log Combofix

  • Due nuove obbligazioni Societe Generale, in Euro e in Dollaro USA

    Societe Generale porta sul segmento Bond-X (EuroTLX) di Borsa Italiana due obbligazioni, una in EUR e una in USD, a tasso fisso decrescente con durata massima di 15 anni e possibilità di rimborso anticipato annuale a discrezione dell’Emittente.

    Per continuare a leggere visita questo LINK

alexs2007

Utente Registrato
Registrato
16/7/08
Messaggi
222
Punti reazioni
6
ciao,

per favore, qualcuno mi legge il sottostante log di Combofix ?

grazie :)


ComboFix 11-12-28.03 - preinstalled 28/12/2011 22.53.19.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.454 [GMT 1:00]
Eseguito da: c:\documents and settings\preinstalled\Desktop\combofix\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\preinstalled\Impostazioni locali\Dati applicazioni\.#
c:\documents and settings\preinstalled\Impostazioni locali\Dati applicazioni\.#\MBX@25C@343358.###
c:\documents and settings\preinstalled\Impostazioni locali\Dati applicazioni\.#\MBX@348@993368.###
c:\documents and settings\preinstalled\Impostazioni locali\Dati applicazioni\.#\MBX@3DC@343358.###
c:\documents and settings\preinstalled\Impostazioni locali\Dati applicazioni\.#\MBX@834@343358.###
c:\documents and settings\preinstalled\WINDOWS
c:\programmi\AutocompletePro
c:\programmi\AutocompletePro\AcRemoteUpdate.exe
c:\programmi\AutocompletePro\AutocompletePro.dll
c:\programmi\AutocompletePro\InstTracker.exe
c:\programmi\AutocompletePro\support@predictad.com\chrome.manifest
c:\programmi\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\programmi\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\programmi\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\programmi\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\programmi\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\programmi\AutocompletePro\support@predictad.com\install.rdf
c:\programmi\AutocompletePro\TaskScheduler.dll
c:\programmi\AutocompletePro\unins000.dat
c:\programmi\AutocompletePro\unins000.exe
c:\windows\IsUn0407.exe
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\SET165.tmp
c:\windows\system32\SET16A.tmp
c:\windows\unin0410.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINDOWS_INTERNET_NAME_SERVICE
.
.
((((((((((((((((((((((((( Files Creati Da 2011-11-28 al 2011-12-28 )))))))))))))))))))))))))))))))))))
.
.
2011-12-28 22:05 . 2011-12-28 22:05 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2011-12-28 19:31 . 2011-12-28 19:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan
2011-12-28 19:31 . 2011-12-28 19:31 -------- d-----w- c:\programmi\Security Task Manager
2011-12-28 11:05 . 2011-12-28 11:05 -------- d-----w- c:\documents and settings\preinstalled\Impostazioni locali\Dati applicazioni\PCHealth
2011-12-26 17:44 . 2007-06-19 04:49 676224 ----a-w- c:\windows\system32\OGACheckControl.dll
2011-12-26 15:34 . 2011-12-26 15:34 -------- d-----w- c:\documents and settings\preinstalled\Dati applicazioni\Template
2011-12-26 12:38 . 2011-12-26 12:38 -------- d-----w- c:\documents and settings\preinstalled\Dati applicazioni\OpenOffice.org
2011-12-26 12:35 . 2011-12-26 12:35 -------- d-----w- c:\programmi\OpenOffice.org 3
2011-12-26 11:39 . 2011-12-28 19:34 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\tor
2011-12-26 11:39 . 2011-12-28 19:35 -------- d-----w- c:\programmi\Tor
2011-12-12 20:37 . 2011-12-12 20:37 -------- d-----w- c:\programmi\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2009-12-26 00:34 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 14:40 . 2009-01-16 09:24 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2009-01-16 09:24 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2009-01-16 09:24 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2009-01-16 09:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:24 . 2009-01-16 09:24 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2009-01-16 09:24 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2009-01-16 09:24 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-13 18:55 2030592 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-13 18:54 2152448 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2009-01-16 09:24 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-01-16 00:38 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 03:06 . 2010-06-03 03:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2009-08-03 17:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\programmi\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"NotificationCenterLauncher"="c:\programmi\Acer\Acer eRecovery Management\NotificationLauncher.exe" [2008-12-22 225280]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"AzMixerSel"="c:\programmi\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-16 24064]
"OODefragTray"="c:\programmi\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"egui"="c:\programmi\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\preinstalled\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acer VCM.lnk - c:\programmi\Acer\Acer VCM\AcerVCM.exe [2009-1-16 565248]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16/11/2009 9.03.36 108792]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [03/07/2010 18.49.46 20072]
