prenanz
2008-07-15, 15:11
So, after virtumonde.prx showed up after a spybot scan of my friend's notebook, i did the Combofix and hijackthis steps, as illustrated on the other threads. I had some problems disabling teatimer, it kept starting with windows though. Anyway, these are the logs:
ComboFix 08-07-14.2 - Fra 2008-07-15 14.31.23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.681 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Fra\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fra\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
* Creato nuovo punto di ripristino
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\fhhowitd.ini
C:\WINDOWS\system32\ljJASjJB.dll
C:\WINDOWS\system32\nnnoPFxU.dll
C:\WINDOWS\system32\OortvGgh.ini
C:\WINDOWS\system32\OortvGgh.ini2
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wvUnNhij.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Files Creati Da 2008-06-15 al 2008-07-15 )))))))))))))))))))))))))))))))))))
.
2008-06-25 00:57 . 2008-06-25 00:57 <DIR> d-------- C:\Programmi\Google
2008-06-25 00:45 . 2008-06-25 00:45 <DIR> d-------- C:\Documents and Settings\Fra\Dati applicazioni\Nero
2008-06-25 00:44 . 2008-06-25 00:44 <DIR> d-------- C:\Programmi\File comuni\Nero
2008-06-25 00:44 . 2008-06-25 00:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-06-25 00:44 . 2006-03-17 11:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
2008-06-25 00:44 . 2006-03-17 11:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-06-25 00:44 . 2006-03-17 11:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-06-25 00:44 . 2006-03-17 14:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-06-25 00:44 . 2006-03-17 11:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-06-25 00:16 . 2008-06-25 00:16 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-25 00:14 . 2008-06-14 19:32 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-25 00:13 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-25 00:07 . 2008-06-25 00:07 <DIR> d-------- C:\Documents and Settings\Fra\Dati applicazioni\TuneUp Software
2008-06-25 00:07 . 2008-06-25 00:07 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-25 00:07 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-06-25 00:06 . 2008-06-25 00:07 <DIR> d-------- C:\Programmi\TuneUp Utilities 2008
2008-06-25 00:06 . 2008-06-25 00:06 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TuneUp Software
2008-06-25 00:05 . 2008-06-25 00:05 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-06-25 00:03 . 2008-06-25 00:04 <DIR> d-------- C:\Programmi\TagRename
2008-06-25 00:01 . 2008-04-10 12:08 71,184 -ra------ C:\WINDOWS\system32\drivers\DefragFS.sys
2008-06-24 23:56 . 2008-06-25 00:01 <DIR> d-------- C:\Programmi\PerfectDisk2008
2008-06-24 23:55 . 2008-06-24 23:56 <DIR> d-------- C:\Programmi\PerfectDisk2008Install
2008-06-24 23:52 . 2008-06-24 23:52 <DIR> d-------- C:\Documents and Settings\Fra\Dati applicazioni\ACD Systems
2008-06-24 23:49 . 2008-06-24 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\ACD Systems
2008-06-24 23:48 . 2008-06-24 23:49 <DIR> d-------- C:\Programmi\File comuni\ACD Systems
2008-06-24 23:48 . 2008-06-24 23:48 <DIR> d-------- C:\Programmi\ACD Systems
2008-06-24 23:46 . 2008-06-24 23:46 <DIR> d-------- C:\Programmi\Washer
2008-06-24 23:46 . 2008-06-24 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Webroot
2008-06-24 23:42 . 2008-06-24 23:46 <DIR> d-------- C:\Programmi\Your Uninstaller 2008
2008-06-24 23:17 . 2008-06-24 23:17 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-06-24 23:17 . 2008-06-24 23:17 <DIR> d-------- C:\Documents and Settings\Fra\Dati applicazioni\skypePM
2008-06-24 23:17 . 2008-06-24 23:17 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-20 19:46 . 2008-06-20 19:46 247,296 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:46 . 2008-06-20 19:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-19 16:00 . 2008-06-19 16:38 <DIR> d-------- C:\Programmi\VSO
