Hi to all, I have this same identical problem:
http://forums.techguy.org/malware-r...40564-solved-malware-disgused-ie-windows.html
I followed these precious instructions to the end, end the problem disappeared.
BUT.
After un hour of "navigation" (I was away from the pc and I have only visted one forum and ran Itunes) the system message appeared again.
I have a connection from 3 days and I have only the Windows firewall, (but there is also a firewall in the router). I discovered with horror that the windows and the router firewalls were turned off...
. Maybe it was for this, I don't know.
Well, I downloaded the comodo free firewall, and i turned on the other two firewalls.
I am repeating the sequence indicated in that post, but I thought it is better show the logs here to you. My compliments for your invaluable work.
PS: In this moment I am doing a back up of my files in an external HDD
PPS: At the startup Windows sometimes freezed, showing only the wallpaper image and the mouse cursor. I made a reebot but I'm really worried..
Thanks, here are my logs:
HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.56.44, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
C:\Programmi\ULI5289\ALi5289.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\Programmi\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Programmi\SiteAdvisor\6028\SiteAdv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Comodo\Firewall\CPF.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\programmi\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\programmi\file comuni\mcafee\mna\mcnasvc.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\McAfee\MPF\MPFSrv.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\Sitecom Wireless Network Card Setup\RtWLan.exe
c:\programmi\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89D19B93-FE84-47B2-9A37-813740C27C23} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\rylzrjuf.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\Programmi\Babya Logic\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\rylzrjuf.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ALi5289] C:\Programmi\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programmi\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programmi\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = ?
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.it
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126113138421
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: byxwwwt - byxwwwt.dll (file missing)
O20 - Winlogon Notify: rylzrjuf - C:\WINDOWS\SYSTEM32\rylzrjuf.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmi\file comuni\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmi\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programmi\SiteAdvisor\6028\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - About:Home
--
End of file - 12195 bytes
COMBOFIX
ComboFix 07-10-23.2 - Mario 2007-10-28 16.02.34.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.446 [GMT 1:00]
Running from: C:\Documents and Settings\Mario\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mario\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Mario\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Mario\Preferiti\Online Security Guide.lnk
C:\WINDOWS\system32\rylzrjuf.dllbox
.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-28 )))))))))))))))))))))))))))))))
.
2007-10-28 13:56 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\Comodo
2007-10-28 13:51 <DIR> d-------- C:\Programmi\Comodo
2007-10-28 12:12 <DIR> d-------- C:\!KillBox
2007-10-28 10:39 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2007-10-28 10:39 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\SUPERAntiSpyware.com
2007-10-28 10:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-28 09:56 <DIR> d-------- C:\Programmi\Trend Micro
2007-10-28 00:35 267,592 --a------ C:\Programmi\Uninstall Ask Toolbar.dll
2007-10-27 21:33 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-27 21:33 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-27 21:33 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-27 21:32 <DIR> d-------- C:\Programmi\Alwil Software
2007-10-27 21:32 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-27 21:32 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-27 21:32 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-27 21:32 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-27 18:54 <DIR> d-------- C:\Programmi\SiteAdvisor
2007-10-27 18:54 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\SiteAdvisor
2007-10-27 18:54 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\SiteAdvisor
2007-10-27 18:53 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-10-27 18:50 <DIR> d-------- C:\Programmi\McAfee
