Grazie Luke57. Ho fatto come mi hai detto.
Questo è il file combofix.txt:
ComboFix 09-01-19.05 - Proprietario 2009-01-20 21:53:03.1 -
FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1023.755 [GMT 1:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\pippo.exe
Opzioni usate :: /killal
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Proprietario\Dati applicazioni\drivers\downld
c:\documents and settings\Proprietario\Dati applicazioni\drivers\srosa.sys
c:\documents and settings\Proprietario\Dati applicazioni\drivers\srosa2.sys
c:\documents and settings\Proprietario\Dati applicazioni\drivers\winupgro.exe
c:\documents and settings\Proprietario\Dati applicazioni\m
c:\documents and settings\Proprietario\Dati applicazioni\m\flec006.exe
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\#1 MP3 to WAV Converter 5.7.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\#1 Smart PopUp Stopper Pro 4.4.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\24 Channel Multi Level Meter Bridge 2006.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\2nd Speech Center 3.30.7.1129.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\3D Purple Animated Cursors 1.0d.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\3D Raindrop Screen saver 2.00.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\A2 Flash Slideshow Photogallery System 3.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ABC DVD Copy 3.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Adeona 0.2.1a Beta.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Adobe Customization Wizard 8.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Adobe Reader SpeedUp 1.36.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Advanced Explosion WorkFlow 4.3.29.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Aglare All to Mp4 Converter 6.5.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Aglare Video to iPhone Converter 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Alive Diary 2.3.21.14.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Amigo-2000 1.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Animation from Movie 2.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Anti-BO 1.5b.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AntispamSniper for Outlook Express 3.1.0.3.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Applicazione Nokia - Affari tuoi.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Audio Fish 1.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AudioSpin Media Recorder 1.09.044.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Audit Trail Wizard 1.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AVG.Anti-Virus.Professional.7.5.working.CRACK!!!.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AVI Frame Rate Changer 1.10.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Barcode Professional SDK for .NET 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Basic Facts Worksheet Factory 3.0.0055.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Basp Pro 4.0.9.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Belorussian Before You Know It Lite 3.6.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\BizPBX 1.3.1.5.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Body Mass Index Calculator 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\BooleanMinimizer 1.0.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Cashflow Plan Micro 1.31.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CCXI XML Data Island Library 2004.0 2004.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ClipExact 1.0.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ComfortAir HVAC Software 4.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Compare Sheets 1.1.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Cool Free AVI WMV MPEG MP4 iPhone 3GP Converter 6.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Cosmic Heart 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CountdownT 0.9.72.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CrystalFire Wormhole 1.2.5 beta 1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Cucusoft PSP Movie Converter 5.16.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Custom Smileys 2.3.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\DDE server plugin 2.5.0.13.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Desktop Magnifier 1.7.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Doszip Commander 0.1.28 Beta.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Easy Website Promoter 8.0.0.4.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ECTACO English Chinese Simplified Talking Partner Dictionary 2.3.18.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Excel Extract Data & Text Software 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Excellence Java Pixie 2.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\eXHTTP 1.0.0.1734.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\eXPlorer Styler 2 b130908.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Extension Changer 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Fast DVD Converter 5.8.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Feli-X 1.0.6.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Fiddler 2.0.9.0 Beta.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\FINDMIDI 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Folders Sequence Creator 1.0.0.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\FoxSoft BBCoder 1.0 A1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Gong Beater 1439.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Hathi Widgets 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Header Skip 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\IEJet-Popup Killer and Ad Stopper 1.42.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\IndiaInk 1.97.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Intel C++ Compiler 10.0.023.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Joe Biden 7.10.08.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Kaspersky.Antivirus.Personal.Pro.v5.0.527-FR.Incl-Keys.