1)ComboFix 08-11-18.02 - Rober 2008-11-18 22.52.38.1 -
FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.224 [GMT 1:00]
Eseguito da: c:\documents and settings\Rober\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Rober\Preferiti\Videos.url
c:\windows\IE4 Error Log.txt
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
((((((((((((((((((((((((( Files Creati Da 2008-10-18 al 2008-11-18 )))))))))))))))))))))))))))))))))))
.
2008-11-17 13:00 . 2008-11-17 13:01 <DIR> d-------- c:\programmi\Windows Live Safety Center
2008-11-17 09:55 . 2008-11-17 09:55 <DIR> d-------- c:\windows\BDOSCAN8
2008-11-16 12:07 . 2008-11-16 12:07 <DIR> d-------- C:\fsaua.data
2008-11-12 23:10 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 23:09 . 2008-09-04 18:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-06 01:05 . 2008-11-06 01:05 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-06 01:05 . 2008-11-06 01:05 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-06 01:04 . 2008-11-06 01:04 <DIR> d-------- c:\programmi\Java
2008-10-26 00:38 . 2008-10-26 00:38 <DIR> d-------- c:\programmi\AskBarDis
2008-10-24 14:02 . 2008-10-15 18:36 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 13:21 19,000 ----a-w c:\documents and settings\Rober\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-10 20:56 --------- d-----w c:\programmi\Motive
2008-10-10 00:06 --------- d-----w c:\programmi\Panda Security
2008-10-08 23:51 --------- d-----w c:\programmi\bsnmjib
2008-10-08 23:51 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\lgnyzmnu
2008-10-03 17:58 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-15 16:24 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 16:24 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 11:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-27 09:57 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2006-06-03 01:32 14 ----a-w c:\documents and settings\Rober\getfile.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a------ c:\programmi\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="c:\windows\ATK0100\Hcontrol.exe" [2004-05-27 86016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-15 118784]
"ASUS Live Update"="c:\programmi\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 172032]
"Power_Gear"="c:\programmi\ASUS\Power4 Gear\BatteryLife.exe" [2004-01-19 81920]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-08-05 102400]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-08-05 684032]
"PRONoMgr.exe"="c:\programmi\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-02-05 86016]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"AliceRE_McciTrayApp"="c:\progra~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe" [2006-11-21 936960]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-06 136600]
"SoundMan"="SOUNDMAN.EXE" [2004-05-21 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ASUS ChkMail.lnk - c:\programmi\Asus\Asus ChkMail\ChkMail.exe [2005-12-28 32768]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-10-10 217088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-03-03 16:48 110592 c:\windows\system32\LgNotify.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Asus\\ASUS Live Update\\LiveUpdt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\VLC.EXE"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-16 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-16 20560]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2008-07-28 8192]
R3 ATKXPDisplayName;ATKXPDisplayName;c:\windows\system32\DRIVERS\ATKACPI.sys [2005-12-28 5786]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D.sys [2004-07-06 44544]
.
.
------- Supplementare di scansione -------
.
uStart Page =
hxxp://www.corriere.it/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = mail.voltex.co.za:80
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-18 22:56:07
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\SYSTEM32\S24EVMON.EXE
c:\windows\SYSTEM32\ZCFGSVC.EXE
c:\programmi\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\programmi\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\windows\ATKKBSERVICE.EXE
c:\programmi\JAVA\JRE6\BIN\JQS.EXE
c:\programmi\TELECOM ITALIA\WANMINIPORT1ST\WANMINIPORT1ST_SRV.EXE
c:\windows\SYSTEM32\HPZIPM12.EXE
c:\programmi\ASUS\POWER4 GEAR\BATTER~1.EXE
c:\windows\SYSTEM32\REGSRVC.EXE
c:\programmi\ALICE TI AIUTA\SMARTBRIDGE\MOTIVESB.EXE
c:\programmi\ALICE TI AIUTA\VENDORS\ALICERE\CONTENT\TEMPLATE\DRIVEN_DEV\SYNCER\MCCITRAYAPP.EXE
c:\programmi\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
c:\programmi\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
c:\windows\SYSTEM32\1XCONFIG.EXE
c:\windows\ATK0100\ATKOSD.EXE
c:\programmi\ALICE TI AIUTA\BIN\MPBTN.EXE
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-18 22:58:48 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-18 21:58:42
Pre-Run: 42.255.384.576 byte disponibili
Post-Run: 42,565,664,768 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
172 --- E O F --- 2008-11-13 00:42:47
2)2006-12-02 14:40:42 A------- 1,072 C:\Qoobox\Quarantine\C\WINDOWS\IE4 Error Log.txt.vir
2007-09-07 14:12:17 A------- 524 C:\Qoobox\Quarantine\C\Documents and Settings\Rober\Preferiti\Videos.url.vir
2008-11-18 22:50:13 A------- 54 C:\Qoobox\Quarantine\catchme.log
2008-11-18 22:53:38 A------- 8,761 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-11-18 22:53:43 A------- 1,044 C:\Qoobox\Quarantine\Registry_backups\Legacy_TDSSSERV.reg.dat
2008-11-18 22:58:11 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-11-18 22:58:11 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-11-18 22:58:11 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat