www.MegaLab.it

[xalx67]

Oggi pomeriggio dopo una scansione con GMER ho scoperto la presenza di alcuni rootkit. Uso questo programma su vostro consiglio e utilizzo una sorta di guida reperita qui - http://www.pcalsicuro.com/main/guida-a-gmer/
Ho killato le voci evidenziate in rosso ma ho dovuto riavviare per rendere effettivo il tutto.
Poi ho cercato di utilizzare il pc come al solito facendo una scansione con GMER dopo ogni mia azione (programma aperto, sito etc..) ma nulla di fatto. Dopo qualche ora ho rifatto la scansione e mi ritrovo le stesse voci evidenziate in rosso come da allegato. C' è modo di capire da cosa siano generate, visto che anche se le avevo eliminate si sono poi ripresentate?

[ste_95]

Scarica GMER, poi segui i seguenti passaggi:

--- 1° passaggio ---
Avviamo gmer
clicchiamo su > > >
Clicchiamo su Autostart
mettiamo il segno di spunta a Show All
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e postastiamo sul forum il risultato facendo attenzione a queste regole.

--- 2° passaggio ---
Sempre nel programma appena scaricato (gmer),
clicchiamo su Rootkit
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e postastiamo sul forum il risultato facendo attenzione a queste regole.

[xalx67]

Provo a postare i log..

GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2009-01-07 11:04:36
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * OODBS /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart@ = C:\WINDOWS\system32\ati2sgag.exe
AudioSrv@ = %SystemRoot%\System32\svchost.exe -k netsvcs
BITS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
CryptSvc@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp@ = %SystemRoot%\system32\svchost.exe -k netsvcs
dmserver@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache@ = %SystemRoot%\system32\svchost.exe -k NetworkService
Eventlog@ = %SystemRoot%\system32\services.exe
Fax@ = %systemroot%\system32\fxssvc.exe
GEARSecurity@ = %SystemRoot%\System32\GEARSec.exe
GEST Service@ = "C:\Programmi\GIGABYTE\EnergySaver\GSvr.exe"
helpsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
JavaQuickStarterService@ = "C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf"
lanmanserver@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts@ = %SystemRoot%\system32\svchost.exe -k LocalService
MSCamSvc@ = "C:\Programmi\Microsoft LifeCam\MSCamS32.exe"
NOD32krn@ = "C:\Programmi\Eset\nod32krn.exe"
Norton Ghost@ = C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O&O Defrag@ = C:\WINDOWS\system32\oodag.exe
PlugPlay@ = %SystemRoot%\system32\services.exe
ProtectedStorage@ = %SystemRoot%\system32\lsass.exe
RpcSs@ = %SystemRoot%\system32\svchost -k rpcss
SamSs@ = %SystemRoot%\system32\lsass.exe
Schedule@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler@ = %SystemRoot%\system32\spoolsv.exe
srservice@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ssoftservice@ = cryptainersrv.exe
stisvc@ = %SystemRoot%\system32\svchost.exe -k imgsvc
Themes@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks@ = %SystemRoot%\system32\svchost.exe -k netsvcs
UMWdf@ = C:\WINDOWS\system32\wdfmgr.exe
W32Time@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient@ = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv@ = %systemroot%\system32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@RTHDCPLRTHDCPL.EXE = RTHDCPL.EXE
@AlcmtrALCMTR.EXE = ALCMTR.EXE
@nod32kui"C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE = "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
@EPSON Stylus D68 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
@WrtMon.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe = C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
@ /*file not found*/ = /*file not found*/
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@Norton Ghost 9.0C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe = C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
@SunJavaUpdateSched"C:\Programmi\Java\jre6\bin\jusched.exe" = "C:\Programmi\Java\jre6\bin\jusched.exe"
@Adobe Reader Speed Launcher"C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@SSBkgdUpdate"C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot = "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
@CapFaxC:\Programmi\Classic PhoneTools\CapFax.EXE = C:\Programmi\Classic PhoneTools\CapFax.EXE
@OpwareSE4"C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" = "C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
@Acrobat Assistant 7.0"C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" = "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheckC:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Shell Microsoft AutoComplete*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E62-B078-11d0-89E4-00C04FC9E26E} /*History Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/C:\WINDOWS\system32\occache.dll = C:\WINDOWS\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll = C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
@{B089FE88-FB52-11D3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Programmi\Eset\nodshex.dll = C:\Programmi\Eset\nodshex.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\Windows Live\Messenger\fsshext.8.5.1302.1018.dll = C:\Programmi\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
@{0561EC90-CE54-4f0c-9C55-E226110A740C} /*Haali Column Provider*/C:\WINDOWS\system32\mmfinfo.dll = C:\WINDOWS\system32\mmfinfo.dll
@{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} /*Haali Matroska Shell Property Page*/C:\WINDOWS\system32\mmfinfo.dll = C:\WINDOWS\system32\mmfinfo.dll
@{327669A0-59A7-4be9-B99E-1C9F3A57611A} /*Haali Matroska Thumbnail Extractor*/C:\WINDOWS\system32\mmfinfo.dll = C:\WINDOWS\system32\mmfinfo.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre6\bin\ssv.dll = C:\Programmi\Java\jre6\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AE7CD045-E861-484f-8273-0445EE161910}C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll = C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Programmi\Java\jre6\bin\jp2ssv.dll = C:\Programmi\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.com/ = http://www.google.com/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\WINDOWS\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
javascript@CLSID = C:\WINDOWS\system32\mshtml.dll
livecall@CLSID = C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = C:\WINDOWS\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res@CLSID = C:\WINDOWS\system32\mshtml.dll
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = C:\WINDOWS\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000004@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000005@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000011@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000022@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000023@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000024@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000025@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000026@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000027@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000028@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000029@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