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Kernel Filter for Content Protection 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\KShutdown 2.0 Alpha 4.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\KZ IconXTractor 2.306.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\LingvoSoft Dictionary 2007 German - Italian 4.0.22.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\McAfee.SpamKiller.for.Microsoft.Exchange.2000.2003.v2.1.2.Retail.Zdal.CoM.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\McAfee.VirusScan.v10.0.27-GEAR_for_www.goldesel.to.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MiniBrowser 1.1.72a.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MLB Scores 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Mobile Excel.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Module 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Mp3 Slave 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MS Access Append TWO Tables Software 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MSI SecureDoc 1.13E1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\My Messenger with wapmsgr 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Net Pulse 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\News Bulk Poster 1.0.2.719.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\NOD32.v.2.51.20.(NT.2K.XP.2003.X64).Português-BR.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Norton.Antivirus.2006.Ita.Serial.Crack.Keygen.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\NucleoTime 1.49.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\OakDoc DWG to IMAGE Converter 1.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Overhead Video&Images processor 1.03.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Password Generator 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\PDF OCR Compressor SDK 2.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\PerspecX 1.3.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Portable Screamer Radio 0.4.3.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Post-Code 1.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Prayer Times PC 1.18.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Process Priority Optimizer 2.2.3.46.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\PureRadio 3.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\quick.heal.xgen.6.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Rational Reducer Pro 3.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Rename 2.5a.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\rssPlayPen 1.0.31.20061220.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SafeTweak XP Resource 3.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ScaleOut StateServer 4.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Serial.-.BitDefender.v10-antivirus.plus.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SerialGrabber 1.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Shadow Keylogger 1.1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Simple Movie Database 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SoftCare Overset Manager CS 4.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SoundBox.NET.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SpamRemover 1.9.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Strip HTML Tags From Multiple Files Software 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Stylus Studio XML Enterprise Edition 6.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Sybase ASE Import Multiple Text Files Software 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\TGetDiskSerial Component 4.0.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\The Math Slate 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ThumbStrips 1.0.2.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Tranquil Waterscapes Screensaver.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Transbar 1.4.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\True Eraser 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\VsamExtreme 6.0.9.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Walking the Las Vegas Strip Screensaver 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\WatchMyPC 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\WebCache 6.95.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Windows Std Serial Comm Lib for Visual Basic 4.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\WSUS Remote Sync 0.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Xcellent IPReporter 1.0.0.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Xilisoft Audio Maker Suite 3.0.45.0801.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\XSidebar 1.0.2.zip
c:\programmi\Synaptics\SynTP\SynTPLpr.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s
((((((((((((((((((((((((( Files Creati Da 2008-12-20 al 2009-01-20 )))))))))))))))))))))))))))))))))))
.
2009-01-20 21:38 . 2009-01-20 21:38 <DIR> d-------- c:\programmi\FindyKill
2009-01-20 16:00 . 2009-01-20 16:00 <DIR> d--h----- c:\documents and settings\Proprietario\Dati applicazioni\drivers
2009-01-18 14:43 . 2009-01-18 14:43 <DIR> d-------- c:\programmi\Sophos
2009-01-11 23:52 . 2009-01-11 23:52 <DIR> d--h----- c:\documents and settings\Proprietario\Dati applicazioni\driv
2009-01-09 19:22 . 2009-01-09 19:22 <DIR> d-------- c:\documents and settings\Proprietario\Dati applicazioni\Desktopicon
2009-01-09 01:28 . 2009-01-09 01:28 <DIR> d-------- c:\documents and settings\LocalService\Menu Avvio
2009-01-08 19:10 . 2009-01-08 19:10 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2009-01-08 19:10 . 2008-11-17 13:05 51,488 --a------ c:\windows\system32\drivers\TfFsMon.sys
2009-01-08 19:10 . 2008-11-17 13:05 39,200 --a------ c:\windows\system32\drivers\TfSysMon.sys
2009-01-08 19:10 . 2008-11-17 13:05 33,056 --a------ c:\windows\system32\drivers\TfNetMon.sys
2009-01-08 19:10 . 2008-11-17 13:05 12,576 --a------ c:\windows\system32\drivers\TfKbMon.sys
2009-01-08 19:03 . 2009-01-08 19:03 <DIR> d-------- c:\documents and settings\Proprietario\xinorbis
