ComboFix 08-10-17.01 - Giuseppe 2008-10-24 20.18.16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2276 [GMT 2:00]
Eseguito da: C:\pincopallino.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Ernesto\Impostazioni locali\Temporary Internet Files\temp1.htm
C:\Documents and Settings\Giuseppe\Dati applicazioni\inst.exe
C:\Documents and Settings\Giuseppe\Impostazioni locali\Temporary Internet Files\SuggestedSites.dat
C:\WINDOWS\hosts
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\winhelp.ini
I:\autorun.inf
I:\nideiect.com
.
((((((((((((((((((((((((( Files Creati Da 2008-09-24 al 2008-10-24 )))))))))))))))))))))))))))))))))))
.
2008-10-24 20:14 . 2008-10-24 20:14 2,991,454 -ra------ C:\pincopallino.exe
2008-10-23 22:13 . 2008-10-23 22:13 250 --a------ C:\WINDOWS\gmer.ini
2008-10-17 21:56 . 2007-07-26 16:15 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-10-16 20:19 . 2008-10-16 20:19 <DIR> d-------- C:\Intel
2008-10-14 19:06 . 2008-10-14 19:06 <DIR> d-------- C:\Documents and Settings\Giuseppe\Dati applicazioni\AdobeUM
2008-10-13 22:14 . 2008-10-13 22:19 <DIR> d-------- C:\Programmi\NetMeter
2008-10-07 19:42 . 2008-10-07 19:42 <DIR> d-------- C:\Programmi\EASEUS
2008-10-07 11:03 . 2008-10-07 11:03 <DIR> d--hs---- C:\Documents and Settings\Ernesto\PrivacIE
2008-10-06 17:27 . 2008-10-24 20:44 <DIR> d-------- C:\WINDOWS\system32\.
2008-10-05 22:44 . 2008-10-05 22:44 6,898 --a------ C:\WINDOWS\system32\lgmbonmi.exe
2008-10-05 11:08 . <DIR> C:\WINDOWS\system32\??|??
2008-10-04 23:41 . 2008-10-04 23:41 1,680 --a------ C:\WINDOWS\system32\esnecil.nlp
2008-10-04 23:41 . 2008-10-05 11:08 1,680 --a------ C:\WINDOWS\system32\esnecil.ind
2008-10-04 23:41 . 2008-10-04 23:41 4 --a------ C:\WINDOWS\vx86036.dat
2008-10-04 23:40 . 2008-10-07 19:22 <DIR> d-------- C:\Programmi\Stellar Phoenix Windows Data Recovery
2008-10-04 23:40 . 1998-06-24 00:00 260,920 --a------ C:\WINDOWS\system32\MSDATGRD.OCX
2008-10-04 23:40 . 1999-06-18 23:49 165,888 --a------ C:\WINDOWS\Ckconfig.exe
2008-10-04 23:40 . 2006-03-01 03:10 69,632 --a------ C:\WINDOWS\system32\Crypserv.exe
2008-10-04 23:40 . 2006-01-10 04:47 31,846 --a------ C:\WINDOWS\system32\Ckldrv.sys
2008-10-04 23:40 . 1996-05-03 19:21 27,648 -ra------ C:\WINDOWS\Setup_ck.exe
2008-10-04 23:40 . 1996-05-03 17:36 18,432 --a------ C:\WINDOWS\Setup_ck.dll
2008-10-04 23:40 . 1995-07-04 20:33 11,776 --a------ C:\WINDOWS\Ckrfresh.exe
2008-10-04 23:40 . 2008-10-04 23:40 67 --a------ C:\WINDOWS\Crypkey.ini
2008-10-02 18:02 . 2008-10-02 18:02 546 --a------ C:\WINDOWS\EvvivaRG.ini
2008-10-02 18:02 . 2008-10-02 18:02 502 --a------ C:\WINDOWS\NEXTRG.INI
2008-10-01 11:16 . 2008-10-01 11:16 <DIR> d--hs---- C:\$RECYCLE.BIN
2008-09-30 15:03 . 2008-09-30 15:03 <DIR> dr-h----- C:\MSOCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 18:03 --------- d-----w C:\Programmi\Zoom Player
2008-10-24 17:36 --------- d-----w C:\Programmi\AdunanzA
2008-10-23 19:41 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-10-22 18:18 1,620 ----a-w C:\Programmi\LavasoftAdAware event.log
2008-10-22 18:18 --------- d-----w C:\Programmi\Lavasoft
2008-10-20 21:44 --------- d-----w C:\Documents and Settings\Giuseppe\Dati applicazioni\mIRC
2008-10-20 18:35 --------- d-----w C:\Programmi\mIRC
2008-10-17 19:41 --------- d-----w C:\Programmi\DriverGuide Toolkit
2008-10-17 17:39 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-10-14 17:13 --------- d-----w C:\Programmi\FreePOPs