C:\Documents and Settings\Ale\Menu Avvio\Programmi\Esecuzione automatica >>>
freepops.lnk = freepops.lnk
Rainlendar.lnk = Rainlendar.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Adobe Acrobat Speed Launcher.lnk

---- EOF - GMER 1.0.14 ----

[xalx67]

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-07 11:09:55
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT spyh.sys ZwCreateKey [0xB9EA80E0]
SSDT spyh.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spyh.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spyh.sys ZwOpenKey [0xB9EA80C0]
SSDT spyh.sys ZwQueryKey [0xB9EC7108]
SSDT spyh.sys ZwQueryValueKey [0xB9EC6F88]
SSDT spyh.sys ZwSetValueKey [0xB9EC719A]

INT 0x62 ? 8AC5FBF8
INT 0x63 ? 8AA56BF8
INT 0x63 ? 8AA56BF8
INT 0x63 ? 8AA56BF8
INT 0x82 ? 8AC5FBF8
INT 0x83 ? 8AA56BF8
INT 0x84 ? 8AA56BF8
INT 0xA4 ? 8AA56BF8
INT 0xB4 ? 8AC5FBF8
INT 0xB4 ? 8AC5FBF8
INT 0xB4 ? 8AC5FBF8
INT 0xB4 ? 8AC5FBF8
INT 0xB4 ? 8AA56BF8
INT 0xB4 ? 8AC5FBF8

---- Kernel code sections - GMER 1.0.14 ----

? spyh.sys Impossibile trovare il file specificato. !
.text USBPORT.SYS!DllUnload B953A8AC 5 Bytes JMP 8AA561D8
.text arbzzqsl.SYS B92BD386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text arbzzqsl.SYS B92BD3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text arbzzqsl.SYS B92BD3C4 3 Bytes [ 00, 70, 02 ]
.text arbzzqsl.SYS B92BD3C9 1 Byte [ 2E ]
.text arbzzqsl.SYS B92BD3CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]
.text ...

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spyh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spyh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spyh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spyh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spyh.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spyh.sys
IAT \SystemRoot\System32\Drivers\arbzzqsl.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\arbzzqsl.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\arbzzqsl.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\arbzzqsl.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\arbzzqsl.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\arbzzqsl.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\arbzzqsl.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\arbzzqsl.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\arbzzqsl.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\arbzzqsl.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\arbzzqsl.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\arbzzqsl.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\arbzzqsl.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\arbzzqsl.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\arbzzqsl.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8AC5E1F8

AttachedDevice \FileSystem\Ntfs \Ntfs PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

