Problem with a worm
- Thread starter gnorro
- Start date
Finally I deleted awtsp.exe and .dll. I went to regedit and delete every occurrence of awtsp. now combofix generate its log.
this is win.ini:
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
CMCDLLNAME32=mapi32.dll
CMCDLLNAME=mapi.dll
CMC=1
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo
asx=MPEGVideo
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wmx=MPEGVideo
wpl=MPEGVideo
wvx=MPEGVideo
m2v=MPEGVideo
mod=MPEGVideo
this is combofix log:
ComboFix 07-12-15.5 - Administrator 2007-12-17 17.56.22.6 - NTFSx86 MINIMAL
Eseguito da: C:\Documents and Settings\lucamarantelli\Desktop\ComboFix(2).exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.ini2
.
((((((((((((((((((((((((( Files Creati Da 2007-11-17 al 2007-12-17 )))))))))))))))))))))))))))))))))))
.
2007-12-17 17:37 . 2007-12-17 17:37 <DIR> d-------- C:\Programmi\WhoLockMe104
2007-12-17 17:14 . 2007-12-17 17:43 8,758 --ahs---- C:\WINDOWS\system32\pstwa.ini
2007-12-17 17:14 . 2007-12-17 17:41 8,547 --ahs---- C:\WINDOWS\system32\pstwa.ini2
2007-12-17 10:02 . 2007-12-17 10:04 <DIR> d-------- C:\Documents and Settings\lucamarantelli\Dati applicazioni\PrevxCSI
2007-12-17 10:02 . 2007-12-17 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Prevx
2007-12-16 11:56 . 2007-12-16 11:56 <DIR> d-------- C:\Programmi\FirefoxPreloader
2007-12-16 11:56 . 2005-01-19 03:15 28,672 --a------ C:\WINDOWS\system32\regclass.dll
2007-12-15 22:27 . 2001-05-25 06:01 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2007-12-15 22:27 . 2005-01-13 20:41 53,248 --a------ C:\WINDOWS\system32\process.exe
2007-12-15 22:27 . 2004-07-22 12:15 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2007-12-14 16:49 . 2007-12-17 17:14 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2007-12-14 16:49 . 2007-12-14 16:49 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2007-12-14 16:49 . 2007-12-14 16:49 <DIR> d-------- C:\Documents and Settings\lucamarantelli\Dati applicazioni\SUPERAntiSpyware.com
2007-12-14 16:49 . 2007-12-14 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2007-12-14 09:25 . 2007-12-14 09:25 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-14 09:25 . 2007-12-14 09:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2007-12-13 14:42 . 2007-12-17 17:11 <DIR> d-------- C:\VundoFix Backups
2007-12-13 11:19 . 2007-12-14 09:32 929,576 --ahs---- C:\WINDOWS\system32\gystxgcj.ini
2007-12-13 09:41 . 2007-12-13 10:16 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2007-12-13 09:40 . 2007-12-13 11:48 <DIR> d-------- C:\Programmi\Windows Live
2007-12-13 09:40 . 2007-12-13 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-12-13 00:36 . 2007-12-13 00:36 <DIR> d-------- C:\Programmi\CCleaner
2007-12-13 00:12 . 2007-12-17 17:39 3,888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2007-12-12 21:10 . 2007-12-12 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2007-12-12 11:15 . 2007-08-01 15:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-12 11:13 . 2007-12-13 11:24 <DIR> d-------- C:\Programmi\Trend Micro
2007-12-12 11:12 . 2007-12-12 11:12 <DIR> d-------- C:\Documents and Settings\lucamarantelli\Dati applicazioni\InstallShield
2007-12-11 10:36 . 2007-12-11 10:36 <DIR> d-------- C:\Documents and Settings\lucamarantelli\Dati applicazioni\eRoom
2007-12-11 10:34 . 2007-12-11 10:34 <DIR> d-------- C:\Programmi\eRoom 7
2007-12-11 10:32 . 1998-07-30 18:43 306,176 --a------ C:\WINDOWS\IsUn0410.exe
2007-12-11 10:30 . 2007-12-11 10:30 <DIR> d-------- C:\Documents and Settings\lucamarantelli\WINDOWS
2007-12-10 11:38 . 2007-12-10 11:38 <DIR> d-------- C:\ofbiz
