Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log del Combofix: vedete qualcosa di anomalo? Ho il portatile lento.Grazie

Log del Combofix: vedete qualcosa di anomalo? Ho il portatile lento.Grazie

Opzioni

Topic Precedente · Topic Sucessivo

cetaceo

Inviato: Saturday, January 24, 2009 11:24:31 PM

Rank: Newbie

Iscritto dal : 1/24/2009
Posts: 0

Dunque ho lanciato il combofix ed ecco il log:. Grazie

ComboFix 09-01-21.04 - pippo 2009-01-24 22.20.25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1022.614 [GMT 1:00]
Eseguito da: c:\documents and settings\pippo\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-12-24 al 2009-01-24 )))))))))))))))))))))))))))))))))))
.

2009-01-24 21:42 . 2009-01-24 21:42 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-24 21:42 . 2009-01-24 21:42 <DIR> d-------- c:\documents and settings\pippo\Dati applicazioni\Malwarebytes
2009-01-24 21:42 . 2009-01-24 21:42 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-24 21:42 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-24 21:42 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-24 08:28 . 2009-01-24 08:28 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-20 22:52 . 2009-01-20 22:52 <DIR> d-------- c:\programmi\Alwil Software
2009-01-12 22:25 . 2009-01-12 22:25 <DIR> d-------- c:\documents and settings\pippo\Dati applicazioni\Toshiba
2009-01-10 09:38 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-10 09:38 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-10 09:38 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-09 23:01 . 2009-01-09 23:01 <DIR> d-------- c:\programmi\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 21:24 --------- d-----w c:\programmi\eMule
2009-01-24 21:16 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-01-24 19:56 --------- d-----w c:\programmi\BitTorrent
2009-01-24 07:28 --------- d-----w c:\programmi\Java
2009-01-23 21:39 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-20 19:58 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-20 19:25 --------- d-----w c:\programmi\PC Tools Firewall Plus
2009-01-20 19:25 --------- d-----w c:\programmi\File comuni\PC Tools
2009-01-17 08:36 --------- d-----w c:\documents and settings\Pippo\Dati applicazioni\phonostar-Player
2009-01-11 17:13 --------- d-----w c:\programmi\CCleaner
2008-12-17 23:42 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-17 23:42 --------- d-----w c:\programmi\Nikon
2008-12-17 23:42 --------- d-----w c:\programmi\File comuni\Nikon
2008-12-17 23:42 --------- d-----w c:\documents and settings\Pippo\Dati applicazioni\Nikon
2008-12-17 23:40 --------- d-----w c:\programmi\ArcSoft
2008-12-17 18:54 --------- d-----w c:\documents and settings\Pippo\Dati applicazioni\AdobeUM
2008-12-17 18:53 --------- d-----w c:\programmi\File comuni\Adobe
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 20:15 --------- d-----w c:\documents and settings\Pippo\Dati applicazioni\BitTorrent
2008-10-04 18:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008100420081005\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-10 68856]
"PhonostarAgent"="c:\programmi\phonostar\ps_agent.exe" [2008-07-14 98304]
"PhonostarTimer"="c:\programmi\phonostar\ps_timer.exe" [2008-09-19 126976]
"eMuleAutoStart"="c:\programmi\eMule\emule.exe" [2008-08-01 5480448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-09-06 413696]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 1164912]
"AcronisTimounterMonitor"="c:\programmi\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 1941784]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2006-10-16 87584]
"SVPWUTIL"="c:\programmi\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-24 136600]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2008-10-16 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - c:\programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
NkbMonitor.exe.lnk - c:\programmi\Nikon\PictureProject\NkbMonitor.exe [2008-12-18 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-BitTorrent - c:\programmi\BitTorrent\bittorrent.exe

.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.repubblica.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pippo\Dati applicazioni\Mozilla\Firefox\Profiles\wwe7f0y2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.repubblica.it/
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 22:23:47
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\relog_ap.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\programmi\Toshiba\ConfigFree\CFSvcs.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Toshiba\ConfigFree\NDSTray.exe
c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe
c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-24 22:27:37 - Il pc è stato riavviato [Pippo]
ComboFix-quarantined-files.txt 2009-01-24 21:27:25

Pre-Run: 1.404.252.160 byte disponibili
Post-Run: 1,493,938,176 byte disponibili

141 --- E O F --- 2009-01-14 20:30:04

Torna in alto

Sponsor

Inviato: Saturday, January 24, 2009 11:24:31 PM

Torna in alto

r16

Inviato: Saturday, January 24, 2009 11:33:15 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ho risposto nel primo topic.
non serve aprirne un'altro.
Scrivi sempre nello stesso topic per favore.

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log del Combofix: vedete qualcosa di anomalo? Ho il portatile lento.Grazie

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded