lpt7.exe - cavallo di troia (Win32/Agent.NDG)

[aprile]

L'help riguarda questo "maledetto coso": lpt7.exe che è allocato in:

C:\Programmi\File Comuni\Services

Lo ha rilevato l'antivirus (NOD32), lo rileva mrt.exe.
E' presente in Hijackthis.log

L'antivirus, ad-aware, spybot etc. han fatto cilecca.
Ho provato a rinominarlo e rimuoverlo finanche in modalità provvisoria.
Niente da fare.
Chi mi aiuta?

Grazie
aprile

[Luke57]

Ciao, scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla

Poi fai una scansione con GMer dalla posizione Autostart, con le stesse procedure del precedente. Incolli il log generato nel suddetto block notes e poi incolli i due log in un post nel forum.

[aprile]

per luke 57 (grazie!)


che vuol dire:
"Fai una scansione in posizione di autostart"?
Modalità Provvisoria?
Esecuzione automatica?

tsk..tsk.. insomma..che vor di'?


aprileConGrandeImbarazzo

[Luke57]

Ciao, vuol dire che lanciato il file gmer.exe, nella finestra che si apre, in alto ci sono diverse opzioni, clicchi su rootkit la prima volta e premi scan. Finito questo lavoro, e una volta copiato il log nel file di testo, clicchi su Autostart e premi scan.

[marcosesto]

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-09-09 22:55:05
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = \\?\C:\WINDOWS\system32\com9.geq

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AdobeActiveFileMonitor /*Adobe Active File Monitor*/@ = C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
BlueSoleil Hid Service /*BlueSoleil Hid Service*/@ = C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
Brother XP spl Service /*BrSplService*/@ = C:\WINDOWS\system32\brsvc01a.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
NOD32krn /*NOD32 Kernel Service*/@ = "C:\Programmi\Eset\nod32krn.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
PhotoshopElementsDeviceConnect /*Photoshop Elements Device Connect*/@ = C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
SrvEdr /*SrvEdr*/@ = "\\?\C:\Programmi\File comuni\Microsoft Shared\lpt5.exe"
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@trustrastrustras.exe /*file not found*/ = trustras.exe /*file not found*/
@REGSHAVEC:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN = C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nod32kui"C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE = "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@CnxDslTaskBarC:\Programmi\Trust\CnxDslTb.exe = C:\Programmi\Trust\CnxDslTb.exe
@WinFaxAppPortStarterwfxsnt40.exe = wfxsnt40.exe
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@QuickTime Task"C:\Programmi\QuickTime Alternative\qttask.exe" -atboottime = "C:\Programmi\QuickTime Alternative\qttask.exe" -atboottime
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@WeatherMate"C:\Programmi\WeatherMate\WeatherMate.exe" /*file not found*/ = "C:\Programmi\WeatherMate\WeatherMate.exe" /*file not found*/
@FASTTRACKPassepartout LightC:\WINDOWS\Passepartout Light.exe -A *fMZdFjW2YQNlyx1ufMdLDjGWEZl1w82hMOaYjDXyIkx14y0mLMccTzmmIAUVzzglLMYLmz2WVFVF48uuZLddXXGGxwVlQtz2YfaaXCWXN11Jz8p1ZLIcXXGyBwF1hysucfIbnDH3RFNNv8lwdLYYXX2WQw90gtutTfZZGCGGl189n8g3aLcbHXGmRxVx8xyvMdIYjWHWllVQ8uuuaZIbHGHmRlRV0jl0cabfDSXFoBBNvlv8LdIR3XGnBJNxhvvOcIbf3HXENBB5lls8ccZLGiXXFBNxy1zOdbafGiXC9BZ110v8dZILDWGXI1RwuwptdbIfHyGCJB91hj08ZbdNm2GDZ18Fpwg8YbbM2GWSFVlwkzuxdcdLm2XDFlREu2psYbfM2yCSUB1wuk8ybaafmSHCVBR10z08fZcLDWDXEkowwgvtMbLfjW2HIlZV4uywfdZeDXWCIRU5zptlfIZeDGGGJFVV8um8LYYUX2X3whVwtlszfIdOCGCD151Y8v1xLbcfXiGEwBR54jh8ObdIT2Ggk5U=wzt= = C:\WINDOWS\Passepartout Light.exe -A *fMZdFjW2YQNlyx1ufMdLDjGWEZl1w82hMOaYjDXyIkx14y0mLMccTzmmIAUVzzglLMYLmz2WVFVF48uuZLddXXGGxwVlQtz2YfaaXCWXN11Jz8p1ZLIcXXGyBwF1hysucfIbnDH3RFNNv8lwdLYYXX2WQw90gtutTfZZGCGGl189n8g3aLcbHXGmRxVx8xyvMdIYjWHWllVQ8uuuaZIbHGHmRlRV0jl0cabfDSXFoBBNvlv8LdIR3XGnBJNxhvvOcIbf3HXENBB5lls8ccZLGiXXFBNxy1zOdbafGiXC9BZ110v8dZILDWGXI1RwuwptdbIfHyGCJB91hj08ZbdNm2GDZ18Fpwg8YbbM2GWSFVlwkzuxdcdLm2XDFlREu2psYbfM2yCSUB1wuk8ybaafmSHCVBR10z08fZcLDWDXEkowwgvtMbLfjW2HIlZV4uywfdZeDXWCIRU5zptlfIZeDGGGJFVV8um8LYYUX2X3whVwtlszfIdOCGCD151Y8v1xLbcfXiGEwBR54jh8ObdIT2Ggk5U=wzt=
@SweetIMC:\Programmi\Macrogaming\SweetIM\SweetIM.exe = C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
@BearShare"D:\Documenti-Richi\BearShare\BearShare.exe" /pause /*file not found*/ = "D:\Documenti-Richi\BearShare\BearShare.exe" /pause /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@UninstallAbility"C:\Programmi\UninstallAbility\uability.exe" /AUTO /*file not found*/ = "C:\Programmi\UninstallAbility\uability.exe" /AUTO /*file not found*/
@PhotoShow Deluxe Media ManagerC:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe /*file not found*/ = C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe /*file not found*/
@FASTTRACKPassepartout LightC:\WINDOWS\Passepartout Light.exe -A *fMZdFjW2YQNlyx1ufMdLDjGWEZl1w82hMOaYjDXyIkx14y0mLMccTzmmIAUVzzglLMYLmz2WVFVF48uuZLddXXGGxwVlQtz2YfaaXCWXN11Jz8p1ZLIcXXGyBwF1hysucfIbnDH3RFNNv8lwdLYYXX2WQw90gtutTfZZGCGGl189n8g3aLcbHXGmRxVx8xyvMdIYjWHWllVQ8uuuaZIbHGHmRlRV0jl0cabfDSXFoBBNvlv8LdIR3XGnBJNxhvvOcIbf3HXENBB5lls8ccZLGiXXFBNxy1zOdbafGiXC9BZ110v8dZILDWGXI1RwuwptdbIfHyGCJB91hj08ZbdNm2GDZ18Fpwg8YbbM2GWSFVlwkzuxdcdLm2XDFlREu2psYbfM2yCSUB1wuk8ybaafmSHCVBR10z08fZcLDWDXEkowwgvtMbLfjW2HIlZV4uywfdZeDXWCIRU5zptlfIZeDGGGJFVV8um8LYYUX2X3whVwtlszfIdOCGCD151Y8v1xLbcfXiGEwBR54jh8ObdIT2Ggk5U=wzt= = C:\WINDOWS\Passepartout Light.exe -A *fMZdFjW2YQNlyx1ufMdLDjGWEZl1w82hMOaYjDXyIkx14y0mLMccTzmmIAUVzzglLMYLmz2WVFVF48uuZLddXXGGxwVlQtz2YfaaXCWXN11Jz8p1ZLIcXXGyBwF1hysucfIbnDH3RFNNv8lwdLYYXX2WQw90gtutTfZZGCGGl189n8g3aLcbHXGmRxVx8xyvMdIYjWHWllVQ8uuuaZIbHGHmRlRV0jl0cabfDSXFoBBNvlv8LdIR3XGnBJNxhvvOcIbf3HXENBB5lls8ccZLGiXXFBNxy1zOdbafGiXC9BZ110v8dZILDWGXI1RwuwptdbIfHyGCJB91hj08ZbdNm2GDZ18Fpwg8YbbM2GWSFVlwkzuxdcdLm2XDFlREu2psYbfM2yCSUB1wuk8ybaafmSHCVBR10z08fZcLDWDXEkowwgvtMbLfjW2HIlZV4uywfdZeDXWCIRU5zptlfIZeDGGGJFVV8um8LYYUX2X3whVwtlszfIdOCGCD151Y8v1xLbcfXiGEwBR54jh8ObdIT2Ggk5U=wzt=
@SweetIMC:\Programmi\Macrogaming\SweetIM\SweetIM.exe = C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@ares"C:\Programmi\Ares\Ares.exe" -h /*file not found*/ = "C:\Programmi\Ares\Ares.exe" -h /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@UPnPMonitor = C:\WINDOWS\system32\upnpui.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{FED7043D-346A-414D-ACD7-550D052499A7} /*dBpowerAMP Music Converter 1*/C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll
@{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} /*dBpowerAMP Music Converter*/C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Periferiche Plug and Play universali*/C:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{B089FE88-FB52-11d3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Programmi\Eset\nodshex.dll = C:\Programmi\Eset\nodshex.dll
@{EF479680-EA35-4EA9-B093-7114F3E3E0DA} /*Directory Lister*/C:\Programmi\Directory Lister\DirListerExt.dll = C:\Programmi\Directory Lister\DirListerExt.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} /*Context Menu Shell Extension*/C:\Programmi\TagRename\TRshell.dll = C:\Programmi\TagRename\TRshell.dll
@{73B24247-042E-4EF5-ADC2-42F62E6FD654} /*ICQ Lite Shell Extension*/(null) =
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{AB77609F-2178-4E6F-9C4B-44AC179D937A} /*a-squared Context Menu Shell Extension*/C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL /*file not found*/ = C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL /*file not found*/

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
TagRename_ContextMenu@{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} = C:\Programmi\TagRename\TRshell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
a2ContMenu@{AB77609F-2178-4E6F-9C4B-44AC179D937A} = C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL /*file not found*/
DirLister@{EF479680-EA35-4EA9-B093-7114F3E3E0DA} = C:\Programmi\Directory Lister\DirListerExt.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
TagRename_ContextMenu@{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} = C:\Programmi\TagRename\TRshell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll = C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
@{4BC9A7AC-2329-49D0-B07F-5FE484029DC2}C:\WINDOWS\system32\gtrack.dll /*file not found*/ = C:\WINDOWS\system32\gtrack.dll /*file not found*/
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{A853979C-2A9A-4ACB-8975-5740A7E26CB4}C:\WINDOWS\system32\kaboom.dll /*file not found*/ = C:\WINDOWS\system32\kaboom.dll /*file not found*/
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar1.dll = c:\programmi\google\googletoolbar1.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\aquarium.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
msero@CLSID = C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\MSERO.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6E8AA845-5038-4380-A902-F60C82D84D92} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.0.1 = 192.168.0.1
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = imon.dll
000000000002@PackedCatalogItem = imon.dll
000000000003@PackedCatalogItem = imon.dll
000000000004@PackedCatalogItem = imon.dll
000000000005@PackedCatalogItem = imon.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012@PackedCatalogItem = imon.dll

