Home News Guide Hardware Download Forum Glossario

Condividi:        

Problema con combofix

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

Problema con combofix

Postdi michele2000 » 08/09/12 10:34

Combofix dopo un pò di secondi dall'avvio mi dà il seguente messaggio e poi si blocca:

The content of folder C/WINDOWS/ERDNT/HIV- BACKUP could not be completely deleted!

Cosa posso fare?

Grazie
michele2000
Utente Junior
 
Post: 35
Iscritto il: 23/02/12 10:11
Top
Sponsor
 

Re: Problema con combofix

Postdi Luke57 » 08/09/12 14:34

Ciao, Scarica OTL
http://oldtimer.geekstogo.com/OTL.exe
salvalo sul desktop,doppio click sulla sua icona.
Clicca sul tab Cleanup.Verrà richiesto un riavvio.Al termine ogni traccia di combofix e OTL verrà rimossa.

Riscarica nuovamente una nuova versione di combofix ed eseguilo nuovamente.Controlla se hai ancora errori.

Qualora combofix dia ancora problemi esegui OTL in questo modo:
Scarica OTL,http://oldtimer.geekstogo.com/OTL.exe
salvalo sul desktop,doppio click sulla sua icona.
Metti la spunta su SCAN ALL USERS.
Sotto Extra Registry , seleziona Use SafeList.

Clicca su RUN SCAN
A fine scansione OTL produrrà due file di log (OTL.txt ed Extras.txt),
Allegali.
allegali su
http://wikisend.com/
fornendo il link per poterli vedere
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top

Re: Problema con combofix

Postdi michele2000 » 08/09/12 20:08

Ciao,

nell'attesa della risposta ho poi eseguito un'azione (non so se ho sbagliato)

Ho cancellato la cartella ERNDT con il suo contenuto, poi ho avviato COMBOFIX, è partito segnalandomi continui problemi di backup, poi COMBOFIX mi ha chiesto di collegarmi ad internet ed ha installato un certa console di ripristino di emergenza, dopo è andato avanti fino alla fine, con il log finale

Devo usare OTL adesso secondo te?
michele2000
Utente Junior
 
Post: 35
Iscritto il: 23/02/12 10:11
Top

Re: Problema con combofix

Postdi FrancescoFDAC » 09/09/12 07:13

Allega il log di ComboFix, ma meglio sarebbe facessi anche OTL..
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53
Top

Re: Problema con combofix

Postdi michele2000 » 09/09/12 09:36

Ecco il log di Combo Fix:

ComboFix 12-09-07.03 - Vincenzo 08/09/2012 14.53.19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1014.408 [GMT 2:00]
Eseguito da: c:\documents and settings\Vincenzo\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\All Users\Dati applicazioni\TEMP\0B4227B4.TMP
c:\documents and settings\Vincenzo\WINDOWS
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-08-08 al 2012-09-08 )))))))))))))))))))))))))))))))))))
.
.
2012-09-07 22:49 . 2012-09-07 22:49 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\TightVNC
2012-09-07 22:48 . 2012-09-07 22:48 -------- d-----w- c:\programmi\File comuni\Comodo
2012-09-07 22:31 . 2012-09-07 22:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CPA_VA
2012-09-07 22:30 . 2012-09-07 22:30 -------- d-----w- C:\VritualRoot
2012-09-07 22:23 . 2012-09-08 12:33 274113 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-09-07 22:10 . 2012-09-07 22:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo
2012-09-07 21:19 . 2012-08-22 22:15 7022536 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{B12EEFD8-A39B-4F9E-AFA5-D0B9D40E0B7E}\mpengine.dll
2012-09-07 18:55 . 2010-09-03 15:34 27008 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-09-07 18:55 . 2010-08-24 20:52 82816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-09-07 18:55 . 2010-07-27 13:25 72832 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-09-07 18:55 . 2010-07-27 13:25 51712 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-09-07 18:55 . 2010-05-04 14:50 19456 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-09-07 18:55 . 2010-08-27 11:53 117504 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-09-07 18:55 . 2010-08-07 15:48 106496 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-09-07 18:55 . 2010-05-10 12:18 860928 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-09-07 18:55 . 2010-03-20 10:06 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-09-07 18:55 . 2007-08-09 02:13 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-09-07 18:55 . 2010-07-27 07:52 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-09-07 13:10 . 2012-09-08 12:05 14404 ----a-w- C:\FixitRegBackup.reg
2012-09-07 12:30 . 2012-09-07 12:30 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-07 12:29 . 2012-09-07 12:29 -------- d-----w- c:\programmi\Microsoft Security Client
2012-09-06 08:38 . 2012-09-06 08:38 -------- d-----w- c:\documents and settings\Vincenzo\Dati applicazioni\DivX
2012-09-06 08:38 . 2011-11-29 02:28 133616 ------w- c:\windows\system32\pxafs.dll
2012-09-06 08:36 . 2012-09-06 08:37 -------- d-----w- c:\programmi\File comuni\DivX Shared
2012-09-06 08:22 . 2012-09-06 08:39 -------- d-----w- c:\programmi\DivX
2012-09-06 08:17 . 2012-09-06 08:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX
2012-09-06 08:16 . 2012-09-06 08:16 -------- d-----w- c:\documents and settings\Vincenzo\Dati applicazioni\OpenCandy
2012-09-05 19:48 . 2012-08-23 07:15 7022536 ------w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-05 16:13 . 2012-07-02 17:39 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-09-03 17:38 . 2012-09-03 17:37 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 21:54 . 2012-09-07 22:48 -------- d-----w- c:\programmi\COMODO
2012-09-01 20:55 . 2012-09-01 20:55 -------- d-----w- c:\programmi\ArpanTECH
2012-08-31 21:38 . 2012-08-31 21:38 -------- d-----w- c:\documents and settings\Vincenzo\Dati applicazioni\dvdcss
2012-08-31 07:06 . 2012-08-31 07:06 -------- d-----w- c:\programmi\Defraggler
2012-08-30 18:35 . 2012-08-30 18:35 73696 ----a-w- c:\programmi\Mozilla Firefox\breakpadinjector.dll
2012-08-28 00:30 . 2012-08-31 09:56 -------- d-----w- c:\programmi\Microsoft LifeCam
2012-08-28 00:23 . 2012-08-28 00:23 -------- d-----w- C:\videocamera
2012-08-26 15:10 . 2012-09-06 10:48 -------- d-----w- c:\documents and settings\Vincenzo\Dati applicazioni\vlc
2012-08-26 15:09 . 2012-08-26 15:09 -------- d-----w- c:\programmi\VideoLAN
2012-08-19 07:15 . 2012-08-19 07:15 -------- d-----w- c:\documents and settings\Vincenzo\Impostazioni locali\Dati applicazioni\Wajam
2012-08-19 07:15 . 2012-08-19 07:15 -------- d-----w- c:\programmi\Wajam
2012-08-14 17:55 . 2012-08-14 18:55 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-13 08:36 . 2012-08-13 08:36 -------- d-----w- C:\SONY XPERIA S
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 11:23 . 2008-12-30 18:16 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-09-08 11:23 . 2009-01-15 00:24 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-09-03 17:37 . 2008-05-17 20:57 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-03 17:37 . 2012-08-09 01:17 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-03 17:37 . 2012-08-09 01:17 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 21:37 . 2007-06-15 01:07 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2012-09-01 21:33 . 2012-04-14 17:12 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-01 21:33 . 2012-02-21 12:54 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-03 08:23 . 2012-08-03 08:23 36112 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2012-08-03 08:23 . 2012-08-03 08:23 36112 ----a-w- c:\windows\inf\lps-ca\cfrmd.sys
2012-07-12 15:13 . 2012-08-08 23:34 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-07-06 13:59 . 2006-01-27 17:42 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2006-01-27 17:42 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:26 . 2006-01-27 17:42 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:39 . 2006-01-27 17:43 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2006-01-27 17:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2006-01-27 17:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-01-27 17:42 385024 ----a-w- c:\windows\system32\html.iec
2012-08-30 18:35 . 2012-02-21 08:54 266720 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programmi\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49 176936 ----a-w- c:\programmi\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programmi\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Vincenzo\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Vincenzo\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Vincenzo\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Vincenzo\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iKill"="c:\programmi\ArpanTECH\iKill\iKill.exe" [2011-12-28 143360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sepang Olivetti ModemListener"="c:\programmi\Chiavetta Internet Olicard 200\BackgroundService\ModemListener.exe" [2010-07-23 106496]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"tvncontrol"="c:\programmi\File comuni\Comodo\tvnserver.exe" [2012-01-27 828944]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Start GeekBuddy.lnk - c:\programmi\COMODO\GeekBuddy\launcher.exe [2012-8-23 49360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-01-11 06:05 13824 ----a-w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0autocheck autochk /r \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Vincenzo^Menu Avvio^Programmi^Esecuzione automatica^Dropbox.lnk]
path=c:\documents and settings\Vincenzo\Menu Avvio\Programmi\Esecuzione automatica\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BatteryCare]
2012-07-08 20:34 728064 ----a-w- c:\programmi\BatteryCare\BatteryCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:14 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\programmi\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2008-12-04 11:24 665424 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-05-02 08:05 931584 ----a-w- c:\programmi\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanDiskSecureAccess_Manager.exe]
2012-08-06 16:31 30705792 ----a-w- c:\documents and settings\Vincenzo\Dati applicazioni\SanDisk\SanDiskSecureAccess_Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 21:56 204288 ------w- c:\programmi\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Documents and Settings\\Vincenzo\\Dati applicazioni\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Daum\\PotPlayer\\PotPlayerMini.exe"=
"c:\\Programmi\\File comuni\\Comodo\\tvnserver.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
.
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [03/08/2012 10.23.28 36112]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [11/03/2012 21.13.44 18056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11/03/2012 21.13.46 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/03/2012 21.13.46 31704]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24/05/2006 11.48.14 10240]
R2 CLPSLauncher;COMODO LPS Launcher;c:\programmi\File comuni\Comodo\launcher_service.exe [23/08/2012 10.17.28 70352]
R2 smi2;smi2;c:\programmi\SMI2\smi2.sys [14/07/2006 15.55.12 3968]
R2 tvnserver;TightVNC Server;c:\programmi\File comuni\Comodo\tvnserver.exe [27/01/2012 9.47.20 828944]
R2 WajamUpdater;WajamUpdater;c:\programmi\Wajam\Updater\WajamUpdater.exe [14/06/2012 17.20.22 109064]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [07/09/2012 20.55.56 72832]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [07/09/2012 20.55.56 27008]
S2 DCService.exe;DCService.exe;c:\documents and settings\All Users\Dati applicazioni\DatacardService\DCService.exe [19/08/2010 10.52.04 229376]
S2 Olivetti Silverstone Modem Device Helper;Olivetti Silverstone Modem Device Helper;c:\programmi\Chiavetta Internet Olicard 200\BackgroundService\ServiceManager.exe -start --> c:\programmi\Chiavetta Internet Olicard 200\BackgroundService\ServiceManager.exe -start [?]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [05/07/2012 18.41.46 3048136]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [13/07/2012 13.28.36 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14/04/2012 19.12.53 250568]
S3 BattStatSys;BattStatSys;\??\c:\docume~1\Vincenzo\IMPOST~1\Temp\BSS61.tmp --> c:\docume~1\Vincenzo\IMPOST~1\Temp\BSS61.tmp [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [07/09/2012 20.55.53 102784]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [07/09/2012 20.55.56 82816]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [07/09/2012 20.55.56 51712]
