combofix analisi

[Silvio85]

Salve ho alcuni problemi su questo compiuter rallentamenti generali e programmini scaricati a caso dalla persona che lo usava prima ho usato combofix per vedere se risolveva qualcosa e sembra gia che vada un po meglio cmq allego il secondo log che ho eseguito se qualcuno potesse dare una controllatina veloce xke non ci capisco molto. Grazie in anticipo, Silvio
----------------------------------------------------------------------

ComboFix 09-08-10.06 - Denisa 13/08/2009 16.47.24.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.511 [GMT 2:00]
Eseguito da: c:\documents and settings\Denisa\Desktop\combofix e hijackthis\ComboFix.exe
AV: F-PROT Antivirus for Windows *On-access scanning disabled* (Updated) {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}
.

((((((((((((((((((((((((( Files Creati Da 2009-07-13 al 2009-08-13 )))))))))))))))))))))))))))))))))))
.

2009-08-13 12:48 . 2009-08-13 12:48 -------- d-----w- c:\programmi\TeamViewer3
2009-08-13 08:03 . 2009-08-13 12:48 -------- d-----w- c:\documents and settings\Denisa\Dati applicazioni\TeamViewer
2009-08-13 08:02 . 2009-08-13 12:34 -------- d-----w- c:\programmi\TeamViewer
2009-08-13 08:02 . 2009-08-13 12:48 -------- d-----w- c:\documents and settings\Denisa\temp
2009-08-13 07:50 . 2009-08-13 07:50 -------- d-----w- c:\windows\LastGood
2009-07-29 07:23 . 2009-07-03 16:55 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 07:23 . 2009-07-03 16:55 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 12:25 . 2009-05-29 11:32 -------- d-----w- c:\documents and settings\Denisa\Dati applicazioni\Skype
2009-07-03 16:55 . 2004-08-19 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-23 06:34 . 2009-05-29 11:49 71000 ----a-w- c:\documents and settings\Denisa\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-22 13:20 . 2009-06-22 13:22 40741 ----a-w- c:\windows\Fonts\DalyHand.ttf
2009-06-16 14:36 . 2004-08-19 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-19 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-19 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 09:02 . 2004-08-19 12:00 70766 ----a-w- c:\windows\system32\perfc010.dat
2009-06-03 09:02 . 2004-08-19 12:00 440500 ----a-w- c:\windows\system32\perfh010.dat
2009-05-29 11:42 . 2009-05-29 11:42 286720 ------w- c:\windows\Setup1.exe
2009-05-29 11:42 . 2009-05-29 11:42 74752 ----a-w- c:\windows\ST6UNST.EXE
2009-05-29 11:13 . 2009-05-29 11:13 0 ----a-w- c:\windows\nsreg.dat
2009-05-29 11:07 . 2009-05-29 09:35 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-29 10:08 . 2009-05-29 10:08 0 ----a-w- c:\windows\ativpsrm.bin
2009-05-29 09:47 . 2009-05-29 09:47 0 ----a-w- c:\windows\system32\drivers\SETA1.tmp
2009-05-29 09:33 . 2009-05-29 09:33 21840 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2006-09-17 204843]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"F-PROT Antivirus Tray application"="c:\programmi\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2008-04-21 1597832]
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 172032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [29/05/2009 13.46.52 592224]
R2 FPAVServer;F-PROT Antivirus for Windows system;c:\programmi\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [21/04/2008 21.26.48 45960]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - APPMGMT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {34C0975D-1E1C-402E-A9A2-DCCF18134480} = 151.99.125.1,151.99.0.100
FF - ProfilePath - c:\documents and settings\Denisa\Dati applicazioni\Mozilla\Firefox\Profiles\3i8hinkd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 16:49
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3888)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-08-13 16.49.52
ComboFix-quarantined-files.txt 2009-08-13 14:49
ComboFix2.txt 2009-08-13 14:27

Pre-Run: 147.981.606.912 byte disponibili
Post-Run: 147.968.122.880 byte disponibili

104 --- E O F --- 2009-07-29 15:50