Ultimata la scasione ho proceduto con "ripara". Questo è il log per intero appena terminata la riparazione. Il log salvato è per intero quello che ho postato, A questo punto non so però se l'ho salvato correttamente.

perfettamente uguale:




Avira AntiVir Personal
Data del file di report: giovedì 31 dicembre 2009 20:06

Ricerca di 1492539 virus e programmi indesiderati.

Concesso in licenza a : Avira AntiVir Personal - FREE Antivirus
Numero di serie : 0000149996-ADJIE-0000001
Piattaforma : Windows XP
Versione di Windows : (Service Pack 3) [5.1.2600]
Modalità di avvio : Booting eseguito regolarmente
Nome utente : SYSTEM
Nome computer : BIO_ORG

Informazioni sulla versione:
BUILD.DAT : 9.0.0.21 21699 Bytes 04/12/2009 14:20:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:26:42
AVSCAN.DLL : 9.0.3.0 47873 Bytes 03/03/2009 10:14:30
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:58
LUKERES.DLL : 9.0.2.0 12545 Bytes 03/03/2009 10:15:16
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 12:29:28
VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 12:29:28
VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 12:29:28
VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 12:29:28
VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 12:29:28
VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 12:29:28
VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 12:29:28
VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 12:29:28
VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 12:29:28
VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 12:29:28
VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 12:29:28
VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 12:29:28
VBASE013.VDF : 7.10.1.79 209920 Bytes 25/11/2009 12:29:30
VBASE014.VDF : 7.10.1.128 197632 Bytes 30/11/2009 12:29:30
VBASE015.VDF : 7.10.1.178 195584 Bytes 07/12/2009 12:29:30
VBASE016.VDF : 7.10.1.224 183296 Bytes 14/12/2009 12:29:32
VBASE017.VDF : 7.10.1.247 182272 Bytes 15/12/2009 12:29:32
VBASE018.VDF : 7.10.2.30 198144 Bytes 21/12/2009 12:31:06
VBASE019.VDF : 7.10.2.63 187392 Bytes 24/12/2009 12:40:02
VBASE020.VDF : 7.10.2.93 195072 Bytes 29/12/2009 17:33:40
VBASE021.VDF : 7.10.2.94 2048 Bytes 29/12/2009 17:33:40
VBASE022.VDF : 7.10.2.95 2048 Bytes 29/12/2009 17:33:40
VBASE023.VDF : 7.10.2.96 2048 Bytes 29/12/2009 17:33:40
VBASE024.VDF : 7.10.2.97 2048 Bytes 29/12/2009 17:33:40
VBASE025.VDF : 7.10.2.98 2048 Bytes 29/12/2009 17:33:40
VBASE026.VDF : 7.10.2.99 2048 Bytes 29/12/2009 17:33:40
VBASE027.VDF : 7.10.2.100 2048 Bytes 29/12/2009 17:33:40
VBASE028.VDF : 7.10.2.101 2048 Bytes 29/12/2009 17:33:40
VBASE029.VDF : 7.10.2.102 2048 Bytes 29/12/2009 17:33:40
VBASE030.VDF : 7.10.2.103 2048 Bytes 29/12/2009 17:33:42
VBASE031.VDF : 7.10.2.110 77312 Bytes 31/12/2009 18:45:40
Motore : 8.2.1.122
AEVDF.DLL : 8.1.1.2 106867 Bytes 08/11/2009 06:38:52
AESCRIPT.DLL : 8.1.3.4 586105 Bytes 23/12/2009 12:31:14
AESCN.DLL : 8.1.3.0 127348 Bytes 21/12/2009 12:29:42
AESBX.DLL : 8.1.1.1 246132 Bytes 08/11/2009 06:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 21/12/2009 12:29:42
AEPACK.DLL : 8.2.0.3 422261 Bytes 08/11/2009 06:38:40
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 08/11/2009 06:38:38
AEHEUR.DLL : 8.1.0.189 2195833 Bytes 23/12/2009 12:31:12
AEHELP.DLL : 8.1.9.0 237943 Bytes 21/12/2009 12:29:36
AEGEN.DLL : 8.1.1.82 369014 Bytes 23/12/2009 12:31:08
AEEMU.DLL : 8.1.1.0 393587 Bytes 08/11/2009 06:38:26
AECORE.DLL : 8.1.9.1 180598 Bytes 21/12/2009 12:29:36
AEBB.DLL : 8.1.0.3 53618 Bytes 08/11/2009 06:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:48:04
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:14:08
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:30
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:25:12
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:46
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:14
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:50
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:40
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:41:30
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 13:11:52
RCTEXT.DLL : 9.0.73.0 87809 Bytes 03/11/2009 07:16:44

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: Scansione completa del sistema
File di configurazione......................: c:\programmi\avira\antivir desktop\sysscan.avp
Report......................................: basso
Azione primaria.............................: interattivo
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: C:, D:,
Scansione dei programmi attivi..............: Attivo
Scansiona la registrazione..................: Attivo
Cerca Rootkits..............................: Attivo
Controllo di integrità dei file di sistema..: Non attivo
Modalità di scansione file..................: Tutti i file
Scansione degli archivi.....................: Attivo
Limita la profondità di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Macro euristico.............................: Attivo
File euristico..............................: medio
Categorie irregolari delle minacce..........: +APPL,+GAME,-HIDDENEXT,+JOKE,+PFS,

Avvio della scansione: giovedì 31 dicembre 2009 20:06

È stata avviata la scansione per accertare la presenza di oggetti nascosti.
Sono stati esaminati '34321' oggetti, sono stati rilevati '0' oggetti nascosti.

