ComboFix 10-12-16.05 - franco 21/12/2010 15.22.45.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3581.2460 [GMT 1:00]
Eseguito da: c:\users\franco\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\franco\AppData\Local\hqklu.dat
c:\users\franco\AppData\Local\hqklu.exe
c:\users\franco\AppData\Local\hqklu_nav.dat
c:\users\franco\AppData\Local\hqklu_navps.dat
c:\users\franco\AppData\Local\izngz.dat
c:\users\franco\AppData\Local\izngz_nav.dat
c:\users\franco\AppData\Local\izngz_navps.dat
c:\users\franco\GoToAssistDownloadHelper.exe
.
((((((((((((((((((((((((( Files Creati Da 2010-11-21 al 2010-12-21 )))))))))))))))))))))))))))))))))))
.
2010-12-21 14:30 . 2010-12-21 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-21 10:56 . 2010-12-03 09:05 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-21 08:26 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-21 08:26 . 2010-12-21 08:26 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-21 08:24 . 2010-12-21 08:24 -------- d-----w- c:\users\franco\AppData\Local\Sunbelt Software
2010-12-21 08:21 . 2010-12-21 08:21 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-21 08:20 . 2010-12-21 08:26 -------- d-----w- c:\programdata\Lavasoft
2010-12-21 08:20 . 2010-12-21 08:20 -------- d-----w- c:\program files\Lavasoft
2010-12-21 08:15 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51DB23B7-A897-4E0C-888E-69383E8BB271}\mpengine.dll
2010-12-21 08:10 . 2010-01-10 18:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-12-21 08:10 . 2010-12-21 08:12 -------- d-----w- c:\program files\SpywareBlaster
2010-12-20 16:00 . 2010-12-20 16:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-20 16:00 . 2010-12-20 16:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-20 15:54 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-20 15:53 . 2010-12-20 15:53 -------- d-----w- c:\programdata\Alwil Software
2010-12-20 13:32 . 2010-12-20 13:32 0 ----a-w- c:\windows\ativpsrm.bin
2010-12-20 13:16 . 2010-12-20 13:16 -------- d-----w- c:\users\franco\AppData\Roaming\Malwarebytes
2010-12-20 13:16 . 2010-12-20 13:16 -------- d-----w- c:\programdata\Malwarebytes
2010-12-20 12:52 . 2010-12-20 12:52 -------- d-----w- c:\users\franco\AppData\Roaming\IObit
2010-12-20 12:52 . 2010-12-20 12:52 -------- d-----w- c:\program files\IObit
2010-12-20 12:06 . 2010-12-20 12:06 -------- d-----w- c:\users\franco\AppData\Roaming\Uniblue
2010-12-15 17:10 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-15 17:10 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 17:10 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 17:10 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-15 17:10 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 17:10 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 17:10 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 17:10 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 17:09 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 17:09 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 17:09 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 17:09 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-15 17:09 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-15 17:07 . 2010-11-02 06:01 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2010-12-15 17:05 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 17:03 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-08 19:35 . 2010-12-08 19:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-06 07:53 . 2010-12-06 08:11 -------- d-----w- c:\users\franco\AppData\Roaming\Apple Computer
2010-12-06 07:51 . 2010-12-21 08:26 -------- dc----w- c:\windows\system32\DRVSTORE
2010-12-06 07:51 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-06 07:51 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-06 07:50 . 2010-12-06 07:50 -------- d-----w- c:\program files\iPod
2010-12-06 07:50 . 2010-12-06 07:51 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-06 07:50 . 2010-12-06 07:51 -------- d-----w- c:\program files\iTunes
2010-12-06 07:43 . 2010-12-06 07:54 -------- d-----w- c:\users\franco\AppData\Local\Apple Computer
2010-12-06 07:40 . 2010-12-06 07:40 -------- d-----w- c:\users\franco\AppData\Local\Apple
2010-12-06 07:40 . 2010-12-06 07:40 -------- d-----w- c:\program files\Apple Software Update
2010-12-06 07:37 . 2010-12-06 07:37 -------- d-----w- c:\program files\Bonjour
2010-12-06 07:37 . 2010-12-06 07:56 -------- d-----w- c:\programdata\Apple
2010-12-06 07:37 . 2010-12-06 07:50 -------- d-----w- c:\program files\Common Files\Apple
2010-11-24 06:35 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 12:03 . 2010-06-14 08:49 89 ----a-w- c:\users\franco\AppData\Local\mbflyel.bat
2010-11-15 14:58 . 2010-11-15 14:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 09:41 . 2009-10-07 07:22 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 11:23 . 2010-10-07 11:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 11:23 . 2010-10-07 11:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 11:23 . 2010-10-07 11:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 11:23 . 2010-10-07 11:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 14:44 . 2010-09-28 14:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 14:44 . 2010-09-28 14:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2006-06-15 19:33 . 2008-12-23 17:03 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 17:43 . 2008-12-23 17:03 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 13:41 . 2008-12-23 17:03 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 12:10 . 2008-12-23 17:03 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 11:19 . 2008-12-23 17:03 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 17:35 . 2008-12-23 17:03 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 10:10 . 2008-12-23 17:03 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 10:42 . 2008-12-23 17:03 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 10:22 . 2008-12-23 17:03 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 10:21 . 2008-12-23 17:03 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-03-12 3563520]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-03 1389400]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe [2008-02-13 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-01-29 203264]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-01-31 149208]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-02-16 277624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'
2010-12-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:05]
2010-12-21 c:\windows\Tasks\User_Feed_Synchronization-{115694DB-EC51-496F-993A-F72D50F74C5C}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
FF - ProfilePath - c:\users\franco\AppData\Roaming\Mozilla\Firefox\Profiles\0e26pkmo.default\
FF - prefs.js: browser.search.selectedEngine - Trova Rapido
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it&source=iglk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
AddRemove-eMule - c:\program files\eMule\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-12-21 15:30
Windows 6.0.6002 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-12-21 15:33:01
ComboFix-quarantined-files.txt 2010-12-21 14:32
Pre-Run: 186.259.095.552 byte disponibili
Post-Run: 186.208.923.648 byte disponibili
- - End Of File - - 6ECC9AAF3D6A9F440879C63D7C2F3832