache\comctl32.dll
2010-10-10 14:18 . 2010-10-10 14:18   --------   d-----w-   c:\programmi\File comuni\Java

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2004-08-19 12:00   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 12:00   974848   ----a-w-   c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-19 12:00   954368   ----a-w-   c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-19 12:00   953856   ----a-w-   c:\windows\system32\mfc40u.dll
2010-09-10 05:49 . 2004-08-19 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-09-10 05:49 . 2004-08-19 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-09-10 05:49 . 2004-08-19 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-19 12:00   285824   ----a-w-   c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2004-08-19 12:00   1852800   ----a-w-   c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-19 12:00   119808   ----a-w-   c:\windows\system32\t2embed.dll
2010-08-27 05:58 . 2004-08-19 12:00   99840   ----a-w-   c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25   5632   ----a-w-   c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2004-08-19 12:00   357248   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-19 12:00   617472   ----a-w-   c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-19 12:00   58880   ----a-w-   c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2004-08-19 12:00   590848   ----a-w-   c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="c:\programmi\3 Internet\3 Internet.exe" [2009-09-27 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusTray"="c:\programmi\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\programmi\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\programmi\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-18 16855040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"ETDWare"="c:\programmi\Elantech\ETDCtrl.exe" [2008-11-24 329728]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2009-07-06 1848648]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
SuperHybridEngine.lnk - c:\programmi\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-9-27 376832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 14:50   54576   ----a-w-   c:\programmi\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13.42.46 32272]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [14/04/2010 17.40.48 136176]
.
Contenuto della cartella 'Scheduled Tasks'

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-14 11:04]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-14 11:04]

2010-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1390067357-725345543-1003Core.job
- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-27 09:42]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1390067357-725345543-1003UA.job
- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-27 09:42]

2010-10-24 c:\windows\Tasks\User_Feed_Synchronization-{2D2C83D6-0A6E-41B4-8E12-BE1D312869F5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\z556tgjn.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-24 23:53
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2340)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
c:\programmi\Adobe\Reader 8.0\Reader\viewerps.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Canon\IJPLM\IJPLMSVC.EXE
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\programmi\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
.
**************************************************************************
.
Ora fine scansione: 2010-10-25  00:02:20 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2010-10-24 22:01

Pre-Run: 71.090.941.952 byte disponibili
Post-Run: 71.084.261.376 byte disponibili

- - End Of File - - 0BAB8D5DC77BFCE9107385D661379E6D

Marco83
Utente Senior
 
Post: 166
Iscritto il: 12/09/06 16:32

Re: PC moolto infetto

Postdi Luke57 » 25/10/10 11:11

Ciao, mi sembra a posto, quello di malwarebytes cosa dice?
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: PC moolto infetto

Postdi Marco83 » 25/10/10 12:37

MB dice questo:

Codice: Seleziona tutto
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4940

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25/10/2010 13.33.50
mbam-log-2010-10-25 (13-33-50).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 196627
Tempo trascorso: 2 ore, 59 minuti, 24 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 30

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\Qoobox\Quarantine\C\jofk1wf.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\o1o.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\D\jofk1wf.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\D\o1o.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP252\A0049425.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP252\A0049427.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP248\A0042668.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP248\A0042679.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP248\A0042692.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP248\A0042706.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP248\A0043677.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP251\A0049197.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP251\A0049208.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP251\A0049226.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP251\A0049193.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP251\A0049194.exe (Worm.Taterf) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP251\A0049195.exe (Worm.Tarterf) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP251\A0049196.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP251\A0049199.exe (Spyware.OnLineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP251\A0049200.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP251\A0049201.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP251\A0049202.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP251\A0049216.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP251\A0049218.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP251\A0049219.exe (Worm.Taterf) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP251\A0049225.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP251\A0049235.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP251\A0049237.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP252\A0049442.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{5734F488-1288-4139-A4D6-C5345AF331A8}\RP252\A0049445.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Marco83
Utente Senior
 
Post: 166
Iscritto il: 12/09/06 16:32


Torna a Sicurezza e Privacy


Topic correlati a "PC moolto infetto":

pc infetto
Autore: vermulen
Forum: Sicurezza e Privacy
Risposte: 9

Chi c’è in linea

Visitano il forum: Nessuno e 50 ospiti