La scansione dei processi in esecuzione verrà avviata:
Scansione processo 'avscan.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'avcenter.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'firefox.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'SVCHOST.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'WMIAPSRV.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'WMIPRVSE.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'ALG.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'ATKOSD.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SVCHOST.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'RegSrvc.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'PSIService.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'OProtSvc.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'JQS.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'EOUWiz.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'iFrmewrk.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'mDNSResponder.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'AVGNT.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'CTFMON.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'ISSCH.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'JUSCHED.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'ATIPTAXX.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SynTPEnh.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'SynTPLpr.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'WCOURIER.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'BatteryLife.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'ALU.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'RTHDCPL.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'HControl.exe' - '1' modulo(i) scansionato(i)
Scansione processo '1XConfig.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'EXPLORER.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'ATI2EVXX.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'ZCfgSvc.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'SCHED.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SPOOLSV.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SVCHOST.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SVCHOST.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'S24EvMon.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'EvtEng.exe' - '1' modulo(i) scansionato(i)
Scansione processo 'SVCHOST.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SVCHOST.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SVCHOST.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'ATI2EVXX.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'LSASS.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SERVICES.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'WINLOGON.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'CSRSS.EXE' - '1' modulo(i) scansionato(i)
Scansione processo 'SMSS.EXE' - '1' modulo(i) scansionato(i)
47 processi scansionati con '47' Moduli

Avvio della scansione dei record master di avvio:
Record master di avvio dell'Hard Disk 0
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei record di avvio:
Record di avvio 'C:\'
[INFO] Nessun virus è stato trovato!
Record di avvio 'D:\'
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei file eseguibili (registro):
Il registro è stato scansionato ( 63 file ).


Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\'
C:\pagefile.sys
[AVVISO] Impossibile aprire il file!
[NOTA] Questo è un file di sistema di Windows.
[NOTA] Impossibile aprire questo file per la scansione.
C:\hiberfil.sys
[AVVISO] Impossibile aprire il file!
[NOTA] Questo è un file di sistema di Windows.
[NOTA] Impossibile aprire questo file per la scansione.
C:\WINDOWS\system32\wmisqtu.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/CryptoVB.BN.1
C:\WINDOWS\system32\sqpeml.dll
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
[AVVISO] Impossibile aprire il file!
C:\WINDOWS\system32\wmistri.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/CryptoVB.BN.1
C:\WINDOWS\system32\drivers\zcnhimnc.sys
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
[AVVISO] Impossibile aprire il file!
C:\WINDOWS\system32\drivers\ezmsppqs.sys
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
C:\FOUND.007\FILE0001.CHK
[RILEVAMENTO] Contiene il modello di rilevamento del Rootkit RKIT/Conficker.A
C:\Documents and Settings\All Users\Documenti\nqbulx.exe
[RILEVAMENTO] Contiene il modello di rilevamento del Dropper DR/Autoit.TC.156
C:\Documents and Settings\Bio.org\Desktop\combofix.zip
[0] Tipo di archivio: ZIP
--> combofix/ComboFix.exe
--> combofix/ComboFix.exe
[1] Tipo di archivio: RAR SFX (self extracting)
--> 327882R2FWJFW\NirCmd.cfexe
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/NirCmd.E.2.B
--> 327882R2FWJFW\nircmd.com
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/NirCmd.E.2.B
--> 327882R2FWJFW\NirCmdC.cfexe
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/NirCmd.E.1.B
--> 327882R2FWJFW\psexec.cfexe
[2] Tipo di archivio: RSRC
--> Object
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/PsExec.E
C:\Documents and Settings\Nu faciti dannu!\iyn.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\Documents and Settings\Nu faciti dannu!\idw.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019803.sys
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019804.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019805.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019806.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019807.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019808.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019809.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019810.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019811.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Spy.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019824.sys
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019855.exe

[0] Tipo di archivio: RAR SFX (self extracting)
--> 327882R2FWJFW\NirCmd.cfexe
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/NirCmd.E.2.B
--> 327882R2FWJFW\nircmd.com
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/NirCmd.E.2.B
--> 327882R2FWJFW\NirCmdC.cfexe
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/NirCmd.E.1.B
--> 327882R2FWJFW\psexec.cfexe
[1] Tipo di archivio: RSRC
--> Object
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/PsExec.E
C:\System Volume Information\_restore{DAD47FC0-E516-4E3C-8F52-1A04BC02CEA9}\RP26\A0019874.com
[RILEVAMENTO] Contiene il modello di rilevamento dell'applicazione APPL/NirCmd.E.2.B
Inizia con la scansione di 'D:\'

Avvio della disinfezione:

ComboFix 09-12-31.A1 - Bio.org 01/01/2010 16.30.10.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1535.1098 [GMT 1:00]
Eseguito da: c:\documents and settings\Bio.org\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Passthru


((((((((((((((((((((((((( Files Creati Da 2009-12-01 al 2010-01-01 )))))))))))))))))))))))))))))))))))
.

