Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
Hi everyone, MBAM reports two hijack windowsUpdates infected objects.
Here is my ComboFix log
Thank you for your help
Davide



ComboFix 09-12-09.04 - davide 10/12/2009 1.52.37.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.405 [GMT 1:00]
Eseguito da: c:\documents and settings\davide\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\WinPCap
c:\programmi\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-3154732257-2634149506-1648713865-1003
c:\windows\patch.exe
c:\windows\system32\3698531482.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_UMWDFSPTISRV
-------\Service_UMWdfSPTISRV


((((((((((((((((((((((((( Files Creati Da 2009-11-10 al 2009-12-10 )))))))))))))))))))))))))))))))))))
.

2100-02-23 12:35 . 2001-02-22 07:54 768 ----a-w- c:\programmi\x73_lut.dat
2100-02-08 14:03 . 2001-05-11 09:39 53248 ----a-w- c:\programmi\ACMonitor_X73.exe
2009-12-10 01:08 . 2009-12-10 01:09 -------- d-----w- c:\windows\LastGood
2009-12-08 23:14 . 2009-12-09 00:14 -------- d-----w- c:\documents and settings\davide\Dati applicazioni\vlc
2009-11-30 21:22 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-30 21:21 . 2009-11-30 21:21 -------- d-----w- c:\programmi\Panda Security
2009-11-30 20:33 . 2009-11-30 20:33 -------- d-----w- c:\documents and settings\davide\Dati applicazioni\Apple Computer
2009-11-29 21:58 . 2009-11-29 21:58 -------- d-----w- c:\documents and settings\davide\Impostazioni locali\Dati applicazioni\Temp
2009-11-29 21:58 . 2009-11-29 21:59 -------- d-----w- c:\documents and settings\davide\Impostazioni locali\Dati applicazioni\Google
2009-11-29 20:52 . 2009-11-29 20:52 -------- d-----w- c:\documents and settings\davide\Dati applicazioni\AVG9
2009-11-29 08:57 . 2009-11-28 16:31 3963648 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2009-11-29 08:57 . 2009-11-28 16:31 497944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchjwx.dll
2009-11-29 08:53 . 2009-11-28 16:30 877848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2009-11-29 08:53 . 2009-11-28 16:30 1657112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2009-11-28 16:32 . 2009-11-28 17:02 -------- d-----w- C:\$AVG
2009-11-28 16:32 . 2009-11-28 16:32 44680 ----a-w- c:\documents and settings\davide\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-28 16:32 . 2009-11-28 16:32 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-28 16:32 . 2009-11-28 16:32 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-28 16:32 . 2009-11-28 16:32 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-28 16:31 . 2009-12-09 20:10 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-28 16:31 . 2009-11-28 16:31 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-28 16:30 . 2009-11-28 16:30 -------- d-----w- c:\programmi\AVG
2009-11-28 16:30 . 2009-12-02 00:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2009-11-28 15:57 . 2009-11-29 12:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2009-11-28 15:57 . 2009-11-28 15:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2009-11-28 15:25 . 2009-11-28 15:25 -------- d-----w- c:\documents and settings\davide\Dati applicazioni\Malwarebytes
2009-11-28 15:23 . 2009-11-28 15:23 -------- d-----w- c:\documents and settings\davide\Dati applicazioni\AdobeUM
2009-11-27 00:41 . 2009-11-28 15:49 -------- d-----w- c:\documents and settings\davide\.housecall6.6
2009-11-27 00:37 . 2009-11-27 00:37 -------- d-----w- c:\documents and settings\davide\Dati applicazioni\Subversion
2009-11-26 23:30 . 2009-11-26 23:30 -------- d-----w- c:\documents and settings\davide\Impostazioni locali\Dati applicazioni\Mozilla
2009-11-26 23:30 . 2009-11-30 20:33 -------- d-----w- c:\documents and settings\davide\Impostazioni locali\Dati applicazioni\Apple Computer
2009-11-26 23:16 . 2009-11-26 23:16 -------- d--h--r- c:\documents and settings\TEMP.DAVE\Dati applicazioni
2009-11-26 23:16 . 2009-11-26 23:16 -------- d--h--w- c:\documents and settings\TEMP.DAVE\Risorse di stampa
2009-11-26 23:16 . 2009-11-26 23:16 -------- d--h--w- c:\documents and settings\TEMP.DAVE\Risorse di rete
2009-11-26 23:16 . 2009-11-26 23:16 -------- d--h--w- c:\documents and settings\TEMP.DAVE\Modelli
2009-11-26 23:16 . 2009-11-26 23:16 -------- d--h--w- c:\documents and settings\TEMP.DAVE\Impostazioni locali
2009-11-26 23:16 . 2009-11-26 23:16 -------- d-----w- c:\documents and settings\TEMP.DAVE
2009-11-26 23:16 . 2009-11-26 23:16 -------- d-----r- c:\documents and settings\TEMP.DAVE\Preferiti
2009-11-26 23:16 . 2009-11-26 23:16 -------- d-----r- c:\documents and settings\TEMP.DAVE\Menu Avvio
2009-11-26 23:16 . 2009-11-26 23:16 -------- d-----r- c:\documents and settings\TEMP.DAVE\Documenti

