Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

applicazione win 32 non valida

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

applicazione win 32 non valida

Postdi gio_poker » 20/01/09 13:32

Salve a tutti ragazzi! Ho un problema che spero di risolvere, con il vostro aiuto.
Ho un ACER. Da qualche giorno l'avvio del computer è come bloccato, si avvia il sistema operativo (Win xp) e qualche altro programma MA non tutti. Non si avviano l'antivirus (Avira), l'antispyware (spybot) il controller del volume. In più quando cerco di aprire questi programmi, così come CCleaner, Hijackthis, mi compare il messaggio di errore: applicazione win32 non valida. Ma io li ho sempre usati tranquillamente! Non ho modificato nulla eppure non riesco più ad avviarli. .. li ho anche disinstallati e reinstallati tutti ma senza risultato..

Non riesco ad avviare il computer in modalità provvisoria...

In più non riconosce assolutamente gli hard disk esterni. Anzi, credo che me li abbia infettati :cry:
Qualcuno sa dirmi cosa può essere successo o cosa posso fare per capirlo (e risolverlo)?? Grazie.


ho scoperto oggi questo bagle
Ho trovato nel computer i seguenti file:
C:\Documents and Settings\Proprietario\Dati applicazioni\drivers\srosa2.sys
C:\Documents and Settings\Proprietario\Dati applicazioni\drivers\winupgro.exe

Ho provato ad effettuare una scansione on line con kaspersky ma non ci sono riuscito perchè si blocca (credo ad opera del worm). Ho provato ad installare l'antirootkit gmer ma ancora non funziona (applicazione non valida)....
Il pc non si riavvia in modalità provvisoria.

L'unica scansione che sono riuscito a fare è stata con catchme.exe e questo è il log:
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

? [2932]
? [880]

scanning hidden services ...

HKLM\SYSTEM\CurrentControlSet\Services\srserviceFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\SrverviceFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\sscdbusceFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\sscdmdfleFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\sscdmdmleFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRVleFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\ssmdrvVleFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\StarOpeneFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\stisvceneFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\streamipeFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\swenumipeFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\swmidiipeFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\SwPrviipeFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\symc810peFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\symc8xxpeFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\sym_hixpeFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\sym_u3xpeFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\SynTP3xpeFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\sysaudioeFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\SysmonLogFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvogFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\TcpiprvogFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\TDPIPEvogFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\TDTCPEvogFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\TermDDvogFUServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\TermServiceServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\TfFsMonviceServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\TfKbMonviceServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\TfNetMoniceServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\TfSysMoniceServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\ThemesoniceServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\ThreatFireeServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\TlntSvrireeServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\TosIderireeServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\TrkWksrireeServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\TSDDDsrireeServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\UdfsDsrireeServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\ultrasrireeServicerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\UnlockerDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\UpdateerDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\upnphostDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\UPSphostDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\usbccgptDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\usbehcitDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\usbhubitDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\usbprintDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\usbscantDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\usbstortDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\usbuhcitDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\usnjsvctDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\VgaSavetDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\viaagpetDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\viaagp1tDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\viagfx1tDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\ViaIde1tDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\VIAudiotDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\VolSnaptDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\VSSSnaptDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\VxDSnaptDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\W32TimetDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\W3SVCmetDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\WanarpetDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\WDICApetDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\wdmaudetDriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\WebClientriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\winmgmtntriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\Winsockntriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2triver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\WinTrusttriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSNtriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpltriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\WmiApSrvtriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\WpdUsbrvtriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\WS2IFSLvtriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\wscsvcLvtriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\WSTCODECtriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\wuauservtriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\WudfPfrvtriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\WudfRdrvtriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\WudfSvcvtriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCcvtriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\xmlprovvtriver5icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\ZD1211BU(ZyDAS)icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\ZDPSp50U(ZyDAS)icerentr 3udit Service

HKLM\SYSTEM\CurrentControlSet\Services\af6rfeig2-9F8E-4A1A-8E61-47E34B6EAAA1}

scanning hidden autostart entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 2
hidden services: 85
hidden files: 0

IO NON CI CAPISCO NIENTE.

