Where the hell is jwgkvsq from?!?!?
ComboFix 09-02-24.02 - Administrator 25/02/2009 16.56.46.7 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1040.18.511.348 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2009-01-25 al 2009-02-25 )))))))))))))))))))))))))))))))))))
.
Nessun nuovo file creato in questo arco di tempo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 14:28 --------- d-----w c:\programmi\Mozilla Thunderbird
2009-02-25 14:26 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-02-20 13:10 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-02-20 10:22 --------- d-----w c:\programmi\Spybot - Search & Destroy
2009-02-19 14:55 89,601 ----a-w c:\winnt\system32\drivers\klick.dat
2009-02-19 14:55 33,808 ----a-w c:\winnt\system32\drivers\klbg.sys
2009-02-19 14:55 101,287 ----a-w c:\winnt\system32\drivers\klin.dat
2009-02-19 12:00 --------- d-----w c:\programmi\EsetOnlineScanner
2009-02-13 16:42 410,984 ----a-w c:\winnt\system32\deploytk.dll
2009-02-13 16:41 --------- d-----w c:\programmi\Java
2009-02-12 13:55 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-02-11 09:19 38,496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\winnt\system32\drivers\mbam.sys
2009-02-09 08:24 --------- d-----w c:\programmi\Look@LAN
2009-02-02 15:15 --------- d-----w c:\programmi\TVAnts
2009-01-30 16:14 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Thunderbird
2009-01-29 14:08 --------- d-----w c:\programmi\MessengerPlus! 3
2009-01-29 10:23 --------- d-----w c:\programmi\EvilLyrics
2009-01-27 10:17 --------- d-----w c:\programmi\EPSON Print CD
2009-01-21 11:29 --------- d-----w c:\programmi\CCleaner
2009-01-19 11:06 --------- d-----w c:\programmi\Nsasoft
2009-01-16 09:46 --------- d-----w c:\programmi\Mplayerc
2009-01-12 11:05 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Media Player Classic
2009-01-09 11:25 --------- d-----w c:\programmi\File comuni\Real
2009-01-09 11:24 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-09 11:24 --------- d-----w c:\programmi\Mozilla Sunbird
2009-01-09 11:24 --------- d-----w c:\programmi\File comuni\FLIR Systems
2009-01-09 11:24 --------- d-----w c:\programmi\EPSON
2009-01-09 09:09 --------- d-----w c:\programmi\OO Software
2009-01-08 16:43 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\SDProget
2009-01-08 16:43 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\SDProget
2009-01-08 10:05 720,896 ----a-w c:\winnt\iun6002.exe
2008-04-10 13:24 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2007-01-05 10:26 271 ---h--w c:\programmi\desktop.ini
2007-01-05 10:26 22,075 ---h--w c:\programmi\folder.htt
1999-12-23 00:00 32,528 -c--a-w c:\winnt\inf\wbfirdma.sys
2007-07-26 23:06 479,232 ----a-w c:\programmi\mozilla firefox\plugins\msvcm80.dll
2007-07-26 23:06 548,864 ----a-w c:\programmi\mozilla firefox\plugins\msvcp80.dll
2007-07-26 23:06 626,688 ----a-w c:\programmi\mozilla firefox\plugins\msvcr80.dll
.
((((((((((((((((((((((((((((( SnapShot_mar 2009-02-24_11.43.25.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-12 13:08:18 1,744 ----a-w c:\winnt\system32\d3d9caps.dat
+ 2009-02-24 13:42:26 1,744 ----a-w c:\winnt\system32\d3d9caps.dat
+ 2009-02-25 07:56:37 16,384 ----atw c:\winnt\system32\Perflib_Perfdata_274.dat
+ 2009-02-25 15:56:12 16,384 ----atw c:\winnt\system32\Perflib_Perfdata_38c.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"="c:\programmi\Analog Devices\SoundMAX\DrvLsnr.exe" [08/05/03 12.34 69632]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [28/07/03 14.19 4841472]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [13/02/09 17.42 148888]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [19/02/09 12.13 206088]
"Synchronization Manager"="mobsync.exe" [19/06/03 12.05 111376 c:\winnt\system32\mobsync.exe]
"nwiz"="nwiz.exe" [28/07/03 14.19 323584 c:\winnt\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\programmi\Internet Explorer\Connection Wizard\icwconn1.exe" [19/06/03 12.05 188176]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-09-16 610365]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=3 (0x3)
"SCardSvr"=3 (0x3)
"SCardDrv"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"BITS"=3 (0x3)
"wuauserv"=2 (0x2)
"Messenger"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\winnt\system32\drivers\klbg.sys [2008-01-29 33808]
R2 CameraMonitor;FLIR Camera Monitor;c:\programmi\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe [2006-06-08 140896]
R2 eugss;EUTRON SmartKey GSS2 Driver;c:\winnt\system32\drivers\eugss2k.sys [2008-01-18 63336]
R2 eusk2par;EUTRON SmartKey Parallel Driver;c:\winnt\system32\drivers\eusk2par.sys [2008-01-18 30656]
R2 T3Srv;FLIR Systems Camera Monitor;c:\programmi\FLIR Systems\Device Drivers\T3Srv.exe [2007-02-01 140896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\winnt\system32\drivers\klim5.sys [2008-04-30 24592]
S2 Eutron-Emu;Eutron-Emu;c:\winnt\system32\drivers\Eutron-Emu.sys.SYS --> c:\winnt\system32\drivers\Eutron-Emu.sys.SYS [?]