2010-01-01 03:23 . 2010-01-01 03:23 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-01-01 03:23 . 2010-01-01 03:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-31 12:18 . 2009-12-31 12:18 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-12-31 12:17 . 2009-12-31 12:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Intel
2009-12-31 12:17 . 2004-10-15 09:20 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
2009-12-31 00:46 . 2009-12-31 00:46 -------- d-----w- c:\programmi\CCleaner
2009-12-30 23:45 . 2009-12-30 23:45 -------- d-----w- C:\FOUND.009
2009-12-30 23:42 . 2009-12-30 23:42 -------- d-----w- C:\FOUND.008
2009-12-30 17:10 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 17:10 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 16:21 . 2009-12-30 16:21 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-30 16:15 . 2009-12-30 16:15 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Malwarebytes
2009-12-30 16:15 . 2009-12-30 16:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-30 12:21 . 2009-12-30 12:21 -------- d-----w- C:\FOUND.007
2009-12-30 12:17 . 2009-12-30 12:17 -------- d-----w- C:\FOUND.006
2009-12-29 12:57 . 2008-04-13 18:14 398336 ----a-w- c:\windows\system32\CF31661.exe
2009-12-28 21:33 . 2009-12-28 21:33 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Impostazioni locali\Dati applicazioni\Apple Computer
2009-12-28 21:02 . 2009-12-28 21:02 40128 ----a-w- c:\windows\system32\drivers\zcnhimnc.sys
2009-12-28 18:55 . 2009-12-28 18:55 -------- d-----w- C:\FOUND.005
2009-12-28 18:48 . 2009-12-28 18:48 -------- d-----w- C:\FOUND.004
2009-12-28 18:43 . 2009-12-28 18:43 -------- d-----w- C:\FOUND.003
2009-12-28 14:00 . 2009-12-28 14:00 -------- d-----w- C:\FOUND.002
2009-12-28 11:34 . 2009-12-28 11:34 -------- d-sh--w- c:\documents and settings\Nu faciti dannu!\IECompatCache
2009-12-27 13:21 . 2009-12-27 13:21 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Ahead
2009-12-27 13:20 . 2009-12-27 13:21 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Ahead
2009-12-27 13:18 . 2009-12-27 13:18 -------- d-----w- c:\programmi\Nero
2009-12-27 13:18 . 2009-12-27 13:18 -------- d-----w- c:\programmi\File comuni\Ahead
2009-12-27 11:29 . 2009-12-27 11:29 -------- d-----w- C:\FOUND.001
2009-12-26 18:43 . 2009-12-26 18:43 -------- d-sh--w- c:\documents and settings\Nu faciti dannu!\PrivacIE
2009-12-23 18:53 . 2009-12-23 18:53 -------- d-----w- C:\FOUND.000
2009-12-22 14:08 . 2009-12-22 14:08 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\dvdcss
2009-12-22 13:02 . 2008-04-13 10:45 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2009-12-21 12:27 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-21 12:27 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-21 12:27 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-21 12:27 . 2009-12-21 12:27 -------- d-----w- c:\programmi\Avira
2009-12-21 12:27 . 2009-12-21 12:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-12-20 14:24 . 2000-03-29 13:17 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-12-20 12:10 . 2009-12-20 12:10 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Tracing
2009-12-19 22:04 . 2009-12-19 22:04 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2009-12-19 21:29 . 2009-12-19 21:29 -------- d-----w- C:\VideoSec
2009-12-19 16:55 . 2009-12-19 16:56 46080 ----a-w- c:\documents and settings\Nu faciti dannu!\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-18 20:38 . 2009-12-18 20:38 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Impostazioni locali\Dati applicazioni\Adobe
2009-12-18 14:41 . 2009-12-18 14:41 8 --sh--r- c:\windows\system32\8484AA5D05.sys
2009-12-18 14:41 . 2009-12-18 14:41 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Corel
2009-12-18 14:41 . 2009-12-18 14:41 65536 ----a-r- c:\documents and settings\Bio.org\Dati applicazioni\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2009-12-18 14:41 . 2009-12-18 14:41 10134 ----a-r- c:\documents and settings\Bio.org\Dati applicazioni\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
2009-12-18 14:41 . 2009-12-18 14:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-12-18 14:40 . 2009-12-18 14:40 -------- d-----w- c:\programmi\File comuni\Protexis
2009-12-18 14:40 . 2009-12-18 14:40 -------- d-----w- c:\programmi\File comuni\Corel
2009-12-18 14:40 . 2009-12-18 14:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Corel
2009-12-18 14:27 . 2009-12-27 18:01 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-18 14:26 . 2009-12-18 14:26 -------- d-----w- c:\programmi\Corel
2009-12-18 14:19 . 2009-12-18 14:19 -------- d-----w- c:\programmi\Bonjour
2009-12-18 14:09 . 2009-12-18 14:09 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2009-12-17 14:48 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-12-17 14:48 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-17 14:48 . 2008-12-07 18:08 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-17 14:48 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-17 14:48 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-12-17 14:48 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-12-17 14:48 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll
2009-12-17 14:48 . 2009-02-09 18:56 67584 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-17 14:48 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-17 14:48 . 2009-12-17 14:48 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-12-17 10:37 . 2004-08-19 13:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-16 21:52 . 2009-12-16 21:52 -------- d-----w- c:\programmi\eMule
2009-12-16 20:50 . 2009-12-16 20:50 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2009-12-16 17:46 . 2009-12-16 17:46 -------- d-----w- c:\documents and settings\Bio.org\Tracing
2009-12-16 17:45 . 2009-12-16 17:45 -------- d-----w- c:\programmi\Microsoft
2009-12-16 17:44 . 2009-12-16 17:44 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-12-16 17:42 . 2009-12-16 17:42 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-12-16 17:41 . 2009-12-16 17:41 -------- d-----w- c:\documents and settings\Bio.org\Contacts
2009-12-16 17:40 . 2009-12-16 17:40 -------- d-----w- c:\windows\system32\DRVSTORE
2009-12-16 17:35 . 2009-12-16 17:35 -------- d-sh--w- c:\programmi\File comuni\WindowsLiveInstaller
2009-12-16 17:35 . 2009-12-16 17:35 -------- d-----w- c:\programmi\Windows Live
2009-12-16 17:35 . 2009-12-16 17:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2009-12-16 17:28 . 2009-12-16 17:28 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\vlc
2009-12-16 17:28 . 2009-12-16 17:28 -------- d-----w- c:\programmi\VideoLAN
2009-12-16 16:29 . 2009-12-16 16:29 152576 ----a-w- c:\documents and settings\Bio.org\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-16 16:27 . 2009-12-16 16:29 79488 ----a-w- c:\documents and settings\Bio.org\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-16 16:17 . 2009-12-16 16:17 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Media Player Classic
2009-12-16 00:22 . 2009-12-16 00:22 -------- d-----w- c:\programmi\uTorrent
2009-12-16 00:22 . 2009-12-16 00:22 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\uTorrent
2009-12-15 20:52 . 2009-12-15 20:52 -------- d-----w- c:\windows\Sun