Leggendo qui nel forum ho trovato il consiglio di scaricare combofix e salvarlo sul desktop con un altro nome. Io riuscirei a scaricarlo con un altro computer (perchè il mio non si connette) ma poi non riuscirei a portarlo sul mio perchè non riconosce le chiavi usb... :x

Non so proprio cosa fare!! Chiedo per favore aiuto. Grazie
gio_poker
Utente Junior
 
Post: 29
Iscritto il: 03/09/08 12:07

Sponsor
 

Re: applicazione win 32 non valida

Postdi Luke57 » 20/01/09 15:49

Ciao, copia combofix.exe cambiandogli nome su un cd (metti un nome di fantasia, ad es.123.exe), trasferisci combofix camuffato sul desktop del computer infetto, poi :

Vai in start>esegui>nel box bianco copia e incolla, virgolette comprese:

"%userprofile%\desktop\123.exe" /killall

Premi OK, parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione, se dovessero scomparire le icone sul desktop e la barra delle applicazioni, non è nulla di cui preoccuparsi),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , posta il contenuto del file
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: applicazione win 32 non valida

Postdi gio_poker » 20/01/09 22:52

Grazie Luke57. Ho fatto come mi hai detto.
Questo è il file combofix.txt:
ComboFix 09-01-19.05 - Proprietario 2009-01-20 21:53:03.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1023.755 [GMT 1:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\pippo.exe
Opzioni usate :: /killal
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Proprietario\Dati applicazioni\drivers\downld
c:\documents and settings\Proprietario\Dati applicazioni\drivers\srosa.sys
c:\documents and settings\Proprietario\Dati applicazioni\drivers\srosa2.sys
c:\documents and settings\Proprietario\Dati applicazioni\drivers\winupgro.exe
c:\documents and settings\Proprietario\Dati applicazioni\m
c:\documents and settings\Proprietario\Dati applicazioni\m\flec006.exe
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\#1 MP3 to WAV Converter 5.7.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\#1 Smart PopUp Stopper Pro 4.4.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\24 Channel Multi Level Meter Bridge 2006.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\2nd Speech Center 3.30.7.1129.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\3D Purple Animated Cursors 1.0d.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\3D Raindrop Screen saver 2.00.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\A2 Flash Slideshow Photogallery System 3.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ABC DVD Copy 3.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Adeona 0.2.1a Beta.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Adobe Customization Wizard 8.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Adobe Reader SpeedUp 1.36.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Advanced Explosion WorkFlow 4.3.29.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Aglare All to Mp4 Converter 6.5.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Aglare Video to iPhone Converter 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Alive Diary 2.3.21.14.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Amigo-2000 1.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Animation from Movie 2.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Anti-BO 1.5b.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AntispamSniper for Outlook Express 3.1.0.3.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Applicazione Nokia - Affari tuoi.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Audio Fish 1.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AudioSpin Media Recorder 1.09.044.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Audit Trail Wizard 1.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AVG.Anti-Virus.Professional.7.5.working.CRACK!!!.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AVI Frame Rate Changer 1.10.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Barcode Professional SDK for .NET 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Basic Facts Worksheet Factory 3.0.0055.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Basp Pro 4.0.9.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Belorussian Before You Know It Lite 3.6.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\BizPBX 1.3.1.5.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Body Mass Index Calculator 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\BooleanMinimizer 1.0.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Cashflow Plan Micro 1.31.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CCXI XML Data Island Library 2004.0 2004.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ClipExact 1.0.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ComfortAir HVAC Software 4.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Compare Sheets 1.1.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Cool Free AVI WMV MPEG MP4 iPhone 3GP Converter 6.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Cosmic Heart 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CountdownT 0.9.72.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CrystalFire Wormhole 1.2.5 beta 1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Cucusoft PSP Movie Converter 5.16.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Custom Smileys 2.3.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\DDE server plugin 2.5.0.13.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Desktop Magnifier 1.7.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Doszip Commander 0.1.28 Beta.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Easy Website Promoter 8.0.0.4.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ECTACO English Chinese Simplified Talking Partner Dictionary 2.3.18.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Excel Extract Data & Text Software 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Excellence Java Pixie 2.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\eXHTTP 1.0.0.1734.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\eXPlorer Styler 2 b130908.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Extension Changer 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Fast DVD Converter 5.8.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Feli-X 1.0.6.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Fiddler 2.0.9.0 Beta.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\FINDMIDI 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Folders Sequence Creator 1.0.0.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\FoxSoft BBCoder 1.0 A1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Gong Beater 1439.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Hathi Widgets 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Header Skip 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\IEJet-Popup Killer and Ad Stopper 1.42.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\IndiaInk 1.97.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Intel C++ Compiler 10.0.023.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Joe Biden 7.10.08.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Kaspersky.Antivirus.Personal.Pro.v5.0.527-FR.Incl-Keys.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Kernel Filter for Content Protection 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\KShutdown 2.0 Alpha 4.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\KZ IconXTractor 2.306.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\LingvoSoft Dictionary 2007 German - Italian 4.0.22.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\McAfee.SpamKiller.for.Microsoft.Exchange.2000.2003.v2.1.2.Retail.Zdal.CoM.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\McAfee.VirusScan.v10.0.27-GEAR_for_www.goldesel.to.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MiniBrowser 1.1.72a.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MLB Scores 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Mobile Excel.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Module 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Mp3 Slave 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MS Access Append TWO Tables Software 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MSI SecureDoc 1.13E1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\My Messenger with wapmsgr 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Net Pulse 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\News Bulk Poster 1.0.2.719.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\NOD32.v.2.51.20.(NT.2K.XP.2003.X64).Português-BR.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Norton.Antivirus.2006.Ita.Serial.Crack.Keygen.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\NucleoTime 1.49.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\OakDoc DWG to IMAGE Converter 1.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Overhead Video&Images processor 1.03.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Password Generator 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\PDF OCR Compressor SDK 2.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\PerspecX 1.3.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Portable Screamer Radio 0.4.3.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Post-Code 1.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Prayer Times PC 1.18.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Process Priority Optimizer 2.2.3.46.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\PureRadio 3.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\quick.heal.xgen.6.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Rational Reducer Pro 3.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Rename 2.5a.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\rssPlayPen 1.0.31.20061220.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SafeTweak XP Resource 3.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ScaleOut StateServer 4.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Serial.-.BitDefender.v10-antivirus.plus.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SerialGrabber 1.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Shadow Keylogger 1.1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Simple Movie Database 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SoftCare Overset Manager CS 4.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SoundBox.NET.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SpamRemover 1.9.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Strip HTML Tags From Multiple Files Software 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Stylus Studio XML Enterprise Edition 6.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Sybase ASE Import Multiple Text Files Software 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\TGetDiskSerial Component 4.0.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\The Math Slate 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ThumbStrips 1.0.2.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Tranquil Waterscapes Screensaver.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Transbar 1.4.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\True Eraser 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\VsamExtreme 6.0.9.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Walking the Las Vegas Strip Screensaver 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\WatchMyPC 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\WebCache 6.95.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Windows Std Serial Comm Lib for Visual Basic 4.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\WSUS Remote Sync 0.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Xcellent IPReporter 1.0.0.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Xilisoft Audio Maker Suite 3.0.45.0801.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\XSidebar 1.0.2.zip
c:\programmi\Synaptics\SynTP\SynTPLpr.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((( Files Creati Da 2008-12-20 al 2009-01-20 )))))))))))))))))))))))))))))))))))
.