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 19:52 14,848 ----a-w c:\windows\system32\dllcache\register.exe
2008-12-10 22:17 --------- d-----w c:\programmi\Pando Networks
2008-12-08 17:51 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\Apple Computer
2008-12-08 17:41 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\Sony
2008-12-08 17:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Sony
2008-12-08 16:48 --------- d-----w c:\programmi\Sony
2008-12-08 16:48 --------- d-----w c:\programmi\File comuni\Sony Shared
2008-12-08 16:42 --------- d-----w c:\programmi\QuickTime
2008-12-08 16:42 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-12-08 16:41 --------- d-----w c:\programmi\Apple Software Update
2008-12-08 16:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple
2008-12-07 14:08 --------- d-----w c:\programmi\Eusing
2008-12-07 14:08 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\FreeDownloadManager.ORG
2008-11-30 12:19 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\stickies
2008-11-28 18:10 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2008-11-28 00:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-11-28 00:44 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-11-22 16:20 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\eMule AdunanzA
2008-11-01 13:30 249,592 ----a-w c:\windows\system32\cssdll32.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spyware\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2004-04-20 40960]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2004-08-06 32768]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2004-01-28 184320]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-09-08 245760]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2009-01-20 266497]
"ISTray"="c:\program files\Spyware\Spyware Doctor\pctsTray.exe" [2009-01-20 1168264]
"SmartRAM"="c:\program files\Registro\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 662016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-13 4141056]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-08-16 503808]
"nwiz"="nwiz.exe" [2004-07-13 c:\windows\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 20:00 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 c:\program files\Internet\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 c:\programmi\QuickTime\QTTask.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
"Pando"="c:\program files\Pando Networks\Pando\pando.exe" /Minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"LManager"=c:\program files\Launch Manager\HotkeyApp.exe
"PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
"Samsung PanelMgr"=c:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\programmi\File comuni\Nero\Lib\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"PCMService"="c:\program files\Arcade\PCMService.exe"
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe"
"VTTimer"=VTTimer.exe
"AGRSMMSG"=AGRSMMSG.exe
"AudioDeck"=c:\programmi\VIAudioi\SBADeck\ADeck.exe 1
"snpstd"=c:\windows\vsnpstd.exe
"Cobian Backup 9 interface"="c:\program files\Registro\Cobian Backup 9\cbInterface.exe" -service
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe"
"ThreatFire"=c:\program files\Spyware\ThreatFire\TFTray.exe
"VTTrayp"=VTtrayp.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\p2p\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Proprietario\\Desktop\\utorrent.exe"=
"c:\\Program Files\\WLan\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Documents and Settings\\Proprietario\\Documenti\\sincronizzare\\dshutdown\\DShutdown\\RDShutdown.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Internet\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Internet\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Internet\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Internet\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Internet\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Internet\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57907:TCP"= 57907:TCP:Pando P2P TCP Listening Port
"57907:UDP"= 57907:UDP:Pando P2P UDP Listening Port
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-01-08 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-01-08 39200]
R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2003-01-02 9867]
R4 CobianBackupAmanita;Cobian Backup 9 servizio;c:\program files\Registro\Cobian Backup 9\cbService.exe [2008-10-31 582144]
S1 mailKmd;mailKmd; [x]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-11-22 20608]
S3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [2004-09-17 140288]
S3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [2003-01-02 2343]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-01-08 33056]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware\Spyware Doctor\pctsAuxs.exe [2008-09-14 356920]
S4 ThreatFire;ThreatFire;c:\program files\Spyware\ThreatFire\TFService.exe service --> c:\program files\Spyware\ThreatFire\TFService.exe service [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a8318ba-d9d5-11dd-8890-000ae4a36d4d}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a8318bb-d9d5-11dd-8890-000ae4a36d4d}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b29bf24-db61-11dd-8897-000000000000}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e944ab0e-db12-11dd-8895-000ae4a36d4d}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
Contenuto della cartella 'Scheduled Tasks'
2009-01-20 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
2009-01-20 c:\windows\Tasks\XoftSpySE 2.job
- d:\programmi\Registro\XoftSpySE\XoftSpy.exe [2008-09-03 15:48]
2008-11-29 c:\windows\Tasks\XoftSpySE.job
- d:\programmi\Registro\XoftSpySE\XoftSpy.exe [2008-09-03 15:48]
2008-12-05 c:\windows\Tasks\RegCure.job
- d:\programmi\RegCure\RegCure.exe [2007-08-02 09:20]
2009-01-20 c:\windows\Tasks\RegCure Program Check.job
- d:\programmi\RegCure\RegCure.exe [2007-08-02 09:20]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uSearchMigratedDefaultURL =
hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext =
hxxp://izarc.org/donate.htmluSearchURL,(Default) =
hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBRIE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Scarica con Free Download Manager -
file://c:\programmi\Eusing\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager -
file://c:\programmi\Eusing\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager -
file://c:\programmi\Eusing\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager -
file://c:\programmi\Eusing\Free Download Manager\dlall.htm
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-20 21:57:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\acer\EMANAGER\ANBMSERV.EXE
c:\programmi\NERO\NERO8\NERO BACKITUP\NBSERVICE.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
.
**************************************************************************
.
Ora fine scansione: 2009-01-20 22:00:26 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-01-20 21:00:24
Pre-Run: 3,386,228,736 byte disponibili
Post-Run: 3,343,466,496 byte disponibili
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
336 --- E O F --- 2008-11-10 21:38:23
Qesto invece è il log di combofix (mi è comparso dopo):
ComboFix 09-01-19.05 - Proprietario 2009-01-20 21:53:03.1 -
FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1023.755 [GMT 1:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\pippo.exe
Opzioni usate :: /killal
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Proprietario\Dati applicazioni\drivers\downld
c:\documents and settings\Proprietario\Dati applicazioni\drivers\srosa.sys
c:\documents and settings\Proprietario\Dati applicazioni\drivers\srosa2.sys
c:\documents and settings\Proprietario\Dati applicazioni\drivers\winupgro.exe
c:\documents and settings\Proprietario\Dati applicazioni\m
c:\documents and settings\Proprietario\Dati applicazioni\m\flec006.exe
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\#1 MP3 to WAV Converter 5.7.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\#1 Smart PopUp Stopper Pro 4.4.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\24 Channel Multi Level Meter Bridge 2006.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\2nd Speech Center 3.30.7.1129.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\3D Purple Animated Cursors 1.0d.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\3D Raindrop Screen saver 2.00.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\A2 Flash Slideshow Photogallery System 3.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ABC DVD Copy 3.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Adeona 0.2.1a Beta.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Adobe Customization Wizard 8.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Adobe Reader SpeedUp 1.36.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Advanced Explosion WorkFlow 4.3.29.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Aglare All to Mp4 Converter 6.5.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Aglare Video to iPhone Converter 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Alive Diary 2.3.21.14.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Amigo-2000 1.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Animation from Movie 2.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Anti-BO 1.5b.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AntispamSniper for Outlook Express 3.1.0.3.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Applicazione Nokia - Affari tuoi.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Audio Fish 1.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AudioSpin Media Recorder 1.09.044.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Audit Trail Wizard 1.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AVG.Anti-Virus.Professional.7.5.working.CRACK!!!.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AVI Frame Rate Changer 1.10.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Barcode Professional SDK for .NET 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Basic Facts Worksheet Factory 3.0.0055.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Basp Pro 4.0.9.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Belorussian Before You Know It Lite 3.6.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\BizPBX 1.3.1.5.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Body Mass Index Calculator 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\BooleanMinimizer 1.0.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Cashflow Plan Micro 1.31.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CCXI XML Data Island Library 2004.0 2004.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ClipExact 1.0.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ComfortAir HVAC Software 4.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Compare Sheets 1.1.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Cool Free AVI WMV MPEG MP4 iPhone 3GP Converter 6.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Cosmic Heart 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CountdownT 0.9.72.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CrystalFire Wormhole 1.2.5 beta 1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Cucusoft PSP Movie Converter 5.16.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Custom Smileys 2.3.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\DDE server plugin 2.5.0.13.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Desktop Magnifier 1.7.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Doszip Commander 0.1.28 Beta.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Easy Website Promoter 8.0.0.4.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ECTACO English Chinese Simplified Talking Partner Dictionary 2.3.18.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Excel Extract Data & Text Software 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Excellence Java Pixie 2.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\eXHTTP 1.0.0.1734.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\eXPlorer Styler 2 b130908.