S3 BT2KNDFL;Driver del server di accesso alla rete LAN Bluetooth - Filter;c:\winnt\system32\drivers\bt2kndfl.sys [2007-05-18 3879]
S3 eusk3usb;SmartKey 3 USB;c:\winnt\system32\Drivers\eusk3usb.sys --> c:\winnt\system32\Drivers\eusk3usb.sys [?]
S3 FLIRUSBRNDIS;FLIR Camera USB Network Device Driver;c:\winnt\system32\drivers\usb8023k.sys [2006-05-05 13824]
S3 motccgp;Motorola USB Composite Device Driver;c:\winnt\system32\drivers\motccgp.sys [2007-12-03 17920]
S3 motccgpfl;MotCcgpFlService;c:\winnt\system32\drivers\motccgpfl.sys [2007-12-03 7680]
S3 MotDev;Motorola Inc. USB Device;c:\winnt\system32\drivers\motodrv.sys [2007-12-03 42112]
S3 skeyusb;SmartKey USB;c:\winnt\system32\drivers\skeyusb.sys [2008-01-18 43968]
S3 UALFDrv2;UALFDrv2;c:\winnt\system32\drivers\UALFDrv2.sys [2006-09-12 46309]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
v
n
t
S
y
s
t
m
I
a
s
I
p
r
i
p
I
r
m
o
n
N
t
m
a
n
N
w
s
a
p
a
g
n
t
R
a
s
a
u
t
o
R
a
s
m
a
n
R
m
o
t
a
c
c
s
s
S
N
S
S
h
a
r
d
a
c
c
s
s
T
a
p
i
s
r
v
N
t
m
s
s
v
c
w
z
c
s
v
c
W
m
d
m
P
m
S
N
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: Invia a &Bluetooth - c:\programmi\IBM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: %SystemRoot%\system32\msafd.dll
TCP: {46AA183D-08D8-4F06-99CC-5F02635E7636} = 151.99.125.1
TCP: {E5E72B87-5298-4953-BD78-BAD92DCB4C6F} = 151.99.125.1
DPF: DirectAnimation Java Classes -
file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\winnt\Java\classes\xmldso.cab
DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} -
hxxp://plug-in.reallusion.com/CrazyTalk4.cabFF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\yyauvfjj.default\
FF - prefs.js: browser.startup.homepage -
hxxp://it.start2.mozilla.com/firefox?cl ... t:officialFF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-25 17:00:17
Windows 5.0.2195 Service Pack 4 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="E97A55E4D2F53F29ACDF51D0358BB99892AB3AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D5D575E7D6A3B98088EDD5E5BE2F6E66748C29376B5BF93AD996DA3D540B7B7A28C30BDAAF90702B2653C632D81E95BBE89A38A8C28E26D44ADE76214F7938F033F9EEFE0912B06BEB5A4F5A9D85B15901B5D2A1772E76140F70BC1260F419EB5842BC8220928117AAEED492ACEF0DDBFEEB3C2C4A1C7AD85E924780DA18F9844E94D82E128C76A2C1C5ABB31F80C3375ADCFF74C381AA43E29640DCEBDF045F5AFE02A96ABF470DFFA8D81475F31261FB140C164AC1E2C578DE45D74E6FB7FD9CC2321BA42BF90E2FE91A0F8808ADB6A8A76EBCBE6B4BF82A11E1A8C936D3642EB391E4C12DB52CA8C50F4D4CCE20D4E7D471742C8646C34A86FC8293022EC4668AAAACF31224B6CC09C2B6EA8AC8701FEEBB48BA0D7D426959A405E9A1EBCBE53E1A4492C8CA7E5E928C6DDEDFBAC7EBE028FF0B6DA2ED49246AE47A5874D4AF4AFBD4603BCA992880EA03E698AF187180BC03F44604502F8FC9400992AE04AC346FAD32A752498D4C861AFDB34E0A1216C39C7767F76B25DAD47ABB073C966EFBC38838920015E383A08D6FAFA9592A0703DDD71EF34300129EE6E19F7EE875A10A0ED7CC6BA0ED2266759EE83C1E691C2E25B499185065EA60873F66ECBDC179EB7AD541B6218F5B4276455152CF0A475971C096484082141E468E1B070D7F0AB5360D3EF9BAF28F241A63F1F2B43BCFE1C01AE905FC9A97628FD64BEFEAEE4DE1B29B3BC9F4A25500454B031AE35F0B6816F2C5E57A48D29CB6A7C3A30DBA5C3102E209E3A24D8A114A5A480B7648E5C30CEE6BB4436141F1D661E6B4D1D1649811B3855CBBC699FE5D406E5D9AF1310658C393B8FDFB904BAB0303CB6F4D343161D11C348572AE5C52237DDBF3