2007-11-30 11:56 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-11-30 11:43 . 2007-11-30 11:43 <DIR> dr-h----- C:\MSOCache
2007-11-29 20:12 . 2007-11-29 20:12 <DIR> d-------- C:\Programmi\wjjsoft
2007-11-29 20:10 . 2007-11-29 20:12 <DIR> d-------- C:\Programmi\NeoMem
2007-11-29 20:00 . 2007-11-29 20:01 <DIR> d-------- C:\Programmi\KeyNote
2007-11-29 19:59 . 2007-11-29 19:59 <DIR> d-------- C:\Documents and Settings\lucamarantelli\.NoteLab
2007-11-28 10:23 . 2007-03-10 15:36 <DIR> d--h----- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Risorse di stampa
2007-11-28 10:23 . 2007-03-10 15:36 <DIR> d--h----- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Risorse di rete
2007-11-28 10:23 . 2007-11-28 10:23 <DIR> dr------- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Preferiti
2007-11-28 10:23 . 2007-03-10 14:47 <DIR> d--h----- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Modelli
2007-11-28 10:23 . 2007-03-10 15:36 <DIR> dr------- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Menu Avvio
2007-11-28 10:23 . 2007-12-16 10:48 <DIR> d--h----- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Impostazioni locali
2007-11-28 10:23 . 2007-11-28 10:23 <DIR> dr------- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Documenti
2007-11-28 10:23 . 2007-10-31 23:10 <DIR> d-------- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Dati applicazioni\Intel
2007-11-28 10:23 . 2007-11-28 10:23 <DIR> dr-h----- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Dati applicazioni
2007-11-28 09:10 . 2004-08-19 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-23 14:37 . 2004-07-19 10:52 568 --a------ C:\WINDOWS\system32\drivers\default.bin
2007-11-23 14:37 . 2004-07-19 10:52 568 --a------ C:\WINDOWS\system32\default.bin
2007-11-23 14:36 . 2007-11-23 14:36 <DIR> d-------- C:\Programmi\CheckPoint
2007-11-23 14:36 . 2004-07-19 10:52 2,871,296 --a------ C:\WINDOWS\system32\kmpapi32.dll
2007-11-23 14:36 . 2004-07-19 10:52 2,038,704 --a------ C:\WINDOWS\system32\drivers\fw.sys
2007-11-23 14:36 . 2004-07-19 10:52 668,432 --a------ C:\WINDOWS\system32\drivers\vpn.sys
2007-11-23 14:36 . 2004-07-19 10:52 393,216 --a------ C:\WINDOWS\system32\enterr.dll
2007-11-23 14:36 . 2004-07-19 11:53 106,583 --a------ C:\WINDOWS\system32\fwnetcfg.dll
2007-11-23 14:36 . 2004-07-19 11:53 32,875 --a------ C:\WINDOWS\system32\ckpginashim.dll
2007-11-23 14:36 . 2004-07-19 11:53 24,681 --a------ C:\WINDOWS\system32\ckpNotify.dll
2007-11-23 14:36 . 2004-07-19 10:52 17,424 --a------ C:\WINDOWS\system32\drivers\scap.sys
2007-11-23 14:36 . 2004-07-19 10:52 14,924 --a------ C:\WINDOWS\system32\drivers\OMVA.sys
2007-11-23 14:36 . 2004-07-19 10:52 4,133 --a------ C:\WINDOWS\entrust.ini
2007-11-22 15:48 . 2007-11-30 09:05 <DIR> d-------- C:\Programmi\QuickTime
2007-11-22 15:48 . 2007-11-22 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2007-11-22 15:48 . 2007-11-22 15:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-22 15:48 . 2007-11-22 15:48 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-22 15:47 . 2007-11-22 15:47 <DIR> d-------- C:\Programmi\Apple Software Update
2007-11-22 15:47 . 2007-11-22 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 16:14 428,544 ----a-w C:\WINDOWS\system32\igfxtray.exe
2007-12-17 15:06 453,120 ----a-w C:\WINDOWS\system32\igfxpers.exe
2007-12-17 15:06 412,160 ----a-w C:\WINDOWS\system32\hkcmd.exe
2007-12-16 11:32 16,547,840 ----a-w C:\WINDOWS\RTHDCPL.EXE
2007-12-16 11:32 1,784,320 ----a-w C:\WINDOWS\SkyTel.EXE
2007-12-14 15:45 --------- d-----w C:\Documents and Settings\lucamarantelli\Dati applicazioni\MailWasherPro
