ComboFix 09-03-19.02 - Gino 2009-03-20 19.18.15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.255.88 [GMT 1:00]
Eseguito da: c:\documents and settings\Gino\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Gino\Impostazioni locali\Dati applicazioni\atfbm.dat
c:\documents and settings\Gino\Impostazioni locali\Dati applicazioni\atfbm.exe
c:\documents and settings\Gino\Impostazioni locali\Dati applicazioni\atfbm_nav.dat
c:\documents and settings\Gino\Impostazioni locali\Dati applicazioni\atfbm_navps.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\aplib.dll
.
((((((((((((((((((((((((( Files Creati Da 2009-02-20 al 2009-03-20 )))))))))))))))))))))))))))))))))))
.
2009-03-20 19:03 . 2009-03-20 19:10 <DIR> d-------- c:\programmi\FindyKill
2009-03-20 18:25 . 2009-03-20 18:25 <DIR> d-------- c:\programmi\Trend Micro
2009-03-20 18:05 . 2009-03-20 18:05 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\AVGTOOLBAR
2009-03-20 16:45 . 2009-03-20 16:45 <DIR> d---s---- c:\documents and settings\utente\UserData
2009-03-19 16:37 . 2009-03-19 16:37 <DIR> d-------- c:\programmi\Pirelli
2009-03-19 16:37 . 2004-04-20 16:24 52,864 --a------ c:\windows\system32\drivers\CnxTrUsb.sys
2009-03-19 16:37 . 2004-04-20 16:24 25,984 --a------ c:\windows\system32\drivers\CnxTrLan.sys
2009-03-19 16:36 . 2009-03-19 16:41 <DIR> d-------- c:\programmi\Alice ti aiuta
2009-03-19 16:30 . 2009-03-19 16:30 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\Motive
2009-03-13 17:25 . 2001-08-30 23:08 99,328 --a------ c:\windows\system32\srusd.dll
2009-03-13 17:25 . 2001-08-30 23:08 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll
2009-03-13 17:25 . 2001-08-30 23:07 71,680 --a------ c:\windows\system32\fnfilter.dll
2009-03-13 17:25 . 2001-08-30 23:07 71,680 --a--c--- c:\windows\system32\dllcache\fnfilter.dll
2009-03-13 17:25 . 2001-08-30 22:28 6,912 --a------ c:\windows\system32\drivers\serscan.sys
2009-03-13 17:25 . 2001-08-30 22:28 6,912 --a--c--- c:\windows\system32\dllcache\serscan.sys
2009-03-13 17:22 . 2001-08-17 22:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-03-13 17:22 . 2001-08-17 22:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-03-13 17:21 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-13 17:21 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-03-13 17:21 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-03-13 17:21 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-20 17:13 . 2004-08-30 21:00 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\WindowsShell.Manifest
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-02-20 17:11 . 2009-02-20 17:11 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-02-20 17:04 . 2004-08-30 21:00 1,086,058 -ra------ c:\windows\SET33.tmp
2009-02-20 17:04 . 2004-08-30 21:00 1,014,202 -ra------ c:\windows\SET30.tmp
2009-02-20 17:04 . 2004-08-30 21:00 14,043 -ra------ c:\windows\SET3F.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 17:36 --------- d-----w c:\programmi\BitComet
2009-03-20 17:09 --------- d-----w c:\programmi\Euro Gunz Client 8.5.6
2009-03-20 17:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-03-19 15:36 --------- d-----w c:\programmi\Motive
2009-03-19 10:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-02-20 16:31 --------- d-----w c:\programmi\eMule
2009-02-20 16:26 --------- d-----w c:\programmi\GV Principessa Casino
2009-02-20 15:50 --------- d-----w c:\documents and settings\Gino\Dati applicazioni\CasinoOnNet
2009-02-20 08:45 --------- d-----w c:\programmi\Alwil Software
2009-02-19 11:23 --------- d-----w c:\programmi\Google
2009-02-18 14:36 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-02-13 20:07 --------- d-----w c:\documents and settings\Gino\Dati applicazioni\AVGTOOLBAR
2009-02-08 11:34 --------- d-----w c:\programmi\Crea i tuoi calendari!
