seguendo le vostre utili segnalazioni ho eliminato un bagle che mi aveva bloccato il nod, hijackthis ed altro.
Ora ho scaricato Avira, data che la versione di Nod era scaduta (Pc dell'ufficio), ho fatto anche fare delle scansioni con hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.09.38, on 25/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RealPopup\RealPopup.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Rainlendar2\Rainlendar2.exe
C:\Programmi\KONICA MINOLTA\FTP Utility\KMFtp.exe
C:\Programmi\Ninja\ninja.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Windows Live\Mail\wlmail.exe
C:\Programmi\File comuni\ACD Systems\IDBSvr.exe
C:\Documents and Settings\User\Desktop\Web\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TransBar] C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\AKSoftware\TransBar\TransBar.exe /s
O4 - HKCU\..\Run: [RealPopup] "C:\Programmi\RealPopup\RealPopup.exe" BOOT
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Rainlendar2] C:\Programmi\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: FTP Utility.lnk = C:\Programmi\KONICA MINOLTA\FTP Utility\KMFtp.exe
O4 - Global Startup: ninja.lnk = C:\Programmi\Ninja\ninja.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://www.siscom.sm
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.apple.com.edgesuite.net ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3106750015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3107894078
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6064DC6-C5B7-4885-8D02-F49DB3CA6A2D}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{C6064DC6-C5B7-4885-8D02-F49DB3CA6A2D}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{C6064DC6-C5B7-4885-8D02-F49DB3CA6A2D}: NameServer = 212.216.112.112,212.216.172.62
O22 - SharedTaskScheduler: Fences - {EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - C:\Programmi\Stardock\Fences\DesktopDock.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Prime95 Service - Unknown owner - G:\Massimo\Programmi\prime95.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/User/IMPOST~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 10740 bytes
Scan saved at 13.09.38, on 25/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RealPopup\RealPopup.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Rainlendar2\Rainlendar2.exe
C:\Programmi\KONICA MINOLTA\FTP Utility\KMFtp.exe
C:\Programmi\Ninja\ninja.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Windows Live\Mail\wlmail.exe
C:\Programmi\File comuni\ACD Systems\IDBSvr.exe
C:\Documents and Settings\User\Desktop\Web\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TransBar] C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\AKSoftware\TransBar\TransBar.exe /s
O4 - HKCU\..\Run: [RealPopup] "C:\Programmi\RealPopup\RealPopup.exe" BOOT
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Rainlendar2] C:\Programmi\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: FTP Utility.lnk = C:\Programmi\KONICA MINOLTA\FTP Utility\KMFtp.exe
O4 - Global Startup: ninja.lnk = C:\Programmi\Ninja\ninja.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://www.siscom.sm
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.apple.com.edgesuite.net ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3106750015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3107894078
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6064DC6-C5B7-4885-8D02-F49DB3CA6A2D}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{C6064DC6-C5B7-4885-8D02-F49DB3CA6A2D}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{C6064DC6-C5B7-4885-8D02-F49DB3CA6A2D}: NameServer = 212.216.112.112,212.216.172.62