2007-12-12 15:11 --------- d-----w C:\Programmi\Google
2007-12-10 08:34 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2007-11-29 19:14 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-11-28 14:50 --------- d-----w C:\Documents and Settings\lucamarantelli\Dati applicazioni\SQLyog
2007-11-16 16:30 --------- d-----w C:\Programmi\NetBeans 6.0 RC1
2007-11-16 16:30 --------- d-----w C:\Programmi\Apache Software Foundation
2007-11-13 18:09 --------- d-----w C:\Programmi\SQLyog Community
2007-11-08 08:38 --------- d-----w C:\Programmi\TOSHIBA
2007-11-06 17:00 --------- d-----w C:\Programmi\WinMerge
2007-11-06 16:38 --------- d-----w C:\Documents and Settings\lucamarantelli\Dati applicazioni\postgresql
2007-11-06 16:36 --------- d-----w C:\Programmi\pgAdmin III
2007-11-06 07:56 --------- d-----w C:\Programmi\MSXML 4.0
2007-11-05 17:06 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\InstallShield
2007-11-05 17:04 --------- d-----w C:\Programmi\File comuni\InstallShield
2007-11-05 17:04 --------- d-----w C:\Programmi\File comuni\Business Objects
2007-11-05 17:04 --------- d-----w C:\Programmi\Business Objects
2007-11-05 13:20 --------- d-----w C:\Programmi\Microsoft SQL Server
2007-11-05 08:15 --------- d-----w C:\Programmi\Innovative Solutions
2007-10-31 22:10 356,352 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2007-10-31 22:10 21,393 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-10-31 22:10 21,393 ----a-w C:\WINDOWS\AegisP.sys
2007-10-31 22:10 --------- d-----w C:\Documents and Settings\NetworkService\Dati applicazioni\Intel
2007-10-31 22:10 --------- d-----w C:\Documents and Settings\MARANTELLI-XPNE\ASPNET\Dati applicazioni\Intel
2007-10-31 22:10 --------- d-----w C:\Documents and Settings\lucamarantelli\Dati applicazioni\Intel
2007-10-31 22:10 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\Intel
2007-10-31 22:10 --------- d-----w C:\Documents and Settings\Default User\Dati applicazioni\Intel
2007-10-31 22:10 --------- d-----w C:\Documents and Settings\administrator\Dati applicazioni\Intel
2007-10-31 22:09 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dati applicazioni\Intel
2007-10-31 22:09 --------- d-----w C:\Programmi\Intel
2007-10-31 22:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Intel
2007-10-31 21:18 --------- d-----w C:\Programmi\CDBurnerXP
2007-10-31 20:51 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Macrovision
2007-10-31 20:50 --------- d-----w C:\Programmi\Macromedia
2007-10-31 20:50 --------- d-----w C:\Programmi\File comuni\Macromedia Shared
2007-10-31 20:50 --------- d-----w C:\Programmi\File comuni\Macromedia
2007-10-31 20:48 --------- d-----w C:\Documents and Settings\lucamarantelli\Dati applicazioni\Uniblue
2007-10-31 20:12 --------- d-----w C:\Programmi\FireTrust
2007-10-31 08:48 --------- d-----w C:\Documents and Settings\lucamarantelli\Dati applicazioni\SmartFTP
2007-10-31 08:44 --------- d-----w C:\Programmi\SmartFTP Client
2007-10-30 18:24 --------- d-----w C:\Programmi\Java
2007-10-30 18:18 --------- d-----w C:\Programmi\ltmoh
2007-10-30 18:11 --------- d-----w C:\Programmi\Realtek
2007-10-30 17:22 --------- d-----w C:\Programmi\File comuni\Java
2007-10-30 15:01 --------- d-----w C:\Programmi\File comuni\Merge Modules
2007-10-30 14:48 --------- d-----w C:\Programmi\Microsoft Visual Studio .NET 2003
2007-10-30 14:34 --------- d-----w C:\Programmi\Notepad++
2007-10-30 14:34 --------- d-----w C:\Documents and Settings\lucamarantelli\Dati applicazioni\Notepad++
2007-10-30 14:30 --------- d-----w C:\Programmi\HTML Help Workshop
2007-10-30 14:26 --------- d-----w C:\Programmi\File comuni\Crystal Decisions