R2 ekrn;ESET Service;c:\programmi\ESET\ESET Smart Security\ekrn.exe [16/11/2009 9.04.30 735960]
R2 RS_Service;Raw Socket Service;c:\programmi\Acer\Acer VCM\RS_Service.exe [16/01/2009 3.08.01 237568]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [04/08/2009 1.18.33 112640]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [04/08/2009 1.18.33 102656]
S2 gupdate1ca1627147090dc;Servizio di Google Update (gupdate1ca1627147090dc);c:\programmi\Google\Update\GoogleUpdate.exe [06/08/2009 0.47.12 133104]
S2 tor;Tor Win32 Service;"c:\programmi\Tor\tor.exe" --nt-service "-ControlPort" "9051" --> c:\programmi\Tor\tor.exe [?]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [16/01/2009 2.46.36 24064]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [06/08/2009 0.47.12 133104]
S3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [26/03/2009 16.53.33 145408]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 ILNVTA;ILNVTA;c:\docume~1\PREINS~1\IMPOST~1\Temp\ILNVTA.exe --> c:\docume~1\PREINS~1\IMPOST~1\Temp\ILNVTA.exe [?]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-05 23:47]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-05 23:47]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://alicemobile.mobi/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Scarica con Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-AutocompletePro3_is1 - c:\programmi\AutocompletePro\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-28 23:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"AppDataDir"="c:\\Documents and Settings\\All Users\\Dati applicazioni\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"="BUSINESS EDITION"
"InstallDir"="c:\\Programmi\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{FBF09842-EB7F-4BC2-BD32-DDE2572B2195}"
"ProductName"="ESET Smart Security"
"ProductType"="essbe"
"ProductVersion"="3.0.669.0"
"UniqueId"="000406844B32F893"
"ScannerBuild"=dword:000017cd
"ScannerVersionId"=dword:00001214
"ScannerVersion"="Open window for status."
"FixId"=dword:00000009
"ei2"=hex(b):18,de,bf,63,75,71,66,5f
"ei1"=hex(b):00,23,5a,60,6f,3f,00,00
"ei3"=hex(b):08,29,e5,4d,00,00,00,00
"ei4"=dword:00000005
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="7DDC4ACFC34CFC76E5480A5A635E5E3DAD6F87A563BF16886CF72BEEA3F70F1084A84BBB84253D07FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DBA7FD869164D6794A9C6AECB7A5D14079511CAC425936FAAFB6D5E095E3407DCD1B12E9950A6C495A975761F4A9754C9DF852BB90A78DF710A98D3D7329B4091F250025DD0A03805A891CF1E76B2B8A31EA576A75B91C2ACD833EED518EF4B0AAB7EA4BBE821BBE18B7FB6618693F7F5E846CDC78F9E7BD29F30FA40759E0252F7EA2B988EDF436D2FCBAB90255F3E559DEEB9269ED290EFDEB327A93687648B95778D29BE8B687B33B48DA6FB31DD6D5DDCA22487D42D225817887748FC956987BB28F8F8C3E7767B2EA1F23D16CB7B8C81D6754BC09F9D126893649EC85FB41701BCE6409D235CAFDF139B1E10A3D1D57F8AA37024DBA9D5E9A57DAFA62D49CC46ECA41DA21FBD3DA56E95D61623D7A530D28B0002F7A03190FD2376460E967ABD433B1ACF03BE548F252DA2902B862D21AA5E07D1B073F705408D714CB72231CE2C0348951D1BE85F8C04C45EC2ECE010EFA0977FE1243F26F24622507F044813762C39D95F1E318DDD0D7FD2922DFA7565A9C8E811C96105822891DD6268DB5958B907755C2A2CC5B68E1CB2E8FD777631A731E0E211FC66BCE8C7F4018F4B2568804CB4CEB3986898266937B7A71971DD9CF130A4B7F245570C558A1FCC38AB252EA7D81244F9066843348F168B637659D9A910C2916A4E686B4D86230A0BD76D3FBD1829F99A69EF29D4DD3C99A049F68B01AF52074D62EA3544C31A42EDC78587379A3784040DDD6F21B709D85EE36D2D1FB289914A983E6B5594B407514F97AD3D7C06AA881F4103F7A67DE3EBF1D58EB130C2415338A6E320BA46FBE7F42EAC82CF01C4BA0610A2382AC0676053AF55EB347DB99D42CB4847EE455928F0BA52381ABA417456A5E147B21CA8939EDBFA833BDBB0A3E43815F0DD4F6A4D3491C29654E71F505CBDA90E277CFA231AA24BB0B9A574A5075B9D48A6249057DF6A73D969E0F62E98F8B479E0F54AEFC3ACE63217456122420A87FBDD27C009CAE230C13D24EEB3BEDE14F82FBC949FCB0A44482DC9EBE2E3794CBD8A6002E800F99791A2CF46C8B4D7A982D32B6B9B96AC2ABA4CE59B6FEDC5B944AAFB70433E941B10632A4D1997AFAE8D033F76103C6A365237F08B9615EEF0CAAC493EA677FA040B3D1CE815B59AAE18E81BEE6F0AFD59DBA466E96B44D8E811F5BC2DE551DA6A4FE0B314EF93AC8922A204236D8085D729BE637BC39649EA575C6D179928C23FB3729F5A23685FF1AFC1E3F504D2834B9126AC18B85F6D94662F98689A0AA8440E0C375E6A9F8F70C9CD4A5DEFEADE9FEBED2728"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(2196)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
c:\programmi\File comuni\Nero\Lib\NeroDigitalExt.dll
c:\programmi\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\BinarySense\hldasvc.exe
c:\programmi\File comuni\BinarySense\hldasvc.exe
c:\programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\programmi\OO Software\Defrag\oodag.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe
c:\docume~1\PREINS~1\IMPOST~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Ora fine scansione: 2011-12-28 23:10:50 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-12-28 22:10
.
Pre-Run: 19.594.207.232 byte disponibili
Post-Run: 23.363.420.160 byte disponibili
.
- - End Of File - - 73E6716EE676E0C0708D3E58895BBD3A
 
Indietro