Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

richiesta aiuto per portatile infestato :)

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

richiesta aiuto per portatile infestato :)

Messaggioda conterenier » sab feb 07, 2009 3:23 am

Buongiorno a tutti
ho il mio portatilino vaio che ha un po' di problemi

allora
al momento c'è un win xp professional

poi office professional e altri programmini

Sul pc mi si aprono delle pagine explorer non richieste e quindi è ovvio che c'è n adware
e poi se clicco sul calendario mi va in palla
infine a volte quando lo avvio non si vede nulla sul desktop e pertanto devo andare al secono
tentativo

ecco qui di seguito l'analisi delle attività

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3.01.29, on 07/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Programmi\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Programmi\Protector Suite quello\psqltray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Microsoft IntelliPoint\dpupdchk.exe
C:\Programmi\Infineon\Security Platform Software\PSDrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Infineon\Security Platform Software\SpTna.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\documents and settings\paolo\impostazioni locali\dati applicazioni\egqik.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\CallMe\CallMe.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\STOPzilla!\STOPzilla.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\paolo\Desktop\check\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.com/en/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Programmi\STOPzilla!\SZSG.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Programmi\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Programmi\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Programmi\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [Switcher.exe] "C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Programmi\Protector Suite quello\launcher.exe" /startup
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Programmi\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Programmi\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Programmi\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe"
O4 - HKCU\..\Run: [egqik] "c:\documents and settings\paolo\impostazioni locali\dati applicazioni\egqik.exe" egqik
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CallMe.lnk = C:\Programmi\CallMe\CallMe.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\programmi\file comuni\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\file comuni\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\file comuni\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\file comuni\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\file comuni\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\file comuni\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} (Rinera Streaming Control) - http://portal3.rinera.com/download/RineraProxy-1.4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7537347071
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4EB4BC5-4128-4678-8FC1-932F709FB352}: NameServer = 213.140.2.46,0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{E91D0846-9741-4C82-A682-73E6DF7577EC}: NameServer = 213.140.2.43,213.140.2.49
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programmi\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Programmi\File comuni\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 13193 bytes




Mi potete aiutare?
ho installato con licenza stopzilla e kaspersky

Grazie
Paolo
Avatar utente
conterenier
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: sab feb 07, 2009 3:06 am

Re: richiesta aiuto per portatile infestato :)

Messaggioda ste_95 » sab feb 07, 2009 8:09 am

Correggi il tuo log seguendo queste regole

In hijackthis, seleziona a sinistra questa voce e premi in basso il pulsante Fix Checked:

O4 - HKCU\..\Run: [egqik] "c:\documents and settings\paolo\impostazioni locali\dati applicazioni\egqik.exe" egqik

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto
Files to delete:
c:\documents and settings\paolo\impostazioni locali\dati applicazioni\egqik.exe
c:\documents and settings\paolo\impostazioni locali\dati applicazioni\egqik.dat
c:\documents and settings\paolo\impostazioni locali\dati applicazioni\egqik_nav.dat
c:\documents and settings\paolo\impostazioni locali\dati applicazioni\egqik_navps.dat


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Se Avenger riporta un errore, prova a riscrivere manualmente la prima riga (Files to delete:) ricordando i due punti. Se il problema persiste prova con la vecchia versione di Avenger.

Scarica GMER, poi segui i seguenti passaggi:

--- 1° passaggio ---
Avviamo gmer
clicchiamo su > > >
Clicchiamo su Autostart
mettiamo il segno di spunta a Show All
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e postastiamo sul forum il risultato facendo attenzione a queste regole.

--- 2° passaggio ---
Sempre nel programma appena scaricato (gmer),
clicchiamo su Rootkit
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e postastiamo sul forum il risultato facendo attenzione a queste regole.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: richiesta aiuto per portatile infestato :)

Messaggioda crazy.cat » sab feb 07, 2009 8:12 am

Stopzilla
http://www.MegaLab.it/3542/attenzione-a ... ntispyware
Ma perché cadere in queste trappole...


Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nel box bianco che si è aperto:

Codice: Seleziona tutto
Files to delete:
c:\documents and settings\paolo\impostazioni locali\dati applicazioni\egqik.exe
c:\documents and settings\paolo\impostazioni locali\dati applicazioni\egqik.dat
c:\documents and settings\paolo\impostazioni locali\dati applicazioni\egqik_nav.dat
c:\documents and settings\paolo\impostazioni locali\dati applicazioni\egqik_navps.dat


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Se ti da un errore di script errato, prova a riscrivere manualmente la prima riga (Files to delete:) ricordando i due punti.

rifai la scansione con Hijackthis, selezioni la casella di questa riga e premi fix checked per eliminarla.
O4 - HKCU\..\Run: [egqik] "c:\documents and settings\paolo\impostazioni locali\dati applicazioni\egqik.exe" egqik
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


Re: richiesta aiuto per portatile infestato :)

Messaggioda conterenier » sab feb 07, 2009 7:10 pm

Buongiorno ecco i risultati dei log

GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2009-02-07 15:23:29
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@Shellexplorer.exe = explorer.exe
@GinaDLLvrlogon.dll = vrlogon.dll
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
klogon@DLLName = C:\WINDOWS\system32\klogon.dll
PCANotify@DLLName = PCANotify.dll
psfus@DLLName = C:\WINDOWS\system32\psqlpwd.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
VESWinlogon@DLLName = VESWinlogon.dll
WgaLogon@DLLName = WgaLogon.dll
wlballoon@DLLName = wlnotify.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AudioSrv@ = %SystemRoot%\System32\svchost.exe -k netsvcs
AVP@ = "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r
Browser@ = %SystemRoot%\system32\svchost.exe -k netsvcs
btwdins@ = C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
CryptSvc@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Dnscache@ = %SystemRoot%\system32\svchost.exe -k NetworkService
ERSvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog@ = %SystemRoot%\system32\services.exe
EvtEng@ = C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
gusvc@ = "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
helpsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
HidServ@ = %SystemRoot%\System32\svchost.exe -k netsvcs
IFXSpMgtSrv@ = C:\WINDOWS\system32\ifxspmgt.exe
IFXTCS@ = C:\WINDOWS\system32\IFXTCS.exe
JavaQuickStarterService@ = "C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf"
lanmanserver@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts@ = %SystemRoot%\system32\svchost.exe -k LocalService
MDM@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe"
NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
PersonalSecureDriveService@ = C:\WINDOWS\system32\IfxPsdSv.exe
PlugPlay@ = %SystemRoot%\system32\services.exe
PolicyAgent@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage@ = %SystemRoot%\system32\lsass.exe
RegSrvc@ = C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
RemoteRegistry@ = %SystemRoot%\system32\svchost.exe -k LocalService
RpcSs@ = %SystemRoot%\system32\svchost -k rpcss
S24EventMonitor@ = C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
SamSs@ = %SystemRoot%\system32\lsass.exe
Schedule@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler@ = %SystemRoot%\system32\spoolsv.exe
srservice@ = %SystemRoot%\system32\svchost.exe -k netsvcs
stisvc@ = %SystemRoot%\system32\svchost.exe -k imgsvc
szserver@ = "C:\Programmi\File comuni\iS3\Anti-Spyware\SZServer.exe"
Themes@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks@ = %SystemRoot%\system32\svchost.exe -k netsvcs
VAIO Event Service@ = C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
W32Time@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient@ = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding
wuauserv@ = %systemroot%\system32\svchost.exe -k netsvcs
WudfSvc@ = %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
WZCSVC@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@ISBMgr.exeC:\Programmi\Sony\ISB Utility\ISBMgr.exe = C:\Programmi\Sony\ISB Utility\ISBMgr.exe
@SonyPowerCfg"C:\Programmi\Sony\VAIO Power Management\SPMgr.exe" = "C:\Programmi\Sony\VAIO Power Management\SPMgr.exe"
@Switcher.exe"C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe" = "C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe"
@PSQLLauncher"C:\Programmi\Protector Suite quello\launcher.exe" /startup = "C:\Programmi\Protector Suite quello\launcher.exe" /startup
@IFXSPMGTC:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon = C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