DB256AF98F113B745B0649B8A0DBBDFA828E8C76831F1B87A27F551510D0B26F2559A74E8D21CCF50DAB488B9851D50C397D66333178C39719E347D2BCFAFDEFD96A8E87490D4FB2E544A1D07DA37A213D58A0CB7B0E3F84B03E78EF8BDB5CD4FC4331B3957DEF85166DFCAC2C585062A4DE7B635636B3D5B7BBDA18C072BEE99644E68B6438093EC1313D4BA6EA5BEDE9BB7AD6D063A5EB9E147A3B7503FCCD52D7408F2E6A3AE7B8E67D647F65B23C912230EA7E48CC8BFC4F6D7D334C70AC08A827E7649563FB84242BB42710E9E4BB5BBCA2E40C27C0EE6A7D43C3EBEDB591CB929CC6349D1A7486E440763C7AF0441F3A750CC618C863F9486CFEF3F8A6335BFB7872453828C749A0679C9B6EB5AA122C0E0B18EA251F65C2AF2BE0A75E85C1E2E3AEB6F0570C8D968FE93AF7879778302358A97FAD86E86530C13"
"OODEFRAG11.00.00.01WORKSTATION"="EDCF803DF2C1AF95C7E8FE3C80FC30E2DC07148B2F37609DFAA42AF7FBBF71E5ADD561F583661C956A3C48044D773B651605DE1B03B8BF29CD73E838FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D1407B0B14DB991E48DCB30998C87BD00B565D28D1826A18E87FBD27CD4EA37A2C100E4329235EFBFDB87E064FA2981EAD74E39C7CE7784486DC7C3336E396C49FAC6D6DB3C5C3FEC462AA614C41C2B0B19A10B2ABC0AE7B61E837E47CB2B62A71CA67A6DADA34240745E1EF81AEC37157A77AA3501A3198D194DC60A99605D93C4E81A2CC0A352D1C0B6B5659F4E308035C7CA6E2C2FFA4792A7B4CFF51AB5A6C4B653DA3F965B7B39A4AD33EE13380B34EFF15FC6390320F2F837F37341D23FA2A198C76BDCDCDBA104A0BC153684B297B27D13C8F5BC9AD78B8C521ADE38FE171BAE3FF6FAECD86E0EF66192525E3CB1331D1B203844F9110E4B4E6423774D11FCAF148C1932964D65EF055DAAA3300BFB548BB07CCDC8A3925ACBC060B6D2B1010B1E45026982998D1E905DA2C4DBDFF9F97D4FDE1F54C611F836148CB27E4DC600B7B227E2C8E76FE8EC70C3C74D1E003C0D45A2922DE9E036FAB344BA836E51A43E591A83607D568A0D66BA45D9E9C118DB522C15A82AC3778AEA46B1565209E4163195427E56F3916206D66B191A5AE20EA707AB5FDDD8F55B78740F326BB87CA4A4732C1D9FDB61E48710F9E73CC4444C6A60E92F8CA9BDE69056DC14DD8F7E5595B4627E3C863190187E47E60EE43742360AFBB8749D2F2B5996BBBF04A1CF95577B172242500B65D85DBD78037F0D2318F81F61848580A8EE84DEB96AE5A9D9321294D27D7ACC66DD8E5846433CE72012C82653E11339E6DE130E4DD3379B1861E2B6186B292B1BB096293BAAAAC0751A3776F9E55CB66DAC5823873557864A957E6C44BE63AB904F1F5688483BE25D1B250B871BDBA9CB4F8F0E3CB7669FEF7299BBE8DE96AAD3A97518A160C3EC98721AF1F0C3EE1713B298D2803A6E710B900ABBDCE49454FBA4093D3F697DD5ECF2BD4EEE535A5658B47487AE4DD8D9237BCC99BB200FAC1E9A7025DC0F85E1A2605FD5FE73449536A8CB58E4B5760941340115E593208BD5576245BB315D2F06F670D2E2FEB4D54956680305EE7987F5ACEC027C75441B449BBDA85FE36AAC676587A21E081B6BB3F73A5DB5A47B2D53CE7549682F5AD88C1E036A8F6DF61E9DCA5D38FB53CA7F1BBCD34C61397528EEF62868D2E0A819D58655BE59CA2F9BFE3FD19A8858F90D29486A4D344248F9E3F2356CAC5CD6024CF100678BA92410E74DE36394C342E70CAFDBED2388B679D188707C28A7718E1F726F40BBEECDBB3BF03C"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(224)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Ora fine scansione: 25/02/2009 17.05.10
ComboFix-quarantined-files.txt 2009-02-25 16:03:52
ComboFix2.txt 2009-02-24 15:37:38
ComboFix3.txt 2009-02-24 10:47:07
ComboFix4.txt 2009-02-12 16:56:40
Pre-Run: 3.262.234.624 byte disponibili
Post-Run: 3,253,309,440 byte disponibili
252 --- E O F --- 2009-02-13 08:26:50
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0
; Results at 25/02/2009 16.48.53 for strings:
; 'jwgkvsq'
; 'seszv'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
; End Of The Log...