Ecco il log:
ComboFix 08-11-09.04 - Natascha Buzzoni 2008-11-10 18:47:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.738 [GMT 1:00]
Interruttori di comando utilizzati :: /killall
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Natascha Buzzoni\Application Data\m
c:\documents and settings\Natascha Buzzoni\Application Data\m\data.oct
c:\documents and settings\Natascha Buzzoni\Application Data\m\flec006.exe
c:\documents and settings\Natascha Buzzoni\Application Data\m\list.oct
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\10by10 GDS Gadget 1.0.0.0.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Ap Document to PDF converter 3.0 (Key+Serial).zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\ComfortAir HVAC Software 4.0.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Data Doctor Keylogger 2.0.1.5.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Digital_Indicators_Generator_1.7.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\DocSmartz_-_PDF_to_Word_Converter_3.0_(KeyGen).zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Ez Thumbnail Maker 1.0.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\FreeNote 1.262.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\FS2002 Resample Texture Converter 4.00.1.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\German for Beginners 0.06.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Greatis Image Editor 1.1.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Halle_Berry_Sex-E_Screensaver_3.1.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\HeckleWorks Pro 4.0.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\ImagePrinz 2.0.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Lyttlesoft_Personal_Organizer_1.8_build_466_(KeyGen).zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\M2SYS-Biometrics_Suite_4.1.0_Key+Serial.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Mail Server Pro 1.6.czip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Mail Server Pro 1.6.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Marbleous_1.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Moo!_1.0.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Mouse_Tutor_1.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Movkit_DVD_to_iPod_Ripper_4.0_build_20070318.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\MS Access Find and Replace Software 7.0.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Myriad_7.0.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\NetCop_System_Shield_1.0.3.1.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\PDF to Image SDK Client License 1.0.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\PDF_Stamp_Command_Line_2.1.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Philadelphia_Eagles_Screensaver_1.0.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Plasmaplugs_Table_Renderer_1.1.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Pong_The_Next_Level_demo.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\PRO-53_3.0.4.002.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Remove_Duplicates_from_Outlook_Express_2.3_(Crack).zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Resume_Bomber_1.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\S.W.A.T. Pro 1.5.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Seek_&_Destroy_demo.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Simple Calculator 1.0.1.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Snatch-It_1.0.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Sweet_Candies_3D_Screensaver_1.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Travel Dictionary Spanish PPC 3.0.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Triplehash Serlient 2.2.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Ultimate Math Solver 6.0.2.3.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\VisualRenamer_1.7.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Wings II Email Stationery 1.0a.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\WinShrink 1.00.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\wTimer_0.2.zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\shared\Zero-X_BeatCreator_3.32_[Key].zip
c:\documents and settings\Natascha Buzzoni\Application Data\m\srvlist.oct
c:\programmi\RssReader\RssReader.exe
c:\windows\system32\config\systemprofile\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\downld\41104984.exe
c:\windows\system32\drivers\downld\41106328.exe
c:\windows\system32\drivers\downld\41113656.exe
c:\windows\system32\drivers\downld\41118937.exe
c:\windows\system32\drivers\downld\41122312.exe
c:\windows\system32\drivers\downld\41124062.exe
c:\windows\system32\drivers\downld\41127140.exe
c:\windows\system32\drivers\downld\41130187.exe
c:\windows\system32\drivers\downld\41134796.exe
c:\windows\system32\drivers\downld\41138953.exe
c:\windows\system32\drivers\downld\41174984.exe
c:\windows\system32\drivers\downld\41178093.exe
c:\windows\system32\drivers\downld\41179046.exe
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SROSA
-------\Legacy_SROSA
((((((((((((((((((((((((( Files Creati Da 2008-10-10 al 2008-11-10 )))))))))))))))))))))))))))))))))))
.