2007-10-30 14:20 --------- d-----w C:\Programmi\Microsoft ACT
2007-10-30 13:26 --------- d-----w C:\Programmi\MSXML 6.0
2007-10-30 12:14 --------- d-----w C:\Programmi\MSBuild
2007-10-30 12:10 --------- d-----w C:\Programmi\Reference Assemblies
2007-10-30 12:05 --------- d-----w C:\Programmi\Windows Media Connect 2
2007-10-30 11:00 --------- d-----w C:\Documents and Settings\lucamarantelli\Dati applicazioni\OfficeUpdate12
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-09-17 15:40 524,288 ----a-w C:\WINDOWS\opuc.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7E0D41E-3598-4D1D-A568-B79090A234B4}]
C:\WINDOWS\system32\awtsp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartFTP Drop]
@={EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}
[HKEY_CLASSES_ROOT\CLSID\{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}]
2007-10-01 22:33 406840 --a------ C:\Programmi\SmartFTP Client\sfShellTools.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StoneGateAgent"="C:\Programmi\Stonesoft\StoneGate VPN Client\sgagent.exe" [2007-12-17 17:14]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-16 12:32 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2007-12-16 12:32 C:\WINDOWS\SkyTel.EXE]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-17 17:14]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-17 16:06]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-17 16:06]
"OfficeScanNT Monitor"="C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-16 12:35]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 13:00]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2004-08-19 13:00 C:\WINDOWS\system32\cmd.exe]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2004-07-19 11:53 24681 C:\WINDOWS\system32\ckpNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^lucamarantelli^Menu Avvio^Programmi^Esecuzione automatica^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\lucamarantelli\Menu Avvio\Programmi\Esecuzione automatica\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
000StTHK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
2006-04-26 14:39 258048 --a------ C:\WINDOWS\system32\00THotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrossMenu]
2006-04-12 16:25 798720 --a------ C:\Programmi\Toshiba\CrossMenu\CrossMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-06-01 10:51 823296 --a------ C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\DOCUME~1\LUCAMA~1\IMPOST~1\Temp\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-11-30 09:05 470016 --a------ C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
2005-09-01 15:21 102400 --a------ C:\Programmi\TOSHIBA\TouchED\TouchED.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZCfgSvc.exe]
C:\WINDOWS\system32\ZCfgSvc.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 17:59:38
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2007-12-17 18.00.26
.
2007-12-10 08:34:41 --- E O F ---
this is win.ini:
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
CMCDLLNAME32=mapi32.dll
CMCDLLNAME=mapi.dll
CMC=1
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo
asx=MPEGVideo
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wmx=MPEGVideo
wpl=MPEGVideo
wvx=MPEGVideo
m2v=MPEGVideo
mod=MPEGVideo
this is combofix log:
ComboFix 07-12-15.5 - Administrator 2007-12-17 17.56.22.6 - NTFSx86 MINIMAL
Eseguito da: C:\Documents and Settings\lucamarantelli\Desktop\ComboFix(2).exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.ini2
.
((((((((((((((((((((((((( Files Creati Da 2007-11-17 al 2007-12-17 )))))))))))))))))))))))))))))))))))
.