O22 - SharedTaskScheduler: Fences - {EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - C:\Programmi\Stardock\Fences\DesktopDock.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Prime95 Service - Unknown owner - G:\Massimo\Programmi\prime95.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/User/IMPOST~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 10740 bytes
ed una con Gmer
GMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2009-03-25 12:53:05
Windows 5.1.2600 Service Pack 2
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
.text USBPORT.SYS!DllUnload F7B3562C 5 Bytes JMP 821D6780
---- User code sections - GMER 1.0.15 ----
.text C:\Programmi\internet explorer\iexplore.exe[1756] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 435FF301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\internet explorer\iexplore.exe[1756] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4379179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\internet explorer\iexplore.exe[1756] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 43791720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\internet explorer\iexplore.exe[1756] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 43791764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\internet explorer\iexplore.exe[1756] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 437916AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\internet explorer\iexplore.exe[1756] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 437916E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\internet explorer\iexplore.exe[1756] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 437917DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\internet explorer\iexplore.exe[1756] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 436216B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Windows Live\Mail\wlmail.exe[1856] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004044A7 C:\Programmi\Windows Live\Mail\wlmail.exe (Windows Live Mail/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F8444886] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8444832] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8466892] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F8444886] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F842EAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F842EC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F842EB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F842F748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F842F61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8443ACA] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs LF30XP.sys
Device \FileSystem\Udfs \UdfsCdRom LF30XP.sys
Device \FileSystem\Mup \Dfs LF30XP.sys
Device \FileSystem\Udfs \UdfsDisk LF30XP.sys
Device \Driver\Serial \Device\Serial0 LF30XP.sys
Device \Driver\Serial \Device\Serial1 LF30XP.sys
Device \Driver\usbuhci \Device\USBPDO-0 8221C1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C6064DC6-C5B7-4885-8D02-F49DB3CA6A2D} 81B501E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 823641E8
Device \Driver\dmio \Device\DmControl\DmConfig 823641E8
Device \Driver\dmio \Device\DmControl\DmPnP 823641E8
Device \Driver\dmio \Device\DmControl\DmInfo 823641E8
Device \Driver\usbuhci \Device\USBPDO-1 8221C1E8
Device \FileSystem\RAW \Device\RawTape LF30XP.sys
Device \FileSystem\MRxDAV \Device\WebDavRedirector LF30XP.sys
Device \Driver\usbuhci \Device\USBPDO-2 8221C1E8
Device \Driver\rdpdr \Device\RdpDrPort LF30XP.sys
Device \Driver\usbuhci \Device\USBPDO-3 8221C1E8
Device \Driver\usbehci \Device\USBPDO-4 8217F1E8
Device \Driver\ParVdm \Device\ParallelVdm0 LF30XP.sys
Device \Driver\rdpdr \Device\RdpDr LF30XP.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 823D71E8
Device \Driver\Cdrom \Device\CdRom0 8215B1E8
Device \FileSystem\Rdbss \Device\FsWrap LF30XP.sys
Device \Driver\Cdrom \Device\CdRom1 8215B1E8