2009-01-20 21:38 . 2009-01-20 21:38 <DIR> d-------- c:\programmi\FindyKill
2009-01-20 16:00 . 2009-01-20 16:00 <DIR> d--h----- c:\documents and settings\Proprietario\Dati applicazioni\drivers
2009-01-18 14:43 . 2009-01-18 14:43 <DIR> d-------- c:\programmi\Sophos
2009-01-11 23:52 . 2009-01-11 23:52 <DIR> d--h----- c:\documents and settings\Proprietario\Dati applicazioni\driv
2009-01-09 19:22 . 2009-01-09 19:22 <DIR> d-------- c:\documents and settings\Proprietario\Dati applicazioni\Desktopicon
2009-01-09 01:28 . 2009-01-09 01:28 <DIR> d-------- c:\documents and settings\LocalService\Menu Avvio
2009-01-08 19:10 . 2009-01-08 19:10 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2009-01-08 19:10 . 2008-11-17 13:05 51,488 --a------ c:\windows\system32\drivers\TfFsMon.sys
2009-01-08 19:10 . 2008-11-17 13:05 39,200 --a------ c:\windows\system32\drivers\TfSysMon.sys
2009-01-08 19:10 . 2008-11-17 13:05 33,056 --a------ c:\windows\system32\drivers\TfNetMon.sys
2009-01-08 19:10 . 2008-11-17 13:05 12,576 --a------ c:\windows\system32\drivers\TfKbMon.sys
2009-01-08 19:03 . 2009-01-08 19:03 <DIR> d-------- c:\documents and settings\Proprietario\xinorbis