2007-12-17 17:37 . 2007-12-17 17:37 <DIR> d-------- C:\Programmi\WhoLockMe104
2007-12-17 17:14 . 2007-12-17 17:43 8,758 --ahs---- C:\WINDOWS\system32\pstwa.ini
2007-12-17 17:14 . 2007-12-17 17:41 8,547 --ahs---- C:\WINDOWS\system32\pstwa.ini2
2007-12-17 10:02 . 2007-12-17 10:04 <DIR> d-------- C:\Documents and Settings\lucamarantelli\Dati applicazioni\PrevxCSI
2007-12-17 10:02 . 2007-12-17 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Prevx
2007-12-16 11:56 . 2007-12-16 11:56 <DIR> d-------- C:\Programmi\FirefoxPreloader
2007-12-16 11:56 . 2005-01-19 03:15 28,672 --a------ C:\WINDOWS\system32\regclass.dll
2007-12-15 22:27 . 2001-05-25 06:01 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2007-12-15 22:27 . 2005-01-13 20:41 53,248 --a------ C:\WINDOWS\system32\process.exe
2007-12-15 22:27 . 2004-07-22 12:15 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2007-12-14 16:49 . 2007-12-17 17:14 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2007-12-14 16:49 . 2007-12-14 16:49 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2007-12-14 16:49 . 2007-12-14 16:49 <DIR> d-------- C:\Documents and Settings\lucamarantelli\Dati applicazioni\SUPERAntiSpyware.com
2007-12-14 16:49 . 2007-12-14 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2007-12-14 09:25 . 2007-12-14 09:25 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-14 09:25 . 2007-12-14 09:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2007-12-13 14:42 . 2007-12-17 17:11 <DIR> d-------- C:\VundoFix Backups
2007-12-13 11:19 . 2007-12-14 09:32 929,576 --ahs---- C:\WINDOWS\system32\gystxgcj.ini
2007-12-13 09:41 . 2007-12-13 10:16 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2007-12-13 09:40 . 2007-12-13 11:48 <DIR> d-------- C:\Programmi\Windows Live
2007-12-13 09:40 . 2007-12-13 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-12-13 00:36 . 2007-12-13 00:36 <DIR> d-------- C:\Programmi\CCleaner
2007-12-13 00:12 . 2007-12-17 17:39 3,888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2007-12-12 21:10 . 2007-12-12 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2007-12-12 11:15 . 2007-08-01 15:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-12 11:13 . 2007-12-13 11:24 <DIR> d-------- C:\Programmi\Trend Micro
2007-12-12 11:12 . 2007-12-12 11:12 <DIR> d-------- C:\Documents and Settings\lucamarantelli\Dati applicazioni\InstallShield
2007-12-11 10:36 . 2007-12-11 10:36 <DIR> d-------- C:\Documents and Settings\lucamarantelli\Dati applicazioni\eRoom
2007-12-11 10:34 . 2007-12-11 10:34 <DIR> d-------- C:\Programmi\eRoom 7
2007-12-11 10:32 . 1998-07-30 18:43 306,176 --a------ C:\WINDOWS\IsUn0410.exe
2007-12-11 10:30 . 2007-12-11 10:30 <DIR> d-------- C:\Documents and Settings\lucamarantelli\WINDOWS
2007-12-10 11:38 . 2007-12-10 11:38 <DIR> d-------- C:\ofbiz
2007-11-30 11:56 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-11-30 11:43 . 2007-11-30 11:43 <DIR> dr-h----- C:\MSOCache
2007-11-29 20:12 . 2007-11-29 20:12 <DIR> d-------- C:\Programmi\wjjsoft
2007-11-29 20:10 . 2007-11-29 20:12 <DIR> d-------- C:\Programmi\NeoMem
2007-11-29 20:00 . 2007-11-29 20:01 <DIR> d-------- C:\Programmi\KeyNote
2007-11-29 19:59 . 2007-11-29 19:59 <DIR> d-------- C:\Documents and Settings\lucamarantelli\.NoteLab
2007-11-28 10:23 . 2007-03-10 15:36 <DIR> d--h----- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Risorse di stampa
2007-11-28 10:23 . 2007-03-10 15:36 <DIR> d--h----- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Risorse di rete
2007-11-28 10:23 . 2007-11-28 10:23 <DIR> dr------- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Preferiti
2007-11-28 10:23 . 2007-03-10 14:47 <DIR> d--h----- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Modelli
2007-11-28 10:23 . 2007-03-10 15:36 <DIR> dr------- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Menu Avvio
2007-11-28 10:23 . 2007-12-16 10:48 <DIR> d--h----- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Impostazioni locali
2007-11-28 10:23 . 2007-11-28 10:23 <DIR> dr------- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Documenti
