ComboFix 08-12-14.01 - Administrator 14/12/2008 20.49.56.1 -
FAT32x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1040.18.255.48 [GMT 0:00]
Eseguito da: f:\aavv\ComboFix.exe
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ADMINI~1\IMPOST~1\Temp\tmp2.tmp
c:\documents and settings\Administrator\Menu Avvio\Programmi\Videos.url
c:\documents and settings\Administrator\Preferiti\Videos.url
C:\InfoSat.txt
c:\winnt\fxstaller.exe
c:\winnt\IE4 Error Log.txt
c:\winnt\system32\4XXh34X1.exe.a_a
c:\winnt\system32\ddcBUmLe.dll
c:\winnt\system32\drivers\fad.sys
c:\winnt\system32\dvtwqx.dll
c:\winnt\system32\eLmUBcdd.ini
c:\winnt\SYSTEM32\eLmUBcdd.ini2
c:\winnt\system32\firefoxV2.exe
c:\winnt\system32\kanfdkku.ini
c:\winnt\system32\qfgdlfnb.dll
c:\winnt\system32\ukkdfnak.dll
c:\winnt\Web\default.htt
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DISTRIBUTED_ALLOCATED_MEMORY_UNIT
-------\Legacy_MSN_RAV
-------\Legacy_{BDD0D2A1-17BD-47B5-A803-7E58A24073D9}
-------\Legacy_{FBE1D620-5418-4AAE-A0F0-316D590663A1}
-------\Service_{FBE1D620-5418-4aae-A0F0-316D590663A1}
-------\Service_Distributed Allocated Memory Unit
-------\Service_MSN RAV
((((((((((((((((((((((((( Files Creati Da 2008-11-14 al 2008-12-14 )))))))))))))))))))))))))))))))))))
.
2008-12-14 01:25 . 08-12-14 01:25 <DIR> d-------- C:\hij
2008-12-14 01:01 . 07-06-28 14:36 401,720 --------- C:\HijackThis.exe
2008-12-12 23:56 . 08-12-12 23:19 119,808 --------- C:\VundoFix.exe
2008-12-12 23:47 . 08-12-12 23:47 <DIR> d-------- C:\VundoFix Backups
2008-12-12 23:16 . 08-12-12 23:16 <DIR> d-------- c:\programmi\Exterminate It!
2008-12-12 21:24 . 08-12-12 21:24 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-12 21:24 . 08-12-12 21:24 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-12 21:24 . 08-12-12 21:24 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2008-12-12 21:24 . 08-12-03 19:52 38,496 --a------ c:\winnt\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-12-12 21:24 . 08-12-03 19:52 15,504 --a------ c:\winnt\SYSTEM32\DRIVERS\mbam.sys
2008-12-11 12:52 . 08-12-11 12:52 <DIR> d-------- C:\FOUND.006
2008-12-10 15:07 . 08-12-10 15:07 <DIR> d-------- C:\FOUND.005
2008-12-10 14:53 . 08-12-10 14:53 <DIR> d-------- C:\FOUND.004
2008-12-09 20:27 . 08-12-09 20:27 <DIR> d-------- C:\FOUND.003
2008-12-09 15:06 . 08-12-09 15:06 35,328 --a------ c:\winnt\SYSTEM32\yaywwWPF.dll
2008-12-09 14:39 . 08-12-09 14:39 35,328 --a------ c:\winnt\SYSTEM32\urqNFyXq.dll
2008-12-08 16:26 . 08-12-08 16:26 <DIR> d---s---- C:\SYSTEM
2008-12-08 16:08 . 08-12-08 16:08 1,025 --------- C:\osy.exe
2008-12-08 15:07 . 08-12-08 15:07 <DIR> d---s---- C:\CONFIG
2008-12-08 15:07 . 08-12-08 16:26 29,703 --------- C:\msv2008.exe
2008-12-08 13:36 . 08-12-08 13:36 <DIR> d-------- C:\FOUND.002
2008-12-07 14:50 . 08-12-07 14:50 <DIR> d-------- C:\FOUND.001
2008-12-06 12:49 . 08-12-06 12:49 <DIR> d-------- C:\FOUND.000
2008-11-28 23:36 . 08-11-28 23:36 0 --a------ c:\winnt\nsreg.dat
2008-11-22 23:36 . 08-11-22 23:36 <DIR> d-------- C:\APPOGGIO
2008-11-22 22:26 . 08-11-22 22:26 <DIR> d--h----- c:\winnt\PIF
2008-11-22 21:41 . 08-11-22 21:41 225,011 --------- C:\rep.zip
2008-11-22 21:35 . 08-11-22 21:36 <DIR> d-------- C:\AIDA 32ee_370