---- EOF - GMER 1.0.10 ----
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-09 22:52:06
Windows 5.1.2600 Service Pack 2


---- Registry - GMER 1.0.10 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 74B7EC4A1995C755C36556E2B6CF8A2CEDA3782A11FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A2D97226D213B5555D575E7D6A3B9808C038D530D6EB3452174DFB06464B73F664481D3CE8F0E7EBA947801106E7A40E56128BA3E38067BE10DBAFF767BB9ADFC78B92846B4405CB5955C690302A0B973D228FD9D1747D27CF47B79CD60175929E107855C7B641DCCD17F1E25706E8F389ECACEFA43636088A90B533FC895AAFA4BB41793DAB135CED766401B5F3739DEA7FD6292D7329B8DA0CCE6CE2D661897EC6E22EAD9935B984AF055626FE2643F53F053FDFEBB1453CE02AEEB500E8AAB03F55A8210B241D42D5BE44A7494147A2DFB35F5676EF6D120BF45547AF90CFA784188EC1A0A35E394FFE9D5F06C7BFCE6E62A94DFC49A32159DFAC0FA3BE67304B2B7BDE8DB80BE1D43A2B15FD8078B8C814B4A5F9E59012F1A0F6A5AE1D97FB1D157E6B19AE6696F466A8B48C766E85215109E381300F73C96F2A49B517B824D6609AFD1E13649810FDC54DA3F8553F80A42332385AAEB5AD07B15C355E5721299847528BB7AF895D7F2693C51B934FBE9E745BD5D6332FBEAA6AE339E9B3D19850EDC5E5B2A3F1E6ED63608CB443088C52E0D2295F14986F9D278B656F42F87D1FEE5D435ED33B08CF882DA360B29E6C5

---- Files - GMER 1.0.10 ----

File C:\WINDOWS\system32\com9.geq

---- EOF - GMER 1.0.10 ----

[Luke57]

@ Marcosesto
Ciao, esegui queste operazioni:
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\SrvEdr HKLM\Software\Microsoft\Windows\CurrentVersion\Run\FASTTRACKPassepartout Light
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\FASTTRACKPassepartout Light
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4BC9A7AC-2329-49D0-B07F-5FE484029DC2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A853979C-2A9A-4ACB-8975-5740A7E26CB4}


Files to delete:
C:\Programmi\File comuni\Microsoft Shared\lpt5.exe
C:\WINDOWS\system32\com9.geq
C:\WINDOWS\Passepartout Light.exe


Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


L’esito dello script si troverà nella cartella C:/avenger.txt.

2) scarica questo tool:
Tool:
http://www.prevx.com/gromozon.asp
disattiva l'antivirus, chiudi applicazioni e programmi, esegui il tool. Al riavvio del computer, il programma terminerà la scansione.
Il report dello scan si troverà in C:\Gromozon_removal (mi pare)

Vai qui:
http://www.pc-facile.com/HijackThis_s267/
scarica hiajckthis.
Crea una nuova cartella nel disco fisso, tipo C:\HJT.Decomprimi il file .zip. estrai l’eseguibile di hijackthis (.exe) nella nuova cartella appositamente creata (C:\HJT).
Apri hijackthis.exe. premi “do a system scan and save a log file”, attendi che si apra un file di testo all’interno del quale viene elaborato il log. Salva questo file di testo in una directory.

4) Incolla in un nuovo post:
report di Avenger;
report del tool di rimozione
log di hijackthis.

