ecco qui, come hai chiesto..
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.orgVersione database: 5747
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/02/2011 13.54.48
mbam-log-2011-02-12 (13-54-48).txt
Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 361307
Tempo trascorso: 2 ore, 11 minuti, 51 secondi
Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 66
Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)
Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)
Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)
Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)
Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)
Cartelle infette:
(Non sono stati rilevati elementi nocivi)
File infetti:
c:\documents and settings\guidolin glend\documenti\programmi pc\autocad 2011\cura\all autodesk 2011 product\xf-a2011-32bits\xf-a2011-32bits.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\documents and settings\guidolin glend\documenti\programmi pc\autocad 2011\cura\all autodesk 2011 product\xf-a2011-64bits\xf-a2011-64bits.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\documents and settings\guidolin glend\documenti\programmi pc\win rar\cura.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0066402.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0066403.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0066404.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0066405.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0066430.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0066486.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0066487.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0066488.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0067485.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0067486.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0067488.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0068485.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0068487.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0068488.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0068489.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0069486.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0070486.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0071485.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0071486.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0071487.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP409\A0071489.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP411\A0072486.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP411\A0072487.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP411\A0072489.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP411\A0072490.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP411\A0073489.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP411\A0073490.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP412\A0073545.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP412\A0073547.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP414\A0073618.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP414\A0073620.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP414\A0073621.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP416\A0073752.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP416\A0073753.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP417\A0073766.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP417\A0073768.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP417\A0073769.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP418\A0073783.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP418\A0073784.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP418\A0073786.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP419\A0074784.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP419\A0074785.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP419\A0074786.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP419\A0074787.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP419\A0074789.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP420\A0074855.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP420\A0074856.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP420\A0074857.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP420\A0074859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP421\A0075849.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP421\A0075850.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP421\A0075852.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP421\A0075853.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP422\A0075855.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP422\A0075856.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP422\A0075857.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP422\A0076848.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP422\A0076849.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP422\A0076850.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP422\A0076852.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP424\A0076855.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{8b7a22d4-a76e-4996-8147-5f0473e9ede1}\RP424\A0076856.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\iqwhiaus.sys (Trojan.Bubnix) -> Quarantined and deleted successfully.
e l'altro
ComboFix 11-02-11.02 - Guidolin Glend 12/02/2011 13.36.50.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1022.351 [GMT 1:00]
Eseguito da: c:\documents and settings\Guidolin Glend\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Outdated* {00000002-0002-0000-7C25-9E7C08000A00}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2011-01-12 al 2011-02-12 )))))))))))))))))))))))))))))))))))
.
2011-02-12 12:51 . 2011-02-12 12:51 -------- d-----w- c:\documents and settings\Guidolin Glend\Dati applicazioni\Malwarebytes
2011-02-12 12:51 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-12 12:51 . 2011-02-12 12:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-02-12 12:51 . 2011-02-12 12:51 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-02-12 12:51 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-12 12:34 . 2011-02-12 12:34 18300 ----a-w- c:\windows\system32\MAI15.tmp
2011-02-12 12:33 . 2011-02-12 12:33 18300 ----a-w- c:\windows\system32\MAI14.tmp
2011-02-10 20:18 . 2011-02-10 20:18 18300 ----a-w- c:\windows\system32\MAI11.tmp
2011-02-10 20:12 . 2011-02-10 20:12 18300 ----a-w- c:\windows\system32\MAI12.tmp
2011-02-10 20:09 . 2011-02-10 20:09 18300 ----a-w- c:\windows\system32\MAI6.tmp