2008-10-12 20:19 2,568 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-10-02 16:50 --------- d-----w C:\Documents and Settings\Giuseppe\Dati applicazioni\Canon
2008-10-02 16:42 --------- d-----w C:\Documents and Settings\Giuseppe\Dati applicazioni\Corel
2008-09-27 20:00 --------- d-----w C:\Programmi\Spyware Terminator
2008-09-24 17:54 --------- d-----w C:\Programmi\Elaborate Bytes
2008-09-23 20:24 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-09-22 16:29 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd1773.sys
2008-09-18 18:42 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2008-09-14 09:23 --------- d-----w C:\Programmi\Microsoft IntelliPoint
2008-09-07 13:47 --------- d-----w C:\Programmi\RealVNC
2008-08-28 17:17 --------- d-----w C:\Programmi\Win Magazine
2008-08-25 17:57 --------- d-----w C:\Programmi\Power Translator
2008-08-25 17:36 --------- d-----w C:\Programmi\BVRP Software
2008-08-22 01:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 01:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 01:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 01:06 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
2008-08-22 01:06 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-08-22 01:06 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-08-22 01:05 48,640 ------w C:\WINDOWS\system32\PrivacIE.dll
2008-08-22 01:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-08-22 01:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-08-22 01:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 00:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-03-10 18:35 47,360 ----a-w C:\Documents and Settings\Giuseppe\Dati applicazioni\pcouffin.sys
2007-07-07 11:39 75,928 ----a-w C:\Documents and Settings\Ernesto\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-06-03 18:30 75,928 ----a-w C:\Documents and Settings\Giuseppe\Dati applicazioni\GDIPFONTCACHEV1.DAT
2005-07-09 02:44 777 ----a-w C:\Programmi\trial_setup.ini
2005-07-09 02:44 5,137,920 ----a-w C:\Programmi\trial_setup.msi
2005-07-09 02:44 40,448 ----a-w C:\Programmi\trial_setup.exe
2005-04-26 10:20 49,992 ----a-w C:\Documents and Settings\Alessia\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-03-13 20:09 88 --sh--r C:\WINDOWS\system32\9AFB51B278.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"dscService"="C:\WINDOWS\system32\USBPlug.exe" [2005-03-01 278528]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 79224]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-01-04 2834432]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"IntelliPoint"="C:\Programmi\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 849280]
"D066UUtility"="C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 C:\WINDOWS\system32\ptipbmf.dll]
"EssSpkPhone"="essspk.exe" [2001-10-19 C:\WINDOWS\essspk.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MPG4"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.MP42"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.GJPG"= GJPG.DLL
"vidc.MP43"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"VIDC.DIV3"= C:\PROGRA~1\K-LITE~1\codecs\DivXc32.dll
"VIDC.DIV4"= C:\PROGRA~1\K-LITE~1\codecs\DivXc32f.dll
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.HFYU"= C:\PROGRA~1\K-LITE~1\codecs\huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.lameacm"= C:\PROGRA~1\K-LITE~1\codecs\lameACM.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"msacm.divxa32"= C:\PROGRA~1\K-LITE~1\codecs\divxa32.acm