@VAIO Update 3"C:\Programmi\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary = "C:\Programmi\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@IntelliPoint"C:\Programmi\Microsoft IntelliPoint\ipoint.exe" = "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
@AVP"C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" = "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
@PC Suite for Smartphones"C:\Programmi\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions = "C:\Programmi\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
@Nitro PDF Printer Monitor"C:\Programmi\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" = "C:\Programmi\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
@SunJavaUpdateSched"C:\Programmi\Java\jre6\bin\jusched.exe" = "C:\Programmi\Java\jre6\bin\jusched.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@swgC:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
@Skype"C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" = "C:\Programmi\MSN Messenger\MsnMsgr.Exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheckC:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{AEB6717E-7E19-11d0-97EE-00C04FD91972}shell32.dll = shell32.dll
@{56F9679E-7826-4C84-81F3-532071A8BCC5}C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll = C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensione shell per Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/C:\WINDOWS\system32\occache.dll = C:\WINDOWS\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{ED58A35B-B554-42AF-A26C-6F3D424200D3} /*Sony Power Management Extensiond*/C:\Programmi\Sony\VAIO Power Management\SPMPanel.dll = C:\Programmi\Sony\VAIO Power Management\SPMPanel.dll
@{9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E} /*Safearchive ContextMenu Class*/C:\Programmi\Protector Suite quello\farchns.dll = C:\Programmi\Protector Suite quello\farchns.dll
@{055EF591-5C38-49a0-9BDA-51B1D69D0BF4} /*Safearchive ShellFolder Class*/C:\Programmi\Protector Suite quello\farchns.dll = C:\Programmi\Protector Suite quello\farchns.dll
@{66C99756-1C92-4d3e-BA69-9400A6F731F5} /*Safearchive PropertySheetHandler Class*/C:\Programmi\Protector Suite quello\farchns.dll = C:\Programmi\Protector Suite quello\farchns.dll
@{E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA} /*Safearchive ExtractIcon Class*/C:\Programmi\Protector Suite quello\farchns.dll = C:\Programmi\Protector Suite quello\farchns.dll
@{E08BF9C5-191E-4B15-8F67-2622B4DB5580} /*PSD Shell Extension*/C:\WINDOWS\system32\PSDShExt.dll = C:\WINDOWS\system32\PSDShExt.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\system32\BTNEIG~1.DLL = C:\WINDOWS\system32\BTNEIG~1.DLL
@{7842554E-6BED-11D2-8CDB-B05550C10000} /*Monitor*/C:\WINDOWS\system32\btncopy.dll = C:\WINDOWS\system32\btncopy.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Programmi\MSN Messenger\fsshext.8.1.0178.00.dll
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Programmi\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll = C:\Programmi\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Programmi\File comuni\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Programmi\File comuni\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office12\msohevi.dll = C:\Programmi\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
@{20082881-FC36-4E47-9A7A-644C95FF749F} /*IntelliPoint Wireless Control Panel Property Page*/"C:\Programmi\Microsoft IntelliPoint\ipcplwir.dll" = "C:\Programmi\Microsoft IntelliPoint\ipcplwir.dll"
@{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} /*IntelliPoint Wheel Control Panel Property Page*/"C:\Programmi\Microsoft IntelliPoint\ipcplwhl.dll" = "C:\Programmi\Microsoft IntelliPoint\ipcplwhl.dll"
@{653DCCC2-13DB-45B2-A389-427885776CFE} /*IntelliPoint Activities Control Panel Property Page*/"C:\Programmi\Microsoft IntelliPoint\ipcplact.dll" = "C:\Programmi\Microsoft IntelliPoint\ipcplact.dll"
@{124597D8-850A-41AE-849C-017A4FA99CA2} /*IntelliPoint Buttons Control Panel Property Page*/"C:\Programmi\Microsoft IntelliPoint\ipcplbtn.dll" = "C:\Programmi\Microsoft IntelliPoint\ipcplbtn.dll"
@{3BEABCC1-BF31-42df-88D9-A2955D6B8528} /*IntelliPoint Sensitivity Control Panel Property Page*/"C:\Programmi\Microsoft IntelliPoint\ipcplsens.dll" = "C:\Programmi\Microsoft IntelliPoint\ipcplsens.dll"
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\Audiodev.dll = %SystemRoot%\system32\Audiodev.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{97090E2F-3062-4459-855B-014F0D3CDBB1} /*Windows Search Deskbar*/C:\Programmi\Windows Desktop Search\deskbar.dll = C:\Programmi\Windows Desktop Search\deskbar.dll
