Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » log combofix

log combofix Opzioni
Topic Precedente · Topic Sucessivo
massimiliano443
Inviato: Thursday, May 29, 2008 10:56:28 PM

Rank: Newbie

Iscritto dal : 5/28/2008
Posts: 0
ComboFix 08-05-29.1 - Administrator 2008-05-29 22.41.15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.827 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-04-28 al 2008-05-29 )))))))))))))))))))))))))))))))))))
.

2008-05-29 14:21 . 2008-05-29 14:21 <DIR> d-------- C:\Programmi\Trend Micro
2008-05-28 23:35 . 2008-05-29 21:55 <DIR> d-------- C:\Programmi\Spyware Doctor
2008-05-28 23:35 . 2008-05-28 23:35 <DIR> d-------- C:\Programmi\File comuni\PC Tools
2008-05-28 23:35 . 2008-05-29 21:54 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-28 23:35 . 2008-05-28 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Tools
2008-05-28 23:35 . 2008-05-28 23:35 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\PC Tools
2008-05-28 23:35 . 2008-04-10 15:14 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-05-28 23:35 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-28 23:35 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-28 23:35 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-28 23:35 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-28 00:09 . 2008-05-28 00:09 <DIR> d-------- C:\Programmi\CCleaner
2008-05-25 07:15 . 2008-05-25 07:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-04-29 20:41 . 2008-04-29 20:41 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\CD-LabelPrint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 19:57 --------- d-----w C:\Programmi\AdunanzA
2008-05-29 12:02 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\AVG7
2008-05-27 22:01 --------- d-----w C:\Programmi\SlySoft
2008-05-26 21:33 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-25 05:17 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-02-15 21:15 56 --sh--r C:\WINDOWS\system32\DCDD34FD88.sys
2008-02-15 21:15 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"Creative Detector"="C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-08-19 16:51 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"CTDVDDET"="C:\Programmi\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
"RCSystem"="C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25 49152]
"AudioDrvEmulator"="C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25 49152]
"VolPanel"="C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 12:34 122880]
"CTHelper"="CTHELPER.EXE" [2005-08-08 00:10 16384 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 00:10 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-05-25 08:39 579584]
"ISTray"="C:\Programmi\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 15:39 160256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-05-25 07:15 219136]

C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgemc.exe"=

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-04-10 15:14]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 23:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0be32f2e-e0a4-11dc-8f5d-00e0e7531226}]
\Shell\Auto\command - Long.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Long.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 22:43:13
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-05-29 22.44.03
ComboFix-quarantined-files.txt 2008-05-29 20:43:59

6 Directory 294,607,028,224 byte disponibili
11 Directory 295,325,941,760 byte disponibili

98
Torna in alto
 
Sponsor
Inviato: Thursday, May 29, 2008 10:56:28 PM

 
Torna in alto
 
r16
Inviato: Thursday, May 29, 2008 11:04:20 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao
Era meglio se lo postavi nello stesso topic di prima.
Comunque anche il log di Combofix non presenta anomalie.
Ricordati di riattivare l'antivirus.
Prova a fare queste scansioni on-line per vedere se rilevano qualcosa:
http://housecall.trendmicro.com/it/
http://www.bitdefender.co.uk/scan_uk/scan8/ie.html
http://www.kaspersky.com/virusscanner
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » log combofix


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.