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Extension Changer 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Fast DVD Converter 5.8.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Feli-X 1.0.6.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Fiddler 2.0.9.0 Beta.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\FINDMIDI 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Folders Sequence Creator 1.0.0.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\FoxSoft BBCoder 1.0 A1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Gong Beater 1439.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Hathi Widgets 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Header Skip 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\IEJet-Popup Killer and Ad Stopper 1.42.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\IndiaInk 1.97.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Intel C++ Compiler 10.0.023.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Joe Biden 7.10.08.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Kaspersky.Antivirus.Personal.Pro.v5.0.527-FR.Incl-Keys.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Kernel Filter for Content Protection 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\KShutdown 2.0 Alpha 4.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\KZ IconXTractor 2.306.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\LingvoSoft Dictionary 2007 German - Italian 4.0.22.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\McAfee.SpamKiller.for.Microsoft.Exchange.2000.2003.v2.1.2.Retail.Zdal.CoM.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\McAfee.VirusScan.v10.0.27-GEAR_for_www.goldesel.to.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MiniBrowser 1.1.72a.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MLB Scores 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Mobile Excel.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Module 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Mp3 Slave 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MS Access Append TWO Tables Software 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MSI SecureDoc 1.13E1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\My Messenger with wapmsgr 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Net Pulse 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\News Bulk Poster 1.0.2.719.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\NOD32.v.2.51.20.(NT.2K.XP.2003.X64).Português-BR.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Norton.Antivirus.2006.Ita.Serial.Crack.Keygen.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\NucleoTime 1.49.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\OakDoc DWG to IMAGE Converter 1.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Overhead Video&Images processor 1.03.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Password Generator 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\PDF OCR Compressor SDK 2.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\PerspecX 1.3.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Portable Screamer Radio 0.4.3.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Post-Code 1.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Prayer Times PC 1.18.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Process Priority Optimizer 2.2.3.46.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\PureRadio 3.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\quick.heal.xgen.6.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Rational Reducer Pro 3.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Rename 2.5a.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\rssPlayPen 1.0.31.20061220.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SafeTweak XP Resource 3.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ScaleOut StateServer 4.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Serial.-.BitDefender.v10-antivirus.plus.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SerialGrabber 1.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Shadow Keylogger 1.1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Simple Movie Database 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SoftCare Overset Manager CS 4.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SoundBox.NET.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SpamRemover 1.9.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Strip HTML Tags From Multiple Files Software 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Stylus Studio XML Enterprise Edition 6.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Sybase ASE Import Multiple Text Files Software 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\TGetDiskSerial Component 4.0.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\The Math Slate 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ThumbStrips 1.0.2.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Tranquil Waterscapes Screensaver.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Transbar 1.4.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\True Eraser 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\VsamExtreme 6.0.9.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Walking the Las Vegas Strip Screensaver 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\WatchMyPC 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\WebCache 6.95.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Windows Std Serial Comm Lib for Visual Basic 4.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\WSUS Remote Sync 0.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Xcellent IPReporter 1.0.0.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Xilisoft Audio Maker Suite 3.0.45.0801.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\XSidebar 1.0.2.zip
c:\programmi\Synaptics\SynTP\SynTPLpr.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s
((((((((((((((((((((((((( Files Creati Da 2008-12-20 al 2009-01-20 )))))))))))))))))))))))))))))))))))
.