@{13E7F612-F261-4391-BEA2-39DF4F3FA311} /*Windows Desktop Search*/C:\Programmi\Windows Desktop Search\msnlExt.dll = C:\Programmi\Windows Desktop Search\msnlExt.dll
@{85E0B171-04FA-11D1-B7DA-00A0C90348D6} /*Web Anti-Virus*/C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll = C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
@{2F25CF20-C569-11D1-B94C-00608CB45480} /*TextPad*/C:\Programmi\TextPad 4\System\shellext.dll = C:\Programmi\TextPad 4\System\shellext.dll
@{BBD2BACA-BEED-4307-86F7-563562FCFC13} /*Gestione file di Sony Ericsson*/C:\Programmi\Sony Ericsson\Mobile4\File Manager\FM.dll = C:\Programmi\Sony Ericsson\Mobile4\File Manager\FM.dll
@{738D66C6-0149-4D40-84E4-A7BB2D0CE949} /*Gestione file di Sony Ericsson*/C:\Programmi\Sony Ericsson\Mobile4\File Manager\FM.dll = C:\Programmi\Sony Ericsson\Mobile4\File Manager\FM.dll
@{D0DC6B97-C6FA-4B42-9649-5891A97E5005} /*N5ShellExtension Shell Extension*/C:\Programmi\Nitro PDF\Professional\N5ShellExtension.dll = C:\Programmi\Nitro PDF\Professional\N5ShellExtension.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programmi\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
APSDShExt@{E08BF9C5-191E-4B15-8F67-2622B4DB5580} = C:\WINDOWS\system32\PSDShExt.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll
N5ShellExtension@{D0DC6B97-C6FA-4B42-9649-5891A97E5005} = C:\Programmi\Nitro PDF\Professional\N5ShellExtension.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
TextPad@{2F25CF20-C569-11D1-B94C-00608CB45480} = C:\Programmi\TextPad 4\System\shellext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
APSDShExt@{E08BF9C5-191E-4B15-8F67-2622B4DB5580} = C:\WINDOWS\system32\PSDShExt.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
@{1827766B-9F49-4854-8034-F6EE26FCB1EC}C:\Programmi\STOPzilla!\SZSG.dll = C:\Programmi\STOPzilla!\SZSG.dll
@{22BF413B-C6D2-4d91-82A9-A0F997BA588C}C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll = C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre6\bin\ssv.dll = C:\Programmi\Java\jre6\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll = C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
@{AE7CD045-E861-484f-8273-0445EE161910}C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll = C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll = C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
@{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll = C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Programmi\Java\jre6\bin\jp2ssv.dll = C:\Programmi\Java\jre6\bin\jp2ssv.dll
@{E3215F20-3212-11D6-9F8B-00D0B743919D}C:\Programmi\STOPzilla!\SZIEBHO.dll = C:\Programmi\STOPzilla!\SZIEBHO.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\WINDOWS\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
javascript@CLSID = C:\WINDOWS\system32\mshtml.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = C:\WINDOWS\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-help@CLSID = C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
res@CLSID = C:\WINDOWS\system32\mshtml.dll
skype4com@CLSID = C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = C:\WINDOWS\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E4EB4BC5-4128-4678-8FC1-932F709FB352} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.1.10 = 192.168.1.10
@NameServer213.140.2.46,0.0.0.0 = 213.140.2.46,0.0.0.0
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E91D0846-9741-4C82-A682-73E6DF7577EC} /*Connessione alla rete locale (LAN) 2*/ >>>
@IPAddress192.168.1.29 = 192.168.1.29
@NameServer213.140.2.43,213.140.2.49 = 213.140.2.43,213.140.2.49
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\Programmi\File comuni\iS3\Anti-Spyware\iS3lsp.dll
000000000002@PackedCatalogItem = C:\Programmi\File comuni\iS3\Anti-Spyware\iS3lsp.dll
000000000003@PackedCatalogItem = C:\Programmi\File comuni\iS3\Anti-Spyware\iS3lsp.dll
000000000004@PackedCatalogItem = C:\Programmi\File comuni\iS3\Anti-Spyware\iS3lsp.dll
000000000005@PackedCatalogItem = C:\Programmi\File comuni\iS3\Anti-Spyware\iS3lsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000020@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000021@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000022@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000023@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000024@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000025@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000026@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000027@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000028@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000029@PackedCatalogItem = C:\Programmi\File comuni\iS3\Anti-Spyware\iS3lsp.dll