2007-11-28 10:23 . 2007-10-31 23:10 <DIR> d-------- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Dati applicazioni\Intel
2007-11-28 10:23 . 2007-11-28 10:23 <DIR> dr-h----- C:\Documents and Settings\Administrator.MARANTELLI-XPNE\Dati applicazioni
2007-11-28 09:10 . 2004-08-19 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-23 14:37 . 2004-07-19 10:52 568 --a------ C:\WINDOWS\system32\drivers\default.bin
2007-11-23 14:37 . 2004-07-19 10:52 568 --a------ C:\WINDOWS\system32\default.bin
2007-11-23 14:36 . 2007-11-23 14:36 <DIR> d-------- C:\Programmi\CheckPoint
2007-11-23 14:36 . 2004-07-19 10:52 2,871,296 --a------ C:\WINDOWS\system32\kmpapi32.dll
2007-11-23 14:36 . 2004-07-19 10:52 2,038,704 --a------ C:\WINDOWS\system32\drivers\fw.sys
2007-11-23 14:36 . 2004-07-19 10:52 668,432 --a------ C:\WINDOWS\system32\drivers\vpn.sys
2007-11-23 14:36 . 2004-07-19 10:52 393,216 --a------ C:\WINDOWS\system32\enterr.dll
2007-11-23 14:36 . 2004-07-19 11:53 106,583 --a------ C:\WINDOWS\system32\fwnetcfg.dll
2007-11-23 14:36 . 2004-07-19 11:53 32,875 --a------ C:\WINDOWS\system32\ckpginashim.dll
2007-11-23 14:36 . 2004-07-19 11:53 24,681 --a------ C:\WINDOWS\system32\ckpNotify.dll
2007-11-23 14:36 . 2004-07-19 10:52 17,424 --a------ C:\WINDOWS\system32\drivers\scap.sys
2007-11-23 14:36 . 2004-07-19 10:52 14,924 --a------ C:\WINDOWS\system32\drivers\OMVA.sys
2007-11-23 14:36 . 2004-07-19 10:52 4,133 --a------ C:\WINDOWS\entrust.ini
2007-11-22 15:48 . 2007-11-30 09:05 <DIR> d-------- C:\Programmi\QuickTime
2007-11-22 15:48 . 2007-11-22 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2007-11-22 15:48 . 2007-11-22 15:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-22 15:48 . 2007-11-22 15:48 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-22 15:47 . 2007-11-22 15:47 <DIR> d-------- C:\Programmi\Apple Software Update
2007-11-22 15:47 . 2007-11-22 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 16:14 428,544 ----a-w C:\WINDOWS\system32\igfxtray.exe
2007-12-17 15:06 453,120 ----a-w C:\WINDOWS\system32\igfxpers.exe
2007-12-17 15:06 412,160 ----a-w C:\WINDOWS\system32\hkcmd.exe
2007-12-16 11:32 16,547,840 ----a-w C:\WINDOWS\RTHDCPL.EXE
2007-12-16 11:32 1,784,320 ----a-w C:\WINDOWS\SkyTel.EXE
2007-12-14 15:45 --------- d-----w C:\Documents and Settings\lucamarantelli\Dati applicazioni\MailWasherPro
2007-12-12 15:11 --------- d-----w C:\Programmi\Google
2007-12-10 08:34 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2007-11-29 19:14 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-11-28 14:50 --------- d-----w C:\Documents and Settings\lucamarantelli\Dati applicazioni\SQLyog
2007-11-16 16:30 --------- d-----w C:\Programmi\NetBeans 6.0 RC1
2007-11-16 16:30 --------- d-----w C:\Programmi\Apache Software Foundation
2007-11-13 18:09 --------- d-----w C:\Programmi\SQLyog Community
2007-11-08 08:38 --------- d-----w C:\Programmi\TOSHIBA
2007-11-06 17:00 --------- d-----w C:\Programmi\WinMerge
2007-11-06 16:38 --------- d-----w C:\Documents and Settings\lucamarantelli\Dati applicazioni\postgresql
2007-11-06 16:36 --------- d-----w C:\Programmi\pgAdmin III
2007-11-06 07:56 --------- d-----w C:\Programmi\MSXML 4.0
2007-11-05 17:06 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\InstallShield
2007-11-05 17:04 --------- d-----w C:\Programmi\File comuni\InstallShield
2007-11-05 17:04 --------- d-----w C:\Programmi\File comuni\Business Objects
2007-11-05 17:04 --------- d-----w C:\Programmi\Business Objects
2007-11-05 13:20 --------- d-----w C:\Programmi\Microsoft SQL Server
2007-11-05 08:15 --------- d-----w C:\Programmi\Innovative Solutions
2007-10-31 22:10 356,352 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2007-10-31 22:10 21,393 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-10-31 22:10 21,393 ----a-w C:\WINDOWS\AegisP.sys
2007-10-31 22:10 --------- d-----w C:\Documents and Settings\NetworkService\Dati applicazioni\Intel
2007-10-31 22:10 --------- d-----w C:\Documents and Settings\MARANTELLI-XPNE\ASPNET\Dati applicazioni\Intel
