ComboFix 11-06-24.01 - hp 24/06/2011 15.18.14.1.2 - x86 NETWORK
Eseguito da: c:\users\hp\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\scrollbar.css
c:\windows\IsUn0410.exe
c:\windows\system32\select.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Creati Da 2011-05-24 al 2011-06-24 )))))))))))))))))))))))))))))))))))
.
.
2011-06-24 13:23 . 2011-06-24 13:24 -------- d-----w- c:\users\hp\AppData\Local\temp
2011-06-24 13:23 . 2011-06-24 13:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-23 21:07 . 2011-06-23 21:07 -------- d-----w- c:\users\hp\AppData\Roaming\Avira
2011-06-23 21:04 . 2011-06-23 21:04 -------- d-----w- c:\programdata\Avira
2011-06-23 21:04 . 2011-06-23 21:04 -------- d-----w- c:\program files\Avira
2011-06-23 21:04 . 2011-04-01 15:09 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-23 21:04 . 2011-04-01 15:09 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-21 23:24 . 2011-06-21 23:24 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 23:24 . 2011-06-21 23:24 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-16 00:25 . 2011-06-16 00:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-15 23:40 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 23:40 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-15 23:40 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-15 23:32 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 23:32 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 23:32 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 23:32 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 23:32 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 23:32 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-15 23:32 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 23:32 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 23:32 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 23:32 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-12 00:50 . 2011-06-12 00:50 -------- d-----w- c:\users\hp\dwhelper
2011-06-08 10:07 . 2011-06-08 10:07 -------- d-----w- c:\users\hp\AppData\Local\Easy CD-DA Extractor
2011-06-08 10:07 . 2011-06-08 10:07 -------- d-----w- c:\users\hp\AppData\Roaming\Easy CD-DA Extractor
2011-06-07 18:55 . 2011-06-07 19:31 -------- d-----w- c:\users\hp\AppData\Roaming\Foxmail
2011-06-01 13:01 . 2011-06-22 12:02 -------- d-----w- c:\users\hp\AppData\Local\Preton_Ltd
2011-06-01 13:01 . 2011-06-01 13:01 -------- d-----w- c:\users\hp\AppData\Local\IsolatedStorage
2011-06-01 13:00 . 2011-06-01 13:00 -------- d-----w- c:\program files\Preton
2011-05-31 23:23 . 2011-05-31 23:24 -------- d-----w- c:\program files\Common Files\Nokia
2011-05-31 23:08 . 2011-05-31 23:22 -------- d-----w- c:\program files\Nokia
2011-05-31 21:46 . 2009-07-14 17:45 132224 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2011-05-31 21:46 . 2009-07-14 17:48 39936 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2011-05-31 21:46 . 2009-07-14 17:48 64512 ----a-w- c:\windows\system32\WUDFSvc.dll
2011-05-31 21:46 . 2009-07-14 17:48 162304 ----a-w- c:\windows\system32\WUDFPlatform.dll
2011-05-31 21:46 . 2009-07-14 17:45 92672 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2011-05-31 21:46 . 2009-07-14 17:45 195584 ----a-w- c:\windows\system32\WUDFHost.exe
2011-05-31 21:46 . 2009-07-14 17:48 567808 ----a-w- c:\windows\system32\WUDFx.dll
2011-05-31 13:01 . 2011-05-31 13:01 -------- d-----w- c:\program files\MSXML 4.0
2011-05-31 12:14 . 2011-05-31 22:45 -------- d-----w- c:\programdata\Nokia
2011-05-31 12:03 . 2011-05-31 23:42 -------- d-----w- c:\users\hp\AppData\Local\Nokia
2011-05-31 11:56 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-05-31 11:55 . 2011-05-31 11:55 -------- d-----w- c:\program files\PC Connectivity Solution
2011-05-31 11:37 . 2011-05-31 21:50 -------- d-----w- c:\users\hp\AppData\Roaming\PC Suite
2011-05-31 11:37 . 2011-05-31 21:43 -------- d-----w- c:\programdata\PC Suite
2011-05-31 11:33 . 2011-05-31 11:36 -------- d-----w- c:\program files\DIFX
2011-05-31 11:32 . 2011-05-31 11:56 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-31 11:26 . 2010-12-02 13:13 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-05-31 08:17 . 2011-05-31 22:39 -------- d-----w- c:\programdata\Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-13 07:53 . 2010-12-29 00:42 284744 ----a-w- c:\windows\system32\guard32.dll
2011-05-13 07:53 . 2011-01-06 16:36 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-05-13 07:53 . 2011-01-06 16:36 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-05-13 07:53 . 2011-01-06 16:36 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-05-13 07:53 . 2011-01-06 16:36 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-05-10 12:10 . 2011-02-21 20:04 40112 ----a-w- c:\windows\avastSS.scr
2011-06-21 23:24 . 2011-03-22 00:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"RocketDock"="c:\users\Public\Downloads\RocketDock portable\RocketDock.exe" [2007-09-02 495616]
"Foxmail"="c:\users\Public\Downloads\foxmail\Foxmail\Foxmail.exe" [2010-03-28 7403896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-01 2508104]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"InkSaver"="c:\program files\InkSaver\InkSaver.exe" [2009-06-23 595240]
"PretonClient"="c:\program files\Preton\PretonSaver\PretonClient.exe" [2011-02-01 2571264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1856323788-1379953506-3267584998-1000]
"EnableNotificationsRef"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-24 691696]
R1 05166971;05166971;c:\windows\system32\DRIVERS\05166971.sys [2009-09-25 128016]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-05-13 238960]
R1 setup_9.0.0.722_25.02.2011_16-19drv;setup_9.0.0.722_25.02.2011_16-19drv;c:\windows\system32\DRIVERS\0516697.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
R2 PretonClientService;PretonSaver;c:\program files\Preton\PretonSaver\PretonClientService.exe [2011-02-01 88576]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 05166972;05166972 Boot Guard Driver;c:\windows\system32\DRIVERS\05166972.sys [2009-10-22 37392]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-05-13 36568]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ scan
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{BEAA6C73-09A3-4E98-8BDA-73410CC20665}: NameServer = 192.168.0.1,192.168.1.1
DPF: {E6BB2089-163F-466B-812A-748096614DFD} -
hxxp://cainternetsecurity.net/scanner/cascanner.cabFF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\fubtiekv.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/FF - prefs.js: keyword.URL -
hxxp://www.google.com/search?sourceid=n ... t&hl=it&q=.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-06-24 15:24
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\iexplore.exe\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=(02 0001)
@Ace=(0x11) (1) (S-1-16-4096)
.
[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\iexplore.exe\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\InprocServer32]
@SACL=(02 0001)
@Ace=(0x11) (1) (S-1-16-4096)
.
[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\iexplore.exe\MACHINE\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=(02 0001)
@Ace=(0x11) (1) (S-1-16-4096)
.
[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\iexplore.exe\MACHINE\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=(02 0001)
@Ace=(0x11) (1) (S-1-16-4096)
.
[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\iexplore.exe\MACHINE\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\WinRAR.exe\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
Ora fine scansione: 2011-06-24 15:27:12
ComboFix-quarantined-files.txt 2011-06-24 13:27
.
Pre-Run: 204.928.053.248 byte disponibili
Post-Run: 205.403.832.320 byte disponibili
.
- - End Of File - - 19F1E76650BA386F7943B2E07ADA2ED9