2007-10-27 18:50 <DIR> d-------- C:\Programmi\File comuni\McAfee
2007-10-27 18:43 <DIR> d-------- C:\Programmi\CIFP
2007-10-27 18:16 <DIR> d-------- C:\Programmi\Lavasoft
2007-10-27 18:16 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2007-10-27 18:13 <DIR> d-------- C:\Programmi\CCleaner
2007-10-27 18:12 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-10-27 18:11 <DIR> d-------- C:\Programmi\McAfee.com
2007-10-27 18:11 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-10-27 18:11 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2007-10-27 10:15 <DIR> dr-h----- C:\$VAULT$.AVG
2007-10-27 10:04 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2007-10-27 09:39 340,032 --a------ C:\WINDOWS\system32\rylzrjuf.dll
2007-10-27 09:38 340,032 --a------ C:\WINDOWS\system32\sscequcs.dll
2007-10-26 13:06 3,163 --a------ C:\WINDOWS\system32\z.dat
2007-10-26 13:06 255 --a------ C:\WINDOWS\system32\2678.bat
2007-10-26 13:06 84 --a------ C:\WINDOWS\system32\n.bat
2007-10-26 13:05 <DIR> d--hs---- C:\WINDOWS\TWFyaW8gTW9yYW5kaQ
2007-10-26 13:05 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-10-26 11:56 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\uTorrent
2007-10-26 11:10 <DIR> d-------- C:\Documents and Settings\Mario\Incomplete
2007-10-26 11:10 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\FrostWire
2007-10-26 10:14 <DIR> d-------- C:\WINDOWS\system32\cache329
2007-10-26 10:10 <DIR> d-------- C:\WINDOWS\cdmxtras
2007-10-25 22:58 103,876 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-10-24 16:52 <DIR> d-------- C:\Programmi\Spyware Doctor
2007-10-24 16:52 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\PC Tools
2007-10-24 16:52 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-24 16:52 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-24 16:52 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-24 16:52 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-24 16:52 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-24 08:03 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\Apple Computer
2007-10-24 08:02 <DIR> d-------- C:\Programmi\iPod
2007-10-24 06:30 <DIR> d-------- C:\Programmi\Opera
2007-10-23 23:31 <DIR> d-------- C:\Programmi\a-squared Anti-Dialer
2007-10-23 23:26 <DIR> d-------- C:\Programmi\a-squared Free
2007-10-23 23:24 <DIR> d-------- C:\Programmi\a-squared HiJackFree
2007-10-23 21:14 <DIR> d-------- C:\Programmi\Microsoft CAPICOM 2.1.0.2
2007-10-23 18:00 <DIR> d-------- C:\Documents and Settings\Mario\Contacts
2007-10-23 17:58 <DIR> d-------- C:\Programmi\Windows Live Toolbar
2007-10-23 17:57 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2007-10-23 17:57 <DIR> d-------- C:\Programmi\MSN Messenger
2007-10-23 17:46 <DIR> d--h----- C:\Documents and Settings\Mario\Dati applicazioni\m
2007-10-18 13:23 194,304 --a------ C:\WINDOWS\system32\drivers\rtl8187.sys
2007-10-18 13:22 <DIR> d-------- C:\WINDOWS\system32\RTL8187
2007-10-18 13:22 <DIR> d-------- C:\Programmi\Sitecom Wireless Network Card Setup
2007-10-18 13:22 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\InstallShield
2007-10-18 13:22 38,144 -ra------ C:\WINDOWS\system32\drivers\EAPPkt.sys
2007-10-18 13:22 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-24 08:28 18,697,746 --sh--r C:\AVG7DB_F.DAT
2007-08-22 14:12 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 14:12 661,504 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 14:12 616,448 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 14:12 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 14:12 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 14:12 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 14:12 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 14:12 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 14:12 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 14:12 3,079,168 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 14:12 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 14:12 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 14:12 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 14:12 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 14:12 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 14:12 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 14:12 1,056,256 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 14:12 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 11:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 07:16 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 07:16 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 14:46 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2005-11-30 15:51 40 ----a-w C:\Documents and Settings\Mario\language.dat
2005-11-13 12:04:52 56 --sh--r C:\WINDOWS\system32\62CE682105.sys
.