2007-10-31 22:10 --------- d-----w C:\Documents and Settings\lucamarantelli\Dati applicazioni\Intel
2007-10-31 22:10 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\Intel
2007-10-31 22:10 --------- d-----w C:\Documents and Settings\Default User\Dati applicazioni\Intel
2007-10-31 22:10 --------- d-----w C:\Documents and Settings\administrator\Dati applicazioni\Intel
2007-10-31 22:09 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dati applicazioni\Intel
2007-10-31 22:09 --------- d-----w C:\Programmi\Intel
2007-10-31 22:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Intel
2007-10-31 21:18 --------- d-----w C:\Programmi\CDBurnerXP
2007-10-31 20:51 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Macrovision
2007-10-31 20:50 --------- d-----w C:\Programmi\Macromedia
2007-10-31 20:50 --------- d-----w C:\Programmi\File comuni\Macromedia Shared
2007-10-31 20:50 --------- d-----w C:\Programmi\File comuni\Macromedia
2007-10-31 20:48 --------- d-----w C:\Documents and Settings\lucamarantelli\Dati applicazioni\Uniblue
2007-10-31 20:12 --------- d-----w C:\Programmi\FireTrust
2007-10-31 08:48 --------- d-----w C:\Documents and Settings\lucamarantelli\Dati applicazioni\SmartFTP
2007-10-31 08:44 --------- d-----w C:\Programmi\SmartFTP Client
2007-10-30 18:24 --------- d-----w C:\Programmi\Java
2007-10-30 18:18 --------- d-----w C:\Programmi\ltmoh
2007-10-30 18:11 --------- d-----w C:\Programmi\Realtek
2007-10-30 17:22 --------- d-----w C:\Programmi\File comuni\Java
2007-10-30 15:01 --------- d-----w C:\Programmi\File comuni\Merge Modules
2007-10-30 14:48 --------- d-----w C:\Programmi\Microsoft Visual Studio .NET 2003
2007-10-30 14:34 --------- d-----w C:\Programmi\Notepad++
2007-10-30 14:34 --------- d-----w C:\Documents and Settings\lucamarantelli\Dati applicazioni\Notepad++
2007-10-30 14:30 --------- d-----w C:\Programmi\HTML Help Workshop
2007-10-30 14:26 --------- d-----w C:\Programmi\File comuni\Crystal Decisions
2007-10-30 14:20 --------- d-----w C:\Programmi\Microsoft ACT
2007-10-30 13:26 --------- d-----w C:\Programmi\MSXML 6.0
2007-10-30 12:14 --------- d-----w C:\Programmi\MSBuild
2007-10-30 12:10 --------- d-----w C:\Programmi\Reference Assemblies
2007-10-30 12:05 --------- d-----w C:\Programmi\Windows Media Connect 2
2007-10-30 11:00 --------- d-----w C:\Documents and Settings\lucamarantelli\Dati applicazioni\OfficeUpdate12
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-09-17 15:40 524,288 ----a-w C:\WINDOWS\opuc.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7E0D41E-3598-4D1D-A568-B79090A234B4}]
C:\WINDOWS\system32\awtsp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartFTP Drop]
@={EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}
[HKEY_CLASSES_ROOT\CLSID\{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}]
2007-10-01 22:33 406840 --a------ C:\Programmi\SmartFTP Client\sfShellTools.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StoneGateAgent"="C:\Programmi\Stonesoft\StoneGate VPN Client\sgagent.exe" [2007-12-17 17:14]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-16 12:32 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2007-12-16 12:32 C:\WINDOWS\SkyTel.EXE]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-17 17:14]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-17 16:06]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-17 16:06]
"OfficeScanNT Monitor"="C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-16 12:35]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 13:00]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2004-08-19 13:00 C:\WINDOWS\system32\cmd.exe]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2004-07-19 11:53 24681 C:\WINDOWS\system32\ckpNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^lucamarantelli^Menu Avvio^Programmi^Esecuzione automatica^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\lucamarantelli\Menu Avvio\Programmi\Esecuzione automatica\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
000StTHK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