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 19:52 14,848 ----a-w c:\windows\system32\dllcache\register.exe
2008-12-10 22:17 --------- d-----w c:\programmi\Pando Networks
2008-12-08 17:51 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\Apple Computer
2008-12-08 17:41 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\Sony
2008-12-08 17:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Sony
2008-12-08 16:48 --------- d-----w c:\programmi\Sony
2008-12-08 16:48 --------- d-----w c:\programmi\File comuni\Sony Shared
2008-12-08 16:42 --------- d-----w c:\programmi\QuickTime
2008-12-08 16:42 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-12-08 16:41 --------- d-----w c:\programmi\Apple Software Update
2008-12-08 16:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple
2008-12-07 14:08 --------- d-----w c:\programmi\Eusing
2008-12-07 14:08 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\FreeDownloadManager.ORG
2008-11-30 12:19 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\stickies
2008-11-28 18:10 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2008-11-28 00:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-11-28 00:44 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-11-22 16:20 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\eMule AdunanzA
2008-11-01 13:30 249,592 ----a-w c:\windows\system32\cssdll32.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spyware\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2004-04-20 40960]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2004-08-06 32768]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2004-01-28 184320]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-09-08 245760]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2009-01-20 266497]
"ISTray"="c:\program files\Spyware\Spyware Doctor\pctsTray.exe" [2009-01-20 1168264]
"SmartRAM"="c:\program files\Registro\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 662016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-13 4141056]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-08-16 503808]
"nwiz"="nwiz.exe" [2004-07-13 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 20:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 c:\program files\Internet\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 c:\programmi\QuickTime\QTTask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
"Pando"="c:\program files\Pando Networks\Pando\pando.exe" /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"LManager"=c:\program files\Launch Manager\HotkeyApp.exe
"PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
"Samsung PanelMgr"=c:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\programmi\File comuni\Nero\Lib\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"PCMService"="c:\program files\Arcade\PCMService.exe"
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe"
"VTTimer"=VTTimer.exe
"AGRSMMSG"=AGRSMMSG.exe
"AudioDeck"=c:\programmi\VIAudioi\SBADeck\ADeck.exe 1
"snpstd"=c:\windows\vsnpstd.exe
"Cobian Backup 9 interface"="c:\program files\Registro\Cobian Backup 9\cbInterface.exe" -service
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe"
"ThreatFire"=c:\program files\Spyware\ThreatFire\TFTray.exe
"VTTrayp"=VTtrayp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\p2p\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Proprietario\\Desktop\\utorrent.exe"=
"c:\\Program Files\\WLan\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Documents and Settings\\Proprietario\\Documenti\\sincronizzare\\dshutdown\\DShutdown\\RDShutdown.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Internet\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Internet\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Internet\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Internet\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Internet\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Internet\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57907:TCP"= 57907:TCP:Pando P2P TCP Listening Port
"57907:UDP"= 57907:UDP:Pando P2P UDP Listening Port
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-01-08 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-01-08 39200]
R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2003-01-02 9867]
R4 CobianBackupAmanita;Cobian Backup 9 servizio;c:\program files\Registro\Cobian Backup 9\cbService.exe [2008-10-31 582144]
S1 mailKmd;mailKmd; [x]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-11-22 20608]
S3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [2004-09-17 140288]
S3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [2003-01-02 2343]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-01-08 33056]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware\Spyware Doctor\pctsAuxs.exe [2008-09-14 356920]
S4 ThreatFire;ThreatFire;c:\program files\Spyware\ThreatFire\TFService.exe service --> c:\program files\Spyware\ThreatFire\TFService.exe service [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a8318ba-d9d5-11dd-8890-000ae4a36d4d}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a8318bb-d9d5-11dd-8890-000ae4a36d4d}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b29bf24-db61-11dd-8897-000000000000}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e944ab0e-db12-11dd-8895-000ae4a36d4d}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-20 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

2009-01-20 c:\windows\Tasks\XoftSpySE 2.job
- d:\programmi\Registro\XoftSpySE\XoftSpy.exe [2008-09-03 15:48]

2008-11-29 c:\windows\Tasks\XoftSpySE.job
- d:\programmi\Registro\XoftSpySE\XoftSpy.exe [2008-09-03 15:48]

2008-12-05 c:\windows\Tasks\RegCure.job
- d:\programmi\RegCure\RegCure.exe [2007-08-02 09:20]

2009-01-20 c:\windows\Tasks\RegCure Program Check.job
- d:\programmi\RegCure\RegCure.exe [2007-08-02 09:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = hxxp://izarc.org/donate.html
uSearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Scarica con Free Download Manager - file://c:\programmi\Eusing\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\programmi\Eusing\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Eusing\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\programmi\Eusing\Free Download Manager\dlall.htm
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 21:57:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\acer\EMANAGER\ANBMSERV.EXE
c:\programmi\NERO\NERO8\NERO BACKITUP\NBSERVICE.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
.
**************************************************************************
.
Ora fine scansione: 2009-01-20 22:00:26 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-01-20 21:00:24