2008-11-10 04:46 . 2008-11-10 04:46 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-11-10 03:39 . 2006-02-22 02:59 176,128 --a------ c:\windows\system32\nvusmb.exe
2008-11-10 03:39 . 2006-02-22 02:59 176,128 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-10 03:39 . 2005-10-19 05:05 1,864 --a------ c:\windows\system32\nvsmb.nvu
2008-11-10 03:38 . 2008-11-10 03:38 <DIR> d-------- c:\programmi\DIFX
2008-11-10 03:38 . 2008-11-10 03:38 <DIR> d-------- c:\programmi\Broadcom
2008-11-10 01:44 . 2008-11-10 17:46 7,168 --a------ c:\windows\system32\drivers\srosa2.sys
2008-10-30 17:35 . 2008-10-30 17:35 <DIR> d-------- c:\programmi\Catan GmbH
2008-10-29 00:47 . 2008-10-29 00:47 <DIR> d-------- c:\windows\system32\it-it
2008-10-29 00:47 . 2008-10-29 00:47 <DIR> d-------- c:\windows\system32\it
2008-10-29 00:47 . 2008-10-29 00:47 <DIR> d-------- c:\windows\system32\bits
2008-10-29 00:47 . 2008-10-29 00:47 <DIR> d-------- c:\windows\l2schemas
2008-10-29 00:45 . 2008-10-29 00:48 <DIR> d-------- c:\windows\ServicePackFiles
2008-10-29 00:42 . 2008-10-29 00:54 2,711 --a------ c:\windows\imsins.BAK
2008-10-24 11:01 . 2008-10-15 17:36 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-14 22:22 . 2008-08-14 14:22 2,192,896 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 22:22 . 2008-08-14 14:22 2,148,864 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 22:22 . 2008-08-14 14:22 2,069,760 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 22:22 . 2008-08-14 14:22 2,027,520 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-14 22:19 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-14 22:18 . 2008-09-15 16:24 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-14 14:31 . 2008-04-14 03:13 1,737,856 --------- c:\windows\system32\mtxparhd.dll
2008-10-14 14:30 . 2004-08-03 21:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys
2008-10-14 14:29 . 2008-04-14 03:13 1,888,992 --------- c:\windows\system32\ati3duag.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 17:52 --------- d-----w c:\programmi\Mozilla Thunderbird
2008-11-10 17:50 --------- d-----w c:\programmi\RssReader
2008-11-09 13:20 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-11-08 01:42 --------- d-----w c:\programmi\KeePass Password Safe
2008-10-26 12:55 --------- d-----w c:\documents and settings\Natascha Buzzoni\Application Data\dvdcss
2008-10-24 09:56 --------- d-----w c:\documents and settings\Natascha Buzzoni\Application Data\OpenOffice.org2
2008-10-22 12:32 --------- d-----w c:\programmi\Microsoft Silverlight
2008-10-07 00:47 --------- d-----w c:\documents and settings\Natascha Buzzoni\Application Data\AdobeUM
2008-10-06 15:43 --------- d-----w c:\programmi\File comuni\Adobe
2008-09-26 13:34 --------- d-----w c:\documents and settings\Natascha Buzzoni\Application Data\KeePass
2008-08-06 22:34 24,912 -c--a-w c:\documents and settings\Natascha Buzzoni\ndgvhdpn.exe
2008-08-06 22:29 24,912 -c--a-w c:\documents and settings\Natascha Buzzoni\xfrudcmg.exe
2008-07-28 20:49 24,912 -c--a-w c:\documents and settings\Natascha Buzzoni\xvbcivmf.exe
2008-06-28 16:23 24,400 -c--a-w c:\documents and settings\Natascha Buzzoni\ghbskjsr.exe
2008-06-28 16:22 24,400 -c--a-w c:\documents and settings\Natascha Buzzoni\uosuhtpw.exe
2008-06-28 16:20 24,400 -c--a-w c:\documents and settings\Natascha Buzzoni\okslblee.exe
2008-06-28 16:19 24,400 -c--a-w c:\documents and settings\Natascha Buzzoni\onhdxslu.exe
2008-06-28 16:18 24,400 -c--a-w c:\documents and settings\Natascha Buzzoni\vaeucjkc.exe
2008-06-28 16:18 24,400 -c--a-w c:\documents and settings\Natascha Buzzoni\utzjxdnn.exe
2008-06-14 22:09 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\mrsefnif.exe
2008-06-14 22:08 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\jpjyziav.exe
2008-06-14 22:07 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\diozicnp.exe
2008-06-14 22:06 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\kwfflvge.exe
2008-06-14 22:05 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\larjryyp.exe
2008-06-14 22:04 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\budjslgi.exe
2008-06-14 22:03 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\cxsachem.exe
2008-06-14 22:02 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\ksectemv.exe
2008-06-14 22:01 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\mierxrlf.exe
2008-06-14 22:00 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\peemgkru.exe
2008-06-14 21:59 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\uuonvewv.exe
2008-06-14 21:58 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\itzvykcp.exe
2008-06-14 21:56 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\hpjfnwzc.exe
2008-06-14 21:55 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\mcdyelhm.exe
2008-06-14 21:53 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\yithujlu.exe
2008-06-14 21:52 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\eiwxyrmr.exe
2008-06-14 21:51 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\gxzmvjjw.exe
2008-06-14 21:50 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\oqpbtpej.exe
2008-06-14 21:49 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\kntvsokd.exe
2008-06-14 21:48 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\vhtgesvu.exe
2008-06-14 21:47 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\wtpynxqm.exe
2008-06-14 21:46 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\wezazemf.exe
2008-06-14 21:44 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\yxexkpmp.exe
2008-06-14 21:43 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\gohhmvrq.exe
2008-06-14 21:42 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\xmirbyey.exe
2008-06-14 21:41 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\bkfaxlda.exe
2008-06-14 21:40 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\cnrvgvaf.exe
2008-06-14 21:39 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\albynbgb.exe
2008-06-14 21:38 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\jesxutjy.exe
2008-06-14 21:37 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\vxjfwspc.exe
2008-06-14 21:36 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\hmpqbujd.exe
2008-06-14 21:34 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\slkwrhdw.exe
2008-06-14 21:33 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\stmtngok.exe
2008-06-14 21:32 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\brswmbag.exe
2008-06-14 21:31 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\vaqhodkx.exe
