ComboFix 11-08-16.02 - Ermanno 16/08/2011 17.28.08.8.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.39.1040.18.3070.2007 [GMT 2:00]
Eseguito da: c:\users\Ermanno\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ermanno\AppData\Roaming\EurekaLog
c:\windows\IsUn0410.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-07-16 al 2011-08-16 )))))))))))))))))))))))))))))))))))
.
.
2011-08-16 15:33 . 2011-08-16 15:34 -------- d-----w- c:\users\Ermanno\AppData\Local\temp
2011-08-16 15:33 . 2011-08-16 15:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-16 15:33 . 2011-08-16 15:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-16 10:11 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FD9FA83-E137-4D25-96EE-F721DD114572}\mpengine.dll
2011-08-10 06:30 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 06:30 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 06:29 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 06:29 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 06:25 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 06:25 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-07-18 13:18 . 2011-07-18 13:18 0 ---ha-w- c:\users\Ermanno\AppData\Local\BIT1DDF.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2011-06-20 13:04 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-06-20 13:04 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-22 04:52 . 2011-06-22 04:52 0 ---ha-w- c:\users\Ermanno\AppData\Local\BIT4A9C.tmp
2011-06-02 13:34 . 2011-07-15 17:59 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 17:14 . 2009-10-02 21:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-05-22 20:04 . 2010-05-22 20:04 3099136 ----a-w- c:\program files\openofficeorg32.msi
2009-11-17 12:23 . 2006-01-31 08:42 1135104 ----a-w- c:\program files\Reflet.exe
2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= 1
"NoDesk"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-02-16 20:50 47672 ----a-w- c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-02-16 20:50 33136 ----a-w- c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSTPE]
2007-10-12 05:44 106496 ------w- c:\windows\System32\ASUSTPE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-01-12 08:54 669520 ----a-w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 20:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-953317019-35223143-1545133680-1000]
"EnableNotificationsRef"=dword:00000002
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca6e80a302b9dd;Servizio di Google Update (gupdate1ca6e80a302b9dd);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 133104]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 133104]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-20 691696]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2006-12-08 5120]
S3 OxUSBTIMOUT;OxUSBTIMOUT;c:\windows\system32\DRIVERS\OxUSBTIMOUT.sys [2007-06-07 34152]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-08-14 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 14:03]
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 10:10]
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 10:10]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-953317019-35223143-1545133680-1000Core.job
- c:\users\Ermanno\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 05:48]
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-953317019-35223143-1545133680-1000UA.job
- c:\users\Ermanno\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 05:48]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{5FEEA278-E9E9-494E-A234-C55128FED9FB}.job
- c:\windows\system32\msfeedssync.exe [2011-08-10 09:26]
.
.
------- Scansione supplementare -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DDC70A60-2D20-412F-9409-3554DF614AA0}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Ermanno\AppData\Roaming\Mozilla\Firefox\Profiles\l810xmfd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F} - (no file)
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0410.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-08-16 17:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
.
C:\ADSM_PData_0150
.
Scansione completata con successo
Files nascosti: 1
.
**************************************************************************
.
Ora fine scansione: 2011-08-16 17:36:06
ComboFix-quarantined-files.txt 2011-08-16 15:36
ComboFix2.txt 2011-02-18 07:18
ComboFix3.txt 2011-02-13 18:57
.
Pre-Run: 93.681.790.976 byte disponibili
Post-Run: 93.658.292.224 byte disponibili
.
- - End Of File - - 2D3F2E7B3976530159298DFD1D903490