Pre-Run: 3,386,228,736 byte disponibili
Post-Run: 3,343,466,496 byte disponibili

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
336 --- E O F --- 2008-11-10 21:38:23


Qesto invece è il log di combofix (mi è comparso dopo):
ComboFix 09-01-19.05 - Proprietario 2009-01-20 21:53:03.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.1023.755 [GMT 1:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\pippo.exe
Opzioni usate :: /killal
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Proprietario\Dati applicazioni\drivers\downld
c:\documents and settings\Proprietario\Dati applicazioni\drivers\srosa.sys
c:\documents and settings\Proprietario\Dati applicazioni\drivers\srosa2.sys
c:\documents and settings\Proprietario\Dati applicazioni\drivers\winupgro.exe
c:\documents and settings\Proprietario\Dati applicazioni\m
c:\documents and settings\Proprietario\Dati applicazioni\m\flec006.exe
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\#1 MP3 to WAV Converter 5.7.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\#1 Smart PopUp Stopper Pro 4.4.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\24 Channel Multi Level Meter Bridge 2006.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\2nd Speech Center 3.30.7.1129.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\3D Purple Animated Cursors 1.0d.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\3D Raindrop Screen saver 2.00.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\A2 Flash Slideshow Photogallery System 3.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ABC DVD Copy 3.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Adeona 0.2.1a Beta.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Adobe Customization Wizard 8.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Adobe Reader SpeedUp 1.36.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Advanced Explosion WorkFlow 4.3.29.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Aglare All to Mp4 Converter 6.5.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Aglare Video to iPhone Converter 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Alive Diary 2.3.21.14.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Amigo-2000 1.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Animation from Movie 2.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Anti-BO 1.5b.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AntispamSniper for Outlook Express 3.1.0.3.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Applicazione Nokia - Affari tuoi.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Audio Fish 1.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AudioSpin Media Recorder 1.09.044.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Audit Trail Wizard 1.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AVG.Anti-Virus.Professional.7.5.working.CRACK!!!.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\AVI Frame Rate Changer 1.10.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Barcode Professional SDK for .NET 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Basic Facts Worksheet Factory 3.0.0055.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Basp Pro 4.0.9.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Belorussian Before You Know It Lite 3.6.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\BizPBX 1.3.1.5.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Body Mass Index Calculator 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\BooleanMinimizer 1.0.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Cashflow Plan Micro 1.31.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CCXI XML Data Island Library 2004.0 2004.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ClipExact 1.0.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ComfortAir HVAC Software 4.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Compare Sheets 1.1.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Cool Free AVI WMV MPEG MP4 iPhone 3GP Converter 6.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Cosmic Heart 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CountdownT 0.9.72.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\CrystalFire Wormhole 1.2.5 beta 1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Cucusoft PSP Movie Converter 5.16.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Custom Smileys 2.3.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\DDE server plugin 2.5.0.13.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Desktop Magnifier 1.7.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Doszip Commander 0.1.28 Beta.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Easy Website Promoter 8.0.0.4.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ECTACO English Chinese Simplified Talking Partner Dictionary 2.3.18.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Excel Extract Data & Text Software 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Excellence Java Pixie 2.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\eXHTTP 1.0.0.1734.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\eXPlorer Styler 2 b130908.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Extension Changer 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Fast DVD Converter 5.8.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Feli-X 1.0.6.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Fiddler 2.0.9.0 Beta.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\FINDMIDI 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Folders Sequence Creator 1.0.0.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\FoxSoft BBCoder 1.0 A1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Gong Beater 1439.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Hathi Widgets 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Header Skip 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\IEJet-Popup Killer and Ad Stopper 1.42.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\IndiaInk 1.97.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Intel C++ Compiler 10.0.023.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Joe Biden 7.10.08.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Kaspersky.Antivirus.Personal.Pro.v5.0.527-FR.Incl-Keys.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Kernel Filter for Content Protection 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\KShutdown 2.0 Alpha 4.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\KZ IconXTractor 2.306.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\LingvoSoft Dictionary 2007 German - Italian 4.0.22.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\McAfee.SpamKiller.for.Microsoft.Exchange.2000.2003.v2.1.2.Retail.Zdal.CoM.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\McAfee.VirusScan.v10.0.27-GEAR_for_www.goldesel.to.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MiniBrowser 1.1.72a.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MLB Scores 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Mobile Excel.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Module 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Mp3 Slave 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MS Access Append TWO Tables Software 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\MSI SecureDoc 1.13E1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\My Messenger with wapmsgr 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Net Pulse 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\News Bulk Poster 1.0.2.719.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\NOD32.v.2.51.20.(NT.2K.XP.2003.X64).Português-BR.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Norton.Antivirus.2006.Ita.Serial.Crack.Keygen.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\NucleoTime 1.49.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\OakDoc DWG to IMAGE Converter 1.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Overhead Video&Images processor 1.03.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Password Generator 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\PDF OCR Compressor SDK 2.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\PerspecX 1.3.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Portable Screamer Radio 0.4.3.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Post-Code 1.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Prayer Times PC 1.18.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Process Priority Optimizer 2.2.3.46.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\PureRadio 3.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\quick.heal.xgen.6.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Rational Reducer Pro 3.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Rename 2.5a.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\rssPlayPen 1.0.31.20061220.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SafeTweak XP Resource 3.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ScaleOut StateServer 4.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Serial.-.BitDefender.v10-antivirus.plus.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SerialGrabber 1.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Shadow Keylogger 1.1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Simple Movie Database 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SoftCare Overset Manager CS 4.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SoundBox.NET.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\SpamRemover 1.9.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Strip HTML Tags From Multiple Files Software 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Stylus Studio XML Enterprise Edition 6.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Sybase ASE Import Multiple Text Files Software 7.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\TGetDiskSerial Component 4.0.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\The Math Slate 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\ThumbStrips 1.0.2.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Tranquil Waterscapes Screensaver.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Transbar 1.4.2.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\True Eraser 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\VsamExtreme 6.0.9.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Walking the Las Vegas Strip Screensaver 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\WatchMyPC 1.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\WebCache 6.95.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Windows Std Serial Comm Lib for Visual Basic 4.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\WSUS Remote Sync 0.1.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Xcellent IPReporter 1.0.0.0.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\Xilisoft Audio Maker Suite 3.0.45.0801.zip
c:\documents and settings\Proprietario\Dati applicazioni\m\shared\XSidebar 1.0.2.zip
c:\programmi\Synaptics\SynTP\SynTPLpr.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((( Files Creati Da 2008-12-20 al 2009-01-20 )))))))))))))))))))))))))))))))))))
.