Device \Driver\usbuhci \Device\USBPDO-0 8AA551F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8ACBE1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8ACBE1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8ACBE1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8ACBE1F8
Device \Driver\usbuhci \Device\USBPDO-1 8AA551F8
Device \Driver\usbuhci \Device\USBPDO-2 8AA551F8
Device \Driver\usbehci \Device\USBPDO-3 8AA331F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C281493-BCD3-4386-A660-08B14F6D4AD3} 8A8F2500
Device \Driver\usbuhci \Device\USBPDO-4 8AA551F8
Device \Driver\usbuhci \Device\USBPDO-5 8AA551F8
Device \Driver\sptd \Device\3771108338 spyh.sys
Device \Driver\usbuhci \Device\USBPDO-6 8AA551F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AC601F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 amon.sys (Amon monitor/Eset )

Device \Driver\usbehci \Device\USBPDO-7 8AA331F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AC601F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 amon.sys (Amon monitor/Eset )

Device \Driver\Cdrom \Device\CdRom0 8A9E91F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AC601F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 amon.sys (Amon monitor/Eset )

Device \Driver\Cdrom \Device\CdRom1 8A9E91F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A8F2500
Device \Driver\PCI_PNP2088 \Device\0000004a spyh.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{3966C5CC-1505-44B7-8581-449F57F9BFB6} 8A8F2500
Device \Driver\NetBT \Device\NetbiosSmb 8A8F2500
Device \Driver\NetBT \Device\NetBT_Tcpip_{1BF00DAD-28B4-40F8-BB6F-146BF0B1E9BE} 8A8F2500
Device \Driver\usbuhci \Device\USBFDO-0 8AA551F8
Device \Driver\usbuhci \Device\USBFDO-1 8AA551F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A4A4500
Device \Driver\usbuhci \Device\USBFDO-2 8AA551F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A4A4500
Device \Driver\usbehci \Device\USBFDO-3 8AA331F8
Device \Driver\usbuhci \Device\USBFDO-4 8AA551F8
Device \Driver\Ftdisk \Device\FtControl 8AC601F8
Device \Driver\usbuhci \Device\USBFDO-5 8AA551F8
Device \Driver\usbuhci \Device\USBFDO-6 8AA551F8
Device \Driver\usbehci \Device\USBFDO-7 8AA331F8
Device \Driver\arbzzqsl \Device\Scsi\arbzzqsl1 8A9CB2F8
Device \Driver\arbzzqsl \Device\Scsi\arbzzqsl1Port6Path0Target0Lun0 8A9CB2F8
Device \FileSystem\Cdfs \Cdfs 8A4AB500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x97 0x58 0x54 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0x15 0x47 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0xD8 0x1A 0x09 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x97 0x58 0x54 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0x15 0x47 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC0 0x0C 0xFF 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x97 0x58 0x54 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0x15 0x47 0xF2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0xD8 0x1A 0x09 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 2FD33A3F2A491EC744DF27D328AE11C4A0CBEE33BBBD52B8869FF73A33EDE85FC94CBA16AF44F0C69A352A19428F0C7FEB08AA4F15DD5BA6E4E319EEA5D71132E4D4DF928FD5131F13999C4C67DB9FDD033ED8F6A3CF121B678350EC1C12B455D216C57F0BD815BB0A1BEAC2B1E27DE76B0457AE7D77EC60DA390C0643B6246D47128D9788BA4D3EBD9F894861089DDB0B43896D59CBA0EDEE13C0FEEA717B525C1B5C1090FDD37BCF606A9A5842B9AA2EB8D5A092DBA8F3397566118A85148D115A590E53B806FAC7690AEE1E9C4FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933BA7FD869164D6794A9C6AECB7A5D1407CEA4D03D6D5A4444EA2A23D83BA80C5475E8861E3DBF0F0678BCFBC422399D8B6C08045D0D9DCC99D947DD7F21BDE90FD0B1A97D631E363AACEF49AA64EEFA22A7589DB33B1CE9E842450D01D2DFCB367477DAB2897504B93288D3A319CD5BB644EBC000D6DAA7A6E403B56E3CEE37DEBEBEA3C0C79E12DB2654C843A5C40D83B8FADF093105298CB5C2AFDC3B6BC0664075E12EA9150D3CD689AB9E64E97104B0A3C116126824175E2B2866237F95E63FE84705AEF8B33A453F52D4A0757E770C6783733275E488B9C5A028BB727346B4CDD9554D8D5CF7297369839B45BC62D

---- EOF - GMER 1.0.14 ----

[ste_95]

I log sembrano puliti...