2009-01-20 21:38 . 2009-01-20 21:38 <DIR> d-------- c:\programmi\FindyKill
2009-01-20 16:00 . 2009-01-20 16:00 <DIR> d--h----- c:\documents and settings\Proprietario\Dati applicazioni\drivers
2009-01-18 14:43 . 2009-01-18 14:43 <DIR> d-------- c:\programmi\Sophos
2009-01-11 23:52 . 2009-01-11 23:52 <DIR> d--h----- c:\documents and settings\Proprietario\Dati applicazioni\driv
2009-01-09 19:22 . 2009-01-09 19:22 <DIR> d-------- c:\documents and settings\Proprietario\Dati applicazioni\Desktopicon
2009-01-09 01:28 . 2009-01-09 01:28 <DIR> d-------- c:\documents and settings\LocalService\Menu Avvio
2009-01-08 19:10 . 2009-01-08 19:10 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2009-01-08 19:10 . 2008-11-17 13:05 51,488 --a------ c:\windows\system32\drivers\TfFsMon.sys
2009-01-08 19:10 . 2008-11-17 13:05 39,200 --a------ c:\windows\system32\drivers\TfSysMon.sys
2009-01-08 19:10 . 2008-11-17 13:05 33,056 --a------ c:\windows\system32\drivers\TfNetMon.sys
2009-01-08 19:10 . 2008-11-17 13:05 12,576 --a------ c:\windows\system32\drivers\TfKbMon.sys
2009-01-08 19:03 . 2009-01-08 19:03 <DIR> d-------- c:\documents and settings\Proprietario\xinorbis
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 19:52 14,848 ----a-w c:\windows\system32\dllcache\register.exe
2008-12-10 22:17 --------- d-----w c:\programmi\Pando Networks
2008-12-08 17:51 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\Apple Computer
2008-12-08 17:41 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\Sony
2008-12-08 17:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Sony
2008-12-08 16:48 --------- d-----w c:\programmi\Sony
2008-12-08 16:48 --------- d-----w c:\programmi\File comuni\Sony Shared
2008-12-08 16:42 --------- d-----w c:\programmi\QuickTime
2008-12-08 16:42 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-12-08 16:41 --------- d-----w c:\programmi\Apple Software Update
2008-12-08 16:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple
2008-12-07 14:08 --------- d-----w c:\programmi\Eusing
2008-12-07 14:08 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\FreeDownloadManager.ORG
2008-11-30 12:19 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\stickies
2008-11-28 18:10 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2008-11-28 00:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-11-28 00:44 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-11-22 16:20 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\eMule AdunanzA
2008-11-01 13:30 249,592 ----a-w c:\windows\system32\cssdll32.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spyware\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2004-04-20 40960]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2004-08-06 32768]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2004-01-28 184320]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-09-08 245760]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2009-01-20 266497]
"ISTray"="c:\program files\Spyware\Spyware Doctor\pctsTray.exe" [2009-01-20 1168264]
"SmartRAM"="c:\program files\Registro\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 662016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-13 4141056]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-08-16 503808]
"nwiz"="nwiz.exe" [2004-07-13 c:\windows\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 20:00 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 c:\program files\Internet\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 c:\programmi\QuickTime\QTTask.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
"Pando"="c:\program files\Pando Networks\Pando\pando.exe" /Minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"LManager"=c:\program files\Launch Manager\HotkeyApp.exe
"PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
"Samsung PanelMgr"=c:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\programmi\File comuni\Nero\Lib\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"PCMService"="c:\program files\Arcade\PCMService.exe"
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe"
"VTTimer"=VTTimer.exe
"AGRSMMSG"=AGRSMMSG.exe
"AudioDeck"=c:\programmi\VIAudioi\SBADeck\ADeck.exe 1
"snpstd"=c:\windows\vsnpstd.exe
"Cobian Backup 9 interface"="c:\program files\Registro\Cobian Backup 9\cbInterface.exe" -service