2009-01-20 21:38 . 2009-01-20 21:38 <DIR> d-------- c:\programmi\FindyKill
2009-01-20 16:00 . 2009-01-20 16:00 <DIR> d--h----- c:\documents and settings\Proprietario\Dati applicazioni\drivers
2009-01-18 14:43 . 2009-01-18 14:43 <DIR> d-------- c:\programmi\Sophos
2009-01-11 23:52 . 2009-01-11 23:52 <DIR> d--h----- c:\documents and settings\Proprietario\Dati applicazioni\driv
2009-01-09 19:22 . 2009-01-09 19:22 <DIR> d-------- c:\documents and settings\Proprietario\Dati applicazioni\Desktopicon
2009-01-09 01:28 . 2009-01-09 01:28 <DIR> d-------- c:\documents and settings\LocalService\Menu Avvio
2009-01-08 19:10 . 2009-01-08 19:10 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2009-01-08 19:10 . 2008-11-17 13:05 51,488 --a------ c:\windows\system32\drivers\TfFsMon.sys
2009-01-08 19:10 . 2008-11-17 13:05 39,200 --a------ c:\windows\system32\drivers\TfSysMon.sys
2009-01-08 19:10 . 2008-11-17 13:05 33,056 --a------ c:\windows\system32\drivers\TfNetMon.sys
2009-01-08 19:10 . 2008-11-17 13:05 12,576 --a------ c:\windows\system32\drivers\TfKbMon.sys
2009-01-08 19:03 . 2009-01-08 19:03 <DIR> d-------- c:\documents and settings\Proprietario\xinorbis