2009-12-15 20:52 . 2009-10-11 03:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-15 20:52 . 2009-12-15 20:52 -------- d-----w- c:\programmi\Java
2009-12-15 20:51 . 2009-12-15 20:51 152576 ----a-w- c:\documents and settings\Bio.org\Dati applicazioni\Sun\Java\jre1.6.0_12\lzma.dll
2009-12-15 17:40 . 2009-12-15 17:40 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\pdf995
2009-12-15 13:51 . 2009-12-15 13:51 -------- d-----w- c:\programmi\QuickTime
2009-12-15 13:51 . 2009-12-15 13:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-12-15 13:46 . 2009-12-15 13:46 -------- d-----w- c:\programmi\File comuni\Apple
2009-12-15 13:45 . 2009-12-15 13:45 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Apple
2009-12-15 13:45 . 2009-12-15 13:45 -------- d-----w- c:\programmi\Apple Software Update
2009-12-15 13:45 . 2009-12-15 13:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-12-15 13:45 . 2009-12-15 13:45 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Apple Computer
2009-12-15 11:35 . 2009-12-15 11:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2009-12-15 11:03 . 2008-04-13 10:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-12-15 11:03 . 2008-04-13 10:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2009-12-14 20:05 . 2009-12-14 20:05 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Impostazioni locali\Dati applicazioni\Mozilla
2009-12-14 00:52 . 2009-12-14 00:52 -------- d-----w- c:\windows\ServicePackFiles
2009-12-14 00:44 . 2009-12-14 00:44 -------- d-----w- c:\windows\EHome
2009-12-13 21:14 . 2009-12-13 21:14 -------- d-----w- c:\programmi\Axon Data
2009-12-13 21:11 . 2009-12-13 21:11 -------- d-----w- c:\programmi\PowerQuest
2009-12-13 21:10 . 2009-12-18 14:41 46080 ----a-w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-13 21:10 . 2009-12-15 17:41 59 ----a-w- c:\windows\wpd99.drv
2009-12-13 21:10 . 2009-12-13 21:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\pdf995
2009-12-13 21:10 . 2009-12-13 21:10 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-12-13 21:10 . 2009-12-13 21:10 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-12-13 21:10 . 2009-12-13 21:10 -------- d-----w- c:\programmi\pdf995
2009-12-13 21:07 . 2009-12-13 21:07 -------- d-sh--w- c:\documents and settings\Bio.org\IECompatCache
2009-12-13 20:46 . 2009-08-14 15:12 1850624 ------w- c:\windows\system32\dllcache\win32k.sys
2009-12-13 19:52 . 2009-12-13 19:52 -------- d--h--w- c:\windows\$hf_mig$
2009-12-13 19:45 . 2009-12-13 19:45 -------- d-----w- c:\programmi\File comuni\Adobe
2009-12-13 19:41 . 2009-12-13 19:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee Security Scan
2009-12-13 19:36 . 2009-12-13 19:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-13 19:33 . 2009-12-13 19:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-12-13 19:31 . 2009-12-13 19:31 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Adobe
2009-12-13 19:28 . 2009-12-13 19:28 0 ----a-w- c:\windows\nsreg.dat
2009-12-13 19:28 . 2009-12-13 19:28 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Mozilla
2009-12-13 19:12 . 2008-04-13 18:13 26624 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-13 18:50 . 2009-12-13 18:50 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-12-13 18:49 . 2009-12-13 18:49 -------- d-----w- c:\windows\system32\LogFiles
2009-12-13 18:49 . 2009-12-13 18:49 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-13 18:37 . 2009-12-13 18:37 -------- d-sh--w- c:\documents and settings\Bio.org\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 23:42 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP523d.tmp
2009-12-29 17:47 . 2009-12-29 17:47 4096 ----a-w- c:\windows\system32\01.tmp
2009-12-29 17:46 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP64c4.tmp
2009-12-28 18:50 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP6949.tmp
2009-12-28 18:45 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP44ee.tmp
2009-12-28 18:40 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP4e35.tmp
2009-12-28 13:44 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP71d4.tmp
2009-12-26 15:47 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP57f3.tmp
2009-12-24 14:39 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP74a3.tmp
2009-12-22 12:28 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP7b98.tmp
2009-12-14 01:04 . 2004-09-16 14:31 48012 ----a-w- c:\windows\system32\perfc010.dat
2009-12-14 01:04 . 2004-09-16 14:31 345620 ----a-w- c:\windows\system32\perfh010.dat
2009-12-14 00:55 . 2009-12-13 13:18 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-13 13:47 . 2009-12-13 13:47 -------- d-----w- c:\programmi\Toshiba
2009-12-13 13:46 . 2009-12-14 20:04 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Dati applicazioni\Intel
2009-12-13 13:46 . 2009-12-13 17:41 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Intel
2009-12-13 13:46 . 2009-12-13 13:55 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Intel
2009-12-13 13:44 . 2009-12-13 13:44 503808 ----a-w- c:\windows\Asus_A6_ScreenSaver.scr
2009-12-13 13:44 . 2009-12-13 13:44 606848 ----a-w- c:\windows\flashax.exe
2009-12-13 13:44 . 2009-12-13 13:44 12288 ----a-w- c:\windows\impborl.dll
2009-12-13 13:42 . 2009-12-13 13:42 -------- d-----w- c:\programmi\ATI Technologies
2009-12-13 13:42 . 2009-12-13 13:41 -------- d-----w- c:\programmi\CONEXANT
2009-12-13 13:36 . 2009-12-14 20:04 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Dati applicazioni\Symantec
2009-12-13 13:36 . 2009-12-13 17:41 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Symantec
2009-12-13 13:36 . 2009-12-13 13:55 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Symantec
2009-12-13 13:35 . 2009-12-13 13:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-12-13 13:33 . 2009-12-13 13:33 -------- d-----w- c:\programmi\Intel
2009-12-13 13:31 . 2009-12-13 13:31 -------- d-----w- c:\programmi\Synaptics
2009-12-13 13:28 . 2009-12-13 13:28 -------- d-----w- c:\programmi\ASUS
2009-12-13 13:26 . 2009-12-13 13:26 -------- d-----w- c:\programmi\Realtek
2009-12-13 13:26 . 2009-12-13 13:26 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-13 13:26 . 2009-12-13 13:26 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-12-13 13:24 . 2009-12-13 13:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SBSI
2009-12-13 13:19 . 2009-12-13 13:19 -------- d-----w- c:\programmi\microsoft frontpage
2009-12-13 13:17 . 2009-12-13 13:17 -------- d-----w- c:\programmi\Servizi in linea
2009-12-13 13:17 . 2009-12-13 13:17 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2008-04-13 18:13 . 2004-09-16 14:31 163185 --sh--r- c:\windows\system32\sqpeml.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2005-05-11 102400]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-24 14477312]
"ASUS Live Update"="c:\programmi\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 172032]
"Power_Gear"="c:\programmi\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 81920]
"Wireless Console"="c:\programmi\ASUS\Wireless Console\wcourier.exe" [2005-03-02 57344]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-12-21 688218]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\programmi\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 10:27 110592 ----a-w- c:\programmi\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7994:TCP"= 7994:TCP:iayvgfy

