ComboFix 11-10-02.01 - alex 04/10/2011 15.07.44.9.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3070.1806 [GMT 2:00]
Eseguito da: c:\users\alex\Desktop\ComboFix.exe
Opzioni usate :: c:\users\alex\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2011-09-04 al 2011-10-04 )))))))))))))))))))))))))))))))))))
.
.
2011-10-04 13:14 . 2011-10-04 13:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-10-04 13:14 . 2011-10-04 13:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-04 10:30 . 2011-10-04 13:14 -------- d-----w- c:\users\alex\AppData\Local\temp
2011-10-02 19:27 . 2011-10-02 19:27 89088 ----a-w- C:\mbr.exe
2011-09-18 19:28 . 2011-09-18 19:28 -------- d-----w- c:\program files\GIMP 2
2011-09-18 16:01 . 2011-09-18 16:01 -------- d-----w- c:\users\alex\.thumbnails
2011-09-18 15:57 . 2011-09-18 19:17 -------- d-----w- c:\users\alex\.gimp-2.6
2011-09-14 22:29 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-14 06:00 . 2011-09-14 06:00 -------- d-----w- c:\windows\Hewlett-Packard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 15:00 . 2010-12-21 13:51 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 13:13 . 2011-06-16 07:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 02:54 . 2011-08-11 06:40 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-11 06:40 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-11 06:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-11 13:25 . 2011-08-30 13:23 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-08 12:20 . 2011-05-02 18:36 285256 ----a-w- c:\windows\system32\guard32.dll
2011-07-08 12:20 . 2011-05-07 14:17 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-07-08 12:20 . 2011-05-02 18:36 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-07-08 12:20 . 2011-05-02 18:36 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-07-08 12:20 . 2011-05-02 18:36 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-07-06 15:31 . 2011-08-10 06:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-12-21 09:15 . 2010-12-21 09:15 812344 ----a-w- c:\program files\HJTInstall.exe
2011-09-29 07:23 . 2011-08-17 14:56 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-11-09 19:39 . 2010-11-09 21:07 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\alex\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\alex\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\alex\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\alex\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDriveSyncExt1]
@="{A30768B3-9C38-4810-AAC3-422B73A0B25C}"
[HKEY_CLASSES_ROOT\CLSID\{A30768B3-9C38-4810-AAC3-422B73A0B25C}]
2011-04-07 09:22 579032 ----a-w- c:\idsync\IDSyncIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDriveSyncExt2]
@="{906E4756-73EC-4A58-A3B1-461B759D8F7B}"
[HKEY_CLASSES_ROOT\CLSID\{906E4756-73EC-4A58-A3B1-461B759D8F7B}]
2011-04-07 09:22 579032 ----a-w- c:\idsync\IDSyncIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDriveSyncExt3]
@="{5DF1669E-DBBC-4C36-918E-8E470774D7AF}"
[HKEY_CLASSES_ROOT\CLSID\{5DF1669E-DBBC-4C36-918E-8E470774D7AF}]
2011-04-07 09:22 579032 ----a-w- c:\idsync\IDSyncIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-03-24 409320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-25 4669440]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-16 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-16 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-07-08 2554696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\alex\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
IDriveSync Tray.lnk - c:\idsync\IDSyncStartup.exe [2011-8-7 99800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-10 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-11-09 30192]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-10 135664]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 292128]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 722288]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-07-08 238960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-07-08 36568]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 154424]
S2 IDSyncService;IDSyncService;c:\idsync\IDSyncService.exe [2011-06-09 144856]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-11-03 299008]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-10-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-01-09 09:47]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-10 05:25]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-10 05:25]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uSearchURL,(Default) =
hxxp://www.google.com/search/?q=%s
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{42CEA8F2-3C8F-4C0D-B33B-C66CBD296903}: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\f0rrwztr.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-10-04 15:14
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.netWindows 6.0.6002
.
CreateFile("\\.\PHYSICALDRIVE0"): Impossibile accedere al file. Il file è utilizzato da un altro processo.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
copy of MBR has been found in sector 22 !
copy of MBR has been found in sector 23 !
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'lsass.exe'(724)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(2236)
c:\windows\system32\guard32.dll
c:\users\alex\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\idsync\IDSyncIcon.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Ora fine scansione: 2011-10-04 15:17:37
ComboFix-quarantined-files.txt 2011-10-04 13:17
ComboFix2.txt 2011-10-04 10:30
ComboFix3.txt 2011-10-03 18:58
ComboFix4.txt 2011-10-02 19:51
ComboFix5.txt 2011-10-04 13:04
.
Pre-Run: 200.776.456.192 byte disponibili
Post-Run: 200.827.373.568 byte disponibili
.
- - End Of File - - E1BA90AF439D45CE4B37574367BEDDCD