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 22:45 --------- d-----w c:\programmi\BitTorrent_DNA
2008-11-13 22:45 --------- d-----w c:\programmi\BitTorrent
2008-11-13 22:45 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\BitTorrent DNA
2008-11-13 22:45 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\BitTorrent
2003-07-14 15:20 271 ---h--w c:\programmi\DESKTOP.INI
2003-07-14 15:20 22,075 ---h--w c:\programmi\FOLDER.HTT
2003-06-26 07:00 32,528 ----a-w c:\winnt\INF\WBFIRDMA.SYS
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
08-12-09 14:39 35328 --a------ c:\winnt\system32\urqNFyXq.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\MSN Messenger\MsnMsgr.Exe" [07-09-04 23:40 6856704]
"BitTorrent DNA"="c:\programmi\BitTorrent_DNA\dna.exe" [08-11-13 22:45 286016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_07\bin\jusched.exe" [06-05-03 02:56 36975]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03-07-29 13:30 335872]
"Nokia Connection Monitor"="c:\programmi\File comuni\Nokia\NCLTools\NclConf.exe" [02-01-04 15:59 139264]
"REGSHAVE"="c:\programmi\REGSHAVE\REGSHAVE.EXE" [02-02-04 22:32 53248]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [06-01-29 17:18 155648]
"PCSuiteTrayApplication"="c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [07-06-18 15:10 271360]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [08-10-18 13:30 590848]
"Synchronization Manager"="mobsync.exe" [03-06-26 07:00 111376 c:\winnt\SYSTEM32\MOBSYNC.EXE]
"ATIModeChange"="Ati2mdxx.exe" [01-09-04 16:24 28672 c:\winnt\SYSTEM32\Ati2mdxx.exe]
"PRPCMonitor"="PRPCUI.exe" [02-10-07 03:00 45568 c:\winnt\SYSTEM32\prpcui.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [07-06-19 10:17 1241088]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [08-01-29 21:52 219136]
"msnmsgr"="c:\programmi\MSN Messenger\msnmsgr.exe" [07-09-04 23:40 6856704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\programmi\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-26 07:00 188176]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Digital Line Detect.lnk - c:\programmi\Digital Line Detect\DLG.exe [2004-05-11 24576]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
ZoneAlarm Pro.lnk - c:\programmi\Zone Labs\ZoneAlarm\zapro.exe [2003-12-15 902528]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2005-12-25 241664]
EPSON Status Monitor 3 Environment Check.lnk - c:\winnt\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV03.EXE [1999-10-22 217600]
CN405WLUSB54 Utility LAN wireless.lnk - c:\programmi\CONITECH\CN405WLUSB54.exe [2007-11-24 704512]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\winnt\system32\urqNFyXq.dll" [08-12-09 14:39 35328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqNFyXq]
08-12-09 14:39 35328 c:\winnt\SYSTEM32\urqNFyXq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=dvtwqx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.DIVF"= DivX412.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.divxa32"= divxa32.acm
"vidc.3ivx"= 3ivxVfWCodec.dll
"msvideo8"= STV680tg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Apoint"=c:\programmi\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