R0 R592;R592;c:\windows\system32\drivers\R592.sys [13/12/2009 13.57.00 57088]
R0 risdpntk;risdpntk;c:\windows\system32\drivers\risdpntk.sys [13/12/2009 13.57.00 27264]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [13/12/2009 14.27.40 702326]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [13/12/2009 14.27.39 4790]
S0 ezmsppqs;ezmsppqs;c:\windows\system32\Drivers\ezmsppqs.sys --> c:\windows\system32\Drivers\ezmsppqs.sys [?]
S0 hubemkeb;hubemkeb;c:\windows\system32\Drivers\hubemkeb.sys --> c:\windows\system32\Drivers\hubemkeb.sys [?]
S0 zcnhimnc;zcnhimnc;c:\windows\system32\drivers\zcnhimnc.sys [28/12/2009 22.02.17 40128]
S2 fsogikkr;Server Manager;c:\windows\system32\svchost.exe -k netsvcs [16/09/2004 15.31.20 14336]
S3 psgtngftj;psgtngftj;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fsogikkr
.
Contenuto della cartella 'Scheduled Tasks'

2009-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Bio.org\Dati applicazioni\Mozilla\Firefox\Profiles\yyxnlc1u.default\
FF - prefs.js: browser.startup.homepage - www.google.it
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966 - c:\programmi\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_10431966
AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\programmi\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 16:35
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\psgtngftj]
"ImagePath"="\??\c:\windows\system32\02.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fsogikkr]
"ServiceDll"="c:\windows\system32\sqpeml.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
c:\programmi\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(2076)
c:\windows\system32\SynTPFcs.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\programmi\File comuni\Microsoft Shared\Web Components\10\1040\OWCI10.DLL
c:\progra~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\programmi\File comuni\Microsoft Shared\Web Components\11\1040\OWCI11.DLL
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Intel\Wireless\Bin\OProtSvc.exe
c:\programmi\File comuni\Protexis\License Service\PSIService.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-01 16:37:52 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-01 15:37

Pre-Run: 11.989.893.120 byte disponibili
Post-Run: 11.908.022.272 byte disponibili

- - End Of File - - BF63FAE4FB033206F627BF2AF76DD8C7

Assolutamente! non le ho archiviate io. quindi?

ComboFix 10-01-02.04 - Bio.org 03/01/2010 12.55.31.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1535.1111 [GMT 1:00]
Eseguito da: d:\kecco\ComboFix.exe
Opzioni usate :: d:\kecco\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\01.tmp"
"c:\windows\system32\02.tmp"
"c:\windows\system32\8484AA5D05.sys"
"c:\windows\system32\CF31661.exe"
"c:\windows\system32\drivers\ezmsppqs.sys"
"c:\windows\system32\Drivers\hubemkeb.sys"
"c:\windows\system32\drivers\zcnhimnc.sys"
"c:\windows\system32\sqpeml.dll"
"c:\windows\system32\wmisqtu.exe"
"c:\windows\system32\wmistri.exe"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.000
c:\found.000\FILE0000.CHK
c:\found.000\FILE0001.CHK
c:\found.000\FILE0002.CHK
c:\found.000\FILE0003.CHK
c:\found.000\FILE0004.CHK
c:\found.000\FILE0005.CHK
c:\found.000\FILE0006.CHK
c:\found.000\FILE0007.CHK
c:\found.000\FILE0008.CHK
c:\found.000\FILE0009.CHK
c:\found.000\FILE0010.CHK
c:\found.000\FILE0011.CHK
c:\found.000\FILE0012.CHK
c:\found.000\FILE0013.CHK
c:\found.000\FILE0014.CHK
c:\found.000\FILE0015.CHK
c:\found.000\FILE0016.CHK
c:\found.000\FILE0017.CHK
c:\found.000\FILE0018.CHK
c:\found.000\FILE0019.CHK
c:\found.000\FILE0020.CHK
c:\found.000\FILE0021.CHK
c:\found.000\FILE0022.CHK
C:\FOUND.001
c:\found.001\FILE0000.CHK
c:\found.001\FILE0001.CHK
c:\found.001\FILE0002.CHK
c:\found.001\FILE0004.CHK
c:\found.001\FILE0005.CHK
c:\found.001\FILE0006.CHK
c:\found.001\FILE0007.CHK
C:\FOUND.002
c:\found.002\FILE0000.CHK
c:\found.002\FILE0001.CHK
C:\FOUND.003
c:\found.003\FILE0000.CHK
c:\found.003\FILE0001.CHK
c:\found.003\FILE0002.CHK
c:\found.003\FILE0003.CHK
c:\found.003\FILE0004.CHK
c:\found.003\FILE0005.CHK
c:\found.003\FILE0006.CHK
c:\found.003\FILE0007.CHK
c:\found.003\FILE0008.CHK
c:\found.003\FILE0009.CHK
c:\found.003\FILE0010.CHK
c:\found.003\FILE0011.CHK
C:\FOUND.004
c:\found.004\FILE0000.CHK
c:\found.004\FILE0001.CHK
C:\FOUND.005
c:\found.005\FILE0000.CHK
c:\found.005\FILE0001.CHK
C:\FOUND.006
c:\found.006\FILE0000.CHK
C:\FOUND.007
c:\found.007\FILE0000.CHK
C:\FOUND.008
c:\found.008\FILE0000.CHK
C:\FOUND.009
c:\found.009\FILE0000.CHK
c:\windows\system32\01.tmp
c:\windows\system32\8484AA5D05.sys
c:\windows\system32\CF31661.exe
c:\windows\system32\drivers\zcnhimnc.sys
c:\windows\system32\sqpeml.dll . . . . Eliminazione Fallita