"msacm.imc"= imc32.acm
"msacm.avis"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_acm.acm
"msacm.dvacm"= dvacm.acm
"VIDC.ACDV"= ACDV.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\DVD2one V2\\dvd2one2.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\manager.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\server.exe"=
"C:\\Programmi\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"C:\\Programmi\\mIRC\\mirc.exe"=
"C:\\Programmi\\RealVNC\\VNC4\\vncviewer.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 0 (0x0)
R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 16855]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-04 138752]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 21808]
R3 Bonifay;Bonifay;C:\WINDOWS\system32\DRIVERS\Bonifay.sys [2005-11-28 12160]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [ ]
S2 SysPsr;SysPsr;C:\Programmi\File comuni\Microsoft Shared\Spj.exe [ ]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 5824]
S3 DCamUSBGT892x;iX-30 PC Camera;C:\WINDOWS\system32\Drivers\GT892xV.SYS [2001-12-04 336504]
S3 Gonzales;Gonzales;C:\WINDOWS\system32\DRIVERS\Gonzales.sys [2005-12-13 7040]
S3 SetupSys;Conexant Setup API;C:\WINDOWS\system32\drivers\SetupSys.sys [2001-01-09 8811]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b51ea05-df69-11db-b164-0017c2505edc}]
\Shell\AutoRun\command - G:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{701c4e6f-1deb-11dd-b4bd-00112fd8f7db}]
\Shell\AutoRun\command - G:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e70e0992-f64a-11db-b198-00112fd8f7db}]
\Shell\AutoRun\command - G:\load.exe /CDROM
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
2008-09-23 C:\WINDOWS\Tasks\User_Feed_Synchronization-{CE55FE35-574F-4D64-9674-EF95DA9ABEB4}.job
- C:\WINDOWS\system32\msfeedssync.exe [2008-08-22 03:05]
.
- - - - ORFÃOS REMOVIDOS - - - -
HKU-Default-Run-Symantec NetDriver Warning - C:\PROGRA~1\SYMNET~1\SNDWarn.exe
Notify-WgaLogon - (no file)
.
------- Supplementare di scansione -------
.
FireFox -: Profile - C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\oc64k6rd.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
hxxp://it.yahoo.itFF -: plugin - C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\plugins\npPxPlay.dll
FF -: plugin - C:\Programmi\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-24 20:45:59
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysPsr]
"ImagePath"="\"C:\Programmi\File comuni\Microsoft Shared\Spj.exe\""
.
Ora fine scansione: 2008-10-24 20.47.43
ComboFix-quarantined-files.txt 2008-10-24 18:47:23
Pre-Run: 43.202.777.088 byte disponibili
Post-Run: 43,489,583,104 byte disponibili
219 --- E O F --- 2008-09-23 16:55:53
Esegui 
![[XX(]](http://www.megalab.it/forum/images/smilies/frusty.gif "Testate al muro")
![[V]](http://www.megalab.it/forum/images/smilies/sad.gif "Triste")
![[uhm]](http://www.megalab.it/forum/images/smilies/Dubbio.gif "Uhm...")
![[boh]](http://www.megalab.it/forum/images/smilies/dntknw.gif "Boh")
![[grazie]](http://www.megalab.it/forum/images/smilies/Grazie.gif "Grazie")
![[acc2]](http://www.megalab.it/forum/images/smilies/Acc.gif "Oh cacchio!")
Ce l'avevi davvero questo trojan preistorico ![[:D]](http://www.megalab.it/forum/images/smilies/fragorosa_risata.gif "Fragorosa risata")
![[applauso+]](http://www.megalab.it/forum/images/smilies/Bigclap.gif "Grande applauso")
![[^]](http://www.megalab.it/forum/images/smilies/Oh-yea.gif "Approvazione")