Device \Driver\atapi \Device\Ide\IdePort0 823D61E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 823D61E8
Device \Driver\atapi \Device\Ide\IdePort1 823D61E8
Device \Driver\atapi \Device\Ide\IdePort2 823D61E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 823D61E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 823D61E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 823D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 823D71E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 81B501E8
Device \Driver\NetBT \Device\NetbiosSmb 81B501E8
Device \FileSystem\Mup \Device\Mup LF30XP.sys
Device \FileSystem\RAW \Device\RawDisk LF30XP.sys
Device \Driver\usbuhci \Device\USBFDO-0 8221C1E8
Device \Driver\usbuhci \Device\USBFDO-1 8221C1E8
Device \Driver\Ptilink \Device\ParTechInc0 LF30XP.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver LF30XP.sys
Device \Driver\usbuhci \Device\USBFDO-2 8221C1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector LF30XP.sys
Device \Driver\usbuhci \Device\USBFDO-3 8221C1E8
Device \FileSystem\Npfs \Device\NamedPipe LF30XP.sys
Device \Driver\usbehci \Device\USBFDO-4 8217F1E8
Device \Driver\Ftdisk \Device\FtControl 823D71E8
Device \FileSystem\Msfs \Device\Mailslot LF30XP.sys
Device \Driver\AFD \Device\Afd LF30XP.sys
Device \FileSystem\RAW \Device\RawCdRom LF30XP.sys
Device \FileSystem\Mup \Device\WinDfs\Root LF30XP.sys
Device \Driver\Parport \Device\ParallelPort0 LF30XP.sys
Device \FileSystem\Fastfat \Fat 81F127A0
Device \FileSystem\Fastfat \Fat B7BBF1F9
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer LF30XP.sys
Device \FileSystem\avgntflt \FileSystem\Filters\avgntflt LF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer LF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer LF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer LF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer LF30XP.sys
Device \FileSystem\Cdfs \Cdfs LF30XP.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b36a3f
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272b36a3f
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\User\Cookies\giozzam@statcounter[2].txt 99 bytes
File C:\WINDOWS\$hf_mig$\KB873339\update\branches.inf 668 bytes
File C:\WINDOWS\$hf_mig$\KB873339\update\eula.txt 4861 bytes
File C:\WINDOWS\$hf_mig$\KB873339\update\KB873339.CAT 11068 bytes
File C:\WINDOWS\$hf_mig$\KB873339\update\spcustom.dll 21504 bytes executable
File C:\WINDOWS\$hf_mig$\KB873339\update\update.exe 662528 bytes executable
File C:\WINDOWS\$hf_mig$\KB873339\update\update.ver 300 bytes
File C:\WINDOWS\$hf_mig$\KB873339\update\updatebr.inf 569 bytes
File C:\WINDOWS\$hf_mig$\KB873339\update\update_SP2QFE.inf 9477 bytes
File C:\WINDOWS\$hf_mig$\KB885836\SP2QFE\mswrd6.wpc 188416 bytes executable
File C:\WINDOWS\$hf_mig$\KB886185\SP2QFE\ipnat.sys 134912 bytes executable
File C:\WINDOWS\$hf_mig$\KB886185\update\branches.inf 668 bytes
File C:\WINDOWS\$hf_mig$\KB886185\update\eula.txt 4861 bytes
File C:\WINDOWS\$hf_mig$\KB886185\update\KB886185.CAT 0 bytes
File C:\WINDOWS\$hf_mig$\KB886185\update\spcustom.dll 21504 bytes executable
File C:\WINDOWS\$hf_mig$\KB886185\update\update.exe 0 bytes
File C:\WINDOWS\$hf_mig$\KB886185\update\update.ver 200 bytes
File C:\WINDOWS\$hf_mig$\KB886185\update\updatebr.inf 0 bytes
File C:\WINDOWS\$hf_mig$\KB886185\update\update_SP2QFE.inf 9688 bytes
File C:\WINDOWS\$hf_mig$\KB888113\SP2QFE 0 bytes
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE 0 bytes
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\authz.dll 62464 bytes executable
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlmp.exe 2139136 bytes executable
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2060672 bytes executable
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrpamp.exe 0 bytes