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_fsogikkr
-------\Legacy_zcnhimnc
-------\Service_fsogikkr
-------\Service_zcnhimnc


((((((((((((((((((((((((( Files Creati Da 2009-12-03 al 2010-01-03 )))))))))))))))))))))))))))))))))))
.

2010-01-01 03:23 . 2010-01-01 03:23 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-01-01 03:23 . 2010-01-01 03:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-31 12:18 . 2009-12-31 12:18 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-12-31 12:17 . 2009-12-31 12:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Intel
2009-12-31 12:17 . 2004-10-15 09:20 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
2009-12-31 00:46 . 2009-12-31 00:46 -------- d-----w- c:\programmi\CCleaner
2009-12-30 17:10 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 17:10 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 16:21 . 2009-12-30 16:21 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-30 16:15 . 2009-12-30 16:15 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Malwarebytes
2009-12-30 16:15 . 2009-12-30 16:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-28 21:33 . 2009-12-28 21:33 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Impostazioni locali\Dati applicazioni\Apple Computer
2009-12-28 11:34 . 2009-12-28 11:34 -------- d-sh--w- c:\documents and settings\Nu faciti dannu!\IECompatCache
2009-12-27 13:21 . 2009-12-27 13:21 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Ahead
2009-12-27 13:20 . 2009-12-27 13:21 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Ahead
2009-12-27 13:18 . 2009-12-27 13:18 -------- d-----w- c:\programmi\Nero
2009-12-27 13:18 . 2009-12-27 13:18 -------- d-----w- c:\programmi\File comuni\Ahead
2009-12-26 18:43 . 2009-12-26 18:43 -------- d-sh--w- c:\documents and settings\Nu faciti dannu!\PrivacIE
2009-12-22 14:08 . 2009-12-22 14:08 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\dvdcss
2009-12-22 13:02 . 2008-04-13 10:45 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2009-12-21 12:27 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-21 12:27 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-21 12:27 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-21 12:27 . 2009-12-21 12:27 -------- d-----w- c:\programmi\Avira
2009-12-21 12:27 . 2009-12-21 12:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-12-20 14:24 . 2000-03-29 13:17 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-12-20 12:10 . 2009-12-20 12:10 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Tracing
2009-12-19 22:04 . 2009-12-19 22:04 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2009-12-19 21:29 . 2009-12-19 21:29 -------- d-----w- C:\VideoSec
2009-12-19 16:55 . 2009-12-19 16:56 46080 ----a-w- c:\documents and settings\Nu faciti dannu!\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-18 20:38 . 2009-12-18 20:38 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Impostazioni locali\Dati applicazioni\Adobe
2009-12-18 14:41 . 2009-12-18 14:41 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Corel
2009-12-18 14:41 . 2009-12-18 14:41 65536 ----a-r- c:\documents and settings\Bio.org\Dati applicazioni\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2009-12-18 14:41 . 2009-12-18 14:41 10134 ----a-r- c:\documents and settings\Bio.org\Dati applicazioni\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
2009-12-18 14:41 . 2009-12-18 14:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-12-18 14:40 . 2009-12-18 14:40 -------- d-----w- c:\programmi\File comuni\Protexis
2009-12-18 14:40 . 2009-12-18 14:40 -------- d-----w- c:\programmi\File comuni\Corel
2009-12-18 14:40 . 2009-12-18 14:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Corel
2009-12-18 14:27 . 2009-12-27 18:01 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-18 14:26 . 2009-12-18 14:26 -------- d-----w- c:\programmi\Corel
2009-12-18 14:19 . 2009-12-18 14:19 -------- d-----w- c:\programmi\Bonjour
2009-12-18 14:09 . 2009-12-18 14:09 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2009-12-17 14:48 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-12-17 14:48 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-17 14:48 . 2008-12-07 18:08 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-17 14:48 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-17 14:48 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-12-17 14:48 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-12-17 14:48 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll
2009-12-17 14:48 . 2009-02-09 18:56 67584 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-17 14:48 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-17 14:48 . 2009-12-17 14:48 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-12-17 10:37 . 2004-08-19 13:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-16 21:52 . 2009-12-16 21:52 -------- d-----w- c:\programmi\eMule
2009-12-16 20:50 . 2009-12-16 20:50 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2009-12-16 17:46 . 2009-12-16 17:46 -------- d-----w- c:\documents and settings\Bio.org\Tracing
2009-12-16 17:45 . 2009-12-16 17:45 -------- d-----w- c:\programmi\Microsoft
2009-12-16 17:44 . 2009-12-16 17:44 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-12-16 17:42 . 2009-12-16 17:42 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-12-16 17:41 . 2009-12-16 17:41 -------- d-----w- c:\documents and settings\Bio.org\Contacts
2009-12-16 17:40 . 2009-12-16 17:40 -------- d-----w- c:\windows\system32\DRVSTORE
2009-12-16 17:35 . 2009-12-16 17:35 -------- d-sh--w- c:\programmi\File comuni\WindowsLiveInstaller
2009-12-16 17:35 . 2009-12-16 17:35 -------- d-----w- c:\programmi\Windows Live
2009-12-16 17:35 . 2009-12-16 17:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2009-12-16 17:28 . 2009-12-16 17:28 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\vlc
2009-12-16 17:28 . 2009-12-16 17:28 -------- d-----w- c:\programmi\VideoLAN
2009-12-16 16:29 . 2009-12-16 16:29 152576 ----a-w- c:\documents and settings\Bio.org\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-16 16:27 . 2009-12-16 16:29 79488 ----a-w- c:\documents and settings\Bio.org\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-16 16:17 . 2009-12-16 16:17 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Media Player Classic
2009-12-16 00:22 . 2009-12-16 00:22 -------- d-----w- c:\programmi\uTorrent
2009-12-16 00:22 . 2009-12-16 00:22 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\uTorrent
2009-12-15 20:52 . 2009-12-15 20:52 -------- d-----w- c:\windows\Sun
2009-12-15 20:52 . 2009-10-11 03:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-15 20:52 . 2009-12-15 20:52 -------- d-----w- c:\programmi\Java
2009-12-15 20:51 . 2009-12-15 20:51 152576 ----a-w- c:\documents and settings\Bio.org\Dati applicazioni\Sun\Java\jre1.6.0_12\lzma.dll
2009-12-15 17:40 . 2009-12-15 17:40 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\pdf995
2009-12-15 13:51 . 2009-12-15 13:51 -------- d-----w- c:\programmi\QuickTime
2009-12-15 13:51 . 2009-12-15 13:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-12-15 13:46 . 2009-12-15 13:46 -------- d-----w- c:\programmi\File comuni\Apple
2009-12-15 13:45 . 2009-12-15 13:45 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Apple
2009-12-15 13:45 . 2009-12-15 13:45 -------- d-----w- c:\programmi\Apple Software Update
2009-12-15 13:45 . 2009-12-15 13:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-12-15 13:45 . 2009-12-15 13:45 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Apple Computer
2009-12-15 11:35 . 2009-12-15 11:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2009-12-15 11:03 . 2008-04-13 10:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-12-15 11:03 . 2008-04-13 10:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2009-12-14 20:05 . 2009-12-14 20:05 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Impostazioni locali\Dati applicazioni\Mozilla