2008-06-19 16:00 . 2008-06-19 19:29 <DIR> d-------- C:\Documents and Settings\Fra\Dati applicazioni\Vso
2008-06-19 16:00 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-06-19 16:00 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-06-19 16:00 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-06-19 16:00 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-06-19 16:00 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-06-19 16:00 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-06-19 16:00 . 2008-06-19 16:00 87,608 --a------ C:\Documents and Settings\Fra\Dati applicazioni\inst.exe
2008-06-19 16:00 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-06-19 16:00 . 2008-06-19 16:00 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-19 16:00 . 2008-06-19 16:00 47,360 --a------ C:\Documents and Settings\Fra\Dati applicazioni\pcouffin.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 11:44 --------- d-----w C:\Programmi\Thunderbird
2008-07-15 07:49 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-07-15 07:44 --------- d-----w C:\Documents and Settings\Fra\Dati applicazioni\uTorrent
2008-07-14 16:41 106,496 ----a-w C:\WINDOWS\DUMPab34.tmp
2008-07-13 21:08 98,304 ----a-w C:\WINDOWS\DUMPbc89.tmp
2008-07-10 23:29 98,304 ----a-w C:\WINDOWS\DUMPbf19.tmp
2008-07-09 23:16 --------- d-----w C:\Programmi\Winamp
2008-07-08 23:57 98,304 ----a-w C:\WINDOWS\DUMPaf6b.tmp
2008-07-07 21:26 --------- d-----w C:\Programmi\FreePOPs
2008-07-07 11:20 106,496 ----a-w C:\WINDOWS\DUMP9de6.tmp
2008-07-02 23:57 --------- d-----w C:\Programmi\BSplayerPro
2008-07-02 11:09 106,496 ----a-w C:\WINDOWS\DUMP9d68.tmp
2008-07-01 11:37 98,304 ----a-w C:\WINDOWS\DUMPaefc.tmp
2008-06-29 22:17 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-06-24 22:44 --------- d-----w C:\Programmi\Nero
2008-06-24 21:53 --------- d-----w C:\Programmi\VideoLAN
2008-06-24 21:46 --------- d-----w C:\Programmi\File comuni\Webroot Shared
2008-06-24 21:46 --------- d-----w C:\Documents and Settings\Fra\Dati applicazioni\Webroot
2008-06-24 21:42 --------- d-----w C:\Documents and Settings\Fra\Dati applicazioni\URSoft
2008-06-24 21:19 --------- d-----w C:\Documents and Settings\Fra\Dati applicazioni\Skype
2008-06-24 21:02 --------- d-----w C:\Programmi\RAXCO
2008-06-24 21:00 --------- d-----w C:\Programmi\File comuni\Ahead
2008-06-23 11:00 106,496 ----a-w C:\WINDOWS\DUMPb640.tmp
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 13:50 106,496 ----a-w C:\WINDOWS\DUMPaf3b.tmp
2008-06-18 21:48 106,496 ----a-w C:\WINDOWS\DUMPb630.tmp
2008-06-16 23:57 98,304 ----a-w C:\WINDOWS\DUMPae9f.tmp
2008-06-16 23:56 98,304 ----a-w C:\WINDOWS\DUMPb70b.tmp
2008-06-16 12:17 98,304 ----a-w C:\WINDOWS\DUMPa846.tmp
2008-06-16 12:16 98,304 ----a-w C:\WINDOWS\DUMPafc8.tmp
2008-06-14 17:32 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 03:26 106,496 ----a-w C:\WINDOWS\DUMPb083.tmp
2008-06-09 17:21 --------- d-----w C:\Documents and Settings\Fra\Dati applicazioni\Sony
2008-06-09 17:21 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Sony
2008-06-09 17:17 --------- d-----w C:\Programmi\Sony Ericsson
2008-06-09 17:15 --------- d-----w C:\Programmi\QuickTime
2008-06-09 16:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-06-09 16:49 --------- d-----w C:\Programmi\Apple Software Update
2008-06-09 16:48 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-06-09 16:40 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-09 16:40 --------- d-----w C:\Programmi\Avanquest update
2008-06-09 16:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
2008-06-09 16:39 --------- d-----w C:\Documents and Settings\Fra\Dati applicazioni\InstallShield
2008-06-09 16:39 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Sony Ericsson
2008-06-09 12:20 106,496 ----a-w C:\WINDOWS\DUMPb361.tmp
2008-06-08 22:11 106,496 ----a-w C:\WINDOWS\DUMPa3e4.tmp
2008-06-08 22:10 98,304 ----a-w C:\WINDOWS\DUMPae61.tmp
2008-06-04 12:22 98,304 ----a-w C:\WINDOWS\DUMPae60.tmp
2008-05-25 23:06 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-25 22:23 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-05-25 22:05 --------- d-----w C:\Programmi\Unlocker
2008-05-24 18:55 23,376 ----a-w C:\Documents and Settings\Fra\plocvddw.exe
2008-05-23 17:38 --------- d-----w C:\Programmi\Mobile Partner
2008-05-23 13:27 --------- d-----w C:\Programmi\Vodafone
2008-05-23 00:56 --------- d-----w C:\Programmi\MSN Messenger
2008-05-18 21:39 --------- d-----w C:\Programmi\ESET Smart Security
2008-05-10 11:18 98,304 ----a-w C:\WINDOWS\DUMPa008.tmp
2008-05-10 11:17 98,304 ----a-w C:\WINDOWS\DUMPac4d.tmp
2008-05-09 17:11 106,496 ----a-w C:\WINDOWS\DUMPaa3a.tmp
2008-05-07 01:07 106,496 ----a-w C:\WINDOWS\DUMP9cad.tmp
2008-05-07 01:05 106,496 ----a-w C:\WINDOWS\DUMP9615.tmp
2008-05-03 23:33 98,304 ----a-w C:\WINDOWS\DUMPa3f0.tmp
2008-05-02 23:10 106,496 ----a-w C:\WINDOWS\DUMP9d0e.tmp
2008-04-30 09:35 106,496 ----a-w C:\WINDOWS\DUMPb1fc.tmp
2008-04-30 09:33 98,304 ----a-w C:\WINDOWS\DUMPb759.tmp
2008-04-28 11:43 98,304 ----a-w C:\WINDOWS\DUMP9e53.tmp
2008-04-28 11:42 98,304 ----a-w C:\WINDOWS\DUMPaeae.tmp
2008-04-27 21:01 98,304 ----a-w C:\WINDOWS\DUMPcb5e.tmp
2008-04-27 20:59 98,304 ----a-w C:\WINDOWS\DUMP9d78.tmp
2008-04-27 20:58 98,304 ----a-w C:\WINDOWS\DUMPab63.tmp
2008-04-27 10:08 106,496 ----a-w C:\WINDOWS\DUMPd234.tmp
2008-04-27 10:05 98,304 ----a-w C:\WINDOWS\DUMP9f3f.tmp
2008-04-27 10:04 98,304 ----a-w C:\WINDOWS\DUMPad19.tmp
2008-04-25 21:10 106,496 ----a-w C:\WINDOWS\DUMPa559.tmp
2008-04-25 21:08 106,496 ----a-w C:\WINDOWS\DUMPa7ba.tmp
2008-04-24 10:13 98,304 ----a-w C:\WINDOWS\DUMPb3bf.tmp
2008-04-24 10:11 98,304 ----a-w C:\WINDOWS\DUMPc033.tmp
2008-04-23 22:07 106,496 ----a-w C:\WINDOWS\DUMPb873.tmp
2008-04-22 11:41 98,304 ----a-w C:\WINDOWS\DUMPb1fb.tmp
2008-04-22 11:40 106,496 ----a-w C:\WINDOWS\DUMPb5d2.tmp
2008-04-21 16:24 106,496 ----a-w C:\WINDOWS\DUMPb381.tmp
2008-04-21 16:21 98,304 ----a-w C:\WINDOWS\DUMPb8a1.tmp
2008-04-20 19:12 98,304 ----a-w C:\WINDOWS\DUMPb882.tmp
2008-04-18 10:50 98,304 ----a-w C:\WINDOWS\DUMPac1e.tmp
2008-04-18 10:48 106,496 ----a-w C:\WINDOWS\DUMPabef.tmp
2008-04-17 17:11 106,496 ----a-w C:\WINDOWS\DUMPb46b.tmp
2008-04-16 21:29 106,496 ----a-w C:\WINDOWS\DUMPb11f.tmp
2008-04-16 21:26 106,496 ----a-w C:\WINDOWS\DUMPb0b2.tmp
2008-04-15 11:31 106,496 ----a-w C:\WINDOWS\DUMPb892.tmp
2008-04-15 11:28 98,304 ----a-w C:\WINDOWS\DUMPb7a7.tmp
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:14 15360]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Index Washer"="C:\Programmi\Washer\WashIdx.exe" [2007-11-26 14:47 55624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 21:12 102492]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 21:11 692316]
"Cpqset"="C:\Programmi\HPQ\Default Settings\cpqset.exe" [2004-03-18 10:18 204862]
"eabconfg.cpl"="C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2003-11-18 09:31 241664]
"egui"="C:\Programmi\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-02-03 11:26 3072000]
"WinampAgent"="C:\Programmi\Winamp\winampa.exe" [2008-03-27 08:35 36352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:14 110592 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2004-02-03 11:26 753664 C:\WINDOWS\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\uTorrent\\utorrent.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:14]
R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2003-08-15 17:10]
S2 PD91Agent;PD91Agent;C:\Programmi\PerfectDisk2008\PD91Agent.exe [2008-04-16 13:00]
S2 wwEngineSvc;Window Washer Engine;C:\Programmi\Washer\WasherSvc.exe [2007-11-26 14:47]
