Ciao luke.
Innanzitutto grazie per la risposta.
Riporto qui di seguito il contenuto del file di log.
************************************************************************************************************
ComboFix 08-07-22.4 - Utente1 2008-07-23 19.47.55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1581 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Utente1\desktop\combofix.exe
Command switches used :: /killall
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((( Files Creati Da 2008-06-23 al 2008-07-23 )))))))))))))))))))))))))))))))))))
.
2008-07-21 21:04 . 2008-07-21 21:04 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Simply Super Software
2008-07-21 20:34 . 2008-07-21 20:34 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
2008-07-21 00:05 . 2008-07-21 00:05 <DIR> d-------- C:\Programmi\Orbitdownloader
2008-07-21 00:05 . 2008-07-21 00:05 <DIR> d-------- C:\Downloads
2008-07-21 00:05 . 2008-07-21 01:53 <DIR> d-------- C:\Documents and Settings\Utente1\Dati applicazioni\Orbit
2008-07-20 23:56 . 2008-07-20 23:56 <DIR> d-------- C:\Documents and Settings\Utente1\Dati applicazioni\Xi
2008-07-20 23:28 . 2008-07-20 23:34 <DIR> d-------- C:\Programmi\MemInfo
2008-07-20 19:20 . 2008-07-21 20:29 <DIR> d-------- C:\Programmi\Trojan Remover
2008-07-20 19:20 . 2008-07-20 19:20 <DIR> d-------- C:\Documents and Settings\Utente1\Dati applicazioni\Simply Super Software
2008-07-20 19:20 . 2008-07-20 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Simply Super Software
2008-07-20 19:20 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-20 19:20 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-07-20 19:20 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-20 19:20 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-20 19:20 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-07-20 15:21 . 2008-07-20 15:21 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-07-20 15:21 . 2008-07-20 15:21 <DIR> d-------- C:\Documents and Settings\Utente1\Dati applicazioni\SUPERAntiSpyware.com
2008-07-20 15:21 . 2008-07-20 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-07-18 10:00 . 2008-07-18 10:00 <DIR> dr------- C:\Documents and Settings\NetworkService\Preferiti
2008-07-17 18:59 . 2008-07-17 18:58 29,760 --a------ C:\WINDOWS\system32\W8CQT3e0.exe
2008-07-17 18:59 . 2008-07-17 18:59 0 --a------ C:\WINDOWS\system32\W8CQT3e0.exe.a_a
2008-07-13 16:38 . 2008-07-13 16:38 <DIR> d-------- C:\Programmi\MSXML 4.0
2008-07-12 18:45 . 2008-07-12 18:45 <DIR> d-------- C:\Marco Polo
2008-07-12 13:50 . 2008-07-12 13:50 <DIR> d-------- C:\Documents and Settings\Utente1\Dati applicazioni\PC Suite
2008-07-12 13:19 . 2008-07-12 13:19 <DIR> d-------- C:\Documents and Settings\LUCA\Dati applicazioni\Datalayer
2008-07-12 13:08 . 2008-07-13 14:19 <DIR> d-------- C:\Documents and Settings\LUCA\Phone Browser
2008-07-12 13:08 . 2008-07-12 13:19 <DIR> d-------- C:\Documents and Settings\LUCA\Dati applicazioni\Nokia
2008-07-12 13:01 . 2008-07-12 13:03 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-12 13:00 . 2008-07-12 13:00 <DIR> d-------- C:\Programmi\DIFX
2008-07-12 12:59 . 2008-07-20 16:27 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-12 12:59 . 2008-07-12 13:03 <DIR> d-------- C:\Programmi\Nokia
2008-07-12 12:59 . 2008-07-12 13:00 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-07-12 12:59 . 2008-07-12 13:00 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-07-12 12:59 . 2008-07-12 12:59 <DIR> d-------- C:\Documents and Settings\LUCA\Dati applicazioni\PC Suite
2008-07-12 12:59 . 2008-07-12 13:00 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-07-12 12:59 . 2008-07-12 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations
2008-07-12 12:59 . 2006-05-29 08:26 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-07-12 12:59 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-07-12 12:59 . 2006-05-29 08:26 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-07-12 12:59 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-07-12 12:59 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-07-12 12:59 . 2006-05-29 08:26 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-07-12 12:59 . 2006-05-29 08:26 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2008-07-10 00:14 . 2008-07-10 00:17 183 --a------ C:\WINDOWS\wininit.ini
2008-07-10 00:03 . 2008-07-10 00:04 <DIR> d-------- C:\Programmi\QuickMediaConverter
2008-07-09 23:45 . 2008-07-09 23:45 <DIR> d-------- C:\Programmi\Trend Micro