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe"
"ThreatFire"=c:\program files\Spyware\ThreatFire\TFTray.exe
"VTTrayp"=VTtrayp.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\p2p\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Proprietario\\Desktop\\utorrent.exe"=
"c:\\Program Files\\WLan\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Documents and Settings\\Proprietario\\Documenti\\sincronizzare\\dshutdown\\DShutdown\\RDShutdown.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Internet\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Internet\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Internet\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Internet\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Internet\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Internet\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57907:TCP"= 57907:TCP:Pando P2P TCP Listening Port
"57907:UDP"= 57907:UDP:Pando P2P UDP Listening Port
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-01-08 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-01-08 39200]
R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2003-01-02 9867]
R4 CobianBackupAmanita;Cobian Backup 9 servizio;c:\program files\Registro\Cobian Backup 9\cbService.exe [2008-10-31 582144]
S1 mailKmd;mailKmd; [x]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-11-22 20608]
S3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [2004-09-17 140288]
S3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [2003-01-02 2343]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-01-08 33056]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware\Spyware Doctor\pctsAuxs.exe [2008-09-14 356920]
S4 ThreatFire;ThreatFire;c:\program files\Spyware\ThreatFire\TFService.exe service --> c:\program files\Spyware\ThreatFire\TFService.exe service [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a8318ba-d9d5-11dd-8890-000ae4a36d4d}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a8318bb-d9d5-11dd-8890-000ae4a36d4d}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b29bf24-db61-11dd-8897-000000000000}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e944ab0e-db12-11dd-8895-000ae4a36d4d}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
Contenuto della cartella 'Scheduled Tasks'
2009-01-20 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
2009-01-20 c:\windows\Tasks\XoftSpySE 2.job
- d:\programmi\Registro\XoftSpySE\XoftSpy.exe [2008-09-03 15:48]
2008-11-29 c:\windows\Tasks\XoftSpySE.job
- d:\programmi\Registro\XoftSpySE\XoftSpy.exe [2008-09-03 15:48]
2008-12-05 c:\windows\Tasks\RegCure.job
- d:\programmi\RegCure\RegCure.exe [2007-08-02 09:20]
2009-01-20 c:\windows\Tasks\RegCure Program Check.job
- d:\programmi\RegCure\RegCure.exe [2007-08-02 09:20]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uSearchMigratedDefaultURL =
hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext =
hxxp://izarc.org/donate.htmluSearchURL,(Default) =
hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBRIE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Scarica con Free Download Manager -
file://c:\programmi\Eusing\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager -
file://c:\programmi\Eusing\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager -
file://c:\programmi\Eusing\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager -
file://c:\programmi\Eusing\Free Download Manager\dlall.htm
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-20 21:57:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\acer\EMANAGER\ANBMSERV.EXE
c:\programmi\NERO\NERO8\NERO BACKITUP\NBSERVICE.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
.
**************************************************************************
.
Ora fine scansione: 2009-01-20 22:00:26 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-01-20 21:00:24
Pre-Run: 3,386,228,736 byte disponibili
Post-Run: 3,343,466,496 byte disponibili
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
336 --- E O F --- 2008-11-10 21:38:23
Cosa vuol dire che non ho la consolle di emergenza installata?
Io ho provato a fare delle prove e il computer non parte ancora in modalità provvisoria e (cosa molto grave per me) non riconosce l'hard disk esterno che forse aveva infettato (120Gb). Cosa posso fare?? Grazie per la pazienza.