... Ah ecco qui tutto ... ho rifatto tutto e ho aspettato che facesse il report.
ComboFix 08-12-05.01 - Marco Barbieri 2008-12-07 22:04:52.2 - NTFSx86
Running from: c:\documents and settings\Marco Barbieri\desktop\abc.exe
Command switches used :: /killall
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\MARCOB~1\IMPOST~1\Temp\tmp2.tmp
c:\windows\system32\bodvsjtd.dll
c:\windows\system32\cudixwsm.dll
c:\windows\system32\dcdMnnnn.ini
c:\windows\system32\dcdMnnnn.ini2
c:\windows\system32\mcrh.tmp
c:\windows\system32\mswxiduc.ini
c:\windows\system32\nnnnMdcd.dll
c:\windows\system32\oenovccr.ini
c:\windows\system32\rccvoneo.dll
c:\windows\system32\rfnwxr.dll
c:\windows\system32\vmybyvdr.dll
c:\windows\system32\yyahgp.dll
.
---- Previous Run -------
.
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Marco Barbieri\Dati applicazioni\hidires
c:\windows\Downloaded Program Files\setup.inf
c:\windows\msnimport.exe
c:\windows\system32\cbXOeDWo.dll
c:\windows\system32\cmmgr32.exe
c:\windows\system32\oWDeOXbc.ini
c:\windows\system32\oWDeOXbc.ini2
c:\windows\system32\xxyYSIBt.dll
c:\windows\Tasks\ouisrdtn.job
.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.
2008-12-05 20:35 . 2008-12-05 20:35 <DIR> d-------- c:\programmi\Trend Micro
2008-12-04 20:12 . 2008-12-04 20:12 34,816 --a------ c:\windows\system32\ddcApqqq.dll
2008-11-13 16:47 . 2008-10-24 12:21 455,296 --a------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 16:46 . 2008-09-04 18:15 1,106,944 --a------ c:\windows\system32\dllcache\msxml3.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 19:10 --------- d-----w c:\programmi\eMule
2008-10-30 00:40 --------- d-----w c:\programmi\File comuni\Adobe
2008-10-30 00:40 --------- d-----w c:\programmi\Bonjour
2008-10-30 00:23 --------- d-----w c:\programmi\File comuni\Macrovision Shared
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2006-11-05 17:29 174 ----a-w c:\documents and settings\Marco Barbieri\Dati applicazioni\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0586142F-F82F-4F60-837E-63D94E615773}]
c:\windows\system32\cbXOeDWo.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-12-04 20:12 34816 --a------ c:\windows\system32\ddcApqqq.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-02-16 282624]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\ddcApqqq.dll" [2008-12-04 34816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcApqqq]
2008-12-04 20:12 34816 c:\windows\system32\ddcApqqq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Marco Barbieri^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
path=c:\documents and settings\Marco Barbieri\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-11-05 12:52 233534 c:\programmi\HPQ\Default Settings\Cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-13 18:14 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-12-03 12:24 290816 c:\programmi\HPQ\Quick Launch Buttons\eabservr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-01-22 19:31 126976 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 c:\programmi\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-01-21 12:40 790528 c:\programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-01-22 19:36 155648 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 15:50 221184 c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 15:50 81920 c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 19:05 257088 c:\programmi\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 12:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2007-09-18 14:39 190024 c:\programmi\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-08-16 15:19 5728112 c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 c:\programmi\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\programmi\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-11-04 19:38 688218 c:\programmi\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-11-04 19:40 98394 c:\programmi\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-20 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-20 76040]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cbdaeda-60fb-11db-ae0d-0010c6e57e00}]
\Shell\AutoRun\command - E:\load.exe /CDROM
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba132330-a7b0-11da-ac3d-0010c6e57e00}]
\Shell\AutoRun\command - D:\nideiect.com
\Shell\explore\Command - D:\nideiect.com
\Shell\open\Command - D:\nideiect.com
.
Contents of the 'Scheduled Tasks' folder
2007-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]
2008-12-07 c:\windows\Tasks\User_Feed_Synchronization-{010685F7-DF01-4D4A-9725-9D19A75A39C7}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
2008-12-07 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHANS REMOVED - - - -
BHO-{1BA43F2B-8CC4-4469-B15D-5BB009854805} - c:\windows\system32\nnnnMdcd.dll
BHO-{b9984fb5-850e-4c59-9530-e1a8ef0b77d6} - c:\windows\system32\rfnwxr.dll
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-!AVG Anti-Spyware - c:\programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-ISTray - c:\programmi\Spyware Doctor\pctsTray.exe
MSConfigStartUp-MMReminderService - c:\programmi\Mindjet\MindManager 6\MMReminderService.exe
MSConfigStartUp-SUPERAntiSpyware - c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-swg - c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.it/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O16 -: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://www.digitalpix.com/Controls/Imag ... oader5.cabc:\windows\Downloaded Program Files\ImageUploader5.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-07 22:40:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\ddcApqqq.dll
.
------------------------ Other Running Processes ------------------------
.
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\programmi\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-12-07 22:54:50 - machine was rebooted [Marco Barbieri]
ComboFix-quarantined-files.txt 2008-12-07 21:54:41
Pre-Run: 54,099,234,816 byte disponibili
Post-Run: 54,145,228,800 byte disponibili
234 --- E O F --- 2008-11-13 19:02:07