S3 DCamUSBET;Micrometrics 122CU;C:\WINDOWS\system32\DRIVERS\etDevice.sys [2005-07-01 17:14]
S3 FiltUSBET;ET USB Device Lower Filter;C:\WINDOWS\system32\DRIVERS\etFilter.sys [2005-07-12 17:10]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 09:36]
S3 PD91Engine;PD91Engine;C:\Programmi\PerfectDisk2008\PD91Engine.exe [2008-04-16 13:00]
S3 ScanUSBET;ET USB Still Image Capture Device;C:\WINDOWS\system32\DRIVERS\etScan.sys [2005-07-01 17:14]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-25 00:07]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed177dd5-28d0-11dd-91dd-00904b589034}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed177dd8-28d0-11dd-91dd-00904b589034}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd2a7c38-28cb-11dd-91dc-00904b589034}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-15 12:37:44 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programmi\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-09 16:49:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{14370F76-7676-44A2-AD11-93A31C5FC9FC} - (no file)
BHO-{1ECC1816-1E36-45C4-A128-2A352637275D} - (no file)
Notify-iifdabcC - iifdabcC.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 14:38:18
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programmi\HPQ\Default Settings\cpqset.exe????????????4?5?5?4??????? ?|?B???????????????B????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2008-07-15 14:47:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-15 12:46:38
12 Directory 5,933,735,936 byte disponibili
16 Directory 5,825,671,168 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
269 --- E O F --- 2008-07-15 07:49:35
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.49.54, on 15/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174641814066
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Programmi\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Programmi\PerfectDisk2008\PD91Engine.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Programmi\Washer\WasherSvc.exe
--
End of file - 6880 bytes
By the way, thank you guys.
ComboFix 08-07-14.2 - Fra 2008-07-15 14.31.23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.681 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Fra\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fra\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
* Creato nuovo punto di ripristino
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\fhhowitd.ini
C:\WINDOWS\system32\ljJASjJB.dll
C:\WINDOWS\system32\nnnoPFxU.dll
C:\WINDOWS\system32\OortvGgh.ini
C:\WINDOWS\system32\OortvGgh.ini2
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wvUnNhij.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Files Creati Da 2008-06-15 al 2008-07-15 )))))))))))))))))))))))))))))))))))
.
2008-06-25 00:57 . 2008-06-25 00:57 <DIR> d-------- C:\Programmi\Google
2008-06-25 00:45 . 2008-06-25 00:45 <DIR> d-------- C:\Documents and Settings\Fra\Dati applicazioni\Nero
2008-06-25 00:44 . 2008-06-25 00:44 <DIR> d-------- C:\Programmi\File comuni\Nero
2008-06-25 00:44 . 2008-06-25 00:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-06-25 00:44 . 2006-03-17 11:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
2008-06-25 00:44 . 2006-03-17 11:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-06-25 00:44 . 2006-03-17 11:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-06-25 00:44 . 2006-03-17 14:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-06-25 00:44 . 2006-03-17 11:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-06-25 00:16 . 2008-06-25 00:16 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-25 00:14 . 2008-06-14 19:32 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-25 00:13 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-25 00:07 . 2008-06-25 00:07 <DIR> d-------- C:\Documents and Settings\Fra\Dati applicazioni\TuneUp Software
2008-06-25 00:07 . 2008-06-25 00:07 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-25 00:07 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-06-25 00:06 . 2008-06-25 00:07 <DIR> d-------- C:\Programmi\TuneUp Utilities 2008
2008-06-25 00:06 . 2008-06-25 00:06 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TuneUp Software
2008-06-25 00:05 . 2008-06-25 00:05 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-06-25 00:03 . 2008-06-25 00:04 <DIR> d-------- C:\Programmi\TagRename
2008-06-25 00:01 . 2008-04-10 12:08 71,184 -ra------ C:\WINDOWS\system32\drivers\DefragFS.sys
2008-06-24 23:56 . 2008-06-25 00:01 <DIR> d-------- C:\Programmi\PerfectDisk2008
2008-06-24 23:55 . 2008-06-24 23:56 <DIR> d-------- C:\Programmi\PerfectDisk2008Install
2008-06-24 23:52 . 2008-06-24 23:52 <DIR> d-------- C:\Documents and Settings\Fra\Dati applicazioni\ACD Systems
2008-06-24 23:49 . 2008-06-24 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\ACD Systems
2008-06-24 23:48 . 2008-06-24 23:49 <DIR> d-------- C:\Programmi\File comuni\ACD Systems
2008-06-24 23:48 . 2008-06-24 23:48 <DIR> d-------- C:\Programmi\ACD Systems
2008-06-24 23:46 . 2008-06-24 23:46 <DIR> d-------- C:\Programmi\Washer
2008-06-24 23:46 . 2008-06-24 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Webroot
2008-06-24 23:42 . 2008-06-24 23:46 <DIR> d-------- C:\Programmi\Your Uninstaller 2008
2008-06-24 23:17 . 2008-06-24 23:17 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-06-24 23:17 . 2008-06-24 23:17 <DIR> d-------- C:\Documents and Settings\Fra\Dati applicazioni\skypePM
2008-06-24 23:17 . 2008-06-24 23:17 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-20 19:46 . 2008-06-20 19:46 247,296 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:46 . 2008-06-20 19:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-19 16:00 . 2008-06-19 16:38 <DIR> d-------- C:\Programmi\VSO
2008-06-19 16:00 . 2008-06-19 19:29 <DIR> d-------- C:\Documents and Settings\Fra\Dati applicazioni\Vso
2008-06-19 16:00 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-06-19 16:00 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-06-19 16:00 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-06-19 16:00 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-06-19 16:00 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-06-19 16:00 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-06-19 16:00 . 2008-06-19 16:00 87,608 --a------ C:\Documents and Settings\Fra\Dati applicazioni\inst.exe
2008-06-19 16:00 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-06-19 16:00 . 2008-06-19 16:00 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-19 16:00 . 2008-06-19 16:00 47,360 --a------ C:\Documents and Settings\Fra\Dati applicazioni\pcouffin.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 11:44 --------- d-----w C:\Programmi\Thunderbird
2008-07-15 07:49 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-07-15 07:44 --------- d-----w C:\Documents and Settings\Fra\Dati applicazioni\uTorrent
2008-07-14 16:41 106,496 ----a-w C:\WINDOWS\DUMPab34.tmp
2008-07-13 21:08 98,304 ----a-w C:\WINDOWS\DUMPbc89.tmp
2008-07-10 23:29 98,304 ----a-w C:\WINDOWS\DUMPbf19.tmp
2008-07-09 23:16 --------- d-----w C:\Programmi\Winamp
2008-07-08 23:57 98,304 ----a-w C:\WINDOWS\DUMPaf6b.tmp
2008-07-07 21:26 --------- d-----w C:\Programmi\FreePOPs
2008-07-07 11:20 106,496 ----a-w C:\WINDOWS\DUMP9de6.tmp
2008-07-02 23:57 --------- d-----w C:\Programmi\BSplayerPro
2008-07-02 11:09 106,496 ----a-w C:\WINDOWS\DUMP9d68.tmp
2008-07-01 11:37 98,304 ----a-w C:\WINDOWS\DUMPaefc.tmp
2008-06-29 22:17 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-06-24 22:44 --------- d-----w C:\Programmi\Nero
2008-06-24 21:53 --------- d-----w C:\Programmi\VideoLAN
2008-06-24 21:46 --------- d-----w C:\Programmi\File comuni\Webroot Shared
