Esegui 
![[:I]](http://www.megalab.it/forum/images/smilies/oops.gif "Imbarazzato")
Rootkit 2006-12-15 20:28:04
Windows 5.1.2600
---- Registry - GMER 1.0.11 ----
Reg \Registry\USER\S-1-5-21-57989841-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:R:\Qbphzragf naq Frggvatf\sf\Erprag\uggc--jcbc15.yvoreb.vg-ptv-ova-jroznvy.ptv-Ub_gebingb_ha_ohba_ynibeb.qbpVQ=VWWrIU0XbhSUJeJzqAJ_iPragRqlUYJJ9RJuouUYIXvk9r8Tq&Npg_Ivrj=1&E_Sbyqre=nJ5vo3t=&zftVQ=3737&Obql=2&svyranzr=Ub_gebingb_ha_ohba_ynibeb.qbp.yax 0x1C 0x01 0x00 0x00 ...
---- EOF - GMER 1.0.11 ----
Autostart 2006-12-15 20:29:53
Windows 5.1.2600
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = e:\windows\system32\userinit.exe,"e:\windows\compaqnetwork.exe",
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
btwdins /*Bluetooth Service*/@ = E:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = E:\WINDOWS\System32\wdfmgr.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SystemTraySysTray.Exe = SysTray.Exe
@PCTVRemoteE:\Programmi\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe /*file not found*/ = E:\Programmi\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe /*file not found*/
@MMTray"E:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe" = "E:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
@NeroFilterCheckE:\WINDOWS\system32\NeroCheck.exe = E:\WINDOWS\system32\NeroCheck.exe
@QuickTime Task"E:\Programmi\QuickTime\qttask.exe" -atboottime = "E:\Programmi\QuickTime\qttask.exe" -atboottime
@VolControlE:\WINDOWS\volumec.exe -i /*file not found*/ = E:\WINDOWS\volumec.exe -i /*file not found*/
@Adobe Photo Downloader"E:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" = "E:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
@ImMsnE:\WINDOWS\msncomm.exe /i /*file not found*/ = E:\WINDOWS\msncomm.exe /i /*file not found*/
@UnlockerAssistant"E:\Programmi\Unlocker\UnlockerAssistant.exe" = "E:\Programmi\Unlocker\UnlockerAssistant.exe"
@mmtask"E:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe" = "E:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe"
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Yahoo! Pager"E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet = "E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
@ctfmon.exeE:\WINDOWS\System32\ctfmon.exe = E:\WINDOWS\System32\ctfmon.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/E:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL = E:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/(null) =
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/E:\WINDOWS\System32\BTNEIG~1.DLL = E:\WINDOWS\System32\BTNEIG~1.DLL
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/E:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll = E:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/E:\Programmi\Unlocker\UnlockerCOM.dll = E:\Programmi\Unlocker\UnlockerCOM.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = E:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = E:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = E:\Programmi\Unlocker\UnlockerCOM.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}E:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = E:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{F118B90E-6475-D392-96A1-C53F0BB257D4}E:\WINDOWS\dtipq1.dll /*file not found*/ = E:\WINDOWS\dtipq1.dll /*file not found*/
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = none /*file not found*/
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://it.yahoo.com = http://it.yahoo.com
@Start Pagehttp://it.yahoo.com = http://it.yahoo.com
@Local PageE:\WINDOWS\SYSTEM\blank.htm = E:\WINDOWS\SYSTEM\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.libero.it/ = http://www.libero.it/
@Local PageE:\WINDOWS\System32\blank.htm = E:\WINDOWS\System32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = E:\WINDOWS\System32\msvidctl.dll
its@CLSID = E:\WINDOWS\System32\itss.dll
lid@CLSID = E:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = E:\WINDOWS\System32\itss.dll
msnim@CLSID = "E:\PROGRA~1\MSNMES~1\msgrapp.dll"
ndwiat@CLSID = E:\WINDOWS\System32\wiascr.dll
tv@CLSID = E:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = E:\WINDOWS\System32\msdxm.ocx
HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = E:\WINDOWS\System32\wiascr.dll
E:\WINDOWS\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Microsoft Office.lnk = Microsoft Office.lnk
BTTray.lnk = BTTray.lnk
---- EOF - GMER 1.0.11 ----
![[no]](http://www.megalab.it/forum/images/smilies/no.png "NO")
