ComboFix 08-12-29.02 - Randall_Flag 2008-12-30 20:01:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2046.1691 [GMT 1:00]
Eseguito da: c:\docume~1\RANDAL~1\IMPOST~1\Temp\Rar$EX10.093\PippoFix.exe
* Resident AV is active
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\RANDAL~1\IMPOST~1\Temp\install_flash_player.exe
C:\InfoSat.txt
c:\windows\system32\drivers\TDSSmxoe.sys
c:\windows\system32\gxdvcsah.ini
c:\windows\system32\hascvdxg.dll
c:\windows\system32\jkse73hedfdgf.dll
c:\windows\system32\lxecfyhq.dll
c:\windows\system32\pmnKDSkJ.dll
c:\windows\system32\TDSScfum.log
c:\windows\system32\TDSSfxmp.dll
c:\windows\system32\TDSSmaxt.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSoitu.dll
c:\windows\system32\TDSSosvd.dll
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.log
c:\windows\system32\teljen.dll
c:\windows\system32\WFLlmnnn.ini
c:\windows\system32\WFLlmnnn.ini2
c:\windows\system32\wvUkHAsr.dll
c:\windows\system32\xxyyyvVm.dll
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys
((((((((((((((((((((((((( Files Creati Da 2008-11-28 al 2008-12-30 )))))))))))))))))))))))))))))))))))
.
2019-08-12 10:29 . 2019-08-12 10:28 512,096 --a------ c:\windows\system32\drivers\amon.sys
2019-08-12 10:29 . 2019-08-12 10:28 298,104 --a------ c:\windows\system32\imon.dll
2019-08-12 10:29 . 2019-08-12 10:28 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys
2008-12-30 16:39 . 2008-12-30 16:39 <DIR> d-------- C:\MOComboFix
2008-12-30 16:37 . 2008-12-30 16:37 <DIR> d-------- C:\MOD-ComboFix
2008-12-29 19:04 . 2008-12-29 19:04 <DIR> d-------- c:\programmi\Opera
2008-12-29 17:14 . 2008-12-29 17:16 107 --a------ C:\file.bat
2008-12-29 16:21 . 2008-12-29 16:21 24,928 --a------ c:\documents and settings\Randall_Flag\kkncfoje.exe
2008-12-29 16:16 . 2008-12-29 16:16 24,928 --a------ c:\documents and settings\Randall_Flag\zjzkpzeh.exe
2008-12-29 16:16 . 2008-12-29 16:16 24,928 --a------ c:\documents and settings\Randall_Flag\kdqlkszj.exe
2008-12-29 16:15 . 2008-12-29 16:15 24,928 --a------ c:\documents and settings\Randall_Flag\gkgijqgw.exe
2008-12-29 16:03 . 2008-12-29 16:03 24,928 --a------ c:\documents and settings\Randall_Flag\dvompily.exe
2008-12-29 15:54 . 2008-12-29 15:54 24,928 --a------ c:\documents and settings\Randall_Flag\zbakeiru.exe
2008-12-29 13:25 . 2008-12-29 13:28 139,264 --a------ C:\ypniq.exe
2008-12-29 13:25 . 2008-12-29 13:25 0 --a------ C:\olra.exe
2008-12-29 13:24 . 2008-12-29 13:28 8,192 --a------ C:\otpke.exe
2008-12-29 13:24 . 2008-12-29 13:28 2 --a------ C:\1957242359
2008-12-26 04:03 . 2008-12-26 04:03 110,592 --a------ c:\windows\system32\bass.dll
2008-11-17 22:39 . 2008-11-17 22:39 <DIR> d-------- c:\windows\nview
2008-11-17 22:39 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-11-17 22:39 . 2008-12-30 20:06 200,819 --a------ c:\windows\system32\nvapps.xml
2008-11-17 22:39 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-11-17 22:34 . 2008-07-10 04:07 7,143 --a------ c:\windows\system32\nvide.nvu
2008-11-17 22:33 . 2008-08-27 13:58 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-17 22:33 . 2008-07-29 13:33 446,464 --a------ c:\windows\system32\nvunrm.exe
2008-11-17 22:33 . 2008-07-29 13:30 6,045 --a------ c:\windows\system32\nvnrm.nvu
2008-11-17 22:33 . 2008-07-08 01:45 4,984 --a------ c:\windows\system32\drivers\nvphy.bin
2008-11-17 18:57 . 2008-11-17 18:57 <DIR> d---s---- c:\documents and settings\LocalService\Preferiti
2008-11-17 18:44 . 2006-04-14 15:01 35,840 -ra------ c:\windows\system32\NVCOI.DLL
2008-11-17 18:43 . 2008-11-17 18:43 <DIR> d-------- c:\windows\NV39083912.TMP
2008-11-17 18:38 . 2008-11-17 18:38 <DIR> d-------- c:\programmi\My Company Name
2008-11-17 00:34 . 2008-11-17 00:34 <DIR> d-------- c:\windows\NV480248.TMP
2008-11-17 00:10 . 2008-11-17 00:10 <DIR> d-------- c:\windows\system32\AGEIA
2008-11-17 00:10 . 2008-11-17 00:10 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2008-11-17 00:10 . 2008-11-17 00:10 <DIR> d-------- c:\programmi\AGEIA Technologies
2008-11-17 00:09 . 2008-11-17 19:41 <DIR> d-------- C:\NVIDIA
2008-11-15 00:46 . 2008-11-15 00:46 5,760,054 --a------ c:\windows\BricoPack Wallpaper.bmp
2008-11-15 00:46 . 2008-11-15 00:46 60,368 --a------ c:\windows\BricoPackUninst.cmd
2008-11-15 00:45 . 2008-11-15 00:45 <DIR> d-------- c:\windows\BricoPacks
2008-11-15 00:45 . 2008-11-15 00:46 <DIR> d-------- c:\programmi\Vista Inspirat 2
2008-11-15 00:45 . 2008-11-15 00:46 5,400 --a------ c:\windows\BricoPackFoldersDelete.cmd
2008-11-02 00:07 . 2001-05-11 12:18 420,240 --a------ c:\windows\system32\mpg4c32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-08-12 08:55 --------- d-----w c:\programmi\Kaspersky Anti-Virus 2009
2008-12-30 19:06 --------- d-----w c:\documents and settings\Randall_Flag\Dati applicazioni\Skype
2008-12-30 18:59 --------- d-----w c:\documents and settings\Randall_Flag\Dati applicazioni\BitTorrent
2008-12-30 17:45 --------- d-----w c:\documents and settings\Randall_Flag\Dati applicazioni\skypePM
2008-12-30 17:42 --------- d-----w c:\programmi\eMule
2008-12-26 10:41 --------- d-----w c:\programmi\APC PowerChute Personal Edition
2008-12-23 16:58 138,512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-04 08:44 --------- d-----w c:\programmi\Java
2008-11-23 15:51 --------- d-----w c:\programmi\DOSBox-0.72
2008-11-23 15:38 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-17 18:51 --------- d-----w c:\programmi\NVIDIA Corporation
2008-11-17 17:53 --------- d-----w c:\programmi\Panda Security
2008-03-29 11:05 22,328 ----a-w c:\documents and settings\Randall_Flag\Dati applicazioni\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\programmi\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\programmi\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"NVIDIA nTune"="c:\programmi\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\System32\JMRaidSetup.exe" [2006-10-30 1953792]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"snpstd"="c:\windows\vsnpstd.exe" [2004-05-10 286720]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2019-08-12 949376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\Randall_Flag\Menu Avvio\Programmi\Esecuzione automatica\
RocketDock.lnk - c:\programmi\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\programmi\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\programmi\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\programmi\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
APC UPS Status.lnk - c:\programmi\APC PowerChute Personal Edition\Display.exe [2008-03-22 221247]
Collegamento a RealTemp.exe.lnk - c:\documents and settings\Randall_Flag\Desktop\OverClock Tools\RealTemp_2.70\RealTemp.exe [2008-10-12 110592]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Games\\Quake Wars\\etqw.exe"=
"c:\\Games\\Quake Wars\\etqwded.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-07-29 28544]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2019-08-12 15424]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d35cddb-f1c6-11dc-a51f-001d60563257}]
\Shell\AutoRun\command - G:\nideiect.com
\Shell\explore\Command - G:\nideiect.com
\Shell\open\Command - G:\nideiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43a26692-b433-11dd-8dae-806d6172696f}]
\Shell\AutoRun\command - d:\.\Bin\ASSETUP.exe
.
Contenuto della cartella 'Scheduled Tasks'
2008-12-30 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Randall_Flag\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 08:17]
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-AlcoholAutomount - c:\programmi\Alcohol 120\axcmd.exe
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
SafeBoot-sglfb.sys
SafeBoot-tga.sys
SafeBoot-wd.sys
SafeBoot-sacsvr
.
------- Supplementare di scansione -------
.
uStart Page =
hxxp://www.google.it/LSP: c:\windows\system32\imon.dll
O16 -: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-30 20:06:06
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'lsass.exe'(1036)
c:\windows\system32\scecli.dll
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\APC PowerChute Personal Edition\mainserv.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\ESET\nod32krn.exe
c:\programmi\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\programmi\APC PowerChute Personal Edition\apcsystray.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
c:\programmi\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-30 20:09:18 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-30 19:08:51
Pre-Run: 42,563,432,448 byte disponibili
Post-Run: 43,193,524,224 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
235