MegaLab.it

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.30.25, on 18/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\system32\WgaTray.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 169.254.21.180:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 255.255.255.255 http://www.casinoxo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS2\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows2\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1815409250
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE373324-C675-45E0-AA93-A7F8A3CF0B5A}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS2\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Programmi\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Programmi\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\WINDOWS2\TEMP\AVSETUP_4a3281cb\basic\avupgsvc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Malware Defender Service (MalwareDefenderService) - TorchSoft - c:\programmi\malware defender\mdservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS2\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS2\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS2\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5389 bytes

ComboFix 09-06-17.04 - Alessandro 18/06/2009 16.35.50.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.512.293 [GMT 2:00]
Eseguito da: c:\documents and settings\Alessandro\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\SeekappSrch
c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\mmwqa.exe
c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\mmwqa_nav.dat
c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\mmwqa_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2009-05-18 al 2009-06-18 )))))))))))))))))))))))))))))))))))
.

2009-06-18 14:30 . 2009-06-18 14:30 -------- d-----w- c:\programmi\Trend Micro
2009-06-18 05:54 . 2009-06-18 05:54 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-18 05:32 . 2009-06-18 05:32 11952 ----a-w- c:\windows2\system32\avgrsstx.dll
2009-06-18 05:32 . 2009-06-18 05:32 108552 ----a-w- c:\windows2\system32\drivers\avgtdix.sys
2009-06-18 05:32 . 2009-06-18 05:32 327688 ----a-w- c:\windows2\system32\drivers\avgldx86.sys
2009-06-18 05:32 . 2009-06-18 05:32 27784 ----a-w- c:\windows2\system32\drivers\avgmfx86.sys
2009-06-18 05:32 . 2009-06-18 05:32 -------- d-----w- c:\windows2\system32\drivers\Avg
2009-06-18 05:31 . 2009-06-18 05:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Dati applicazioni\avg8
2009-06-13 15:33 . 2004-04-27 02:40 11264 ----a-w- c:\windows2\system32\SpOrder.dll
2009-06-13 13:42 . 2009-06-18 05:15 -------- d-----w- c:\programmi\Alwil Software
2009-06-12 16:55 . 2009-06-12 16:55 552 ----a-w- c:\windows2\system32\d3d8caps.dat
2009-06-12 15:10 . 2009-06-12 15:10 -------- d-----w- c:\windows2\system32\wbem\Repository
2009-06-12 15:09 . 2009-06-12 15:09 -------- d-----w- c:\programmi\Windows Media Components
2009-06-12 15:08 . 2009-06-12 15:08 -------- d-----w- c:\programmi\Ulead Systems
2009-06-12 15:08 . 2009-06-12 15:08 -------- d-----w- c:\programmi\XP Codec Pack
2009-06-12 15:08 . 2009-06-12 15:08 -------- d-----w- c:\programmi\XviD
2009-06-12 15:08 . 2009-06-12 15:08 -------- d-----w- c:\programmi\NimoCodec Pack
2009-06-12 15:08 . 2009-06-12 15:08 -------- d-----w- c:\programmi\Flash Movie Player
2009-06-12 15:08 . 2009-06-12 15:08 -------- d-----w- c:\programmi\RealWorld Paint.COM
2009-06-12 15:07 . 2009-06-12 15:08 -------- d-----w- c:\programmi\File comuni\Ulead Systems
2009-06-12 14:44 . 2009-06-12 14:44 -------- d-----w- c:\windows2\system32\FxsTmp
2009-06-09 07:42 . 2009-06-09 07:42 -------- d-----w- c:\windows2\nview
2009-06-09 07:40 . 2009-06-09 07:40 -------- d-----w- C:\NVIDIA
2009-06-09 05:50 . 2009-06-09 05:50 -------- d-----w- c:\windows2\system32\custom matrices
2009-06-09 05:49 . 2009-06-12 15:06 -------- d-----w- c:\windows2\system32\C2MP
2009-06-08 08:09 . 2009-06-08 08:09 -------- d-----w- c:\documents and settings\Alessandro\IETldCache
2009-06-06 17:21 . 2009-06-12 15:07 -------- d-----w- c:\programmi\Microsoft Bootvis
2009-06-06 09:18 . 2009-06-06 09:18 11952 ----a-w- c:\windows2\system32\avgrsstx(2).dll
2009-06-06 09:18 . 2009-06-09 16:03 -------- d-----w- c:\windows2\system32\drivers\Avg(2)
2009-06-06 09:17 . 2009-06-06 09:17 -------- d-----w- c:\programmi\AVG
2009-06-05 13:43 . 2009-06-12 15:08 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\RealWorld
2009-06-05 13:43 . 2009-06-05 13:43 133684 ----a-r- c:\documents and settings\Alessandro\Dati applicazioni\Microsoft\Installer\{D861E896-1511-4893-A26A-E21F44EC569C}\_C4D79B529E106C775BE2C4.exe
2009-06-05 13:43 . 2009-06-05 13:43 133684 ----a-r- c:\documents and settings\Alessandro\Dati applicazioni\Microsoft\Installer\{D861E896-1511-4893-A26A-E21F44EC569C}\_1BE4AE11769CDBB496FFE0.exe
2009-06-05 13:43 . 2009-06-05 13:43 10134 ----a-r- c:\documents and settings\Alessandro\Dati applicazioni\Microsoft\Installer\{D861E896-1511-4893-A26A-E21F44EC569C}\_6FEFF9B68218417F98F549.exe
2009-06-05 12:48 . 2009-06-12 15:06 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\dvdcss
2009-06-05 11:23 . 2009-06-05 11:23 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\vlc
2009-06-05 11:22 . 2009-06-05 11:22 -------- d-----w- c:\programmi\VideoLAN
2009-06-05 10:39 . 2009-06-05 10:51 -------- d-----w- c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\Deployment
2009-06-05 06:01 . 2009-06-05 06:03 -------- d-----w- c:\programmi\eMule
2009-06-04 17:21 . 2009-06-12 16:26 -------- d-----w- C:\SMCLpav
2009-06-03 16:47 . 2009-06-03 16:47 4096 ----a-w- c:\windows2\d3dx.dat
2009-06-03 16:47 . 2009-06-03 16:48 -------- d-----w- c:\programmi\Block Breaker Deluxe - Midnight Challenge
2009-06-03 14:37 . 2009-06-03 14:42 -------- d-----w- c:\programmi\Wise Registry Cleaner
2009-06-03 10:45 . 2009-06-03 10:45 -------- d-----w- c:\programmi\SIW
2009-06-02 09:49 . 2009-06-02 09:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Dati applicazioni\SeekappSrch
2009-06-02 09:49 . 2009-05-07 20:30 54760 ----a-w- c:\documents and settings\All Users.WINDOWS2\Dati applicazioni\SeekappSrch\seekapp139.exe
2009-06-02 09:46 . 2009-06-02 09:46 -------- d-----w- c:\windows2\Icons
2009-05-21 17:53 . 2009-05-21 17:53 603904 ----a-w- c:\windows2\system32\TUProgSt.exe
2009-05-21 17:53 . 2008-12-11 11:31 27904 ----a-w- c:\windows2\system32\uxtuneup.dll
2009-05-21 17:53 . 2009-05-21 17:53 360192 ----a-w- c:\windows2\system32\TuneUpDefragService.exe
2009-05-21 17:53 . 2009-05-21 17:53 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\TuneUp Software
2009-05-21 17:52 . 2009-05-21 17:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Dati applicazioni\TuneUp Software
2009-05-21 17:52 . 2009-05-21 17:53 -------- d-----w- c:\programmi\TuneUp Utilities 2009
2009-05-21 17:51 . 2009-05-21 17:51 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS2\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-20 18:23 . 2009-05-20 19:37 -------- d-----w- C:\WMOUSE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 14:21 . 2005-03-21 15:18 4212 -c-h--w- c:\windows2\system32\zllictbl.dat
2009-06-13 10:35 . 2008-09-27 17:39 -------- d-----w- c:\programmi\IObit
2009-06-12 16:36 . 2009-04-30 17:14 -------- d-----w- c:\programmi\Wise Disk Cleaner
2009-06-12 15:08 . 2006-12-19 15:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Dati applicazioni\Ulead Systems
2009-06-12 15:08 . 2004-09-16 07:48 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-06-12 15:08 . 2007-09-01 18:04 -------- d-----w- c:\programmi\DivX
2009-06-12 08:52 . 2008-11-19 18:44 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\IObit
2009-06-09 17:22 . 2003-04-08 12:00 75902 ----a-w- c:\windows2\system32\perfc010.dat
2009-06-09 17:22 . 2003-04-08 12:00 451608 ----a-w- c:\windows2\system32\perfh010.dat
2009-06-06 09:09 . 2008-05-25 12:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Dati applicazioni\Avira
2009-06-05 11:14 . 2007-11-24 13:36 -------- d-----w- c:\programmi\Combined Community Codec Pack
2009-06-04 17:22 . 2005-03-21 15:29 -------- d-----w- c:\programmi\File comuni\Panda Software
2009-06-04 16:55 . 2004-09-27 08:28 -------- d-----w- c:\programmi\Elaborate Bytes
2009-06-03 06:54 . 2005-10-11 08:20 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\AdobeUM
2009-06-03 06:54 . 2004-09-16 08:02 -------- d-----w- c:\programmi\File comuni\Adobe
2009-06-02 09:27 . 2006-04-29 07:41 -------- d-----w- c:\programmi\Nokia
2009-06-02 08:20 . 2009-05-04 18:17 55640 ----a-w- c:\windows2\system32\drivers\avgntflt.sys
2009-05-21 13:22 . 2008-05-27 14:15 -------- d-----w- c:\programmi\Google
2009-05-07 15:32 . 2003-04-08 12:00 347648 ------w- c:\windows2\system32\localspl.dll
2009-05-06 08:53 . 2006-12-08 14:33 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\MSN6
2009-05-04 09:01 . 2009-05-04 09:01 -------- d-----w- c:\programmi\VS Revo Group
2009-05-03 14:23 . 2009-04-28 05:04 -------- d-----w- c:\programmi\Malware Defender
2009-04-30 17:12 . 2007-11-24 13:34 -------- d-----w- c:\programmi\CCleaner
2009-04-29 04:45 . 2004-12-07 18:18 827392 ----a-w- c:\windows2\system32\wininet.dll
2009-04-29 04:44 . 2005-03-21 16:48 78336 ----a-w- c:\windows2\system32\ieencode.dll
2009-04-28 04:59 . 2009-04-28 04:57 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-04-28 04:59 . 2009-04-28 04:59 2967799 ----a-w- c:\documents and settings\All Users.WINDOWS2\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-04-28 04:57 . 2009-04-28 04:57 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\Malwarebytes
2009-04-28 04:57 . 2009-04-28 04:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Dati applicazioni\Malwarebytes
2009-04-19 19:47 . 2003-04-08 12:00 1847168 ------w- c:\windows2\system32\win32k.sys
2009-04-15 14:52 . 2005-03-04 11:45 585216 ----a-w- c:\windows2\system32\rpcrt4.dll
2009-04-10 20:09 . 2005-03-03 18:50 113288 -c--a-w- c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-06 13:32 . 2009-04-28 04:57 38496 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-04-28 04:57 15504 ----a-w- c:\windows2\system32\drivers\mbam.sys
2003-10-23 15:52 . 2004-09-16 09:38 40960 -c--a-w- c:\programmi\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows2\system32\ctfmon.exe" [2008-04-14 15360]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2009-04-30 2329936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-18 1948440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-18 05:32 11952 ----a-w- c:\windows2\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cecgswi
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\??Network Card\\English\\HD-620E(610E) IP SETUP(ENGLISH).exe"=
"d:\\??Network Card\\English\\HD-620E(610E) IP SETUP(ENGLISH).exe"=
"c:\\WINDOWS2\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows2\system32\drivers\avgtdix.sys [18/06/2009 7.32.25 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows2\system32\drivers\avgldx86.sys [18/06/2009 7.32.23 327688]
S1 mdndibmo;mdndibmo;c:\windows2\system32\drivers\mdndibmo.sys [28/04/2009 7.04.31 231424]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\programmi\Avira\AntiVir Desktop\sched.exe" c:\programmi\Avira\AntiVir Desktop\sched.exe
S2 AntiVirUpgradeService;Avira Upgrade Service;"c:\windows2\TEMP\AVSETUP_4a3281cb\basic\avupgsvc.exe" /TEMPSTART:""c:\windows2\TEMP\AVSETUP_4a3281cb\basic\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" c:\windows2\TEMP\AVSETUP_4a3281cb\basic\avupgsvc.exe
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [18/06/2009 7.31.59 298776]
S2 MalwareDefenderService;Malware Defender Service;c:\programmi\Malware Defender\mdservice.exe [13/02/2009 7.12.44 83456]
S2 NwSapAgent;Agente SAP;c:\windows2\System32\svchost.exe -k netsvcs [08/04/2003 14.00.00 14336]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows2\system32\TUProgSt.exe [21/05/2009 19.53.44 603904]
S3 DCamUSBNovatek;BenQ DC C510 USB Device;c:\windows2\system32\drivers\nvtcam.sys [19/12/2006 17.46.19 79872]
S3 ultradfg;ultradfg;c:\windows2\system32\drivers\ultradfg.sys [15/03/2009 12.46.14 32256]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-17 c:\windows2\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-813497703-839522115-1004.job
- c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-06-05 10:51]

2009-06-18 c:\windows2\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 14:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.facebook.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = 169.254.21.180:80
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {DE373324-C675-45E0-AA93-A7F8A3CF0B5A} = 192.168.1.1
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-18 16:42
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS2\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,7c,12,41,cc,46,
3c,47,33,c8,28,51,af,b0,29,a3,98,a7,54,c3,38,cd,89,54,af,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS2\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,11,f3,af,b1,64,
48,8d,b0,71,3b,04,66,8b,46,0d,96,cb,00,6f,6a,f6,61,0b,27,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS2\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,cc,c8,b5,2a,7f,
2b,2e,15,25,da,ec,7e,55,20,c9,26,4d,8c,67,4b,e9,04,e9,a1,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS2\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,12,7f,83,66,b0,
12,2b,d6,3e,1e,9e,e0,57,5a,93,61,57,18,d8,82,20,b8,e3,17,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS2\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,df,96,7c,b3,47,
9b,ba,2e,cd,44,cd,b9,a6,33,6c,cd,fd,0a,2c,a5,0f,5e,e2,b1,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS2\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,0a,6e,24,a3,0e,
8d,33,82,b0,18,ed,a7,3f,8d,37,a4,43,77,42,e4,dc,b5,31,40,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS2\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,95,6d,30,4b,b9,
93,2e,b9,31,77,e1,ba,b1,f8,68,02,94,e6,ad,e7,e6,a5,c1,21,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS2\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,ad,bf,9e,35,8c,
91,98,95,83,6c,56,8b,a0,85,96,ab,ab,34,b4,b6,5c,74,49,95,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS2\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,c8,bd,0e,f3,38,
90,fc,0f,51,fa,6e,91,28,9e,14,cc,ae,6c,7f,cd,f6,96,35,15,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS2\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,7e,50,0c,c4,c1,
4b,eb,92,b1,cd,45,5a,a8,c4,f8,b9,d4,27,dc,c1,d0,c1,cc,79,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS2\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,01,9b,f9,cf,55,
37,80,06,e3,0e,66,d5,eb,bc,2f,6b,c9,b0,92,ba,7c,97,67,0e,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS2\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,e9,e9,63,93,68,
fa,13,85,fa,ea,66,7f,d4,3b,6b,70,ac,e8,34,bb,60,fd,f2,a2,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ñw*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS2\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows2\system32\L3codeca.acm
c:\windows2\system32\DivXa32.acm
c:\windows2\system32\LameACM.dll
c:\windows2\system32\sirenacm.dll
c:\windows2\system32\iac25_32.ax
.
Ora fine scansione: 2009-06-18 16.45.28
ComboFix-quarantined-files.txt 2009-06-18 14:45

Pre-Run: 23.685.177.344 byte disponibili
Post-Run: 23.916.306.432 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS2
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS2="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

269

Malwarebytes' Anti-Malware 1.36
Versione del database: 2051
Windows 5.1.2600 Service Pack 3

18/06/2009 18.48.01
mbam-log-2009-06-18 (18-48-01).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 236586
Tempo trascorso: 49 minute(s), 55 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Tipo evento: Errore
Origine evento: Service Control Manager
Categoria evento: Nessuno
ID evento: 7026
Data: 19/06/2009
Ora: 8.55.26
Utente: N/D
Computer: SALOTTO
Descrizione:
All'avvio non è stato possibile caricare i seguenti driver:
AmdK7
AvgLdx86
AvgMfx86
Fips
mdndibmo

Per ulteriori informazioni, consultare la Guida in linea e supporto tecnico all'indirizzo http://go.microsoft.com/fwlink/events.asp.