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 19:52 14,848 ----a-w c:\windows\system32\dllcache\register.exe
2008-12-10 22:17 --------- d-----w c:\programmi\Pando Networks
2008-12-08 17:51 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\Apple Computer
2008-12-08 17:41 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\Sony
2008-12-08 17:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Sony
2008-12-08 16:48 --------- d-----w c:\programmi\Sony
2008-12-08 16:48 --------- d-----w c:\programmi\File comuni\Sony Shared
2008-12-08 16:42 --------- d-----w c:\programmi\QuickTime
2008-12-08 16:42 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-12-08 16:41 --------- d-----w c:\programmi\Apple Software Update
2008-12-08 16:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple
2008-12-07 14:08 --------- d-----w c:\programmi\Eusing
2008-12-07 14:08 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\FreeDownloadManager.ORG
2008-11-30 12:19 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\stickies
2008-11-28 18:10 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2008-11-28 00:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-11-28 00:44 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-11-22 16:20 --------- d-----w c:\documents and settings\Proprietario\Dati applicazioni\eMule AdunanzA
2008-11-01 13:30 249,592 ----a-w c:\windows\system32\cssdll32.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spyware\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2004-04-20 40960]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2004-08-06 32768]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2004-01-28 184320]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-09-08 245760]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2009-01-20 266497]
"ISTray"="c:\program files\Spyware\Spyware Doctor\pctsTray.exe" [2009-01-20 1168264]
"SmartRAM"="c:\program files\Registro\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 662016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-13 4141056]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-08-16 503808]
"nwiz"="nwiz.exe" [2004-07-13 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 20:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 c:\program files\Internet\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 c:\programmi\QuickTime\QTTask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
"Pando"="c:\program files\Pando Networks\Pando\pando.exe" /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"LManager"=c:\program files\Launch Manager\HotkeyApp.exe
"PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
"Samsung PanelMgr"=c:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\programmi\File comuni\Nero\Lib\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"PCMService"="c:\program files\Arcade\PCMService.exe"
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe"
"VTTimer"=VTTimer.exe
"AGRSMMSG"=AGRSMMSG.exe
"AudioDeck"=c:\programmi\VIAudioi\SBADeck\ADeck.exe 1
"snpstd"=c:\windows\vsnpstd.exe
"Cobian Backup 9 interface"="c:\program files\Registro\Cobian Backup 9\cbInterface.exe" -service
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe"
"ThreatFire"=c:\program files\Spyware\ThreatFire\TFTray.exe
"VTTrayp"=VTtrayp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\p2p\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Proprietario\\Desktop\\utorrent.exe"=
"c:\\Program Files\\WLan\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Documents and Settings\\Proprietario\\Documenti\\sincronizzare\\dshutdown\\DShutdown\\RDShutdown.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Internet\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Internet\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Internet\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Internet\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Internet\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Internet\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57907:TCP"= 57907:TCP:Pando P2P TCP Listening Port
"57907:UDP"= 57907:UDP:Pando P2P UDP Listening Port
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-01-08 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-01-08 39200]
R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2003-01-02 9867]
R4 CobianBackupAmanita;Cobian Backup 9 servizio;c:\program files\Registro\Cobian Backup 9\cbService.exe [2008-10-31 582144]
S1 mailKmd;mailKmd; [x]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-11-22 20608]
S3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [2004-09-17 140288]
S3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [2003-01-02 2343]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-01-08 33056]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware\Spyware Doctor\pctsAuxs.exe [2008-09-14 356920]
S4 ThreatFire;ThreatFire;c:\program files\Spyware\ThreatFire\TFService.exe service --> c:\program files\Spyware\ThreatFire\TFService.exe service [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a8318ba-d9d5-11dd-8890-000ae4a36d4d}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a8318bb-d9d5-11dd-8890-000ae4a36d4d}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b29bf24-db61-11dd-8897-000000000000}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e944ab0e-db12-11dd-8895-000ae4a36d4d}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-20 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

2009-01-20 c:\windows\Tasks\XoftSpySE 2.job
- d:\programmi\Registro\XoftSpySE\XoftSpy.exe [2008-09-03 15:48]

2008-11-29 c:\windows\Tasks\XoftSpySE.job
- d:\programmi\Registro\XoftSpySE\XoftSpy.exe [2008-09-03 15:48]

2008-12-05 c:\windows\Tasks\RegCure.job
- d:\programmi\RegCure\RegCure.exe [2007-08-02 09:20]

2009-01-20 c:\windows\Tasks\RegCure Program Check.job
- d:\programmi\RegCure\RegCure.exe [2007-08-02 09:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = hxxp://izarc.org/donate.html
uSearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Scarica con Free Download Manager - file://c:\programmi\Eusing\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\programmi\Eusing\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Eusing\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\programmi\Eusing\Free Download Manager\dlall.htm
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 21:57:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\acer\EMANAGER\ANBMSERV.EXE
c:\programmi\NERO\NERO8\NERO BACKITUP\NBSERVICE.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
.
**************************************************************************
.
Ora fine scansione: 2009-01-20 22:00:26 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-01-20 21:00:24