R0 fasttrak;fasttrak;c:\winnt\system32\DRIVERS\fasttrak.sys [1980-01-01 64418]
R0 mraid2k;mraid2k;c:\winnt\system32\DRIVERS\mraid2k.sys [1980-01-01 17258]
R1 Avg7RsNT;AVG7 Resident Driver NT;c:\winnt\system32\Drivers\avg7rsnt.sys [2008-01-29 26944]
R2 NokiaSuite3;NokiaSuite3;c:\winnt\system32\drivers\NokiaSuite3.sys [2003-12-15 837696]
R2 PPPoEService;PPPoE Service;c:\progra~1\Alice\ALICEE~1\app\pppoeservice.exe [2008-01-13 49152]
R2 PRPC;PRPC;c:\winnt\system32\drivers\PRPC.sys [2004-05-11 11951]
R2 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;\??\c:\winnt\system32\ZDCNDIS5.sys [2007-11-24 19072]
R3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\winnt\system32\DRIVERS\ntspppoe.sys [2008-01-13 161640]
R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\DRIVERS\usbhub20.sys [1980-01-01 49392]
S2 Microsoft PowerPoint Application;Microsoft PowerPoint Application;"c:\winnt\system32\dllcache\winppa.exe" []
S3 EL90BC;Driver scheda 3Com EtherLink XL B/C;c:\winnt\system32\DRIVERS\el90xbc5.sys [1980-01-01 61712]
S3 ENIMSR;ENIMSR;\??\c:\progra~1\Alice\ALICEE~1\app\ENIMSR.SYS [2008-01-13 12924]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\winnt\system32\drivers\mbamswissarmy.sys [2008-12-12 38496]
S3 NPF;NetGroup Packet Filter Driver;c:\winnt\system32\drivers\npf.sys [2005-08-02 32512]
S3 NTSTAP1;NTSTAP1;\??\c:\progra~1\Alice\ALICEE~1\app\NTSTAP1.SYS [2008-01-13 120128]
S3 NTSTAP2;NTSTAP2;\??\c:\progra~1\Alice\ALICEE~1\app\NTSTAP2.SYS [2005-12-22 120128]
S3 RAWESR;RAWESR;\??\c:\progra~1\Alice\ALICEE~1\app\RAWESR.SYS [2008-01-13 12924]
S3 TAPBIND;TAPBIND;\??\c:\progra~1\Alice\ALICEE~1\app\TAPBIND1.SYS [2005-12-21 44544]
S3 XG762_2K;CONITECH 802.11g XG762N Driver;c:\winnt\system32\DRIVERS\WlanUZ2K.sys [2007-11-24 449536]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67EFG7H6-8IJL-56YT-KLH4-76WE8D3RAM87}]
c:\system\S-3-7-89-2225458569-9856321456-454423558-8896\\explorer.exe
.
- - - - ORFÃOS REMOVIDOS - - - -
BHO-{83665cc9-2ac3-4b38-b5a8-5d1abc6cdd59} - c:\winnt\system32\dvtwqx.dll
BHO-{A719B361-4BC0-4F71-A4D4-787FF50504DE} - c:\winnt\system32\ddcBUmLe.dll
HKLM-Run-bascstray - BascsTray.exe
.
------- Supplementare di scansione -------
.
uStart Page =
hxxp://www.google.it/mStart Page =
hxxp://www.google.comuInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm -
LSP: %SystemRoot%\system32\msafd.dll
O16 -: Microsoft XML Parser for Java -
file://c:\winnt\Java\classes\xmldso.cab
c:\winnt\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\3ud5uwvw.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/FF - plugin: c:\programmi\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF - plugin: c:\programmi\BitTorrent_DNA\npbtdna.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\programmi\Java\jre1.5.0_07\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-14 20:57:45
Windows 5.0.2195 Service Pack 4 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(204)
c:\winnt\system32\Ati2evxx.dll
c:\winnt\system32\urqNFyXq.dll
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Ora fine scansione: 2008-12-14 21:00:45 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-14 21:00:44
Pre-Run: 1.124.433.920 byte disponibili
Post-Run: 1,497,694,208 byte disponibili
205