2009-12-14 00:52 . 2009-12-14 00:52 -------- d-----w- c:\windows\ServicePackFiles
2009-12-14 00:44 . 2009-12-14 00:44 -------- d-----w- c:\windows\EHome
2009-12-13 21:14 . 2009-12-13 21:14 -------- d-----w- c:\programmi\Axon Data
2009-12-13 21:11 . 2009-12-13 21:11 -------- d-----w- c:\programmi\PowerQuest
2009-12-13 21:10 . 2009-12-18 14:41 46080 ----a-w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-13 21:10 . 2009-12-15 17:41 59 ----a-w- c:\windows\wpd99.drv
2009-12-13 21:10 . 2009-12-13 21:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\pdf995
2009-12-13 21:10 . 2009-12-13 21:10 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-12-13 21:10 . 2009-12-13 21:10 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-12-13 21:10 . 2009-12-13 21:10 -------- d-----w- c:\programmi\pdf995
2009-12-13 21:07 . 2009-12-13 21:07 -------- d-sh--w- c:\documents and settings\Bio.org\IECompatCache
2009-12-13 20:46 . 2009-08-14 15:12 1850624 ------w- c:\windows\system32\dllcache\win32k.sys
2009-12-13 19:52 . 2009-12-13 19:52 -------- d--h--w- c:\windows\$hf_mig$
2009-12-13 19:45 . 2009-12-13 19:45 -------- d-----w- c:\programmi\File comuni\Adobe
2009-12-13 19:41 . 2009-12-13 19:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee Security Scan
2009-12-13 19:36 . 2009-12-13 19:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-13 19:33 . 2009-12-13 19:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-12-13 19:31 . 2009-12-13 19:31 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Adobe
2009-12-13 19:28 . 2009-12-13 19:28 0 ----a-w- c:\windows\nsreg.dat
2009-12-13 19:28 . 2009-12-13 19:28 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Mozilla
2009-12-13 19:12 . 2008-04-13 18:13 26624 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-13 18:50 . 2009-12-13 18:50 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-12-13 18:49 . 2009-12-13 18:49 -------- d-----w- c:\windows\system32\LogFiles
2009-12-13 18:49 . 2009-12-13 18:49 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-13 18:37 . 2009-12-13 18:37 -------- d-sh--w- c:\documents and settings\Bio.org\PrivacIE
2009-12-13 18:36 . 2009-12-13 18:36 -------- d-sh--w- c:\documents and settings\Bio.org\IETldCache
2009-12-13 18:33 . 2009-12-13 18:33 -------- d--h--w- c:\windows\ie8
2009-12-13 18:33 . 2009-12-13 18:33 -------- d-----w- c:\windows\system32\it-IT
2009-12-13 18:27 . 2009-12-13 18:27 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Toshiba
2009-12-13 18:27 . 2009-12-13 18:27 -------- d-----w- c:\documents and settings\Bio.org\Impostazioni locali\Dati applicazioni\Toshiba
2009-12-13 18:26 . 2001-08-30 19:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-12-13 18:26 . 2001-08-30 19:41 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-12-13 18:20 . 2009-12-13 18:20 -------- d-sh--w- c:\documents and settings\Bio.org\UserData
2009-12-13 18:18 . 2009-12-13 18:18 -------- d-----w- c:\programmi\Trend Micro
2009-12-13 18:14 . 2003-06-19 00:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2009-12-13 18:14 . 2003-06-19 00:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-12-13 18:14 . 2009-12-13 18:14 -------- d-----w- c:\programmi\Microsoft.NET
2009-12-13 18:13 . 2009-12-13 18:13 -------- d-----w- c:\windows\SHELLNEW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 23:42 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP523d.tmp
2009-12-29 17:46 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP64c4.tmp
2009-12-28 18:50 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP6949.tmp
2009-12-28 18:45 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP44ee.tmp
2009-12-28 18:40 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP4e35.tmp
2009-12-28 13:44 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP71d4.tmp
2009-12-26 15:47 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP57f3.tmp
2009-12-24 14:39 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP74a3.tmp
2009-12-22 12:28 . 2009-12-13 13:06 90112 ----a-w- c:\windows\DUMP7b98.tmp
2009-12-14 01:04 . 2004-09-16 14:31 48012 ----a-w- c:\windows\system32\perfc010.dat
2009-12-14 01:04 . 2004-09-16 14:31 345620 ----a-w- c:\windows\system32\perfh010.dat
2009-12-14 00:55 . 2009-12-13 13:18 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-13 13:47 . 2009-12-13 13:47 -------- d-----w- c:\programmi\Toshiba
2009-12-13 13:46 . 2009-12-14 20:04 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Dati applicazioni\Intel
2009-12-13 13:46 . 2009-12-13 17:41 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Intel
2009-12-13 13:46 . 2009-12-13 13:55 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Intel
2009-12-13 13:44 . 2009-12-13 13:44 503808 ----a-w- c:\windows\Asus_A6_ScreenSaver.scr
2009-12-13 13:44 . 2009-12-13 13:44 606848 ----a-w- c:\windows\flashax.exe
2009-12-13 13:44 . 2009-12-13 13:44 12288 ----a-w- c:\windows\impborl.dll
2009-12-13 13:42 . 2009-12-13 13:42 -------- d-----w- c:\programmi\ATI Technologies
2009-12-13 13:42 . 2009-12-13 13:41 -------- d-----w- c:\programmi\CONEXANT
2009-12-13 13:36 . 2009-12-14 20:04 -------- d-----w- c:\documents and settings\Nu faciti dannu!\Dati applicazioni\Symantec
2009-12-13 13:36 . 2009-12-13 17:41 -------- d-----w- c:\documents and settings\Bio.org\Dati applicazioni\Symantec
2009-12-13 13:36 . 2009-12-13 13:55 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Symantec
2009-12-13 13:35 . 2009-12-13 13:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-12-13 13:33 . 2009-12-13 13:33 -------- d-----w- c:\programmi\Intel
2009-12-13 13:31 . 2009-12-13 13:31 -------- d-----w- c:\programmi\Synaptics
2009-12-13 13:28 . 2009-12-13 13:28 -------- d-----w- c:\programmi\ASUS
2009-12-13 13:26 . 2009-12-13 13:26 -------- d-----w- c:\programmi\Realtek
2009-12-13 13:26 . 2009-12-13 13:26 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-13 13:26 . 2009-12-13 13:26 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-12-13 13:24 . 2009-12-13 13:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SBSI
2009-12-13 13:19 . 2009-12-13 13:19 -------- d-----w- c:\programmi\microsoft frontpage
2009-12-13 13:17 . 2009-12-13 13:17 -------- d-----w- c:\programmi\Servizi in linea
2009-12-13 13:17 . 2009-12-13 13:17 21840 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-01-01_15.35.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-03 12:00 . 2010-01-03 12:00 16384 c:\windows\Temp\Perflib_Perfdata_794.dat
+ 2009-12-13 13:22 . 2010-01-02 19:17 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-13 13:22 . 2009-12-28 19:00 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-13 13:22 . 2010-01-02 19:17 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2009-12-13 13:22 . 2009-12-28 19:00 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2010-01-02 19:17 . 2010-01-02 19:17 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-12-13 13:22 . 2009-12-28 19:00 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2005-05-11 102400]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-24 14477312]
"ASUS Live Update"="c:\programmi\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 172032]
"Power_Gear"="c:\programmi\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 81920]
"Wireless Console"="c:\programmi\ASUS\Wireless Console\wcourier.exe" [2005-03-02 57344]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-12-21 688218]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\programmi\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 10:27 110592 ----a-w- c:\programmi\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7994:TCP"= 7994:TCP:iayvgfy

