scansione con findkill
----------------- FindyKill V4.700 ------------------
* User: marco mattioli - MARCO
* Executed from : C:\Programmi\FindyKill
* Update on 13/11/08 by Chiquitine29
* Start at 12:25:32 the 01/11/2009
* Windows XP - Internet Explorer 8.0.6001.18702
((((((((((((((((( *** Searching *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
--------------- [ Infected files / folders ] ----------------
»»»» Presence Files in C:
»»»» Presence Files in C:\WINDOWS
»»»» Presence Files in C:\WINDOWS\Prefetch
»»»» Presence Files in C:\WINDOWS\system32
»»»» Presence Files in C:\WINDOWS\system32\drivers
»»»» Presence Files in C:\Documents and Settings\marco mattioli\Dati applicazioni
»»»» Presence Files in C:\DOCUME~1\MARCOM~1\IMPOST~1\Temp
»»»» Presence Files in C:\Documents and Settings\marco mattioli\Local Settings\Temporary Internet Files\Content.IE5
--------------- [ Registry / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
LogitechCameraAssistant REG_SZ C:\Programmi\Logitech\Video\CameraAssistant.exe
LogitechVideo[inspector] REG_SZ C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
LogitechCameraService(E) REG_SZ C:\WINDOWS\system32\ElkCtrl.exe /automation
NeroFilterCheck REG_SZ C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
SoundMan REG_SZ SOUNDMAN.EXE
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
nod32kui REG_SZ "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
SunJavaUpdateSched REG_SZ "C:\Programmi\Java\jre6\bin\jusched.exe"
TkBellExe REG_SZ "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
Adobe Reader Speed Launcher REG_SZ "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
QuickTime Task REG_SZ "C:\Programmi\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Programmi\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
Packard Bell Software Suite REG_SZ C:\Programmi\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
MSMSGS REG_SZ "C:\Programmi\Messenger\msmsgs.exe" /background
Google Update REG_SZ "C:\Documents and Settings\marco mattioli\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
AdobeBridge REG_SZ
--------------- [ Registry / Infected keys ] ----------------
Found ! - HKEY_USERS\S-1-5-21-606747145-1085031214-839522115-1004\Software\bisoft
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
--------------- [ States / Services ] ----------------
Missing key : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- boot mode not available !!
Missing key : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
- boot mode not available !!
Missing key : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
- boot mode not available !!
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
EapHost - Type of startup = 2
/!\ Ip6Fw - Type of startup = 4
/!\ SharedAccess - Type of startup = 4
/!\ wuauserv - Type of startup = 4
/!\ wscsvc - Type of startup = 4
--------------- [ Searching in removable drives ] ----------------
+- Informations :
C: - Unit… fissa
+- Presence of files :
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
------------------- ! End of report ! --------------------
cosa devo fare ora?