((((((((((((((((((((((((((((( [email protected]_10.34.42.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2007-10-28 09:39:24 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-10-28 09:39:24 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-10-28 09:39:24 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2007-10-28 12:51:46 75,520 ----a-w C:\WINDOWS\system32\drivers\cmdmon.sys
+ 2007-10-28 12:51:46 51,328 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89D19B93-FE84-47B2-9A37-813740C27C23}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-27 09:39 340032 --a------ C:\WINDOWS\system32\rylzrjuf.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\rylzrjuf.dll [2007-10-27 09:39 340032]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-26 10:04]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-10-26 10:04]
"ALi5289"="C:\Programmi\ULI5289\ALi5289.exe" [2005-06-07 14:16]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 21:05]
"H2O"="C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 18:58]
"WinampAgent"="C:\Programmi\Winamp\winampa.exe" [2006-06-21 19:14]
"a-squared"="C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" [2007-07-16 21:48]
"a-squared Anti-Dialer"="C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" [2007-07-16 21:48]
"SDTray"="C:\Programmi\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
"VirusScan Online"="C:\Programmi\McAfee.com\VSO\mcvsshld.exe" [2005-07-01 20:42]
"OASClnt"="C:\Programmi\McAfee.com\VSO\oasclnt.exe" [2005-07-01 20:42]
"SiteAdvisor"="C:\Programmi\SiteAdvisor\6028\SiteAdv.exe" [2007-02-09 04:39]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"COMODO Firewall Pro"="C:\Programmi\Comodo\Firewall\CPF.exe" [2007-10-28 13:51]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Programmi\RocketDock\RocketDock.exe" [2007-01-28 03:55]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-24 22:52]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwwwt]
byxwwwt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rylzrjuf]
rylzrjuf.dll 2007-10-27 09:39 340032 C:\WINDOWS\system32\rylzrjuf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
"swg"=C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Emurayden PSX Emulator"=
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
"atwtusb"=atwtusb.exe beta
"ElbyCheckAnyDVD"="C:\Programmi\AnyDVD\ElbyCheck.exe" /L AnyDVD
"CloneDVDElbyDelay"="C:\Programmi\CloneDVD\ElbyCheck.exe" /L ElbyDelay
"HP Software Update"="C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"iTunesHelper"="D:\Programmi\iTunes\iTunesHelper.exe"
"RemoteControl"=C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
"SoundMan"=SOUNDMAN.EXE
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys
R2 a2AntiDialer;a-squared Anti-Dialer Service;"C:\Programmi\a-squared Anti-Dialer\a2service.exe"
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS
R3 vgadrv;vgadrv;C:\WINDOWS\system32\DRIVERS\vgadrv.sys
S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys
.
Contents of the 'Scheduled Tasks' folder
"2006-01-30 10:35:08 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1128764012.job"
- C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2007-10-27 17:53:16 C:\WINDOWS\Tasks\McQcTask.job"
- c:\programmi\mcafee\mqc\QcConsol.exe
"2007-10-27 17:53:16 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\programmi\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 16:23:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-28 16:27:09 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-28 10:35
.
--- E O F ---
http://forums.techguy.org/malware-r...40564-solved-malware-disgused-ie-windows.html
I followed these precious instructions to the end, end the problem disappeared.
BUT.
After un hour of "navigation" (I was away from the pc and I have only visted one forum and ran Itunes) the system message appeared again.
I have a connection from 3 days and I have only the Windows firewall, (but there is also a firewall in the router). I discovered with horror that the windows and the router firewalls were turned off...
. Maybe it was for this, I don't know.Well, I downloaded the comodo free firewall, and i turned on the other two firewalls.
I am repeating the sequence indicated in that post, but I thought it is better show the logs here to you. My compliments for your invaluable work.
PS: In this moment I am doing a back up of my files in an external HDD
PPS: At the startup Windows sometimes freezed, showing only the wallpaper image and the mouse cursor. I made a reebot but I'm really worried..
Thanks, here are my logs:
HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.56.44, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
C:\Programmi\ULI5289\ALi5289.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\Programmi\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Programmi\SiteAdvisor\6028\SiteAdv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Comodo\Firewall\CPF.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\programmi\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\programmi\file comuni\mcafee\mna\mcnasvc.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\McAfee\MPF\MPFSrv.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\Sitecom Wireless Network Card Setup\RtWLan.exe
c:\programmi\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89D19B93-FE84-47B2-9A37-813740C27C23} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\rylzrjuf.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\Programmi\Babya Logic\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\rylzrjuf.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ALi5289] C:\Programmi\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programmi\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programmi\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = ?
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.it
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126113138421
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: byxwwwt - byxwwwt.dll (file missing)
O20 - Winlogon Notify: rylzrjuf - C:\WINDOWS\SYSTEM32\rylzrjuf.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmi\file comuni\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmi\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programmi\SiteAdvisor\6028\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - About:Home
--
End of file - 12195 bytes
COMBOFIX
ComboFix 07-10-23.2 - Mario 2007-10-28 16.02.34.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.446 [GMT 1:00]
Running from: C:\Documents and Settings\Mario\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mario\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Mario\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Mario\Preferiti\Online Security Guide.lnk
C:\WINDOWS\system32\rylzrjuf.dllbox
.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-28 )))))))))))))))))))))))))))))))
.