Pre-Run: 3,386,228,736 byte disponibili
Post-Run: 3,343,466,496 byte disponibili

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
336 --- E O F --- 2008-11-10 21:38:23


Cosa vuol dire che non ho la consolle di emergenza installata?
Io ho provato a fare delle prove e il computer non parte ancora in modalità provvisoria e (cosa molto grave per me) non riconosce l'hard disk esterno che forse aveva infettato (120Gb). Cosa posso fare?? Grazie per la pazienza.
gio_poker
Utente Junior
 
Post: 29
Iscritto il: 03/09/08 12:07

Re: applicazione win 32 non valida

Postdi Luke57 » 20/01/09 23:11

Ciao, scarica questo tool :
http://www.suspectfile.com/upload/files ... ity_XP.zip
eseguilo.
qui è spiegato a che cosa serve:
http://www.suspectfile.com/wblog/index.php
Poi prova a reistallare antivir (l'eseguibile è ormai corrotto definitivamente), aggiornalo e fai una scansione completa di tutto il computer.
Fammi sapere come va.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: applicazione win 32 non valida

Postdi gio_poker » 20/01/09 23:27

ok, grazie tante Luke! Ti farò sapere.
gio_poker
Utente Junior
 
Post: 29
Iscritto il: 03/09/08 12:07

Re: applicazione win 32 non valida

Postdi gio_poker » 21/01/09 20:48

ciao Luke! Ho reinstallato avira, ho fatto una scansione e non ho trovato niente. :)

A proposito del tool suspectfile l'ho scaricato e ho cliccato sul punto 10 . ripristina safe boot per la modalità provvisoria
Ma gli altri punti non so a cosa servono e nel link della guida che mi hai dato non sono riuscito a trovare spiegazioni.
Per esempio i punti 3 4 8 9 12 15 16 mi conviene attivarli? (ti ho allegato l'immagine di suspectfile).

Il computer pare che ora vada bene. Secondo te devo fare qualche altra scansione?

C'è un grossissimo problema però: credo che l'hard disk esterno (usb 2.0 2.5") sia stato infettato dal worm perchè ha smesso completamente di funzionare :undecided: Ho un sacco di dati salvati è un usb 2.0 2.5" 120Gb.

Quando lo collego, il computer fa il sonoro classico ma non parte nessun autoplay e in gestione risorse (ne tantomeno in dos) lo riesco a vedere. Mentre la lucina sul case resta fissa verde, non lampeggia più rosso/verde come se stesse caricando....

E' un disastro che spero di evitare, almeno recuperando alcuni dati....
Hai qualche idea? Aspetto con ansia. Grazie mille.
Allegati
Immagine.JPG
suspectfile
(35.18 KiB) Scaricato 32 volte
gio_poker
Utente Junior
 
Post: 29
Iscritto il: 03/09/08 12:07

Re: applicazione win 32 non valida

Postdi Luke57 » 21/01/09 22:15

Ciao, servono a ripristinare la situazione ante infezione per quei settori indicati, male no fa tutt'al più lascia le cose come lo sono già.
Hai provato a scansionare il tuo disco esterno?
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: applicazione win 32 non valida

Postdi gio_poker » 21/01/09 22:36

..non riesco proprio a vederlo da gestione risorse (anche se collego si sente il wave classico)... neanche in modalità provvisoria.. ma luce verde sul case è sempre accesa. Che ne dici?
gio_poker
Utente Junior
 
Post: 29
Iscritto il: 03/09/08 12:07

Re: applicazione win 32 non valida

Postdi gio_poker » 23/01/09 11:39

:) a volte, la soluzione al problema che ci sembra più insuperabile e disastroso è proprio sotto i nostri occhi e non ce ne accorgiamo... :) :)
..ho cambiato il case dell'hard disk con quello di un amico e, magicamente, ... tutto funziona!
L'hard disk viene rilevato e posso accedere finalmente ai dati... :D
Che spavento!!
Ora, prima cosa: backup completo dei dati ... mi consigli qualche buon programma, vista anche la quantità dei dati (120 GB) ... Grazie Luke!
gio_poker
Utente Junior
 
Post: 29
Iscritto il: 03/09/08 12:07


Torna a Sicurezza e Privacy


Topic correlati a "applicazione win 32 non valida":


Chi c’è in linea

Visitano il forum: Nessuno e 6 ospiti