2011-02-10 20:09 . 2011-02-10 20:09 18300 ----a-w- c:\windows\system32\MAI13.tmp
2011-02-10 20:08 . 2011-02-10 20:08 18300 ----a-w- c:\windows\system32\MAI10.tmp
2011-02-08 20:13 . 2011-02-08 20:13 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\Avira
2011-02-08 19:53 . 2011-02-08 19:53 18300 ----a-w- c:\windows\system32\MAID.tmp
2011-02-08 19:52 . 2011-02-08 19:52 18300 ----a-w- c:\windows\system32\MAIC.tmp
2011-02-08 19:52 . 2011-02-08 19:52 18300 ----a-w- c:\windows\system32\MAIF.tmp
2011-02-08 19:52 . 2011-02-08 19:52 18300 ----a-w- c:\windows\system32\MAIA.tmp
2011-02-08 19:52 . 2011-02-08 19:52 18300 ----a-w- c:\windows\system32\MAI5.tmp
2011-02-08 19:51 . 2011-02-08 19:51 18300 ----a-w- c:\windows\system32\MAIB.tmp
2011-02-08 19:51 . 2011-02-08 19:51 18300 ----a-w- c:\windows\system32\MAIE.tmp
2011-02-08 19:51 . 2011-02-08 19:51 18300 ----a-w- c:\windows\system32\MAI4.tmp
2011-02-08 19:51 . 2011-02-08 19:51 18300 ----a-w- c:\windows\system32\MAI3.tmp
2011-02-06 19:50 . 2011-02-06 19:50 18300 ----a-w- c:\windows\system32\MAI4D.tmp
2011-02-06 19:50 . 2011-02-06 19:50 18300 ----a-w- c:\windows\system32\MAI17.tmp
2011-02-06 19:48 . 2011-02-06 19:48 18300 ----a-w- c:\windows\system32\MAI7.tmp
2011-02-06 19:48 . 2011-02-06 19:48 18300 ----a-w- c:\windows\system32\MAI9.tmp
2011-02-06 19:47 . 2011-02-06 19:47 18300 ----a-w- c:\windows\system32\MAI8.tmp
2011-02-06 08:31 . 2011-02-06 08:31 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Avira
2011-02-05 17:46 . 2011-02-05 17:46 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Avira
2011-02-05 17:43 . 2011-02-12 12:46 739840 ----a-w- c:\windows\system32\drivers\iqwhiaus.sys
2011-01-26 12:26 . 2011-01-26 12:26 -------- d-----w- c:\documents and settings\Guidolin Glend\Impostazioni locali\Dati applicazioni\QuickPlay
2011-01-21 14:44 . 2011-01-21 14:44 440832 ------w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-19 20:05 . 2011-01-19 20:05 -------- d-----w- c:\programmi\Microsoft Silverlight
2011-01-16 14:57 . 2011-01-16 14:57 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\PC Suite
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-19 08:00 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-19 08:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-19 08:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-19 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:53 . 2004-08-19 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:53 . 2004-08-19 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:53 . 2004-08-19 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-19 08:00 735744 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-19 08:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 16:55 . 2010-12-18 16:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-12-15 20:04 . 2010-12-15 20:04 1409 ----a-w- c:\windows\QTFont.for
2010-12-11 16:32 . 2010-12-11 16:32 685644 ----a-w- c:\programmi\unins001.exe
2010-12-11 16:30 . 2010-12-11 16:30 711729 ----a-w- c:\programmi\unins000.exe
2010-12-09 15:15 . 2004-08-19 08:00 739840 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-19 08:00 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2004-08-19 08:00 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2004-08-19 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-18 18:12 . 2004-08-19 08:00 86016 ----a-w- c:\windows\system32\isign32.dll
.
(((((((((((((((((((((((((((((
SnapShot@2011-02-12_12.53.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-12 12:32 . 2011-02-12 12:32 16384 c:\windows\Temp\Perflib_Perfdata_1ac.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\tbPHP2.dll" [2010-10-18 3908192]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programmi\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
2010-10-18 10:26 3908192 ----a-w- c:\programmi\PHPNukeIT\tbPHP2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\programmi\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-10-18 10:26 3908192 ----a-w- c:\programmi\DVDVideoSoftTB\tbDVD0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\tbPHP2.dll" [2010-10-18 3908192]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programmi\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}"= "c:\programmi\PHPNukeIT\tbPHP2.dll" [2010-10-18 3908192]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\programmi\DVDVideoSoftTB\tbDVD0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"="c:\programmi\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-12-20 697856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7331840]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-15 86016]
"nwiz"="nwiz.exe" [2005-12-15 1519616]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-11-08 61952]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 761945]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2005-06-29 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"HPWS myPrintMileage Agent"="c:\programmi\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe" [2004-10-31 102400]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"PS121v2"="c:\program files\NETGEAR\PS121v2\PS121v2.exe" [2006-08-25 724992]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2007-12-11 286720]
"Nikon Transfer Monitor"="c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Guidolin Glend\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2010-10-25 142336]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Programmi\\File comuni\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Programmi\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [16/01/2010 21.54.45 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [16/01/2010 21.54.46 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [16/01/2010 21.54.45 434945]
R2 SentinelKeysServer;Sentinel Keys Server;c:\programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [17/09/2009 0.03.00 369952]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\programmi\File comuni\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [17/09/2009 0.00.02 292128]
R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [24/01/2010 13.19.21 10752]
R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [24/01/2010 13.19.21 37120]
S0 bhpfgu;bhpfgu;c:\windows\system32\drivers\ctkhydi.sys --> c:\windows\system32\drivers\ctkhydi.sys [?]
S0 daojjbnpe;daojjbnpe;c:\windows\system32\drivers\czwekffw.sys --> c:\windows\system32\drivers\czwekffw.sys [?]
S0 focjfrmepobyik;focjfrmepobyik;c:\windows\system32\drivers\xromciznudqv.sys --> c:\windows\system32\drivers\xromciznudqv.sys [?]
S0 gitlhfwqqoyjitw;gitlhfwqqoyjitw;c:\windows\system32\drivers\gqpgkkgenkq.sys --> c:\windows\system32\drivers\gqpgkkgenkq.sys [?]
S0 hcdpopjg;hcdpopjg;c:\windows\system32\drivers\fpliiebjcjljoc.sys --> c:\windows\system32\drivers\fpliiebjcjljoc.sys [?]
S0 ioizdo;ioizdo;c:\windows\system32\drivers\ijizbcku.sys --> c:\windows\system32\drivers\ijizbcku.sys [?]
S0 kmkvwdttiudba;kmkvwdttiudba;c:\windows\system32\drivers\ieivrduqki.sys --> c:\windows\system32\drivers\ieivrduqki.sys [?]
S0 luvdxavjwj;luvdxavjwj;c:\windows\system32\drivers\ouicmgqqi.sys --> c:\windows\system32\drivers\ouicmgqqi.sys [?]
S0 mnzgxyambjeka;mnzgxyambjeka;c:\windows\system32\drivers\bgglyonedfj.sys --> c:\windows\system32\drivers\bgglyonedfj.sys [?]
S0 opdmw;opdmw;c:\windows\system32\drivers\yzypuohxaywujd.sys --> c:\windows\system32\drivers\yzypuohxaywujd.sys [?]
S0 pxbngamhc;pxbngamhc;c:\windows\system32\drivers\djdtlcvda.sys --> c:\windows\system32\drivers\djdtlcvda.sys [?]
S0 qhbwi;qhbwi;c:\windows\system32\drivers\gxkmmqwbumary.sys --> c:\windows\system32\drivers\gxkmmqwbumary.sys [?]
S0 rhrvdilwzt;rhrvdilwzt;c:\windows\system32\drivers\ynfetrmjqcsjxl.sys --> c:\windows\system32\drivers\ynfetrmjqcsjxl.sys [?]
S0 rlpzturvxslxvxd;rlpzturvxslxvxd;c:\windows\system32\drivers\urjuwmnvcysdch.sys --> c:\windows\system32\drivers\urjuwmnvcysdch.sys [?]
S0 vvyoub;vvyoub;c:\windows\system32\drivers\oggjtunt.sys --> c:\windows\system32\drivers\oggjtunt.sys [?]
S0 wkyvmj;wkyvmj;c:\windows\system32\drivers\xcnojgugdjf.sys --> c:\windows\system32\drivers\xcnojgugdjf.sys [?]
S0 xecnnhmv;xecnnhmv;c:\windows\system32\drivers\sanritj.sys --> c:\windows\system32\drivers\sanritj.sys [?]
S0 xwizaymzscrkd;xwizaymzscrkd;c:\windows\system32\drivers\mpgppuxetamenyj.sys --> c:\windows\system32\drivers\mpgppuxetamenyj.sys [?]
S0 ykitejbmmj;ykitejbmmj;c:\windows\system32\drivers\ioyzdpejuklwmb.sys --> c:\windows\system32\drivers\ioyzdpejuklwmb.sys [?]
S0 ypdwuifpxphhu;ypdwuifpxphhu;c:\windows\system32\drivers\bktfbiuenlchep.sys --> c:\windows\system32\drivers\bktfbiuenlchep.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [12/05/2010 12.32.07 136176]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [02/09/2010 21.38.40 32377]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - iqwhiaus
.
Contenuto della cartella 'Scheduled Tasks'
2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-05-12 11:32]
2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-05-12 11:32]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.it/
uInternet Connection Wizard,ShellNext =
https://login.live.com/ppsecure/sha1auth.srf?lc=1040uInternet Settings,ProxyOverride = *.local
IE: &Cerca con Google - c:\programmi\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Traduci parola in italiano - c:\programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Link a ritroso - c:\programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Pagine simili - c:\programmi\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Versione cache della pagina - c:\programmi\Google\GoogleToolbar1.dll/cmcache.html
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab
FF - ProfilePath - c:\documents and settings\Guidolin Glend\Dati applicazioni\Mozilla\Firefox\Profiles\i4wojovb.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-02-12 13:46
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????????n??|?`???? ???B?????????????hLC????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iqwhiaus]
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'lsass.exe'(980)
c:\programmi\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(2480)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2011-02-12 13:48:59
ComboFix-quarantined-files.txt 2011-02-12 12:48
ComboFix2.txt 2011-02-12 12:55
Pre-Run: 56.566.038.528 byte disponibili
Post-Run: 56.546.795.520 byte disponibili
- - End Of File - - E51F3FCC72D9C12AF9928730882EAC0D