2008-06-24 21:46 --------- d-----w C:\Documents and Settings\Fra\Dati applicazioni\Webroot
2008-06-24 21:42 --------- d-----w C:\Documents and Settings\Fra\Dati applicazioni\URSoft
2008-06-24 21:19 --------- d-----w C:\Documents and Settings\Fra\Dati applicazioni\Skype
2008-06-24 21:02 --------- d-----w C:\Programmi\RAXCO
2008-06-24 21:00 --------- d-----w C:\Programmi\File comuni\Ahead
2008-06-23 11:00 106,496 ----a-w C:\WINDOWS\DUMPb640.tmp
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 13:50 106,496 ----a-w C:\WINDOWS\DUMPaf3b.tmp
2008-06-18 21:48 106,496 ----a-w C:\WINDOWS\DUMPb630.tmp
2008-06-16 23:57 98,304 ----a-w C:\WINDOWS\DUMPae9f.tmp
2008-06-16 23:56 98,304 ----a-w C:\WINDOWS\DUMPb70b.tmp
2008-06-16 12:17 98,304 ----a-w C:\WINDOWS\DUMPa846.tmp
2008-06-16 12:16 98,304 ----a-w C:\WINDOWS\DUMPafc8.tmp
2008-06-14 17:32 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 03:26 106,496 ----a-w C:\WINDOWS\DUMPb083.tmp
2008-06-09 17:21 --------- d-----w C:\Documents and Settings\Fra\Dati applicazioni\Sony
2008-06-09 17:21 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Sony
2008-06-09 17:17 --------- d-----w C:\Programmi\Sony Ericsson
2008-06-09 17:15 --------- d-----w C:\Programmi\QuickTime
2008-06-09 16:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-06-09 16:49 --------- d-----w C:\Programmi\Apple Software Update
2008-06-09 16:48 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-06-09 16:40 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-09 16:40 --------- d-----w C:\Programmi\Avanquest update
2008-06-09 16:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
2008-06-09 16:39 --------- d-----w C:\Documents and Settings\Fra\Dati applicazioni\InstallShield
2008-06-09 16:39 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Sony Ericsson
2008-06-09 12:20 106,496 ----a-w C:\WINDOWS\DUMPb361.tmp
2008-06-08 22:11 106,496 ----a-w C:\WINDOWS\DUMPa3e4.tmp
2008-06-08 22:10 98,304 ----a-w C:\WINDOWS\DUMPae61.tmp
2008-06-04 12:22 98,304 ----a-w C:\WINDOWS\DUMPae60.tmp
2008-05-25 23:06 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-25 22:23 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-05-25 22:05 --------- d-----w C:\Programmi\Unlocker
2008-05-24 18:55 23,376 ----a-w C:\Documents and Settings\Fra\plocvddw.exe
2008-05-23 17:38 --------- d-----w C:\Programmi\Mobile Partner
2008-05-23 13:27 --------- d-----w C:\Programmi\Vodafone
2008-05-23 00:56 --------- d-----w C:\Programmi\MSN Messenger
2008-05-18 21:39 --------- d-----w C:\Programmi\ESET Smart Security
2008-05-10 11:18 98,304 ----a-w C:\WINDOWS\DUMPa008.tmp
2008-05-10 11:17 98,304 ----a-w C:\WINDOWS\DUMPac4d.tmp
2008-05-09 17:11 106,496 ----a-w C:\WINDOWS\DUMPaa3a.tmp
2008-05-07 01:07 106,496 ----a-w C:\WINDOWS\DUMP9cad.tmp
2008-05-07 01:05 106,496 ----a-w C:\WINDOWS\DUMP9615.tmp
2008-05-03 23:33 98,304 ----a-w C:\WINDOWS\DUMPa3f0.tmp
2008-05-02 23:10 106,496 ----a-w C:\WINDOWS\DUMP9d0e.tmp
2008-04-30 09:35 106,496 ----a-w C:\WINDOWS\DUMPb1fc.tmp
2008-04-30 09:33 98,304 ----a-w C:\WINDOWS\DUMPb759.tmp
2008-04-28 11:43 98,304 ----a-w C:\WINDOWS\DUMP9e53.tmp
2008-04-28 11:42 98,304 ----a-w C:\WINDOWS\DUMPaeae.tmp
2008-04-27 21:01 98,304 ----a-w C:\WINDOWS\DUMPcb5e.tmp
2008-04-27 20:59 98,304 ----a-w C:\WINDOWS\DUMP9d78.tmp
2008-04-27 20:58 98,304 ----a-w C:\WINDOWS\DUMPab63.tmp
2008-04-27 10:08 106,496 ----a-w C:\WINDOWS\DUMPd234.tmp
2008-04-27 10:05 98,304 ----a-w C:\WINDOWS\DUMP9f3f.tmp
2008-04-27 10:04 98,304 ----a-w C:\WINDOWS\DUMPad19.tmp
2008-04-25 21:10 106,496 ----a-w C:\WINDOWS\DUMPa559.tmp
2008-04-25 21:08 106,496 ----a-w C:\WINDOWS\DUMPa7ba.tmp
2008-04-24 10:13 98,304 ----a-w C:\WINDOWS\DUMPb3bf.tmp
2008-04-24 10:11 98,304 ----a-w C:\WINDOWS\DUMPc033.tmp
2008-04-23 22:07 106,496 ----a-w C:\WINDOWS\DUMPb873.tmp
2008-04-22 11:41 98,304 ----a-w C:\WINDOWS\DUMPb1fb.tmp
2008-04-22 11:40 106,496 ----a-w C:\WINDOWS\DUMPb5d2.tmp
