Malwarebytes' Anti-Malware 1.30
Versione del database: 1405
Windows 5.1.2600 Service Pack 2
17/11/2008 23.53.36
mbam-log-2008-11-17 (23-53-36).txt
Tipo di scansione: Scansione rapida
Elementi scansionati: 48273
Tempo trascorso: 4 minute(s), 19 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 13
Cartelle infette: 1
File infetti: 1
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdujk.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0d695096-6fdb-4634-b436-5ed49b308ae5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135;85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15831678-93be-4c8a-8ee6-7663ac488213}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135;85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15831678-93be-4c8a-8ee6-7663ac488213}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.135;85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4fbfa8fd-adac-47d8-ae23-caad62e997a5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.135;85.255.112.96 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0d695096-6fdb-4634-b436-5ed49b308ae5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135;85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{15831678-93be-4c8a-8ee6-7663ac488213}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135;85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{15831678-93be-4c8a-8ee6-7663ac488213}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.135;85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4fbfa8fd-adac-47d8-ae23-caad62e997a5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.135;85.255.112.96 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0d695096-6fdb-4634-b436-5ed49b308ae5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135;85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{15831678-93be-4c8a-8ee6-7663ac488213}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135;85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{15831678-93be-4c8a-8ee6-7663ac488213}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.135;85.255.112.96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4fbfa8fd-adac-47d8-ae23-caad62e997a5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.135;85.255.112.96 -> Quarantined and deleted successfully.
Cartelle infette:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
File infetti:
C:\WINDOWS\system32\kdujk.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
ComboFix 08-11-16.05 - arcangelo 2008-11-18 0.10.49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.662 [GMT 1:00]
Eseguito da: c:\documents and settings\arcangelo\Desktop\PROGRAMMI DI ANTIVIRUS VARI\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\documents and settings\arcangelo\Impostazioni locali\Dati applicazioni\ggyksuu.dat
c:\documents and settings\arcangelo\Impostazioni locali\Dati applicazioni\ggyksuu_nav.dat
c:\documents and settings\arcangelo\Impostazioni locali\Dati applicazioni\ggyksuu_navps.dat
.
((((((((((((((((((((((((( Files Creati Da 2008-10-17 al 2008-11-17 )))))))))))))))))))))))))))))))))))
.
2008-11-18 00:02 . 2008-11-18 00:02 <DIR> d-------- c:\windows\LastGood
2008-11-17 23:48 . 2008-11-17 23:48 <DIR> d-------- c:\documents and settings\arcangelo\Dati applicazioni\Malwarebytes
2008-11-17 23:48 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-17 23:47 . 2008-11-17 23:48 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-11-17 23:47 . 2008-11-17 23:47 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-17 23:47 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-17 00:13 . 2008-11-17 00:21 <DIR> d-------- c:\windows\BDOSCAN8
2008-11-16 23:52 . 2008-11-16 23:52 <DIR> d-------- c:\programmi\CCleaner
2008-11-16 23:44 . 2008-10-29 01:32 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
2008-11-16 23:44 . 2008-10-29 01:32 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