2007-10-28 13:56 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\Comodo
2007-10-28 13:51 <DIR> d-------- C:\Programmi\Comodo
2007-10-28 12:12 <DIR> d-------- C:\!KillBox
2007-10-28 10:39 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2007-10-28 10:39 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\SUPERAntiSpyware.com
2007-10-28 10:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-28 09:56 <DIR> d-------- C:\Programmi\Trend Micro
2007-10-28 00:35 267,592 --a------ C:\Programmi\Uninstall Ask Toolbar.dll
2007-10-27 21:33 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-27 21:33 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-27 21:33 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-27 21:32 <DIR> d-------- C:\Programmi\Alwil Software
2007-10-27 21:32 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-27 21:32 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-27 21:32 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-27 21:32 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-27 18:54 <DIR> d-------- C:\Programmi\SiteAdvisor
2007-10-27 18:54 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\SiteAdvisor
2007-10-27 18:54 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\SiteAdvisor
2007-10-27 18:53 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-10-27 18:50 <DIR> d-------- C:\Programmi\McAfee
2007-10-27 18:50 <DIR> d-------- C:\Programmi\File comuni\McAfee
2007-10-27 18:43 <DIR> d-------- C:\Programmi\CIFP
2007-10-27 18:16 <DIR> d-------- C:\Programmi\Lavasoft
2007-10-27 18:16 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2007-10-27 18:13 <DIR> d-------- C:\Programmi\CCleaner
2007-10-27 18:12 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-10-27 18:11 <DIR> d-------- C:\Programmi\McAfee.com
2007-10-27 18:11 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-10-27 18:11 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2007-10-27 10:15 <DIR> dr-h----- C:\$VAULT$.AVG
2007-10-27 10:04 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2007-10-27 09:39 340,032 --a------ C:\WINDOWS\system32\rylzrjuf.dll
2007-10-27 09:38 340,032 --a------ C:\WINDOWS\system32\sscequcs.dll
2007-10-26 13:06 3,163 --a------ C:\WINDOWS\system32\z.dat
2007-10-26 13:06 255 --a------ C:\WINDOWS\system32\2678.bat
2007-10-26 13:06 84 --a------ C:\WINDOWS\system32\n.bat
2007-10-26 13:05 <DIR> d--hs---- C:\WINDOWS\TWFyaW8gTW9yYW5kaQ
2007-10-26 13:05 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-10-26 11:56 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\uTorrent
2007-10-26 11:10 <DIR> d-------- C:\Documents and Settings\Mario\Incomplete
2007-10-26 11:10 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\FrostWire
2007-10-26 10:14 <DIR> d-------- C:\WINDOWS\system32\cache329
2007-10-26 10:10 <DIR> d-------- C:\WINDOWS\cdmxtras
2007-10-25 22:58 103,876 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-10-24 16:52 <DIR> d-------- C:\Programmi\Spyware Doctor
2007-10-24 16:52 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\PC Tools
2007-10-24 16:52 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-24 16:52 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-24 16:52 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-24 16:52 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-24 16:52 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-24 08:03 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\Apple Computer
2007-10-24 08:02 <DIR> d-------- C:\Programmi\iPod
2007-10-24 06:30 <DIR> d-------- C:\Programmi\Opera
2007-10-23 23:31 <DIR> d-------- C:\Programmi\a-squared Anti-Dialer
2007-10-23 23:26 <DIR> d-------- C:\Programmi\a-squared Free
2007-10-23 23:24 <DIR> d-------- C:\Programmi\a-squared HiJackFree
2007-10-23 21:14 <DIR> d-------- C:\Programmi\Microsoft CAPICOM 2.1.0.2
2007-10-23 18:00 <DIR> d-------- C:\Documents and Settings\Mario\Contacts
2007-10-23 17:58 <DIR> d-------- C:\Programmi\Windows Live Toolbar
2007-10-23 17:57 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2007-10-23 17:57 <DIR> d-------- C:\Programmi\MSN Messenger
2007-10-23 17:46 <DIR> d--h----- C:\Documents and Settings\Mario\Dati applicazioni\m
2007-10-18 13:23 194,304 --a------ C:\WINDOWS\system32\drivers\rtl8187.sys
2007-10-18 13:22 <DIR> d-------- C:\WINDOWS\system32\RTL8187
2007-10-18 13:22 <DIR> d-------- C:\Programmi\Sitecom Wireless Network Card Setup
2007-10-18 13:22 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\InstallShield
2007-10-18 13:22 38,144 -ra------ C:\WINDOWS\system32\drivers\EAPPkt.sys
2007-10-18 13:22 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-24 08:28 18,697,746 --sh--r C:\AVG7DB_F.DAT
2007-08-22 14:12 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 14:12 661,504 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 14:12 616,448 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 14:12 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 14:12 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 14:12 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 14:12 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 14:12 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 14:12 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 14:12 3,079,168 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 14:12 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 14:12 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 14:12 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 14:12 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 14:12 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 14:12 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 14:12 1,056,256 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 14:12 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 11:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 07:16 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 07:16 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 14:46 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2005-11-30 15:51 40 ----a-w C:\Documents and Settings\Mario\language.dat
2005-11-13 12:04:52 56 --sh--r C:\WINDOWS\system32\62CE682105.sys
.