2008-04-21 16:24 106,496 ----a-w C:\WINDOWS\DUMPb381.tmp
2008-04-21 16:21 98,304 ----a-w C:\WINDOWS\DUMPb8a1.tmp
2008-04-20 19:12 98,304 ----a-w C:\WINDOWS\DUMPb882.tmp
2008-04-18 10:50 98,304 ----a-w C:\WINDOWS\DUMPac1e.tmp
2008-04-18 10:48 106,496 ----a-w C:\WINDOWS\DUMPabef.tmp
2008-04-17 17:11 106,496 ----a-w C:\WINDOWS\DUMPb46b.tmp
2008-04-16 21:29 106,496 ----a-w C:\WINDOWS\DUMPb11f.tmp
2008-04-16 21:26 106,496 ----a-w C:\WINDOWS\DUMPb0b2.tmp
2008-04-15 11:31 106,496 ----a-w C:\WINDOWS\DUMPb892.tmp
2008-04-15 11:28 98,304 ----a-w C:\WINDOWS\DUMPb7a7.tmp
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:14 15360]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Index Washer"="C:\Programmi\Washer\WashIdx.exe" [2007-11-26 14:47 55624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 21:12 102492]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 21:11 692316]
"Cpqset"="C:\Programmi\HPQ\Default Settings\cpqset.exe" [2004-03-18 10:18 204862]
"eabconfg.cpl"="C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2003-11-18 09:31 241664]
"egui"="C:\Programmi\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-02-03 11:26 3072000]
"WinampAgent"="C:\Programmi\Winamp\winampa.exe" [2008-03-27 08:35 36352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:14 110592 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2004-02-03 11:26 753664 C:\WINDOWS\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\uTorrent\\utorrent.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:14]
R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2003-08-15 17:10]
S2 PD91Agent;PD91Agent;C:\Programmi\PerfectDisk2008\PD91Agent.exe [2008-04-16 13:00]
S2 wwEngineSvc;Window Washer Engine;C:\Programmi\Washer\WasherSvc.exe [2007-11-26 14:47]
S3 DCamUSBET;Micrometrics 122CU;C:\WINDOWS\system32\DRIVERS\etDevice.sys [2005-07-01 17:14]
S3 FiltUSBET;ET USB Device Lower Filter;C:\WINDOWS\system32\DRIVERS\etFilter.sys [2005-07-12 17:10]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 09:36]
S3 PD91Engine;PD91Engine;C:\Programmi\PerfectDisk2008\PD91Engine.exe [2008-04-16 13:00]
S3 ScanUSBET;ET USB Still Image Capture Device;C:\WINDOWS\system32\DRIVERS\etScan.sys [2005-07-01 17:14]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-25 00:07]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed177dd5-28d0-11dd-91dd-00904b589034}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed177dd8-28d0-11dd-91dd-00904b589034}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd2a7c38-28cb-11dd-91dc-00904b589034}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-15 12:37:44 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programmi\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-09 16:49:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{14370F76-7676-44A2-AD11-93A31C5FC9FC} - (no file)
BHO-{1ECC1816-1E36-45C4-A128-2A352637275D} - (no file)
Notify-iifdabcC - iifdabcC.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 14:38:18
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programmi\HPQ\Default Settings\cpqset.exe????????????4?5?5?4??????? ?|?B???????????????B????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2008-07-15 14:47:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-15 12:46:38
12 Directory 5,933,735,936 byte disponibili
16 Directory 5,825,671,168 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
269 --- E O F --- 2008-07-15 07:49:35
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.49.54, on 15/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174641814066
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Programmi\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Programmi\PerfectDisk2008\PD91Engine.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Programmi\Washer\WasherSvc.exe
--
End of file - 6880 bytes
By the way, thank you guys.