Hi Oldman
hereafter there are the logfiles of combofix and of Hijack This
thank you for your patience
ComboFix 08-01-03.3 - Anna 2000-01-01 8.40.31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.176 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Anna\Impostazioni locali\Temporary Internet Files\Content.IE5\G5QFOD2J\ComboFix[1].exe
- Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\start.exe
.
((((((((((((((((((((((((( Files Creati Da 2007-12-03 al 2008-01-03 )))))))))))))))))))))))))))))))))))
.
Nessun nuovo file creato in questo arco di tempo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-25 10:49 19,456 ----a-w C:\WINDOWS\system32\drivers\ckocvhvs.dat
2007-05-26 21:10 19,160 ----a-w C:\Documents and Settings\Anna\Dati applicazioni\GDIPFONTCACHEV1.DAT
2004-04-23 16:08 271 --sha-w C:\Programmi\desktop.ini
2004-04-23 16:08 23,476 —ha-w C:\Programmi\folder.htt
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Nota i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{721C1358-D3EF-4497-938F-3239AA4F74E7}]
2003-08-28 09:44 90880 --a------ C:\WINDOWS\system32\AC3AP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-19 15:39 15360]
“H/PC Connection Agent”=“C:\Programmi\Microsoft ActiveSync\Wcescomm.exe” [2006-11-13 13:38 1289000]
“SUPERAntiSpyware”=“C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SystemTray”=“SysTray.Exe” [2001-08-31 12:00 3072 C:\WINDOWS\SYSTEM32\systray.exe]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2004-07-15 11:42 4112384]
“nwiz”=“nwiz.exe” [2004-07-15 11:42 843776 C:\WINDOWS\SYSTEM32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2004-07-15 11:42 81920]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]
“CTHelper”=“CTHELPER.EXE” [2003-08-28 09:45 24576 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
“UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00 90112]
“ashMaiSv”=“C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe” [2007-09-06 11:05 243064]
“HP Software Update”=“C:\Programmi\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 01:41 49152]
“Control Center”=“C:\Programmi\ASUS\WLAN Card Utilities\Center.exe” [2004-11-04 18:36 1569280]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 11:06 79224]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-19 15:39 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
“LoadPowerProfile”=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
“Rscmpt”=C:\WINDOWS\SYSTEM32\RSCMPT.EXE
“NvCplDaemon”=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVCPL.DLL,NvStartup
“CARPService”=carpserv.exe
R0 jfbibhbj;jfbibhbj;C:\WINDOWS\system32\drivers\ckocvhvs.dat
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-12-02 16:47]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 18:54]
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2003-12-02 16:47]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5ac6bc31-0a29-11dc-b080-0015f29962d3}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{aa2233a0-6d45-11dc-b0ea-0015f29962d3}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
Newly Created Service - HTTPFILTER
Newly Created Service - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
“C:\Programmi\Outlook Express\setup50.exe” /APP:OE /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
“C:\Programmi\Outlook Express\setup50.exe” /APP:OE /CALLER:WIN9X /user /install
“C:\Programmi\Outlook Express\setup50.exe” /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{7790769C-0471-11d2-AF11-00C04FA35D02}]
“C:\Programmi\Outlook Express\setup50.exe” /APP:WAB /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{7790769C-0471-11d2-AF11-00C04FA35D02}]
“C:\Programmi\Outlook Express\setup50.exe” /APP:WAB /CALLER:WIN9X /user /install
“C:\Programmi\Outlook Express\setup50.exe” /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contenuto della cartella ‘Scheduled Tasks’
“2000-01-01 08:00:00 C:\WINDOWS\Tasks\Avvio ottimizzazione applicazione.job”
“2007-12-31 17:19:00 C:\WINDOWS\Tasks\Disinstalla Promemoria scadenza.job”
- C:\WINDOWS\System32\OOBE\oobebaln.exe
“2007-12-31 16:15:16 C:\WINDOWS\Tasks\Utilità di pianificazione di Prevenzione e risoluzione dei problemi per Raccolta dati.job”
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE
.
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 08:45:53
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti …
scansione entrate autostart nascoste …
Scansione files nascosti …
Scansione completata con successo
Files nascosti: 0
.
Ora fine scansione: 2008-01-02 22.43.01
ComboFix-quarantined-files.txt 2008-01-02 21:42:29
END OF COMBOFIX LOG
HIJACKTHIS LOG FOLLOWS ON DIFFERENT POST (max lenght exceeded)