2008-06-14 21:30 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\aidwahlb.exe
2008-06-14 21:29 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\mzhkepuh.exe
2008-06-14 21:28 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\ngcahelw.exe
2008-06-14 21:27 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\sthvdeyg.exe
2008-06-14 21:26 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\jysailfl.exe
2008-06-14 21:24 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\irnpogzc.exe
2008-06-14 21:23 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\bzkymvyt.exe
2008-06-14 21:22 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\rauxgbwh.exe
2008-06-14 21:21 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\tyoawgjr.exe
2008-06-14 21:20 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\uwodwdqq.exe
2008-06-14 21:19 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\fqalznhy.exe
2008-06-14 21:18 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\hbxjhsuu.exe
2008-06-14 21:17 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\dwyvwtke.exe
2008-06-14 21:16 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\jslaavrl.exe
2008-06-14 21:14 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\jcsrecig.exe
2008-06-14 21:13 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\vczzmris.exe
2008-06-14 21:12 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\qxyctxvy.exe
2008-06-14 21:11 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\siywkoui.exe
2008-06-14 21:10 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\ziqagmvb.exe
2008-06-14 21:09 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\wpsqsnlb.exe
2008-06-14 21:08 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\atnuyngl.exe
2008-06-14 21:07 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\lqwbpqho.exe
2008-06-14 21:06 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\bqmchvdr.exe
2008-06-14 21:04 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\fotjygis.exe
2008-06-14 21:03 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\kyqdptef.exe
2008-06-14 21:02 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\wiuchufq.exe
2008-06-14 21:01 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\faaiyqar.exe
2008-06-14 21:00 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\mbakbtey.exe
2008-06-14 20:59 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\gamjjves.exe
2008-06-14 20:58 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\mmuvvnwl.exe
2008-06-14 20:57 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\ckxseuyy.exe
2008-06-14 20:56 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\sejrmbzt.exe
2008-06-14 20:54 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\zcdzmydz.exe
2008-06-14 20:53 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\rfmpumpx.exe
2008-06-14 20:52 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\cyteinxo.exe
2008-06-14 20:51 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\meczrylj.exe
2008-06-14 20:50 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\bvrbodkt.exe
2008-06-14 20:49 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\xijwvkbn.exe
2008-06-14 20:48 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\pvjhbwvl.exe
2008-06-14 20:47 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\hckporio.exe
2008-06-14 20:46 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\zwjbabiy.exe
2008-06-14 20:44 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\hgkmypar.exe
2008-06-14 20:43 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\dvqgjxjp.exe
2008-06-14 20:42 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\qxuvrqmb.exe
2008-06-14 20:41 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\ncohcths.exe
2008-06-14 20:40 31,056 -c--a-w c:\documents and settings\Natascha Buzzoni\ecxybmfe.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Picasa Media Detector"="c:\programmi\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-18 64512]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2006-07-11 102400]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-10 78008]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-05-27 413696]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"nwiz"="nwiz.exe" [2006-08-18 c:\windows\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Mozilla Thunderbird (2).lnk - c:\programmi\Mozilla Thunderbird\thunderbird.exe [2008-01-05 8501360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\EA GAMES\\La Battaglia per la Terra di Mezzo(tm)\\game.dat"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Ubisoft\\Heroes of Might and Magic V - Tribes of the East\\bin\\H5_Game.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
R1 sK9Ou0s;sK9Ou0s;c:\windows\system32\drivers\srosa2.sys [2008-11-10 7168]
R2 Poweroff;Poweroff;c:\windows\system32\poweroff.exe [2003-08-16 172032]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\Drivers\5U870CAP.sys [2006-06-06 61952]
R3 USBSTOR;Driver archiviazione di massa USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [ ]
S3 MODBDA2;DiBcom MOD3000 TV receiver;c:\windows\system32\Drivers\modbda2.sys [2006-07-16 32128]
S3 usbscan;Driver scanner USB;c:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
.
Contenuto della cartella 'Scheduled Tasks'
2008-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-10-11 c:\windows\Tasks\HPCeeSchedule.job
- c:\programmi\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 11:22]
2008-11-08 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\programmi\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 13:45]
.
- - - - ORFÃOS REMOVIDOS - - - -
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKCU-Run-RssReader - c:\programmi\RssReader\RssReader.exe
HKLM-Run-DXDllRegExe - dxdllreg.exe
.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\Natascha Buzzoni\Application Data\Mozilla\Firefox\Profiles\s6mgavvl.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
hxxp://www.lorenzoc.net/index.php?itemid=363.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-10 18:52:10
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe??@?????????????<?@?????(e??????Y?@?????<?@
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\msdtc.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-10 19:00:00 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-10 17:59:57
Pre-Run: 49,879,425,024 byte disponibili
Post-Run: 49,758,666,752 byte disponibili
332 --- E O F --- 2008-10-29 20:14:55