Scarica ComboFix ed esegui una scansione, le istruzioni le trovi in fondo a questo articolo.

[xalx67]

Log ComboFix

ComboFix 09-01-06.02 - Ale 2009-01-07 12.29.41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.3326.2822 [GMT 1:00]
Eseguito da: c:\documents and settings\Ale\Documenti\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-12-07 al 2009-01-07 )))))))))))))))))))))))))))))))))))
.

2009-01-04 11:13 . 2009-01-04 14:26 1,905 --a------ c:\windows\diagwrn.xml
2009-01-04 11:13 . 2009-01-04 14:26 1,905 --a------ c:\windows\diagerr.xml
2009-01-02 13:38 . 2009-01-02 13:45 <DIR> d-------- c:\programmi\Raxco
2009-01-02 13:20 . 2009-01-02 13:30 <DIR> d-------- c:\programmi\CachemanXP
2008-12-29 17:59 . 2008-12-29 18:11 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\VMware
2008-12-29 17:59 . 2008-12-29 17:59 1,024 --a------ C:\.rnd
2008-12-29 17:38 . 2008-12-29 17:38 11 --a------ C:\shutdown.bat
2008-12-26 15:09 . 2008-12-26 15:09 <DIR> d-------- c:\programmi\Microsoft LifeCam
2008-12-26 15:05 . 2008-12-26 15:05 921,624 --a------ C:\DC6810xp-001.raw
2008-12-23 15:22 . 2008-12-23 15:22 <DIR> d-------- c:\documents and settings\Ale\Dati applicazioni\Apple Computer
2008-12-23 10:19 . 2008-12-25 18:26 <DIR> d-------- c:\programmi\Windows Media Connect 2
2008-12-23 10:16 . 2008-12-25 18:26 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-20 14:29 . 2008-12-20 14:29 <DIR> d--h----- c:\windows\PIF
2008-12-20 02:38 . 2008-12-25 18:25 <DIR> d-------- c:\programmi\EVEREST Ultimate Edition
2008-12-17 12:49 . 2008-12-17 12:50 97 --a------ c:\windows\WirelessFTP.INI
2008-12-17 11:30 . 2008-12-17 12:31 38 --a------ c:\windows\3D Text Factory.INI
2008-12-17 11:29 . 2008-12-17 11:29 10 -r------- c:\windows\ABC3D.sono
2008-12-15 16:08 . 2009-01-07 12:27 250 --a------ c:\windows\gmer.ini
2008-12-15 11:38 . 2008-12-15 13:46 <DIR> dr------- c:\documents and settings\LocalService\Documenti
2008-12-11 20:18 . 2008-12-11 20:18 <DIR> d-------- c:\windows\Sun
2008-12-11 18:08 . 2008-10-16 21:04 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-11 18:08 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-11 18:08 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-11 18:08 . 2008-10-16 21:04 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-11 18:08 . 2008-10-16 21:04 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-11 18:08 . 2008-10-16 21:04 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-11 18:08 . 2008-10-16 21:04 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-11 18:08 . 2008-10-16 21:04 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-11 18:08 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-11 17:49 . 2008-12-11 17:50 <DIR> d-------- c:\programmi\PowerOff
2008-12-10 12:42 . 2008-12-10 12:42 <DIR> d-------- c:\documents and settings\LocalService\Dati applicazioni\Softland
2008-12-10 12:41 . 2008-10-13 15:23 7,533 --a------ c:\windows\system32\dopdf6.ctm
2008-12-10 01:03 . 2008-04-13 19:13 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-10 00:50 . 2008-12-10 00:50 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-10 00:50 . 2008-04-13 19:14 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2008-12-10 00:47 . 2006-12-28 12:01 19,569 --a------ c:\windows\002783_.tmp
2008-12-09 12:53 . 2008-12-09 12:53 <DIR> d-------- c:\windows\system32\NtmsData
2008-12-09 10:44 . 2008-12-09 10:44 8 --a------ c:\windows\mex.tdv
2008-12-07 18:14 . 2008-12-07 18:14 <DIR> d-------- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 09:55 16,608 ----a-w c:\windows\gdrv.sys
2009-01-06 23:21 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\XnView
2009-01-04 08:42 --------- d-----w c:\programmi\DriverMax
2008-12-31 12:12 --------- d-----w c:\programmi\Classic PhoneTools
2008-12-26 14:42 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\ArcSoft
2008-12-26 10:32 --------- d-----w c:\programmi\CCleaner
2008-12-25 17:25 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-25 15:43 --------- d-----w c:\programmi\EPSON
2008-12-25 15:43 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\UDL
2008-12-24 14:03 --------- d-----w c:\programmi\Cryptainer LE
2008-12-18 11:37 --------- d-----w c:\programmi\Java
2008-12-12 12:53 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\AdobeUM
2008-12-10 11:47 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\NewSoft
2008-12-08 15:51 --------- d-----w c:\programmi\Eset
2008-12-06 19:24 --------- d-----w c:\programmi\Microsoft CAPICOM 2.1.0.2
2008-12-06 19:20 --------- d-----w c:\programmi\MSXML 4.0
2008-12-06 16:25 --------- d-----w c:\programmi\OO Software
2008-12-04 17:22 --------- d-----w c:\programmi\File comuni\Adobe
2008-11-23 13:22 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\Auslogics
2008-11-23 13:20 --------- d-----w c:\programmi\AusLogics Registry Defrag
2008-11-23 13:18 --------- d-----w c:\programmi\ERUNT
2008-11-23 01:30 --------- d-----w c:\programmi\XnView
2008-11-23 00:15 --------- d-----w c:\programmi\Shutdown
2008-11-22 23:56 --------- d-----w c:\programmi\SIW
2008-11-22 23:44 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\IsolatedStorage