2008-11-16 23:44 . 2008-10-29 01:32 <DIR> d-------- c:\documents and settings\Administrator\Preferiti
2008-11-16 23:44 . 2008-10-29 01:28 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
2008-11-16 23:44 . 2008-10-29 01:32 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
2008-11-16 23:44 . 2008-11-18 00:12 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
2008-11-16 23:44 . 2008-10-29 01:32 <DIR> d-------- c:\documents and settings\Administrator\Documenti
2008-11-16 23:44 . 2008-10-29 01:34 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
2008-11-16 23:44 . 2008-11-16 23:55 <DIR> d-------- c:\documents and settings\Administrator
2008-11-16 15:33 . 2008-11-16 15:33 <DIR> d-------- c:\programmi\Trend Micro
2008-11-07 00:26 . 2008-11-11 11:43 69 --a------ c:\windows\NeroDigital.ini
2008-11-06 11:26 . 2008-11-06 11:26 <DIR> d-------- c:\documents and settings\arcangelo\Dati applicazioni\Samsung
2008-11-06 11:25 . 2003-02-21 18:42 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-11-06 11:25 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2008-11-06 11:24 . 2008-11-06 11:24 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2008-11-06 11:24 . 2005-12-22 12:24 137,884 --a------ c:\windows\system32\drivers\sscdmdm.sys
2008-11-06 11:24 . 2005-12-22 12:24 80,272 --a------ c:\windows\system32\drivers\sscdbus.sys
2008-11-06 11:24 . 2005-12-22 12:24 11,877 --a------ c:\windows\system32\drivers\sscdcmnt.sys
2008-11-06 11:24 . 2005-12-22 12:24 11,877 --a------ c:\windows\system32\drivers\sscdcm.sys
2008-11-06 11:24 . 2005-12-22 12:24 11,188 --a------ c:\windows\system32\drivers\sscdwhnt.sys
2008-11-06 11:24 . 2005-12-22 12:24 11,188 --a------ c:\windows\system32\drivers\sscdwh.sys
2008-11-06 11:24 . 2005-12-22 12:24 10,864 --a------ c:\windows\system32\drivers\sscdmdfl.sys
2008-11-06 11:24 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2008-11-06 11:24 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2008-11-06 11:23 . 2008-11-06 11:23 <DIR> d-------- c:\programmi\Samsung
2008-11-05 22:45 . 2008-11-05 22:45 <DIR> d-------- c:\programmi\Google
2008-11-03 21:39 . 2004-08-19 15:39 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-03 21:39 . 2001-08-30 23:07 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-11-02 23:18 . 2008-11-02 23:18 <DIR> d-------- c:\windows\Sun
2008-11-02 01:14 . 2008-11-15 19:35 <DIR> d-------- c:\programmi\eMule
2008-11-01 12:31 . 2008-11-18 00:04 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-01 12:31 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2008-11-01 11:35 . 2003-10-30 02:14 34,329 --------- c:\windows\O2_Uninstall.EXE
2008-11-01 11:34 . 2003-10-27 21:17 190,465 --a------ c:\windows\system32\drivers\o2mmb.sys
2008-11-01 11:34 . 2003-10-31 16:25 8,008 --a------ c:\windows\system32\drivers\o2mmb.cat
2008-11-01 11:34 . 2003-08-26 10:46 5,817 --a------ c:\windows\system32\drivers\MbxStby.sys
2008-11-01 11:34 . 2003-10-28 15:34 2,539 --a------ c:\windows\system32\drivers\o2mmb.inf
2008-10-30 22:11 . 2007-07-30 19:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-10-30 22:11 . 2007-07-30 19:19 207,736 --a------ c:\windows\system32\muweb.dll
2008-10-30 22:11 . 2007-07-30 19:18 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-30 14:33 . 2008-11-03 21:27 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-29 21:50 . 2008-10-29 21:50 <DIR> d---s---- c:\documents and settings\arcangelo\UserData
2008-10-29 21:42 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2008-10-29 21:42 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2008-10-29 20:40 . 2008-10-29 23:18 <DIR> d-------- c:\documents and settings\arcangelo\Contacts
2008-10-29 20:38 . 2008-10-29 20:38 <DIR> d-------- c:\programmi\Windows Live Toolbar
2008-10-29 20:38 . 2008-10-29 20:38 <DIR> d-------- c:\programmi\Windows Live Favorites
2008-10-29 20:31 . 2008-10-29 20:31 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-10-29 20:20 . 2008-10-29 20:42 <DIR> d-------- c:\programmi\Windows Live
2008-10-29 20:20 . 2008-10-29 20:31 <DIR> d--hsc--- c:\programmi\File comuni\WindowsLiveInstaller
2008-10-29 20:20 . 2008-10-29 20:20 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-10-29 20:11 . 2008-10-29 20:12 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\UDL
2008-10-29 20:08 . 2006-04-05 02:05 73,216 --a------ c:\windows\system32\E_FLBBIE.DLL
2008-10-29 20:08 . 2005-04-11 02:01 62,976 --a------ c:\windows\system32\E_FD4BBIE.DLL
2008-10-29 20:08 . 2004-09-10 21:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
2008-10-29 20:08 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-10-29 20:08 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-10-29 20:08 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-29 20:08 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-10-29 20:08 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-10-29 20:08 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-10-29 20:06 . 2008-10-29 20:10 <DIR> d-------- c:\programmi\epson
2008-10-29 20:06 . 2006-03-20 00:00 63,488 --a------ c:\windows\system32\escwiad.dll
2008-10-29 20:06 . 2008-10-29 20:06 25 --a------ c:\windows\CDE DX6000EIPS.ini
2008-10-29 19:46 . 2001-08-17 21:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2008-10-29 19:46 . 2001-08-17 21:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys
2008-10-29 15:37 . 2008-10-29 15:37 <DIR> d-------- c:\programmi\Skype
2008-10-29 15:37 . 2008-10-29 15:37 <DIR> d-------- c:\programmi\File comuni\Skype
2008-10-29 15:37 . 2008-10-29 16:37 <DIR> d-------- c:\documents and settings\arcangelo\Dati applicazioni\Skype
2008-10-29 15:36 . 2008-10-29 15:37 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Skype
2008-10-29 15:27 . 2008-10-29 21:24 <DIR> d-------- c:\documents and settings\arcangelo\Dati applicazioni\AdobeUM
2008-10-29 15:24 . 2006-08-31 18:46 176,235 --a------ c:\windows\system32\Primomonnt.dll
2008-10-29 15:17 . 2008-10-29 15:17 <DIR> d-------- c:\documents and settings\arcangelo\Dati applicazioni\Ahead
2008-10-29 15:15 . 2008-10-29 15:15 <DIR> d-------- c:\programmi\Nero
2008-10-29 15:15 . 2008-10-29 15:18 <DIR> d-------- c:\programmi\File comuni\Ahead
2008-10-29 14:43 . 2008-10-29 14:43 <DIR> d-------- c:\windows\Cache
2008-10-29 14:40 . 2008-10-29 14:40 <DIR> d-------- c:\documents and settings\arcangelo\WINDOWS
2008-10-29 14:39 . 2008-10-29 14:39 <DIR> d-------- c:\programmi\Realtek Sound Manager
2008-10-29 14:39 . 2008-10-29 14:39 <DIR> d-------- c:\programmi\AvRack
2008-10-29 14:39 . 2004-06-18 16:32 15,684,608 --a------ c:\windows\system32\ALSNDMGR.CPL
2008-10-29 14:38 . 2008-10-29 14:38 <DIR> d-------- c:\programmi\ATI Technologies
2008-10-29 13:43 . 2008-10-29 13:43 <DIR> d-------- c:\windows\PrimoPDF
2008-10-29 13:43 . 2008-10-29 13:43 <DIR> d-------- c:\programmi\activePDF
2008-10-29 13:05 . 2008-11-17 19:12 13,030 --a------ C:\PDOXUSRS.NET
2008-10-29 12:57 . 1999-11-12 04:11 183,808 --a------ c:\windows\system32\bdeadmin.cpl
2008-10-29 12:57 . 1997-05-30 00:00 21,824 --a------ c:\windows\system32\drivers\Cpwnt.sys
2008-10-29 12:57 . 2002-05-21 00:05 16,948 --a------ c:\windows\system32\Cpwin32.dll
2008-10-29 12:56 . 2008-11-16 23:54 <DIR> d-------- c:\programmi\File comuni\Adobe
2008-10-29 12:56 . 2008-10-29 13:02 <DIR> d-------- C:\ACCA
2008-10-29 12:55 . 1998-11-13 13:07 307,712 --a------ c:\windows\IsUn0410.exe
2008-10-29 12:40 . 2008-11-01 11:33 <DIR> d-------- C:\fsc.tmp
2008-10-29 11:03 . 2008-10-29 11:03 <DIR> d-------- c:\programmi\InterVideo
2008-10-29 11:03 . 2002-11-21 10:57 204,800 --a------ c:\windows\system32\IVIresizeW7.dll
2008-10-29 11:03 . 2002-11-21 10:57 200,704 --a------ c:\windows\system32\IVIresizeA6.dll
2008-10-29 11:03 . 2002-11-21 10:57 192,512 --a------ c:\windows\system32\IVIresizeP6.dll
2008-10-29 11:03 . 2002-11-21 10:57 192,512 --a------ c:\windows\system32\IVIresizeM6.dll