2008-07-09 21:32 . 2007-10-29 18:51 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-07-09 21:32 . 2007-10-29 18:51 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-07-09 21:32 . 2007-10-29 18:51 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-07-09 21:32 . 2007-10-29 17:59 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-07-09 21:32 . 2007-10-29 18:51 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-07-09 21:32 . 2007-10-29 18:51 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-07-09 21:32 . 2008-07-21 21:04 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-07-09 21:32 . 2008-07-21 21:04 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-07-09 21:32 . 2008-07-09 21:32 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-09 20:56 . 2008-07-09 20:56 <DIR> d-------- C:\Documents and Settings\Utente1\Dati applicazioni\AVS4YOU
2008-07-09 20:56 . 2008-07-09 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2008-07-09 20:34 . 2008-07-09 23:58 <DIR> d-------- C:\Programmi\AVS4YOU
2008-07-08 23:54 . 2008-07-09 00:02 <DIR> d-------- C:\Programmi\VirtualDub
2008-07-08 20:55 . 2008-07-08 20:56 <DIR> d-------- C:\Programmi\XMPEG
2008-07-05 10:14 . 2002-07-17 08:03 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-07-05 10:14 . 2002-07-17 07:05 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-07-05 01:02 . 2008-07-05 01:02 <DIR> d-------- C:\Programmi\QuickTime Alternative
2008-07-05 01:02 . 2008-07-05 01:02 <DIR> d-------- C:\Programmi\Media Player Classic
2008-07-05 01:02 . 2008-07-05 01:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-07-05 01:02 . 2007-04-27 09:42 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-07-05 01:02 . 2007-04-27 09:42 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-07-05 00:56 . 2008-07-05 00:56 <DIR> d-------- C:\Documents and Settings\Utente1\Dati applicazioni\MPEG Streamclip
2008-07-04 18:52 . 2008-07-04 18:52 <DIR> d-------- C:\Programmi\DVD Decrypter
2008-06-28 12:16 . 2008-06-28 12:16 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-06-28 12:16 . 2008-06-28 12:16 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 17:56 --------- d-----w C:\Programmi\Symantec AntiVirus
2008-07-23 17:46 --------- d-----w C:\Documents and Settings\Utente1\Dati applicazioni\uTorrent
2008-07-23 17:17 --------- d-----w C:\Documents and Settings\Utente1\Dati applicazioni\Skype
2008-07-23 17:16 --------- d-----w C:\Documents and Settings\Utente1\Dati applicazioni\skypePM
2008-07-22 21:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-07-21 19:04 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-07-20 14:01 --------- d-----w C:\Programmi\eMule
2008-07-20 13:21 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-07-20 11:06 --------- d-----w C:\Programmi\Lavasoft
2008-07-18 17:18 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-07-16 22:13 --------- d-----w C:\Documents and Settings\Utente1\Dati applicazioni\dvdcss
2008-07-16 21:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
2008-07-09 21:58 --------- d-----w C:\Programmi\File comuni\AVSMedia
2008-07-08 22:33 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-07-04 23:02 --------- d-----w C:\Documents and Settings\Utente1\Dati applicazioni\Apple Computer
2008-06-28 10:16 --------- d-----w C:\Programmi\Skype
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 21:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-01 18:03 --------- d-----w C:\Programmi\PowerISO
2008-06-01 11:20 --------- d-----w C:\Programmi\uTorrent
2008-06-01 11:16 --------- d-----w C:\Documents and Settings\Utente1\Dati applicazioni\BitTorrent
2008-06-01 11:11 --------- d-----w C:\Documents and Settings\Utente1\Dati applicazioni\DNA
2008-05-31 09:06 --------- d-----w C:\Programmi\Lupas Rename 2000
2008-02-26 18:45 19,952 ----a-w C:\Documents and Settings\Utente1\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-02-16 10:21 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-02-09 10:27 19,952 ----a-w C:\Documents and Settings\LUCA\Dati applicazioni\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"uTorrent"="C:\Programmi\uTorrent\uTorrent.exe" [2008-06-01 13:20 219952]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2005-04-08 16:52 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 13:30 85184]
"CnxDslTaskBar"="C:\Programmi\digicom\Michelangelo USB ADSL\CnxDslTb.exe" [2002-11-01 12:28 397312]
"TrojanScanner"="C:\Programmi\Trojan Remover\Trjscan.exe" [2008-06-03 20:33 878672]
"nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
C:\Documents and Settings\Utente1\Menu Avvio\Programmi\Esecuzione automatica\
FreePOPs.lnk - C:\Programmi\FreePOPs\freepopsd.exe [2007-06-22 21:17:44 31232]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Orbit.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CSIScanner"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\ICQ6\\ICQ.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"C:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2697:UDP"= 2697:UDP:Windows Media Format SDK (firefox.exe)