C:\Documents and Settings\paolo\Menu Avvio\Programmi\Esecuzione automatica = CallMe.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Acrobat Assistant.lnk = Acrobat Assistant.lnk
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
BTTray.lnk = BTTray.lnk

---- EOF - GMER 1.0.14 ----
Avatar utente
conterenier
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: sab feb 07, 2009 3:06 am

Re: richiesta aiuto per portatile infestato :)

Messaggioda conterenier » sab feb 07, 2009 7:11 pm

altro log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.36.29, on 07/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\notepad+\notepad++.exe
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Programmi\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Protector Suite quello\psqltray.exe
C:\Programmi\Microsoft IntelliPoint\dpupdchk.exe
C:\Programmi\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Infineon\Security Platform Software\PSDrt.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Infineon\Security Platform Software\SpTna.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\CallMe\CallMe.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\paolo\Desktop\check\gmer\gmer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\paolo\Desktop\check\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.com/en/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Programmi\STOPzilla!\SZSG.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Programmi\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Programmi\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Programmi\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [Switcher.exe] "C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Programmi\Protector Suite quello\launcher.exe" /startup
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Programmi\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Programmi\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Programmi\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CallMe.lnk = C:\Programmi\CallMe\CallMe.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\programmi\file comuni\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\file comuni\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\file comuni\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\file comuni\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\file comuni\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\file comuni\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} (Rinera Streaming Control) - http://portal3.rinera.com/download/RineraProxy-1.4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7537347071
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4EB4BC5-4128-4678-8FC1-932F709FB352}: NameServer = 213.140.2.46,0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{E91D0846-9741-4C82-A682-73E6DF7577EC}: NameServer = 213.140.2.43,213.140.2.49
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programmi\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Programmi\File comuni\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 12930 bytes
Avatar utente
conterenier
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: sab feb 07, 2009 3:06 am

Re: richiesta aiuto per portatile infestato :)

Messaggioda conterenier » sab feb 07, 2009 7:12 pm

altro log gemer

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-07 19:15:38
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xB99F2370]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwConnectPort [0xB99F0420]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateKey [0xB99E37A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xB99F20A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xB99F2210]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xB99F2E70]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB99F2940]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xB99F37B0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteKey [0xB99E38A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteValueKey [0xB99E3920]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xB99F2510]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xB99E39B0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xB99E3A60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwFlushKey [0xB99E3B10]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwInitializeRegistry [0xB99E3B90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xB99EFFD0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey [0xB99E4590]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey2 [0xB99E3BB0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwNotifyChangeKey [0xB99E3C80]
SSDT kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ZwOpenFile [0xBA5C8030]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenKey [0xB99E3D60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xB99F1E90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xB99F2CA0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryKey [0xB99E3E30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryMultipleValueKey [0xB99E3EE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xB99F3460]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryValueKey [0xB99E3F90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwReplaceKey [0xB99E4040]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRequestWaitReplyPort [0xB99F0A00]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRestoreKey [0xB99E40D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xB99F3760]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSaveKey [0xB99E42D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xB99F3AE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xB99F40A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationKey [0xB99E4360]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xB99EEC20]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSystemInformation [0xB99F2B20]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetValueKey [0xB99E4400]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xB99F3710]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xB99F02E0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xB99F3300]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwUnloadKey [0xB99E4550]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xB99F23D0]

Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B99F44C0 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B99F49C0 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C6A 80504506 2 Bytes [ 9E, B9 ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D48 805045E4 12 Bytes [ D0, FF, 9E, B9, 90, 45, 9E, ... ]

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\svchost.exe[608] WS2_32.dll!getaddrinfo 71A32A6F 5 Bytes JMP 00E855A0 C:\Programmi\File comuni\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\system32\svchost.exe[608] WS2_32.dll!gethostbyname 71A35355 5 Bytes JMP 00E852B0 C:\Programmi\File comuni\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\system32\SearchIndexer.exe[1240] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 004DE392 C:\Programmi\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation)
.text C:\Programmi\Java\jre6\bin\jusched.exe[2976] ws2_32.dll!getaddrinfo 71A32A6F 5 Bytes JMP 01BC55A0 C:\Programmi\File comuni\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\Programmi\Java\jre6\bin\jusched.exe[2976] ws2_32.dll!gethostbyname 71A35355 5 Bytes JMP 01BC52B0 C:\Programmi\File comuni\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\System32\alg.exe[3116] WS2_32.dll!getaddrinfo 71A32A6F 5 Bytes JMP 00B955A0 C:\Programmi\File comuni\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\System32\alg.exe[3116] WS2_32.dll!gethostbyname 71A35355 5 Bytes JMP 00B952B0 C:\Programmi\File comuni\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\Programmi\Skype\Plugin Manager\skypePM.exe[3156] WS2_32.dll!getaddrinfo 71A32A6F 5 Bytes JMP 03C755A0 C:\Programmi\File comuni\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\Programmi\Skype\Plugin Manager\skypePM.exe[3156] WS2_32.dll!gethostbyname 71A35355 5 Bytes JMP 03C752B0 C:\Programmi\File comuni\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\Programmi\Internet Explorer\iexplore.exe[5592] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 435FF301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[5592] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 062B8B64 C:\Programmi\STOPzilla!\SZIEBHO.dll (STOPzilla Support Library/iS3, Inc.)
.text C:\Programmi\Internet Explorer\iexplore.exe[5592] USER32.dll!CreateWindowExA 7E3AE4A9 5 Bytes JMP 062B8B1E C:\Programmi\STOPzilla!\SZIEBHO.dll (STOPzilla Support Library/iS3, Inc.)
.text C:\Programmi\Internet Explorer\iexplore.exe[5592] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 4379179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[5592] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 43791720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[5592] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 43791764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[5592] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 437916AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[5592] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 437916E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[5592] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 437917DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[5592] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 436216B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[5592] ws2_32.dll!getaddrinfo 71A32A6F 5 Bytes JMP 06EA55A0 C:\Programmi\File comuni\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\Programmi\Internet Explorer\iexplore.exe[5592] ws2_32.dll!gethostbyname 71A35355 5 Bytes JMP 06EA52B0 C:\Programmi\File comuni\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 87DDF530
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 87DDF530

