combofix log:
ComboFix 08-01-03.3 - MIMMO 2008-01-02 20.41.37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.87 [GMT 1:00]
Eseguito da: C:\Documents and Settings\MIMMO\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\dgsetupv.dll . . . . Eliminazione Fallita
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_FUFWZYLV
-------\fufwzylv
((((((((((((((((((((((((( Files Creati Da 2007-12-03 al 2008-01-03 )))))))))))))))))))))))))))))))))))
.
2008-01-02 20:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 09:35 . 2008-01-02 09:35 118,784 -r------- C:\WINDOWS\bwUnin-6.3.2.62-7681197L.exe
2008-01-02 09:35 . 2004-11-10 13:58 68,752 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-01-02 09:35 . 2004-11-10 13:57 26,928 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-01-02 09:34 . 2008-01-02 09:35 <DIR> d-------- C:\Programmi\F-Secure
2008-01-02 09:32 . 2008-01-02 09:32 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
2008-01-01 14:26 . 2008-01-01 18:09 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-01-01 14:26 . 2008-01-01 18:09 <DIR> d-------- C:\Documents and Settings\MIMMO\Dati applicazioni\SUPERAntiSpyware.com
2008-01-01 14:26 . 2008-01-01 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2007-12-26 18:17 . 2007-12-26 18:37 58 --a------ C:\WINDOWS\CTACD.INI
2007-12-23 20:54 . 2007-12-23 20:54 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2007-12-23 20:54 . 2007-12-23 20:54 741,632 --a------ C:\WINDOWS\system32\ovoolkjo.dat
2007-12-23 20:54 . 2007-12-23 20:54 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-23 20:54 . 2007-12-23 20:54 42,240 --a------ C:\WINDOWS\system32\sguvldwn.dat
2007-12-23 20:54 . 2007-12-23 20:54 36,096 --a------ C:\WINDOWS\system32\zoyhlzgx.dat
2007-12-23 20:54 . 2007-12-23 20:54 35,072 --a------ C:\WINDOWS\system32\zmuhtbhf.dat
2007-12-22 21:37 . 2007-12-22 21:37 30 --a------ C:\WINDOWS\CTWave32.ini
2007-12-22 20:44 . 2007-12-25 21:09 120,576 --a------ C:\WINDOWS\system32\bbrbppyr.dat
2007-12-22 20:37 . 2007-12-23 20:54 84,992 --a------ C:\WINDOWS\system32\dgsetupv.dll.bak
2007-12-22 20:37 . 2008-01-03 20:47 84,992 --a------ C:\WINDOWS\system32\dgsetupv.dll
2007-12-22 20:36 . 19,584 C:\WINDOWS\system32\drivers\ufsncrmk.dat
2007-12-22 20:36 . 2007-12-22 20:36 16,896 --a------ C:\WINDOWS\system32\if12va.0xe
2007-12-22 20:35 . 2001-08-31 12:00 84,992 --a------ C:\WINDOWS\system32\cdmodeml.dll
2007-12-18 20:42 . 2007-12-18 20:42 <DIR> d-------- C:\Programmi\Google
2007-12-13 11:22 . 2007-12-13 11:22 <DIR> d---s---- C:\Documents and Settings\MIMMO\UserData
2007-12-05 18:06 . 2007-12-05 18:42 <DIR> d-------- C:\Programmi\yengnwuy
2007-12-05 18:05 . 2007-12-05 18:05 291,328 --a------ C:\WINDOWS\system32\libcurl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 19:33 --------- d-----w C:\Programmi\eMule
2008-01-02 08:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2007-12-22 09:31 --------- d-----w C:\Programmi\MSN Messenger
2007-12-22 09:31 --------- d-----w C:\Programmi\Messenger Plus! Live
2007-12-16 09:54 --------- d-----w C:\Programmi\SopCast
2007-12-16 09:22 --------- d-----w C:\Documents and Settings\MIMMO\Dati applicazioni\SopCast
2007-11-23 10:38 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-11-23 10:38 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-11-23 10:38 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-11-23 10:36 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-11-22 17:13 --------- d-----w C:\Programmi\Sierra On-Line
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80B188C9-0198-4BB6-B2CB-AD40811F746E}]
2001-08-31 12:00 84992 --a------ C:\WINDOWS\system32\cdmodeml.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2A822B0-2E56-4D7F-9782-CBB82207C7D5}]
2008-01-03 20:47 84992 --a------ c:\windows\system32\dgsetupv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"RocketDock"="C:\Programmi\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]
"CTSyncU.exe"="C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 09:06 700416]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-19 14:59 1449984]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-10-06 08:07 185896]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 10:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"Jet Detection"="C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 00:00 28672]
"CTStartup"="C:\Programmi\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 00:00 28672]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-05-03 09:06 364544 C:\WINDOWS\system32\nwiz.exe]
"AdslTaskBar"="stmctrl.dll" [2003-01-22 11:01 151552 C:\WINDOWS\system32\stmctrl.dll]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 11:36 229376]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"F-Secure Manager"="C:\Programmi\F-Secure\Common\FSM32.exe" [2004-09-09 10:03 118832]
"F-Secure TNB"="C:\Programmi\F-Secure\TNB\TNBUtil.exe" [2004-05-27 09:57 684032]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 14:39 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart16.exe [2004-02-25 01:35:22]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2004-11-10 13:58]
R0 wfjkwxgm;wfjkwxgm;C:\WINDOWS\system32\drivers\ufsncrmk.dat []
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2008-01-02 09:35]
R2 F-Secure Filter;F-Secure File System Filter;C:\Programmi\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programmi\F-Secure\Anti-Virus\Win2K\FSgk.sys [2004-09-10 17:14]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programmi\F-Secure\Anti-Virus\Win2K\FSrec.sys [2003-02-06 13:32]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2002-09-25 06:37]
S3 TaurusUsb;ADSL Modem USB Service 1.09a;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-01-09 14:21]
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-01 20:43:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-03 20:50:19
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run?
???h?
??s?
?\?w? ?w?
???w???w4?
.??w4?
???4???TA?s4?
?&2????wd??w?
?\
\
??w-??w\
\
_?
??C@?\
\
???s?
\
???s\
?&2?A??s?&2??C@?x???`|?w\
??@
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-01-03 20:52:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-03 19:51:59