2008-10-29 11:03 . 2002-11-21 10:57 188,416 --a------ c:\windows\system32\IVIresizePX.dll
2008-10-29 11:03 . 2002-11-21 10:57 20,480 --a------ c:\windows\system32\IVIresize.dll
2008-10-29 10:58 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-10-29 10:58 . 2008-10-29 10:58 424 --a------ c:\windows\ODBC.INI
2008-10-29 10:56 . 2008-10-29 10:57 <DIR> d-------- c:\windows\SHELLNEW
2008-10-29 10:54 . 2008-10-29 10:54 <DIR> d-------- c:\programmi\Microsoft.NET
2008-10-29 10:53 . 2008-10-29 10:53 <DIR> dr-h----- C:\MSOCache
2008-10-29 10:47 . 2008-10-29 10:47 <DIR> d-------- c:\programmi\File comuni\Macrovision Shared
2008-10-29 10:47 . 2008-10-29 10:47 <DIR> d-------- c:\programmi\Autodesk
2008-10-29 10:47 . 2008-10-29 10:47 54,784 --a------ c:\windows\system32\drivers\CDAC11BA.EXE
2008-10-29 10:47 . 2008-10-29 10:47 12,464 --a------ c:\windows\system32\drivers\CDAC15BA.SYS
2008-10-29 10:46 . 2008-10-29 10:46 <DIR> d-------- c:\windows\system32\Common Files
2008-10-29 10:46 . 2008-10-29 10:46 <DIR> d-------- c:\programmi\AnswerWorks 4.0
2008-10-29 10:45 . 2008-10-29 10:46 <DIR> d-------- c:\programmi\File comuni\Autodesk Shared
2008-10-29 10:45 . 2008-10-29 10:49 <DIR> d-------- c:\programmi\AutoCAD 2004
2008-10-29 10:45 . 2008-10-29 10:49 <DIR> d-------- c:\documents and settings\arcangelo\Dati applicazioni\Autodesk
2008-10-29 10:45 . 2008-10-29 10:45 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2008-10-29 10:32 . 2008-11-17 23:34 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-10-29 10:32 . 2008-10-29 10:32 <DIR> d-------- c:\programmi\AVG
2008-10-29 10:32 . 2008-10-29 10:32 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\avg8
2008-10-29 10:32 . 2008-10-29 10:32 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 07:12 155,995 ----a-w c:\windows\java\Packages\A68QZP7P.ZIP
2008-10-29 00:34 --------- d-----w c:\programmi\microsoft frontpage
2008-10-29 00:34 --------- d-----w c:\programmi\Java
2008-10-29 00:34 --------- d-----w c:\programmi\File comuni\Java
2008-10-29 00:30 --------- d-----w c:\programmi\Servizi in linea
2008-09-15 15:38 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-08-20 05:35 662,016 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
2008-11-05 22:45 522224 --a------ c:\programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-05 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-29 1234712]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-29 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-29 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-29 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-29 76040]
R2 cpwnt;cpwnt;c:\windows\system32\drivers\cpwnt.sys [2008-10-29 21824]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2008-11-01 190465]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2008-11-01 5817]
R3 PRISM_A00;PRISM 802.11 Driver;c:\windows\system32\DRIVERS\PRISMA00.sys [2004-07-20 393280]
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
2008-11-17 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORFÃOS REMOVIDOS - - - -
HKLM-Run-c:\windows\system32\kdujk.exe - c:\windows\system32\kdujk.exe
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.libero.it/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-18 00:12:41
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
PROCESSO: c:\windows\system32\winlogon.exe
-> c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2008-11-18 0.13.52
ComboFix-quarantined-files.txt 2008-11-17 23:13:20
Pre-Run: 36 485 111 808 byte disponibili
Post-Run: 36,976,906,240 byte disponibili
227 --- E O F --- 2008-11-03 12:05:07
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.14.20, on 18/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.libero.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resources/scan8/oscan8.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5845 bytes