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2183296 bytes executable
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll 0 bytes
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys 1836288 bytes executable
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll 291840 bytes executable
File C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll 0 bytes
File C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe 212192 bytes executable
File C:\WINDOWS\$hf_mig$\KB890859\update 0 bytes
File C:\WINDOWS\$hf_mig$\KB896358\SP2QFE 0 bytes
File C:\_rpcs\JobCode 0 bytes
File C:\_rpcs\JobCode\All Users.ini 404 bytes
File C:\_rpcs\JobCode\SYSTEM.ini 0 bytes
File C:\_rpcs\JobCode\User.ini 283 bytes
File C:\_rpcs\RC00C170.ini 0 bytes
File C:\_rpcs\RC00C171.ini 0 bytes
File C:\_rpcs\RC82E170.ini 14457 bytes
File C:\_rpcs\RC82E180.rsd 0 bytes
File C:\_rpcs\RC82E180.rsr 0 bytes
File C:\_rpcs\RC82E181.rsd 0 bytes
File C:\_rpcs\RC82E181.rsr 4471 bytes
File C:\_rpcs\RC82E182.rsd 0 bytes
File C:\_rpcs\RC82E182.rsr 4471 bytes
File C:\_rpcs\RC82E183.rsd 988 bytes
File C:\_rpcs\RC82E183.rsr 0 bytes
File C:\_rpcs\RC82E184.rsd 0 bytes
File C:\_rpcs\RC82E184.rsr 0 bytes
File C:\_rpcs\RC82E185.rsd 1148 bytes
File C:\_rpcs\RC82E185.rsr 0 bytes
File C:\_rpcs\RC82E186.rsd 1194 bytes
File C:\_rpcs\RC82E186.rsr 0 bytes
File C:\_rpcs\RC82E190.rsq 1353 bytes
File C:\_rpcs\RC82E190.rsr 0 bytes
File C:\_rpcs\RC82E191.rsq 0 bytes
File C:\_rpcs\RC82E191.rsr 5451 bytes
File C:\_rpcs\RC82E192.rsq 0 bytes
File C:\_rpcs\RC82E192.rsr 0 bytes
File C:\_rpcs\RC82E193.rsq 0 bytes
File C:\_rpcs\RC82E193.rsr 5451 bytes
File C:\_rpcs\RC82E194.rsq 1353 bytes
File C:\_rpcs\RC82E194.rsr 5451 bytes
File C:\_rpcs\RC82E195.rsq 1353 bytes
File C:\_rpcs\RC82E195.rsr 0 bytes
File C:\_rpcs\RC82E196.rsq 1353 bytes
File C:\_rpcs\RC82E196.rsr 5451 bytes
File C:\_rpcs\RC82E197.rsq 0 bytes
File C:\_rpcs\RC82E197.rsr 5451 bytes
File C:\_rpcs\user0000.rst 20522 bytes
---- EOF - GMER 1.0.15 ----
Rootkit scan 2009-03-25 12:53:05
Windows 5.1.2600 Service Pack 2
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
.text USBPORT.SYS!DllUnload F7B3562C 5 Bytes JMP 821D6780
---- User code sections - GMER 1.0.15 ----
.text C:\Programmi\internet explorer\iexplore.exe[1756] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 435FF301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\internet explorer\iexplore.exe[1756] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4379179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\internet explorer\iexplore.exe[1756] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 43791720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\internet explorer\iexplore.exe[1756] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 43791764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\internet explorer\iexplore.exe[1756] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 437916AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\internet explorer\iexplore.exe[1756] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 437916E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\internet explorer\iexplore.exe[1756] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 437917DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\internet explorer\iexplore.exe[1756] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 436216B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Windows Live\Mail\wlmail.exe[1856] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004044A7 C:\Programmi\Windows Live\Mail\wlmail.exe (Windows Live Mail/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F8444886] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8444832] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8466892] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F8444886] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F842EAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F842EC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F842EB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F842F748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F842F61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8443ACA] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs LF30XP.sys