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ExitProcess] [63403AC0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63403BD0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63403BD0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [63403BD0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [63403BD0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [63403C30] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [63403BD0] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [63403B70] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [63403B10] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)
IAT C:\Programmi\MSN Messenger\MsnMsgr.Exe[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [63403C90] C:\WINDOWS\system32\iS3Hks5.dll (iS3 Support Library/iS3, Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Threads - GMER 1.0.14 ----

Thread 4:664 87E1F7A0
Thread 4:668 87E1F7A0
Thread 4:672 87DECA30
Thread 4:676 87DECA30
Thread 4:680 87DECA30

---- Files - GMER 1.0.14 ----

File C:\temp\File temporanei Internet\Content.IE5\BTGA36M4\fnZ3X1NdUXhQX19eaQAHXgNCR0I-[1].jpg 0 bytes

---- EOF - GMER 1.0.14 ----
Avatar utente
conterenier
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: sab feb 07, 2009 3:06 am

Re: richiesta aiuto per portatile infestato :)

Messaggioda ste_95 » sab feb 07, 2009 7:44 pm

Hai ancora problemi?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: richiesta aiuto per portatile infestato :)

Messaggioda conterenier » lun feb 09, 2009 1:25 am

Buonasera
purtroppo i problemi rimangono

Ogni tanto quando lo accendo mi dice brwsgui.dll immagine non valida
quindi lo devo riavviare e sperare che funzioni

E poi non è fluido come una volta ... per me c'è qualche AD in corso


poi kaspersky mi segnala questo
09/02/2009 1.22.35 \Driver\AW_HOST Keylogger rilevato. Il nome possibile del driver è system32\drivers\aw_host5.sys.
09/02/2009 1.23.17 C:\Programmi\MSN Messenger\MsnMsgr.Exe Tentativo di caricare un modulo nuovo o modificato C:\WINDOWS\system32\onex.dll nel processo.


09/02/2009 1.23.17 C:\Programmi\MSN Messenger\MsnMsgr.Exe Tentativo di caricare un modulo nuovo o modificato C:\WINDOWS\system32\dot3dlg.dll nel processo.



io non ho idea di che roba sia ...

mi potete aiutare?
Paolo
Avatar utente
conterenier
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: sab feb 07, 2009 3:06 am

Re: richiesta aiuto per portatile infestato :)

Messaggioda ste_95 » lun feb 09, 2009 7:11 am

Prova a fare una scansione con MalwareBytes Anti-Malware, e vedi se riesce a rimuoverti qualcosa:
http://malwarebytes.org/mbam.php
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: richiesta aiuto per portatile infestato :)

Messaggioda [Claudio] » lun feb 09, 2009 12:04 pm

conterenier ha scritto:Buonasera ....purtroppo i problemi rimangono .......

Scusa, ma un paio di reply fa, Crazycat ti ha fatto notare che è il caso di disinstallare Stopzilla (è un rogue):
crazy.cat ha scritto:Stopzilla .... http://www.MegaLab.it/3542/attenzione-a ... ntispyware
Ma perché cadere in queste trappole...

Inizia da quello intanto, poi prosegui con la scansione che ti è stata suggerita da Ste, salva il log che verrà rilasciato e lo alleghi assieme ad un nuovo log di Hijackthis effettatuto al termine delle precedenti operazioni.
Avatar utente
[Claudio]
Senior Member
Senior Member
 
Messaggi: 307
Iscritto il: ven feb 06, 2009 11:16 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 6 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising