Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.orgVersione database: 5012
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
01/11/2010 14.56.36
mbam-log-2010-11-01 (14-56-36).txt
Tipo di scansione: Scansione completa (C:\|E:\|)
Elementi esaminati: 215512
Tempo trascorso: 1 ore, 3 minuti, 30 secondi
Processi infetti in memoria: 1
Moduli di memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 1
Voci infette nei dati di registro: 2
Cartelle infette: 0
File infetti: 1
Processi infetti in memoria:
C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> No action taken.
Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)
Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> No action taken.
Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> No action taken.
Voci infette nei dati di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> No action taken.
Cartelle infette:
(Non sono stati rilevati elementi nocivi)
File infetti:
C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> No action taken......
poi ho riavviato HijackThis......e questo e il nuovo risulkta
to
...quindi .......dopo ho rifatto la nuova scansione con Hijackthis......quindi il risultato è questo.....naturalemte non trovo + alcuni file........da spuntare....quindi procedo ugualmente?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.34.54, on 01/11/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Mobile Partner\Mobile Partner.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.supereva.it/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Umail - {4E6C4B0E-9C1B-4CF6-A502-1666E7BC51CF} -
http://www.umail.it (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.supereva.it/
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) -
file://C:\Programmi\AutoCAD 2002 Ita\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) -
file://C:\Programmi\AutoCAD 2002 Ita\AcDcToday.ocx
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
file://C:\Programmi\AutoCAD 2002 Ita\InstBanr.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) -
file://C:\Programmi\AutoCAD 2002 Ita\AcPreview.ocx
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Cannata/IMPOST~1/Temp/msohtml1/02/clip_image002.jpg
O24 - Desktop Component 1: (no name) -
http://www.ing.unict.it/images/linea.gifO24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/Cannata/IMPOST~1/Temp/msohtml1/14/clip_image002.jpg
--
End of file - 3907 bytes...............