"2696:UDP"= 2696:UDP:Windows Media Format SDK (firefox.exe)
"2702:UDP"= 2702:UDP:Windows Media Format SDK (firefox.exe)
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 07:05]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2002-10-31 18:31]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2002-10-31 18:31]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2002-11-01 12:18]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81ba6123-bb77-11dc-bbc2-001d600bd566}]
\Shell\Auto\command - E:\bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-22 07:50:04 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-17 16:59:31 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-22 08:00:01 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-18 09:00:05 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-18 10:00:06 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-20 11:00:03 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-20 12:00:05 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-20 13:00:01 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-20 14:00:02 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-20 15:00:03 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-20 16:00:01 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-20 23:00:01 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-22 17:00:01 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-23 18:00:06 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-22 19:00:01 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-22 20:00:01 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-22 21:00:01 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-20 22:51:00 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-20 23:00:00 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-17 17:10:08 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-17 17:10:08 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-17 17:10:08 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-17 16:59:31 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-17 17:10:08 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-17 17:10:08 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-17 17:10:08 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-17 17:10:08 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-17 17:10:08 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-22 08:00:00 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-18 09:25:25 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-18 10:00:01 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-20 11:00:01 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-20 12:00:11 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-17 16:59:31 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-20 13:00:00 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-20 14:20:51 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-20 15:00:01 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-20 16:00:00 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-22 20:44:58 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-23 18:00:02 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-22 19:00:10 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-22 20:00:10 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-22 21:00:00 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\M0ksEMYu.exe
"2008-07-17 16:59:31 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-17 16:59:31 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-17 16:59:31 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-17 16:59:31 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-17 16:59:31 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\W8CQT3e0.exe
"2008-07-23 18:10:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{8CE3FA57-6A4F-4F1C-BCD9-230C80F6EBA5}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.tim.it/R0 -: HKCU-Main,Default_Search_URL =
hxxp://www.google.com/ieR1 -: HKCU-SearchURL,(Default) =
hxxp://www.google.com/search?q=%s
O8 -: &Download by Orbit - C:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 -: &Grab video by Orbit - C:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 -: Do&wnload selected by Orbit - C:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 -: Down&load all by Orbit - C:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-23 19:59:24
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
C:\WINDOWS\explorer.exe [2480] 0x89885020
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Ora fine scansione: 2008-07-23 20:11:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-23 18:10:51
Pre-Run: 59,755,438,080 byte disponibili
Post-Run: 60,021,174,272 byte disponibili
320 --- E O F --- 2008-07-18 17:18:15