S3 jrdusbser;Olicard200 Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [27/09/2011 16.33.55 105344]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\B3.tmp --> c:\windows\system32\B3.tmp [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [07/06/2012 18.52.39 114144]
S3 Olicard200net;Olicard200 USB-NDIS miniport;c:\windows\system32\drivers\Olicard200Usbnet.sys [27/09/2011 16.33.55 117760]
S3 qcusbmdm6k;WP-S1 Proprietary USB Driver;c:\windows\system32\drivers\qcusbmdm6k.sys [08/10/2008 0.46.07 65024]
S3 qcusbser6k;WP-S1 Diagnostic Port;c:\windows\system32\drivers\qcusbser6k.sys [08/10/2008 0.46.07 65024]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\programmi\BatteryCare\WinRing0.sys [15/01/2012 14.40.19 14416]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 21:33]
.
2012-09-06 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
2012-09-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
2012-09-08 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2269050
uSearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Vincenzo\Dati applicazioni\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Translate this web page with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: Interfaces\{38B3236A-758D-438B-A095-335F51E70373}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{6EF6972D-7402-421A-BC0B-B0468019006D}: NameServer = 193.70.152.25 212.52.97.25
TCP: Interfaces\{7E1E5823-6607-4DC6-86A3-64B546399A48}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D6985354-FE18-4C3C-8DB2-9C0525C8D1A5}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\Vincenzo\Dati applicazioni\Mozilla\Firefox\Profiles\3tkoyli3.default-1345191015703\
FF - prefs.js: browser.search.selectedEngine - DVDVideoSoftTB Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-01_Simmental - c:\programmi\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\programmi\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\programmi\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\programmi\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\programmi\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\programmi\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\programmi\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\programmi\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\programmi\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\programmi\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\programmi\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\programmi\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\programmi\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\programmi\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\programmi\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\programmi\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\programmi\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\programmi\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\programmi\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-08 15:02
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BattStatSys]
"ImagePath"="\??\c:\docume~1\Vincenzo\IMPOST~1\Temp\BSS61.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\B3.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1162047820-1502338071-2767353940-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a3,17,35,e6,96,db,cc,2d,46,1e,d0,2d,bc,ef,ed,e0,bc,ea,21,3c,29,cd,fe,
00,26,57,76,9e,6e,f3,c2,05,b7,af,72,29,9d,06,69,0b,97,dd,29,0e,1d,0f,b1,ca,\
"??"=hex:8d,b0,bd,28,64,a9,9e,63,57,26,67,89,a4,3c,6b,ee
.
[HKEY_USERS\S-1-5-21-1162047820-1502338071-2767353940-1005\Software\SecuROM\License information*]
"datasecu"=hex:88,d7,b4,c7,65,fc,18,80,1a,56,a0,6f,70,87,2c,55,8c,f1,e9,0f,87,
8d,d1,e6,37,17,5b,70,a9,53,84,f6,23,b4,16,46,d1,5e,88,dd,34,36,be,3e,ad,21,\
"rkeysecu"=hex:8c,e3,a6,b3,7c,80,c8,a7,d1,2b,06,6d,45,c9,86,22
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1784)
c:\windows\system32\tphklock.dll
.
- - - - - - - > 'lsass.exe'(1960)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(1636)
c:\windows\system32\cmdcsr.dll
.
Ora fine scansione: 2012-09-08 15:06:30
ComboFix-quarantined-files.txt 2012-09-08 13:06
.
Pre-Run: 71.064.662.016 byte disponibili
Post-Run: 70.964.781.056 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1BDB367540202FD4D3E78EEE67340BF8
michele2000
Utente Junior
 
Post: 35
Iscritto il: 23/02/12 10:11
Top
Rispondi al post

Torna a Sicurezza e Privacy


Topic correlati a "Problema con combofix":

Problema WhatsApp Google Vocale
Autore: crisge73 		Forum: Discussioni
Risposte: 2
Problema con macro copia e rinomina file
Autore: systemcrack 		Forum: Applicazioni Office Windows
Risposte: 2
problema con la stampa
Autore: themisterx 		Forum: Software Windows
Risposte: 5
PROBLEMA notebook hp con windows 11 audio sempre al massimo
Autore: balza14 		Forum: Audio/Video e masterizzazione
Risposte: 13
problema blocco note
Autore: carlin 		Forum: Software Windows
Risposte: 7

Chi c’è in linea

Visitano il forum: Nessuno e 52 ospiti