Hello,
I post hereafter two fresh logs from Combofix and Hijackthis.
I also run another scan with Spybot and it keeps bugging me with the CARPEDIEM VARS alert.
Is there maybe something wrong with Spybot s&d??
Thanks to anyone spending time here.
ComboFix 08-03-06.4 - padrone 2008-03-07 9.51.55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1040.18.108 [GMT 1:00]
Eseguito da: C:\Documents and Settings\padrone\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Programmi\WinBudget
C:\Programmi\WinBudget\bin\matrix.dat
C:\Programmi\WinBudget\bin\matrix.dll
.
((((((((((((((((((((((((( Files Creati Da 2008-02-07 al 2008-03-07 )))))))))))))))))))))))))))))))))))
.
2008-03-06 22:04 . 2008-03-06 22:04 <DIR> d-------- C:\Programmi\Trend Micro
2008-03-04 22:36 . 2008-03-04 22:37 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-03-04 22:36 . 2008-03-05 05:45 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-03-04 21:04 . 2008-03-04 22:18 <DIR> d-------- C:\Programmi\Winpooch
2008-03-04 18:31 . 2008-03-04 21:18 <DIR> d-------- C:\Programmi\ClamWin
2008-03-04 18:31 . 2008-03-04 18:32 <DIR> d-------- C:\Documents and Settings\padrone\Dati applicazioni\.clamwin
2008-03-04 18:31 . 2008-03-04 18:31 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 20:47 --------- d-----w C:\Programmi\Common Files
2008-03-04 21:16 --------- d-----w C:\Programmi\OpenOffice.org1.1.3
2008-03-04 17:32 --------- d-----w C:\Documents and Settings\padrone\Dati applicazioni\.clamwin
2008-03-04 17:25 --------- d-----w C:\Programmi\Astonsoft
2008-03-04 17:23 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-03-04 17:21 --------- d-----w C:\Documents and Settings\padrone\Dati applicazioni\MSN6
2008-01-20 16:30 --------- d-----w C:\Documents and Settings\padrone\Dati applicazioni\DeepBurner
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 172,101 2002-05-09 13:13:52 C:\compaq\cpqsetup\bak\cpqset.exe
----a-w 14,348 2008-03-01 18:42:15 C:\compaq\cpqsetup\cpqset.exe
----a-w 69,632 2002-04-09 10:49:54 C:\Programmi\COMPAQ\EAB\bak\EabServr.exe
----a-w 14,348 2008-03-01 18:42:15 C:\Programmi\COMPAQ\EAB\EabServr.exe
----a-w 684,032 2002-07-31 23:14:26 C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe
----a-w 14,348 2008-03-01 18:42:15 C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
----a-w 540,672 2002-05-16 16:54:56 C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe
----a-w 14,348 2008-03-01 18:42:15 C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
----a-w 126,976 2002-05-16 16:56:04 C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe
----a-w 14,348 2008-03-01 18:42:15 C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
----a-w 13,312 2001-08-30 17:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 13,312 2001-08-31 05:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 22,528 2002-07-30 07:00:00 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\CAP3ONN.EXE
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\Windows\System32\ctfmon.exe" [2001-08-31 06:00 13312]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2001-08-02 01:14 1077277]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-04-07 23:23 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AtiPTA"="atiptaxx.exe" [2002-04-07 23:23 286720 C:\WINDOWS\system32\atiptaxx.exe]
"eabconfg.cpl"="C:\Programmi\Compaq\EAB\EabServr.exe" [2008-03-01 19:42 14348]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2008-03-01 19:42 14348]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-03-01 19:42 14348]
"Cpqset"="c:\compaq\cpqsetup\cpqset.exe" [2008-03-01 19:42 14348]
"AdaptecDirectCD"="C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2008-03-01 19:42 14348]
"ClamWin"="C:\Programmi\ClamWin\bin\ClamTray.exe" [2008-01-20 22:08 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\Windows\System32\CTFMON.EXE" [2001-08-31 06:00 13312]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Finestra di stato di Canon LASER SHOT LBP-1120.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2002-07-30 08:00:00 30720]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56 65588]
S3 ALiIRDA;Driver periferica a infrarossi ALi;C:\Windows\System32\DRIVERS\alifir.sys [2001-08-17 21:49]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-07 09:53:40
Windows 5.1.2600 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-03-07 9.54.37
ComboFix-quarantined-files.txt 2008-03-07 08:54:35
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.05.13, on 07/03/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\brsvc01a.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\System32\brss01a.exe
C:\Windows\System32\CAP3RSK.EXE
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe
C:\Windows\System32\atiptaxx.exe
C:\Programmi\Compaq\EAB\EabServr.exe
C:\Programmi\Compaq\EAB\bak\EabServr.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Windows\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Finestra di stato di Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 0843926066O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\System32\brsvc01a.exe
--
End of file - 4225 bytes