Allora Shel, appena ho cliccato su combofix in automatico ha cominciato a far la scansione,appena finito mi ha dat quest log:
ComboFix 09-10-24.06 - utente 2009-10-25 18:17.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.958.651 [GMT 1:00]
Eseguito da: c:\documents and settings\utente\Desktop\alessia.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programmi\driver
c:\programmi\Smart-Shopper
c:\programmi\Smart-Shopper\Uninst.exe
c:\windows\system32\userinit.exe . . . è infetto!!
.
((((((((((((((((((((((((( Files Creati Da 2009-09-25 al 2009-10-25 )))))))))))))))))))))))))))))))))))
.
2009-10-25 17:09 . 2009-10-25 17:09 -------- d-----w- C:\alessia30124a
2009-10-25 17:08 . 2009-10-25 17:08 -------- d-----w- C:\alessia
2009-10-25 13:07 . 2009-10-25 13:07 -------- d-----w- c:\programmi\MSN Messenger
2009-10-22 19:44 . 2009-10-22 19:44 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\VSRevoGroup
2009-10-22 19:43 . 2009-10-22 19:43 -------- d-----w- c:\programmi\VS Revo Group
2009-10-22 08:56 . 2009-10-22 08:56 -------- d-----w- c:\programmi\Trend Micro
2009-10-22 08:05 . 2009-10-22 17:54 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2009-10-22 08:05 . 2009-10-22 08:05 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2009-10-22 08:05 . 2008-01-02 20:07 25600 ----a-w- c:\documents and settings\HelpAssistant\usbsermptxp.sys
2009-10-22 08:05 . 2008-01-02 20:07 22768 ----a-w- c:\documents and settings\HelpAssistant\usbsermpt.sys
2009-10-22 08:05 . 2008-01-02 20:07 5936 ----a-w- c:\documents and settings\HelpAssistant\mqdmwhnt.sys
2009-10-22 08:05 . 2008-01-02 20:07 92064 ----a-w- c:\documents and settings\HelpAssistant\mqdmmdm.sys
2009-10-22 08:05 . 2008-01-02 20:07 79328 ----a-w- c:\documents and settings\HelpAssistant\mqdmserd.sys
2009-10-22 08:05 . 2008-01-02 20:07 9232 ----a-w- c:\documents and settings\HelpAssistant\mqdmmdfl.sys
2009-10-22 07:53 . 2009-10-22 08:03 -------- d--h--w- c:\documents and settings\HelpAssistant\Impostazioni locali
2009-10-22 07:53 . 2007-08-03 16:07 -------- d--h--w- c:\documents and settings\HelpAssistant\Risorse di stampa
2009-10-22 07:53 . 2007-08-03 16:07 -------- d-----r- c:\documents and settings\HelpAssistant\Menu Avvio
2009-10-22 07:53 . 2007-08-03 14:12 -------- d--h--w- c:\documents and settings\HelpAssistant\Modelli
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 17:14 . 2009-02-01 15:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-10-25 15:50 . 2007-08-12 09:11 -------- d-----w- c:\programmi\eMule
2009-10-25 13:05 . 2007-11-11 18:53 -------- d-----w- c:\programmi\Windows Live
2009-10-25 12:55 . 2007-12-23 12:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2009-10-25 09:33 . 2001-08-31 11:00 70658 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 09:33 . 2001-08-31 11:00 440486 ----a-w- c:\windows\system32\perfh010.dat
2009-10-24 22:46 . 2007-08-17 13:47 24 ----a-w- c:\windows\popcinfo.dat
2009-10-22 11:20 . 2009-04-22 19:56 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-10-22 09:41 . 2008-08-13 20:27 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-10-22 09:38 . 2008-10-12 17:21 -------- d-----w- c:\programmi\Bricks Of Egypt 2
2009-10-22 09:38 . 2008-10-10 19:44 -------- d-----w- c:\programmi\Gamenext
2009-10-22 07:52 . 2008-11-30 10:07 -------- d-----w- c:\programmi\TomTom HOME 2
2009-10-04 08:03 . 2009-02-21 16:55 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-10-01 21:04 . 2008-05-11 21:18 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\mIRC
2009-09-26 10:21 . 2007-08-31 17:43 -------- d-----w- c:\documents and settings\utente\Dati applicazioni\Skype
2009-09-10 12:54 . 2009-04-22 19:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-04-22 19:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-16 11:11 . 2009-02-04 07:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 11:11 . 2009-02-01 15:40 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 11:11 . 2009-02-01 15:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2008-08-17 16:10 . 2008-08-17 16:10 774144 ----a-w- c:\programmi\RngInterstitial.dll
2004-01-25 02:48 . 2007-08-30 16:24 1004712 ----a-w- c:\programmi\wrar330.exe
2004-01-22 16:35 . 2007-08-30 16:28 835584 ----a-w- c:\programmi\WinRAR.exe.bak
2003-09-15 16:34 . 2007-09-09 21:05 1020 ----a-w- c:\programmi\Descript.ion
2003-01-03 00:48 . 2007-09-09 21:05 128 ----a-w- c:\programmi\UnrarSrc.txt
2002-09-06 22:36 . 2007-09-09 21:05 1082 ----a-w- c:\programmi\RarFiles.lst
.
------- Sigcheck -------
[-] 2007-01-03 . 348F04E3582EF2467EE5379D67B99FD7 . 399360 . . [5.1.2600.2948] . . c:\windows\system32\rpcss.dll
[-] 2007-01-03 10:48 . 3D9418CF112A11ADC45E2A0C0A44DF47 . 243200 . . [2001.12.4414.312] . . c:\windows\system32\es.dll
[-] 2008-12-14 14:28 . 80E4DCBA043DEE8129D524BFEB8B864C . 111616 . . [------] . . c:\windows\system32\userinit.exe
[-] 2007-01-03 . F959D929A6A22D78E3A6851A9361CE18 . 296960 . . [5.1.2600.2627] . . c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-26_16.13.36 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-31 11:00 . 2009-03-29 09:24 59556 c:\windows\system32\perfc009.dat
+ 2001-08-31 11:00 . 2009-10-25 09:33 59556 c:\windows\system32\perfc009.dat
+ 2007-09-20 21:08 . 2009-07-18 11:41 88590 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2007-09-20 21:08 . 2008-11-29 12:57 88590 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-10-22 20:53 . 2009-10-22 20:53 83456 c:\windows\Installer\a6a187.msi
+ 2009-10-22 20:53 . 2009-10-22 20:53 59904 c:\windows\Installer\a6a182.msi
+ 2009-02-21 16:55 . 2009-02-21 16:55 51712 c:\windows\Installer\1f197be.msi
+ 2009-10-25 13:07 . 2009-10-25 13:07 22798 c:\windows\Installer\{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}\MsblIco.Exe
- 2007-12-23 12:34 . 2008-08-12 19:41 29926 c:\windows\Installer\{518B3E76-4C05-4F30-A802-D87FB2086B67}\MsblIco.Exe
+ 2007-12-23 12:34 . 2009-10-25 12:59 29926 c:\windows\Installer\{518B3E76-4C05-4F30-A802-D87FB2086B67}\MsblIco.Exe
+ 2009-10-22 20:53 . 2009-10-22 20:53 62304 c:\windows\Installer\{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}\IconWlc.exe
- 2009-03-15 00:36 . 2009-03-15 00:36 62304 c:\windows\Installer\{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}\IconWlc.exe
+ 2007-08-03 14:11 . 2007-08-03 14:11 296960 c:\windows\system32\termsrv32.dll
- 2001-08-31 11:00 . 2009-03-29 09:24 395508 c:\windows\system32\perfh009.dat
+ 2001-08-31 11:00 . 2009-10-25 09:33 395508 c:\windows\system32\perfh009.dat
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2009-10-25 13:07 . 2009-10-25 13:07 410624 c:\windows\Installer\bb114c.msi
+ 2007-12-23 12:35 . 2007-12-23 12:35 891904 c:\windows\Installer\b7e4b9.msi
+ 2009-10-22 20:53 . 2009-10-22 20:53 152576 c:\windows\Installer\a6a18c.msi
+ 2009-10-22 20:53 . 2009-10-22 20:53 107008 c:\windows\Installer\a6a17d.msi
+ 2007-08-08 00:02 . 2007-08-08 00:02 692224 c:\windows\Installer\45a4b.msi
+ 2009-03-21 22:23 . 2009-03-21 22:23 152576 c:\windows\Installer\3078aa6.msi
+ 2008-11-30 10:07 . 2008-11-30 10:07 146944 c:\windows\Installer\29399a.msi
+ 2007-08-17 06:26 . 2007-08-17 06:26 871424 c:\windows\Installer\2638e.msi
+ 2007-08-17 06:25 . 2007-08-17 06:25 431104 c:\windows\Installer\26388.msi
+ 2008-08-10 12:05 . 2008-08-10 12:05 167424 c:\windows\Installer\17e3cc.msi
+ 2009-02-01 15:40 . 2009-02-01 15:40 337408 c:\windows\Installer\1651ad6.msi
+ 2009-03-15 00:36 . 2009-03-15 00:36 140288 c:\windows\Installer\1588b69.msi
+ 2009-03-15 00:35 . 2009-03-15 00:35 301056 c:\windows\Installer\1588b45.msi
+ 2008-01-02 20:08 . 2008-01-02 20:08 118784 c:\windows\Installer\108cb4f.msi
+ 2007-01-03 10:52 . 2007-01-03 10:52 1965568 c:\windows\system32\webfldrs.msi
+ 2005-12-09 16:30 . 2005-12-09 16:30 1964544 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - ITA\langpack.msi
+ 2009-10-25 13:08 . 2007-09-04 15:50 7646208 c:\windows\Installer\MSN Messenger 7.0.0820\MsnMsgs.Msi
+ 2007-08-08 00:07 . 2007-08-08 00:07 1979392 c:\windows\Installer\bd68f.msi
+ 2008-11-27 20:53 . 2008-11-27 20:53 1292288 c:\windows\Installer\96a8bc.msi
+ 2007-08-20 09:13 . 2007-08-20 09:13 3027968 c:\windows\Installer\8aef84.msi
+ 2008-08-17 15:11 . 2008-08-17 15:11 3581952 c:\windows\Installer\5762ec.msi
+ 2006-04-18 11:48 . 2006-04-18 11:48 1629184 c:\windows\Installer\4b24f1.msp
+ 2006-09-13 10:28 . 2006-09-13 10:28 3345408 c:\windows\Installer\4b24ec.msp
+ 2007-08-08 00:00 . 2007-08-08 00:00 2109440 c:\windows\Installer\45a46.msi
+ 2007-08-07 23:55 . 2007-08-07 23:55 6175232 c:\windows\Installer\45a3e.msi
+ 2007-08-03 16:05 . 2007-08-03 16:05 5804544 c:\windows\Installer\2ac9e.msi
+ 2007-09-20 21:08 . 2007-09-20 21:08 1113600 c:\windows\Installer\2a3db6c.msi
+ 2009-01-15 02:35 . 2009-01-15 02:35 4830720 c:\windows\Installer\1f197c4.msp
+ 2007-09-12 16:24 . 2007-09-12 16:24 2754560 c:\windows\Installer\1e6ec7a.msi
+ 2007-08-31 17:42 . 2007-08-31 17:42 1229824 c:\windows\Installer\1c877d9.msi
+ 2007-11-16 11:58 . 2007-11-16 11:58 5495296 c:\windows\Installer\199a7a9.msp
+ 2008-08-17 15:11 . 2008-08-17 15:11 4263424 c:\windows\Downloaded Installations\{5AE7B187-C407-4744-A9E0-54914114F1C1}\Burraconline Loader V1.6.msi
+ 2005-09-23 05:48 . 2005-09-23 05:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2007-08-13 12:57 . 2007-01-19 11:21 16768512 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
+ 2007-08-11 21:28 . 2006-07-29 18:39 15660032 c:\windows\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi
+ 2007-08-03 15:42 . 2007-08-03 15:42 15044608 c:\windows\Installer\7c4c4.msi
+ 2007-05-29 12:41 . 2007-05-29 12:41 16549888 c:\windows\Installer\4b24e7.msp
+ 2009-10-03 07:57 . 2009-10-03 07:57 15709696 c:\windows\Installer\3f3d5a.msp
+ 2009-08-20 11:38 . 2009-08-20 11:38 15705600 c:\windows\Installer\10ec826.msp
+ 2008-08-17 15:12 . 2008-08-17 15:12 10493440 c:\windows\Downloaded Installations\{F68913BB-B709-41FF-B531-997910F08DB4}\Burraconline Client V1.40.msi
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-10-10 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 11:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programmi\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Motorola Phone Tools\\mPhonetools.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\Pando Networks\\Pando\\pando.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\utente\\Desktop\\Alessia\\mIRC.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:192.168.1.100
"4672:UDP"= 4672:UDP:192.168.1.100
"58424:TCP"= 58424:TCP:Pando P2P TCP Listening Port
"58424:UDP"= 58424:UDP:Pando P2P UDP Listening Port
"3389:TCP"= 3389:TCP:Remote Desktop
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-01 335240]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2007-08-03 13696]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 297752]
R3 ZSMC0305;SUPER 188 PC CAMERA;c:\windows\system32\drivers\usbVM305.sys [2007-08-13 391743]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Read with DeskBot
TCP: {A1870833-29E8-4E2E-885C-8434EF0F371F} = 192.168.1.1,192.168.1.2
FF - ProfilePath - c:\documents and settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\5ugkfo9q.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage -
hxxp://www.plusnetwork.comFF - prefs.js: keyword.URL -
hxxp://search.live.com/results.aspx?mkt ... =MICI05&q=FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\programmi\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-MsnMsgr - c:\programmi\Windows Live\Messenger\MsnMsgr.Exe
AddRemove-Smart-Shopper - c:\programmi\Smart-Shopper\Uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-25 18:26
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\SHSVCS.dll
c:\windows\system32\CLBCATQ.DLL
c:\windows\system32\DNSAPI.dll
- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\WLDAP32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\ipsecsvc.dll
.
Ora fine scansione: 2009-10-25 18:28
ComboFix-quarantined-files.txt 2009-10-25 17:28
ComboFix2.txt 2009-04-26 16:15
ComboFix3.txt 2008-12-14 15:49
Pre-Run: 777,027,584 byte disponibili
Post-Run: 876,896,256 byte disponibili
- - End Of File - - FD6C74668B466D4FA9F54224649F5C25
Registrazione
di shel » 25/10/09 12:09