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 00:19 . 2009-06-07 22:53 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-09 00:15 . 2009-09-09 19:10 4844296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-08 23:50 . 2006-03-09 07:13 428898 ----a-w- c:\windows\system32\perfh010.dat
2009-12-08 23:50 . 2006-03-09 07:13 64576 ----a-w- c:\windows\system32\perfc010.dat
2009-12-03 15:14 . 2009-06-07 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-06-07 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-30 23:43 . 2006-06-01 14:58 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-11-29 22:35 . 2008-05-04 23:04 33240 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-29 21:49 . 2006-03-10 10:45 -------- d-----w- c:\programmi\Sony
2009-11-29 21:46 . 2006-03-10 10:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sony Corporation
2009-11-29 21:24 . 2006-03-09 17:22 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-28 16:01 . 2006-03-10 11:00 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-11-28 15:57 . 2006-03-10 11:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-11-28 15:56 . 2006-03-10 10:57 -------- d-----w- c:\programmi\Google
2009-11-27 00:41 . 2009-05-21 22:33 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-26 23:49 . 2009-11-26 23:49 -------- d-----w- c:\documents and settings\davide\Dati applicazioni\Sony Corporation
2009-10-16 21:23 . 2009-10-16 21:23 -------- d-----w- c:\programmi\3ivx
2009-10-16 21:23 . 2009-10-16 21:23 -------- d-----w- c:\programmi\Flip Video
2009-10-16 21:23 . 2009-10-16 21:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Flip Video
2009-10-16 19:06 . 2009-10-16 19:06 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-16 19:06 . 2009-10-16 19:05 -------- d-----r- c:\programmi\Skype
2009-10-16 19:06 . 2009-10-16 19:06 -------- d-----w- c:\programmi\File comuni\Skype
2009-10-16 19:05 . 2006-06-01 10:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-10-14 20:40 . 2009-10-14 20:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TomTom
2009-10-14 20:39 . 2009-10-14 20:39 -------- d-----w- c:\programmi\TomTom DesktopSuite
2009-09-20 17:40 . 2007-04-03 23:56 59 ----a-w- c:\windows\wpd99.drv
2001-07-26 14:58 . 2000-01-11 10:50 47 ----a-w- c:\programmi\ACMonitor_X73.ini
2001-07-05 10:46 . 2001-07-20 08:48 8116 ----a-w- c:\programmi\OSLO3071b2.USB
2001-05-08 14:36 . 2000-12-05 13:56 114688 ----a-w- c:\programmi\lxarscan.dll
2001-04-23 12:22 . 2100-02-08 13:53 1437 ----a-w- c:\programmi\gtx73.ini
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe -atboottime" [X]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2004-11-17 118784]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 14743552]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"VAIOCameraUtility"="c:\programmi\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 184320]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-28 2020120]
"VAIO Update 4"="c:\programmi\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-08-24 870240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-10 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-28 16:32 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-30 11:12 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Java\\jdk1.5.0_07\\jre\\bin\\java.exe"=
"c:\\Programmi\\Java\\jdk1.5.0_07\\bin\\java.exe"=
"c:\\Programmi\\QuickTime\\QuickTimePlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\xampp\\apache\\bin\\apache.exe"=
"c:\\Programmi\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [30/11/2009 22.22.28 28552]
R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/11/2009 17.32.25 333192]
R1 avgtdix;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28/11/2009 17.31.03 360584]
R1 Odptdi;Odptdi;c:\windows\system32\drivers\odptdi.sys [06/03/2009 13.55.40 46744]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [28/11/2009 17.30.47 285392]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [01/08/2007 18.04.34 203843]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [01/08/2007 18.02.22 25240]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [01/08/2007 18.03.40 76440]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [09/03/2006 8.13.28 29184]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [01/08/2007 18.03.46 20632]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [01/08/2007 18.03.52 21656]
S4 a126bc3e;a126bc3e;c:\windows\system32\drivers\a126bc3e.sys --> c:\windows\system32\drivers\a126bc3e.sys [?]
S4 cisssr;cisssr; [x]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.club-vaio.com/en/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
FF - ProfilePath - c:\documents and settings\davide\Dati applicazioni\Mozilla\Firefox\Profiles\8q4724u0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-PrinTray - c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe
HKU-Default-Run-Picasa Media Detector - c:\programmi\Picasa2\PicasaMediaDetector.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 08:58
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/Programmi/xampp/mysql/bin/mysqld.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/Programmi/xampp/mysql/bin/mysqld.exe"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\VESWinlogon.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\Lavasoft\Ad-Aware\aawservice.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXBCES.EXE
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Flip Video\FlipShare\FlipShareService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\xampp\mysql\bin\mysqld.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ICO.EXE
c:\windows\system32\rundll32.exe
c:\programmi\Apoint\Apntex.exe
c:\programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2009-12-10 09:04:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-12-10 08:04

Pre-Run: 7.253.762.048 byte disponibili
Post-Run: 7.143.682.048 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 6663DC528507F6208D0BAAE3EA894D44
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top