((((((((((((((((((((((((((((( [email protected]_10.34.42.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2007-10-28 09:39:24 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-10-28 09:39:24 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-10-28 09:39:24 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2007-10-28 12:51:46 75,520 ----a-w C:\WINDOWS\system32\drivers\cmdmon.sys
+ 2007-10-28 12:51:46 51,328 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89D19B93-FE84-47B2-9A37-813740C27C23}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-27 09:39 340032 --a------ C:\WINDOWS\system32\rylzrjuf.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\rylzrjuf.dll [2007-10-27 09:39 340032]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-26 10:04]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-10-26 10:04]
"ALi5289"="C:\Programmi\ULI5289\ALi5289.exe" [2005-06-07 14:16]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 21:05]
"H2O"="C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 18:58]
"WinampAgent"="C:\Programmi\Winamp\winampa.exe" [2006-06-21 19:14]
"a-squared"="C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" [2007-07-16 21:48]
"a-squared Anti-Dialer"="C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" [2007-07-16 21:48]
"SDTray"="C:\Programmi\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
"VirusScan Online"="C:\Programmi\McAfee.com\VSO\mcvsshld.exe" [2005-07-01 20:42]
"OASClnt"="C:\Programmi\McAfee.com\VSO\oasclnt.exe" [2005-07-01 20:42]
"SiteAdvisor"="C:\Programmi\SiteAdvisor\6028\SiteAdv.exe" [2007-02-09 04:39]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"COMODO Firewall Pro"="C:\Programmi\Comodo\Firewall\CPF.exe" [2007-10-28 13:51]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Programmi\RocketDock\RocketDock.exe" [2007-01-28 03:55]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-24 22:52]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwwwt]
byxwwwt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rylzrjuf]
rylzrjuf.dll 2007-10-27 09:39 340032 C:\WINDOWS\system32\rylzrjuf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
"swg"=C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Emurayden PSX Emulator"=
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
"atwtusb"=atwtusb.exe beta
"ElbyCheckAnyDVD"="C:\Programmi\AnyDVD\ElbyCheck.exe" /L AnyDVD
"CloneDVDElbyDelay"="C:\Programmi\CloneDVD\ElbyCheck.exe" /L ElbyDelay
"HP Software Update"="C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"iTunesHelper"="D:\Programmi\iTunes\iTunesHelper.exe"
"RemoteControl"=C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
"SoundMan"=SOUNDMAN.EXE
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys
R2 a2AntiDialer;a-squared Anti-Dialer Service;"C:\Programmi\a-squared Anti-Dialer\a2service.exe"
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS
R3 vgadrv;vgadrv;C:\WINDOWS\system32\DRIVERS\vgadrv.sys
S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys
.
Contents of the 'Scheduled Tasks' folder
"2006-01-30 10:35:08 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1128764012.job"
- C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2007-10-27 17:53:16 C:\WINDOWS\Tasks\McQcTask.job"
- c:\programmi\mcafee\mqc\QcConsol.exe
"2007-10-27 17:53:16 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\programmi\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 16:23:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-28 16:27:09 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-28 10:35
.
--- E O F ---