2009-02-08 11:30 8 --sha-w c:\programmi\.drv120405.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.data211204.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.data211004.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.data110704.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.dat000002.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.dat000001.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.drv190904.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.drv120205.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.data001.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.data000.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.app190905.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.addit001.dat
2009-02-08 11:22 --------- d-----w c:\programmi\Eazel-IT
2009-02-08 11:16 --------- d-----w c:\programmi\Conduit
2009-02-08 10:09 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-02 16:09 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-02-01 14:39 --------- d-----w c:\documents and settings\Gino\Dati applicazioni\Motive
2009-02-01 11:52 --------- d-----w c:\programmi\Messenger Plus! Live
2009-01-31 14:41 155,995 ----a-w c:\windows\java\Packages\2CTV5R3X.ZIP
2009-01-31 14:41 --------- d-----w c:\programmi\Common Files
2009-01-31 14:40 --------- d-----w c:\programmi\Telecom Italia
2009-01-28 15:32 --------- d-----w c:\programmi\Windows Live SkyDrive
2009-01-28 15:32 --------- d-----w c:\programmi\Windows Live
2009-01-28 15:32 --------- d-----w c:\programmi\Microsoft
2009-01-28 15:27 --------- d-----w c:\programmi\File comuni\Windows Live
2009-01-28 13:55 --------- d-----w c:\programmi\D-Link
2009-01-28 12:01 --------- d-----w c:\programmi\SereneScreen
2009-01-28 11:58 --------- d-----w c:\programmi\File comuni\Adobe
2009-01-28 11:54 --------- d-----w c:\programmi\Microsoft.NET
2009-01-28 11:54 --------- d-----w c:\programmi\Microsoft Works
2009-01-28 11:48 --------- d-----w c:\programmi\File comuni\Ahead
2009-01-28 11:48 --------- d-----w c:\documents and settings\Gino\Dati applicazioni\Ahead
2009-01-28 11:47 --------- d-----w c:\programmi\Nero
2009-01-28 11:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2009-01-28 11:22 --------- d-----w c:\programmi\File comuni\InstallShield
2009-01-28 11:22 --------- d-----w c:\programmi\AMD
2009-01-28 10:38 --------- d-----w c:\programmi\microsoft frontpage
2009-01-28 10:36 --------- d-----w c:\programmi\Servizi in linea
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdc465a-cf20-4b82-9a26-47c9dc52fa32}"= "c:\programmi\Eazel-IT\tbEaze.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{ecdc465a-cf20-4b82-9a26-47c9dc52fa32}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-30 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CnxTrApp"="c:\programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll" [2004-04-20 247296]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-30 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-03-19 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\permchk32]
2005-02-08 13:43 12800 c:\windows\system32\permchk32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\BitComet\\BitComet.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17564:TCP"= 17564:TCP:BitComet 17564 TCP
"17564:UDP"= 17564:UDP:BitComet 17564 UDP
"4452:TCP"= 4452:TCP:messenger
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [2009-01-28 29696]
S2 permchk32;MSWC Permission Checker;rundll32.exe c:\windows\system32\permchk32.dll,ocib
rundll32.exe c:\windows\system32\permchk32.dll,ocib
![[?]](http://www.megalab.it/forum/images/smilies/confused.gif "Confuso")
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - IP6FW
.
Contenuto della cartella 'Scheduled Tasks'
2009-03-20 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-08 11:36]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
Toolbar-{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - c:\programmi\PHPNukeIT\tbPHP0.dll
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-atfbm - c:\documents and settings\gino\impostazioni locali\dati applicazioni\atfbm.exe
.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {1F4D7DBD-4AB9-4C13-AE96-C5CAA2826563} = 85.37.17.49 85.38.28.91
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-20 19:19:35
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\permchk32.dll
.
Ora fine scansione: 2009-03-20 19.21.09
ComboFix-quarantined-files.txt 2009-03-20 18:20:55
Pre-Run: 72.696.131.584 byte disponibili
Post-Run: 73,791,578,112 byte disponibili
175
Esegui 
![[^]](http://www.megalab.it/forum/images/smilies/Oh-yea.gif "Approvazione")
![[:)]](http://www.megalab.it/forum/images/smilies/smile.gif "Smile")
![[;)]](http://www.megalab.it/forum/images/smilies/wink.gif "Occhiolino")
