ComboFix 09-05-31.06 - x 01/06/2009 19.45.05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.768.600 [GMT 2:00]
Eseguito da: c:\documents and settings\x\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\~.exe
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\msssc.dll
c:\windows\system32\sdra64.exe
.
((((((((((((((((((((((((( Files Creati Da 2009-05-01 al 2009-06-01 )))))))))))))))))))))))))))))))))))
.
2009-05-27 14:28 . 2009-05-27 14:28 -------- d-----w- c:\programmi\File comuni\EPSON
2009-05-27 14:28 . 2000-06-06 23:01 169472 ----a-w- c:\windows\system32\EBAPI2.dll
2009-05-27 14:27 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-05-27 14:27 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-05-27 14:27 . 2001-03-04 17:15 61598 ----a-w- c:\windows\system32\E_SL2346.DLL
2009-05-27 14:27 . 2009-05-27 14:28 -------- d-----w- c:\programmi\EPSON
2009-05-27 14:27 . 2000-09-13 17:03 145 ----a-w- c:\windows\system32\EBPPORT.DAT
2009-05-27 14:27 . 2000-06-25 17:20 32768 ----a-w- c:\windows\system32\ECBTEG.DLL
2009-05-27 14:27 . 2000-06-06 16:01 34304 ----a-w- c:\windows\system32\EBPCHP.DLL
2009-05-27 08:38 . 2009-05-27 08:39 -------- d-----w- c:\programmi\File comuni\Adobe
2009-05-27 08:36 . 2009-05-27 08:42 -------- d-----w- c:\documents and settings\x\Impostazioni locali\Dati applicazioni\Adobe
2009-05-26 12:36 . 2009-05-26 12:37 -------- d-----w- c:\programmi\IncrediMail
2009-05-25 12:51 . 2009-05-25 12:51 -------- d-----w- c:\documents and settings\x\Impostazioni locali\Dati applicazioni\Identities
2009-05-23 11:03 . 2009-05-23 11:03 -------- d-----w- c:\programmi\Trend Micro
2009-05-22 13:14 . 2009-05-22 13:14 -------- d-----w- c:\windows\Sun
2009-05-22 13:13 . 2009-05-22 13:13 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-22 13:13 . 2009-05-22 13:13 -------- d-----w- c:\programmi\Java
2009-05-22 13:12 . 2009-05-22 13:12 152576 ----a-w- c:\documents and settings\x\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-22 12:34 . 2004-08-19 13:39 25600 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-22 12:24 . 2009-05-31 13:08 -------- d-----w- c:\programmi\eMule
2009-05-22 09:54 . 2009-05-22 09:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IM
2009-05-22 09:51 . 2009-05-22 10:07 -------- d-----w- c:\documents and settings\x\Impostazioni locali\Dati applicazioni\IM
2009-05-22 09:51 . 2009-05-22 09:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IncrediMail
2009-05-22 09:44 . 2009-05-22 09:44 -------- d-----w- c:\programmi\CCleaner
2009-05-22 09:19 . 2009-05-22 09:19 1156 ----a-w- c:\windows\mozver.dat
2009-05-22 08:52 . 2009-05-22 08:52 -------- d-s---w- c:\documents and settings\x\UserData
2009-05-21 12:42 . 2009-06-01 07:27 -------- d-----w- c:\documents and settings\x\Tracing
2009-05-21 12:41 . 2009-05-21 12:41 -------- d-----w- c:\programmi\Microsoft
2009-05-21 12:41 . 2009-05-21 12:41 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-05-21 12:40 . 2009-05-21 12:41 -------- d-----w- c:\programmi\Windows Live
2009-05-21 12:39 . 2009-05-21 12:39 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-05-21 12:30 . 2009-05-21 12:29 737280 ----a-w- c:\windows\iun6002.exe
2009-05-21 12:27 . 2009-05-21 12:27 -------- d-----w- c:\windows\C6 Messenger
2009-05-21 12:27 . 2009-05-22 09:10 -------- d-----w- c:\programmi\C6 Messenger
2009-05-21 01:52 . 2009-05-21 01:52 0 ----a-w- c:\windows\nsreg.dat
2009-05-21 01:52 . 2009-05-21 01:52 -------- d-----w- c:\documents and settings\x\Impostazioni locali\Dati applicazioni\Mozilla
2009-05-20 10:17 . 2009-05-20 10:18 -------- d-----w- c:\windows\nview