2008-11-22 23:31 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2008-11-22 23:28 --------- d-----w c:\programmi\Symantec
2008-11-22 23:27 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-11-22 23:26 --------- d-----w c:\programmi\Advanced MP3 Converter
2008-11-22 22:16 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\MSScanAppDataDir
2008-11-22 10:03 --------- d-----w c:\programmi\File comuni\Java
2008-11-22 09:59 --------- d-----w c:\programmi\HideOE
2008-11-22 09:29 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\Ahead
2008-11-22 09:27 --------- d-----w c:\programmi\Nero
2008-11-22 09:27 --------- d-----w c:\programmi\File comuni\Ahead
2008-11-22 09:11 --------- d-----w c:\programmi\Microsoft.NET
2008-11-22 09:02 --------- d-----w c:\programmi\DAEMON Tools Lite
2008-11-22 08:58 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-22 08:58 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\DAEMON Tools
2008-11-22 08:56 --------- d-----w c:\programmi\PowerQuest
2008-11-22 08:50 --------- d-----w c:\programmi\Total Video Converter
2008-11-22 08:49 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\Canon
2008-11-22 08:47 --------- d-----w c:\programmi\coolpro2
2008-11-22 08:38 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\DivX
2008-11-22 08:24 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Adobe Systems
2008-11-22 08:22 --------- d-----w c:\programmi\File comuni\Adobe Systems Shared
2008-11-21 11:34 --------- d-----w c:\programmi\Rainlendar2
2008-11-21 10:39 --------- d-----w c:\programmi\FreePOPs
2008-11-21 10:10 --------- dcsh--w c:\programmi\File comuni\WindowsLiveInstaller
2008-11-21 10:10 --------- d-----w c:\programmi\Windows Live
2008-11-21 10:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-11-21 09:43 --------- d-----w c:\programmi\Canon
2008-11-21 09:42 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ZoomBrowser
2008-11-21 09:40 --------- d-----w c:\programmi\File comuni\CANON
2008-11-21 09:16 --------- d-----w c:\programmi\NewSoft
2008-11-21 09:16 --------- d-----w c:\programmi\File comuni\PDFView
2008-11-21 09:15 --------- d-----w c:\programmi\ScanSoft
2008-11-21 09:15 --------- d-----w c:\programmi\File comuni\ScanSoft Shared
2008-11-21 09:15 --------- d-----w c:\programmi\File comuni\InstallShield
2008-11-21 09:15 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ScanSoft
2008-11-21 09:15 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\InstallShield
2008-11-21 09:15 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\ScanSoft
2008-11-21 09:13 --------- d-----w c:\programmi\ArcSoft
2008-11-21 09:11 --------- d--h--w c:\programmi\CanonBJ
2008-11-21 09:02 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\Toshiba
2008-11-21 08:54 --------- d-----w c:\programmi\Toshiba
2008-11-21 08:45 --------- d-----w c:\programmi\Revo Uninstaller
2008-11-20 18:59 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\EPSON
2008-11-20 18:57 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\VSRevoGroup
2008-11-20 17:30 512,096 ----a-w c:\windows\system32\drivers\amon.sys
2008-11-20 17:30 298,104 ----a-w c:\windows\system32\imon.dll
2008-11-20 17:30 15,424 ----a-w c:\windows\system32\drivers\nod32drv.sys
2008-11-20 17:16 155,995 ----a-w c:\windows\java\Packages\VBZJ7R31.ZIP
2008-11-20 17:16 --------- d-----w c:\programmi\Motive
2008-11-20 17:16 --------- d-----w c:\programmi\Common Files
2008-11-20 17:16 --------- d-----w c:\programmi\Alice ti aiuta
2008-11-20 17:15 --------- d-----w c:\programmi\Telecom Italia
2008-11-20 16:01 --------- d-----w c:\programmi\CONEXANT
2008-11-20 15:48 --------- d-----w c:\programmi\Realtek
2008-11-20 15:48 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\InstallShield
2008-11-20 15:45 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ATI
2008-11-20 15:45 --------- d-----w c:\documents and settings\Ale\Dati applicazioni\ATI
2008-11-20 15:42 --------- d-----w c:\programmi\ATI Technologies
2008-11-20 15:41 --------- d-----w c:\programmi\File comuni\ATI Technologies
2008-11-20 15:25 --------- d-----w c:\programmi\Innovative Solutions
2008-11-20 15:15 315,392 ----a-w c:\windows\HideWin.exe
2008-11-20 15:10 --------- d-----w c:\programmi\Intel
2008-11-20 15:10 --------- d-----w c:\programmi\GIGABYTE
2008-11-20 15:01 --------- d-----w c:\programmi\microsoft frontpage
2008-11-20 14:59 --------- d-----w c:\programmi\Servizi in linea
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-01 14:28 5,120 ----a-w c:\windows\system32\lwel-manifest.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:04 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2008-11-20 949376]
"EPSON Stylus D68 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 98304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Norton Ghost 9.0"="c:\programmi\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 1122304]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"CapFax"="c:\programmi\Classic PhoneTools\CapFax.EXE" [2001-12-10 20739]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-13 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Ale\Menu Avvio\Programmi\Esecuzione automatica\
freepops.lnk - c:\programmi\FreePOPs\freepopsd.exe [2008-11-01 49152]