Device \FileSystem\Udfs \UdfsCdRom LF30XP.sys
Device \FileSystem\Mup \Dfs LF30XP.sys
Device \FileSystem\Udfs \UdfsDisk LF30XP.sys
Device \Driver\Serial \Device\Serial0 LF30XP.sys
Device \Driver\Serial \Device\Serial1 LF30XP.sys
Device \Driver\usbuhci \Device\USBPDO-0 8221C1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C6064DC6-C5B7-4885-8D02-F49DB3CA6A2D} 81B501E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 823641E8
Device \Driver\dmio \Device\DmControl\DmConfig 823641E8
Device \Driver\dmio \Device\DmControl\DmPnP 823641E8
Device \Driver\dmio \Device\DmControl\DmInfo 823641E8
Device \Driver\usbuhci \Device\USBPDO-1 8221C1E8
Device \FileSystem\RAW \Device\RawTape LF30XP.sys
Device \FileSystem\MRxDAV \Device\WebDavRedirector LF30XP.sys
Device \Driver\usbuhci \Device\USBPDO-2 8221C1E8
Device \Driver\rdpdr \Device\RdpDrPort LF30XP.sys
Device \Driver\usbuhci \Device\USBPDO-3 8221C1E8
Device \Driver\usbehci \Device\USBPDO-4 8217F1E8
Device \Driver\ParVdm \Device\ParallelVdm0 LF30XP.sys
Device \Driver\rdpdr \Device\RdpDr LF30XP.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 823D71E8
Device \Driver\Cdrom \Device\CdRom0 8215B1E8
Device \FileSystem\Rdbss \Device\FsWrap LF30XP.sys
Device \Driver\Cdrom \Device\CdRom1 8215B1E8
Device \Driver\atapi \Device\Ide\IdePort0 823D61E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 823D61E8
Device \Driver\atapi \Device\Ide\IdePort1 823D61E8
Device \Driver\atapi \Device\Ide\IdePort2 823D61E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 823D61E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 823D61E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 823D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 823D71E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 81B501E8
Device \Driver\NetBT \Device\NetbiosSmb 81B501E8
Device \FileSystem\Mup \Device\Mup LF30XP.sys
Device \FileSystem\RAW \Device\RawDisk LF30XP.sys
Device \Driver\usbuhci \Device\USBFDO-0 8221C1E8
Device \Driver\usbuhci \Device\USBFDO-1 8221C1E8
Device \Driver\Ptilink \Device\ParTechInc0 LF30XP.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver LF30XP.sys
Device \Driver\usbuhci \Device\USBFDO-2 8221C1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector LF30XP.sys
Device \Driver\usbuhci \Device\USBFDO-3 8221C1E8
Device \FileSystem\Npfs \Device\NamedPipe LF30XP.sys
Device \Driver\usbehci \Device\USBFDO-4 8217F1E8
Device \Driver\Ftdisk \Device\FtControl 823D71E8
Device \FileSystem\Msfs \Device\Mailslot LF30XP.sys
Device \Driver\AFD \Device\Afd LF30XP.sys
Device \FileSystem\RAW \Device\RawCdRom LF30XP.sys
Device \FileSystem\Mup \Device\WinDfs\Root LF30XP.sys
Device \Driver\Parport \Device\ParallelPort0 LF30XP.sys
Device \FileSystem\Fastfat \Fat 81F127A0
Device \FileSystem\Fastfat \Fat B7BBF1F9
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer LF30XP.sys
Device \FileSystem\avgntflt \FileSystem\Filters\avgntflt LF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer LF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer LF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer LF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer LF30XP.sys
Device \FileSystem\Cdfs \Cdfs LF30XP.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b36a3f
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272b36a3f
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\User\Cookies\giozzam@statcounter[2].txt 99 bytes
File C:\WINDOWS\$hf_mig$\KB873339\update\branches.inf 668 bytes
File C:\WINDOWS\$hf_mig$\KB873339\update\eula.txt 4861 bytes
File C:\WINDOWS\$hf_mig$\KB873339\update\KB873339.CAT 11068 bytes
File C:\WINDOWS\$hf_mig$\KB873339\update\spcustom.dll 21504 bytes executable
File C:\WINDOWS\$hf_mig$\KB873339\update\update.exe 662528 bytes executable
File C:\WINDOWS\$hf_mig$\KB873339\update\update.ver 300 bytes
File C:\WINDOWS\$hf_mig$\KB873339\update\updatebr.inf 569 bytes
File C:\WINDOWS\$hf_mig$\KB873339\update\update_SP2QFE.inf 9477 bytes
File C:\WINDOWS\$hf_mig$\KB885836\SP2QFE\mswrd6.wpc 188416 bytes executable
File C:\WINDOWS\$hf_mig$\KB886185\SP2QFE\ipnat.sys 134912 bytes executable
File C:\WINDOWS\$hf_mig$\KB886185\update\branches.inf 668 bytes
File C:\WINDOWS\$hf_mig$\KB886185\update\eula.txt 4861 bytes
File C:\WINDOWS\$hf_mig$\KB886185\update\KB886185.CAT 0 bytes
File C:\WINDOWS\$hf_mig$\KB886185\update\spcustom.dll 21504 bytes executable
File C:\WINDOWS\$hf_mig$\KB886185\update\update.exe 0 bytes
File C:\WINDOWS\$hf_mig$\KB886185\update\update.ver 200 bytes
File C:\WINDOWS\$hf_mig$\KB886185\update\updatebr.inf 0 bytes
File C:\WINDOWS\$hf_mig$\KB886185\update\update_SP2QFE.inf 9688 bytes
File C:\WINDOWS\$hf_mig$\KB888113\SP2QFE 0 bytes
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE 0 bytes
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\authz.dll 62464 bytes executable
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlmp.exe 2139136 bytes executable
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2060672 bytes executable
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrpamp.exe 0 bytes
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2183296 bytes executable
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll 0 bytes
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys 1836288 bytes executable
File C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll 291840 bytes executable
File C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll 0 bytes
File C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe 212192 bytes executable
File C:\WINDOWS\$hf_mig$\KB890859\update 0 bytes
File C:\WINDOWS\$hf_mig$\KB896358\SP2QFE 0 bytes
File C:\_rpcs\JobCode 0 bytes
File C:\_rpcs\JobCode\All Users.ini 404 bytes
File C:\_rpcs\JobCode\SYSTEM.ini 0 bytes
File C:\_rpcs\JobCode\User.ini 283 bytes
File C:\_rpcs\RC00C170.ini 0 bytes
File C:\_rpcs\RC00C171.ini 0 bytes
File C:\_rpcs\RC82E170.ini 14457 bytes
File C:\_rpcs\RC82E180.rsd 0 bytes
File C:\_rpcs\RC82E180.rsr 0 bytes
File C:\_rpcs\RC82E181.rsd 0 bytes
File C:\_rpcs\RC82E181.rsr 4471 bytes
File C:\_rpcs\RC82E182.rsd 0 bytes
File C:\_rpcs\RC82E182.rsr 4471 bytes
File C:\_rpcs\RC82E183.rsd 988 bytes
File C:\_rpcs\RC82E183.rsr 0 bytes
File C:\_rpcs\RC82E184.rsd 0 bytes
File C:\_rpcs\RC82E184.rsr 0 bytes
File C:\_rpcs\RC82E185.rsd 1148 bytes
File C:\_rpcs\RC82E185.rsr 0 bytes
File C:\_rpcs\RC82E186.rsd 1194 bytes
File C:\_rpcs\RC82E186.rsr 0 bytes
File C:\_rpcs\RC82E190.rsq 1353 bytes
File C:\_rpcs\RC82E190.rsr 0 bytes
File C:\_rpcs\RC82E191.rsq 0 bytes
File C:\_rpcs\RC82E191.rsr 5451 bytes
File C:\_rpcs\RC82E192.rsq 0 bytes
File C:\_rpcs\RC82E192.rsr 0 bytes
File C:\_rpcs\RC82E193.rsq 0 bytes
File C:\_rpcs\RC82E193.rsr 5451 bytes
File C:\_rpcs\RC82E194.rsq 1353 bytes
File C:\_rpcs\RC82E194.rsr 5451 bytes
File C:\_rpcs\RC82E195.rsq 1353 bytes
File C:\_rpcs\RC82E195.rsr 0 bytes
File C:\_rpcs\RC82E196.rsq 1353 bytes
File C:\_rpcs\RC82E196.rsr 5451 bytes
File C:\_rpcs\RC82E197.rsq 0 bytes
File C:\_rpcs\RC82E197.rsr 5451 bytes
File C:\_rpcs\user0000.rst 20522 bytes
---- EOF - GMER 1.0.15 ----
Che ne pensate?
Sono pulito oppure.....
![Oh cacchio! [acc2]](http://www.megalab.it/forum/sicurezza-f33/images/smilies/Acc.gif)
Grazie
Ciaoo