2006-04-26 14:39 258048 --a------ C:\WINDOWS\system32\00THotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrossMenu]
2006-04-12 16:25 798720 --a------ C:\Programmi\Toshiba\CrossMenu\CrossMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-06-01 10:51 823296 --a------ C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\DOCUME~1\LUCAMA~1\IMPOST~1\Temp\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-11-30 09:05 470016 --a------ C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
2005-09-01 15:21 102400 --a------ C:\Programmi\TOSHIBA\TouchED\TouchED.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZCfgSvc.exe]
C:\WINDOWS\system32\ZCfgSvc.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 17:59:38
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2007-12-17 18.00.26
.
2007-12-10 08:34:41 --- E O F ---
ken545
Emeritus-Security Expert
Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
there is a problem
I can't copy and paste anything and I can't drag and drop anything. i don't know why. if I open a window or a program I don't see it in the bottom bar
The copy item in the window menu when I click with right mouse is alway disabled and copy and paste doesn't work!
I can't copy and paste anything and I can't drag and drop anything. i don't know why. if I open a window or a program I don't see it in the bottom bar
The copy item in the window menu when I click with right mouse is alway disabled and copy and paste doesn't work!
ken545
Emeritus-Security Expert
Hello,
You have a variation of Vundo that reinfects you everytime you boot up, what you need to do is stay off the internet as much as possible until we get rid of this.
Run this tool , it should fix your copy and paste problem
http://download.bleepingcomputer.com/sUBs/Beta/NetSvc_Repair.exe
Then drag Combofix to the trash and download this newer version , run it and post the log please.
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
You have a variation of Vundo that reinfects you everytime you boot up, what you need to do is stay off the internet as much as possible until we get rid of this.
Run this tool , it should fix your copy and paste problem
http://download.bleepingcomputer.com/sUBs/Beta/NetSvc_Repair.exe
Then drag Combofix to the trash and download this newer version , run it and post the log please.
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
ken545
Emeritus-Security Expert
Good Morning,
Sorry you had to go through that. Let me tell ya, the infections going around today are getting real bad and more difficult to remove. You need to be real careful on what you download. Cracked software is bad news, I would stay away from them.
Here are some free programs to install, don't leave home without them
Glad we could help.
Safe Surfn
Ken
Sorry you had to go through that. Let me tell ya, the infections going around today are getting real bad and more difficult to remove. You need to be real careful on what you download. Cracked software is bad news, I would stay away from them.
How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.- Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
- WhattheTech
- TonyKlein CastleCops
- Grinler BleepingComputer
- Geeks To Go
- Dslreports
Here are some free programs to install, don't leave home without them
- Spybot Search and Destroy 1.5
Check for Updates/ Immunize and run a Full System Scan on a regular basis.
- Spyware Blaster It will prevent most spyware from ever being installed.
- Spyware Guard It offers realtime protection from spyware installation attempts.
- Win Patrol This program will warn you when any changes are being made to your system and give
you the option to deny the change.
- IE-Spyad
IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads
(cookies etc) from the sites listed, although you will still be able to connect to the sites.
- Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and
painless download and install, it will no way interfere with IE, you can use them both.
- Zone Alarm Here is a free Firewall from Zone Labs, I
wouldn't access the internet without it.
Glad we could help.
Safe Surfn
Ken