2009-05-20 10:17 . 2005-11-11 05:47 180224 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-20 10:16 . 2005-11-11 12:49 180224 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-05-20 01:12 . 2009-05-20 10:16 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-05-20 00:59 . 2004-08-19 13:39 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2009-05-20 00:59 . 2004-08-19 13:39 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-05-20 00:59 . 2004-08-03 21:15 145792 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2009-05-20 00:59 . 2004-08-03 21:15 145792 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-05-20 00:59 . 2004-08-03 21:08 60288 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2009-05-20 00:59 . 2004-08-03 21:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-05-20 00:59 . 2001-09-19 12:32 720896 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2009-05-20 00:59 . 2001-09-19 12:32 720896 ----a-w- c:\windows\system32\a3d.dll
2009-05-14 10:15 . 2001-08-30 18:41 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-14 10:15 . 2001-08-30 18:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-14 10:15 . 2001-08-17 20:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-05-14 10:15 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 17:40 . 2009-04-29 15:37 -------- d-----w- c:\programmi\ESET
2009-05-21 12:42 . 2009-04-29 16:39 12912 ----a-w- c:\documents and settings\x\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-20 01:13 . 2009-05-20 01:13 -------- d-----w- c:\programmi\Analog Devices
2009-05-20 01:13 . 2009-05-20 01:13 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-04-29 15:52 . 2009-04-29 15:52 -------- d-----w- c:\documents and settings\x\Dati applicazioni\Ahead
2009-04-29 15:49 . 2009-04-29 15:49 -------- d-----w- c:\programmi\Nero
2009-04-29 15:49 . 2009-04-29 15:49 -------- d-----w- c:\programmi\File comuni\Ahead
2009-04-29 14:56 . 2009-04-29 14:21 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-29 14:37 . 2001-08-31 15:00 47592 ----a-w- c:\windows\system32\perfc010.dat
2009-04-29 14:37 . 2001-08-31 15:00 345010 ----a-w- c:\windows\system32\perfh010.dat
2009-04-29 14:24 . 2009-04-29 14:24 -------- d-----w- c:\programmi\microsoft frontpage
2009-04-29 14:20 . 2009-04-29 14:20 -------- d-----w- c:\programmi\Servizi in linea
2009-04-29 14:17 . 2009-04-29 14:17 21840 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\programmi\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-11-11 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2009-5-27 127488]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^x^Menu Avvio^Programmi^Esecuzione automatica^C6 Messenger.lnk]
path=c:\documents and settings\x\Menu Avvio\Programmi\Esecuzione automatica\C6 Messenger.lnk
backup=c:\windows\pss\C6 Messenger.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-NWEReboot - (no file)
SafeBoot-procexp90.Sys
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://mystart.incredimail.com/FF - ProfilePath - c:\documents and settings\x\Dati applicazioni\Mozilla\Firefox\Profiles\wp4w666q.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage -
hxxp://it.start2.mozilla.com/firefox?cl ... t:officialFF - prefs.js: keyword.URL -
hxxp://mystart.incredimail.com/?loc=ff_ ... ar&search=FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPC6Helper.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-01 19:48
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(220)
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-06-01 19.52.02 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-06-01 17:51
Pre-Run: 16.177.348.608 byte disponibili
Post-Run: 16.186.109.952 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
171
Esegui ![[^]](http://www.megalab.it/forum/images/smilies/Oh-yea.gif "Approvazione")
![[:)]](http://www.megalab.it/forum/images/smilies/smile.gif "Smile")
da popmart68 » lun giu 01, 2009 11:03 pm 
![[V]](http://www.megalab.it/forum/images/smilies/sad.gif "Triste")
ho provato ma senza riuscirci--....
![[acc2]](http://www.megalab.it/forum/images/smilies/Acc.gif "Oh cacchio!")
![[;)]](http://www.megalab.it/forum/images/smilies/wink.gif "Occhiolino")