R0 R592;R592;c:\windows\system32\drivers\R592.sys [13/12/2009 13.57.00 57088]
R0 risdpntk;risdpntk;c:\windows\system32\drivers\risdpntk.sys [13/12/2009 13.57.00 27264]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [13/12/2009 14.27.40 702326]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [13/12/2009 14.27.39 4790]
S0 ezmsppqs;ezmsppqs;c:\windows\system32\Drivers\ezmsppqs.sys --> c:\windows\system32\Drivers\ezmsppqs.sys [?]
S0 hubemkeb;hubemkeb;c:\windows\system32\Drivers\hubemkeb.sys --> c:\windows\system32\Drivers\hubemkeb.sys [?]
S2 fsogikkr;Server Manager;c:\windows\system32\svchost.exe -k netsvcs [16/09/2004 15.31.20 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fsogikkr
.
Contenuto della cartella 'Scheduled Tasks'

2009-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Bio.org\Dati applicazioni\Mozilla\Firefox\Profiles\yyxnlc1u.default\
FF - prefs.js: browser.startup.homepage - www.google.it
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 13:22
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fsogikkr]
"ServiceDll"="c:\windows\system32\sqpeml.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
c:\programmi\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\SynTPFcs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Intel\Wireless\Bin\OProtSvc.exe
c:\programmi\File comuni\Protexis\License Service\PSIService.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-03 13:24:22 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-03 12:24
ComboFix2.txt 2010-01-01 15:37

Pre-Run: 11.839.455.232 byte disponibili
Post-Run: 11.753.684.992 byte disponibili

- - End Of File - - 6F3B0DC6D67AE6BF340460EE769D3BC1