Rainlendar.lnk - c:\programmi\Rainlendar2\Rainlendar2.exe [2007-12-30 1365504]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2008-11-22 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"e:\\eMule\\emule.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-07-29 138780]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-11-20 15424]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-07-29 46779]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-11-20 84992]
R4 GEST Service;GEST Service for program management.;c:\programmi\GIGABYTE\EnergySaver\GSvr.exe [2008-11-20 80392]
R4 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [2008-11-22 100728]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2006-06-30 2383152]
.
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.com/
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Ale\Dati applicazioni\Mozilla\Firefox\Profiles\ucs6el6l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 12:30:28
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\.Default\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\AppGPFault\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\CCSelect\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\Close\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\DeviceConnect\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\DeviceFail\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\MailBeep\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="d:\\SuoniWav\\Polizia.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\Maximize\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\MenuCommand\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\MenuPopup\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\Minimize\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\Open\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\PrintComplete\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\RestoreDown\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\RestoreUp\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\ShowBand\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemAsterisk\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemExclamation\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemExit\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemHand\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemNotification\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemQuestion\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\SystemStart\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\WindowsLogoff\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\.Default\WindowsLogon\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Classic PhoneTools\ModManAlarms\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@="c:\\Programmi\\Classic PhoneTools\\notify.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Classic PhoneTools\ModManHangup\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@="c:\\Programmi\\Classic PhoneTools\\busy.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Classic PhoneTools\ModManPickup\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@="c:\\Programmi\\Classic PhoneTools\\ringin.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Classic PhoneTools\ModManRing\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@="c:\\Programmi\\Classic PhoneTools\\ding.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Conf\Ricevi chiamata\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="RingIn.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Conf\Ricevi richiesta di partecipazione\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="RingIn.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Conf\Utente aggiunto\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Programmi\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Conf\Utente uscito\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Programmi\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Explorer\BlockedPopup\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="d:\\SuoniWav\\scorreggetta.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Explorer\FaxError\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@=expand:"%systemroot%\\media\\ding.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Explorer\FaxLineRings\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@=expand:"%systemroot%\\media\\ringin.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Explorer\FaxNew\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@=expand:"%systemroot%\\media\\notify.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Explorer\FaxSent\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@=expand:"%systemroot%\\media\\tada.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@="Windows Feed Discovered.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Explorer\MoveMenuItem\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Explorer\Navigating\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Explorer\SearchProviderDiscovered\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@=""

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\Explorer\SecurityBand\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@="Windows XP - barra informazioni.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@="c:\\Programmi\\Messenger\\online.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@="c:\\Programmi\\Messenger\\newalert.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@="c:\\Programmi\\Messenger\\newemail.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@="c:\\Programmi\\Messenger\\type.wav"

[HKEY_USERS\S-1-5-21-1993962763-492894223-839522115-1003\AppEvents\Schemes\Names\m*NULL*i*NULL*a*NULL*0*NULL*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="mia"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*NULL*]
"OODEFRAG08.00.00.01WORKSTATION"="2FD33A3F2A491EC744DF27D328AE11C4A0CBEE33BBBD52B8869FF73A33EDE85FC94CBA16AF44F0C69A352A19428F0C7FEB08AA4F15DD5BA6E4E319EEA5D71132E4D4DF928FD5131F13999C4C67DB9FDD033ED8F6A3CF121B678350EC1C12B455D216C57F0BD815BB0A1BEAC2B1E27DE76B0457AE7D77EC60DA390C0643B6246D47128D9788BA4D3EBD9F894861089DDB0B43896D59CBA0EDEE13C0FEEA717B525C1B5C1090FDD37BCF606A9A5842B9AA2EB8D5A092DBA8F3397566118A85148D115A590E53B806FAC7690AEE1E9C4FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933BA7FD869164D6794A9C6AECB7A5D1407CEA4D03D6D5A4444EA2A23D83BA80C5475E8861E3DBF0F0678BCFBC422399D8B6C08045D0D9DCC99D947DD7F21BDE90FD0B1A97D631E363AACEF49AA64EEFA22A7589DB33B1CE9E842450D01D2DFCB367477DAB2897504B93288D3A319CD5BB644EBC000D6DAA7A6E403B56E3CEE37DEBEBEA3C0C79E12DB2654C843A5C40D83B8FADF093105298CB5C2AFDC3B6BC0664075E12EA9150D3CD689AB9E64E97104B0A3C116126824175E2B2866237F95E63FE84705AEF8B33A453F52D4A0757E770C6783733275E488B9C5A028BB727346B4CDD9554D8D5CF7297369839B45BC62DE2B1473BF43C66459826DC4BF3630A8CDBB72B1EABB6DDDED856ECF8BD9488DEF39B8685D0C3E758032B7E05DDC3077EDAD3F2FE40E64952FB9345F98D6D405BABE862D20ACD0C8A90DFA27B89BF0E22881C2E88B36518F4238E15F5F07A518EFCBEC9C922819AE00AB0A4567CF80DA487D527F2285577E2C8E727E72D6155CF1D7289833A245BC640E086BF6F68298C947969260F63159A8ACB37155560F29583ACD06736896CBEB15EDCF6334AE13606A8F4B7324295CA566C9EE813B179AEEB2C54CB8E5E4F85E08092E22CE4F0AEFD78D53FA4D9F05C4F42A33635EC010B5DFCA58DE2D19A5389079C01931C300126036580A570A975DF4A07EDDBBB5AEDEC96E9C31743377AABE354CA36A803B94BC848EA9C9EF9A7A654B134475335FD358128A751544571A830494102E0C44790845ACD5D06DD9D92B9CB95F508BCC2E586F9EDD8DF1711EB5826322D102E9F543996CFD3BB2636D105DBC6E3423E7BEFC915217FE78B8838FA20791D091BEF2CE788B877D040CDDBEA56DA02E726409DA57273E3024604CAF275188CBFC190F74ABCF49AFBAE904C7E59D9BF087BAC26BF6A2658A58E2AB18AB96A5821C929B5F507C0F0F42586EA160A6774F04A6DA0CF5CC911C0A7C0BAF1A32FBDE5B0A1D9E59DE19781B75E0A2AB6442431D296DFDB032BE18C52F06C035809269B8A04EA48A449C715826D007B3B47DE81C06CF"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1228)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-01-07 12.31.09
ComboFix-quarantined-files.txt 2009-01-07 11:31:07

Pre-Run: 36.197.494.784 byte disponibili
Post-Run: 36,209,262,592 byte disponibili

416 --- E O F --- 2008-12-11 16:23:20

[ste_95]

Penso che GMER abbia preso un abbaglio, tutti i log sembrano puliti, e dalle foto che hai postato non si può risalire a nulla.

[xalx67]

Grazie per il tuo aiuto. Ora per scrupolo ho disattivato il mio antivirus (Nod32) e sto' eseguendo una scansione on line con Kaspersky per vedere se trova qualcosa

[crazy.cat]

Ora per scrupolo ho disattivato il mio antivirus (Nod32) e sto' eseguendo una scansione on line con Kaspersky per vedere se trova qualcosa

Guarda che non serve disattivare nod32 per fare la scansione online con kaspersky.
E poi non è il caso di rimanere online senza un antivirus attivo.

[xalx67]

Ho disattivato il mio antivirus in quanto c' è un avviso sul sito Kaspersky che credo (non so' un gran che di inglese) dica di disattivare eventuali antivirus attivi sul pc

[enea83]

gmer e ottimo un altro buon antirootkit e' sicuramente quello di panda free

[xalx67]

Ho fatto l' ennesima scansione con GMER.. stesso risultato. Trovati rootkit. Non vi posto i log tanto sono uguali a quelli che vi ho inviato all' inizio di questa discussione

[ste_95]

Penso che GMER abbia preso un abbaglio, tutti i log sembrano puliti, e dalle foto che hai postato non si può risalire a nulla.

...

Novità dalle scansioni online?

[xalx67]

Con la scansione di Kaspersky on line non è stato rilevato niente e idem con il mio NOD32. Ho appena killato quello che GMER mi evidenziava e riavviato. Per ora comunque non noto comportamenti strani sul pc anche se penso che se c' è in corso qualcosa di malevolo potrei non accorgermene minimamente. Se poi non risolvo e mi stanco della situazione faccio un ripristino di backup riportandomi al post installazione del SO. Quello che mi preoccupa è il fatto che sul pc conservo vari codici compresi quelli bancari per operazioni on line, anche se il tutto è in un foglio di excel protetto da password che a sua volta è all' interno di un volume criptato e protetto da password anch' esso.. solo che se li uso devo aprirli!

[xalx67]

Una cosa non mi è chiara: un rootkit è necessariamente residente nel SO oppure può entrare in base alla visita in un sito infetto per poi uscire? eMule può avere colpe?

[ste_95]

Un malware, per funzionare sul tuo computer, deve creare file nel disco fisso.

[xalx67]

Io non so' che fare per eliminarlo, quindi se non ci sono altri mezzi oltre a quelli già utilizzati facciamo che fin che la barca va' la lascio andare, poi ripristino il backup. Adesso che ci penso l' unico malfunzionamento che a volte mi si manifesta è legato al modem fax. Mi capita (di rado) che all' avvio XP me lo segnala come nuovo hardware pronto da installare anche se lo è da tempo e poi se provo ad utilizzarlo mi è successo (sempre di rado) che mi ritorni il messaggio di impossibilità di utilizzo del modem in quanto la porta di comunicazione è occupata, da cosa però non saprei. Se riavvio la cosa non cambia.. l' unica soluzione che riporta il tutto alla normalità è quella di spegnere di colpo l' alimentazione: quando riaccendo funziona tutto. Avevo anche provato a disinstallarlo il modem e poi rimetterlo ma il problema si è ripresentato ancora. Non ho idea però se i due fatti possano essere legati

[enea83]

Io non so' che fare per eliminarlo, quindi se non ci sono altri mezzi oltre a quelli già utilizzati facciamo che fin che la barca va' la lascio andare

provare ad utilizzare altri antirootkit o altri antimalware come malwarebytes no eh...

[xalx67]

Prima adoperavo rootkit revealer ma mi è stato detto che è pessimo. Se avete nomi di strumenti validi posso fare delle scansioni incrociate. Dite pure!

[crazy.cat]

Prova con seem, prendi la versione Seem 4.1b (en) (~250ko)
http://seem.about.free.fr/?004/Telechargement