[marcosesto]

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\FASTTRACKPassepartout Light


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bclawedm

*******************

Script file located at: \??\C:\Documents and Settings\yltldsbu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\SYSTEM\CurrentControlSet\Services\SrvEdr HKLM\Software\Microsoft\Windows\CurrentVersion\Run\FASTTRACKPassepartout Light not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\SrvEdr HKLM\Software\Microsoft\Windows\CurrentVersion\Run\FASTTRACKPassepartout Light failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\SrvEdr HKLM\Software\Microsoft\Windows\CurrentVersion\Run\FASTTRACKPassepartout Light
Status: 0xc0000034

File C:\Programmi\File comuni\Microsoft Shared\lpt5.exe deleted successfully.
File C:\WINDOWS\system32\com9.geq deleted successfully.
File C:\WINDOWS\Passepartout Light.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4BC9A7AC-2329-49D0-B07F-5FE484029DC2} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A853979C-2A9A-4ACB-8975-5740A7E26CB4} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


_____________________________________________

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS


Trojan.Gromozon does not exist - your system is clean.


_____________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 11.47.13, on 10/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Trust\CnxDslTb.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\cmd.exe
C:\zip.exe
C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\CHJT.Decomprimi il file .zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Documenti-Richi\ICQToolbar\toolbaru.dll (file missing)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: 195.228.155.251 l2authd.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Documenti-Richi\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [trustras] trustras.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\Trust\CnxDslTb.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WeatherMate] "C:\Programmi\WeatherMate\WeatherMate.exe"
O4 - HKCU\..\Run: [UninstallAbility] "C:\Programmi\UninstallAbility\uability.exe" /AUTO
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Documenti-Richi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Documenti-Richi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Documenti-Richi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://D:\Documenti-Richi\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Documenti-Richi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica con FlashGet - D:\Lineage II\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - D:\Lineage II\FlashGet\jc_all.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\LINEAG~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\LINEAG~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.sfondissimi.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.coolstreaming.us/webtv/tvkoo/KooPlayer.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lotarzanello.spaces.msn.com//Pho ... nPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0069098265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/ut ... Helper.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/A ... tPkMSN.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://83.103.65.92/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lob ... ttings.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SrvEdr - Unknown owner - \\?\C:\Programmi\File comuni\Microsoft Shared\lpt5.exe (file missing)

[Luke57]

Ciao, quella toolbar di SwetIMBarFoIE non è ritenuta affidabile, quindi il consiglio è di disistallarla;

per cui ,con hijackthis, premi "do a system scan only", cerca e spunta:
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Documenti-Richi\ICQToolbar\toolbaru.dll (file missing)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Documenti-Richi\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O23 - Service: SrvEdr - Unknown owner - \\?\C:\Programmi\File comuni\Microsoft Shared\lpt5.exe (file missing)

premi fix checked.

Esegui anche questo comando, per sicurezza:
start>esegui>sc delete SrvEdr (lo copi nello spazio bianco)>OK

Per il resto non vedo altro.

[marcosesto]

Ciao, sei un mago sembra che sia sparito, ti invio un'immagine con delle cartelle nuove create coi vari procedimenti che mi hai detto di fare, quelle cerchiate in giallo posso eliminarle? Ciao e ancora grazie, Marco.
http://img120.imageshack.us/img120/2436/hjij2.jpg

[Luke57]

Ciao, penso di sì, non è che sono dannose. Per eliminare il contenuto della cartella Avenger, prima lancia questo comando:
start>esegui>cmd>OK
Aperto il prompt dei comandi. digita letteralmente:
del \\.\c:\avenger\com9.geq ------ >Invio

Poi, penso che potrai svuotare la cartella.

[marcosesto]

Ho scritto esattamente la riga di comando come hai detto tu, mi dice impossibile trovare ...e non mi fa cancellare le cartelle

[Luke57]

Ciao, se la cartella non la puoi cancellare normalmente è perchè non puoi eliminare i file con i nomi riservati.
Apri la cartella Avenger, nei backups troviil file com9.geq
Click con il tasto dx su di esso>Proprietà>Protezione, all'interno di questa finestra è possibile impostare per il tuo nome utente la proprietà del file ed il suo controllo completo. A quel punto, lo puoi eliminare.
fai così anche per il file:
lpt5.exe
Potrai così eliminare la cartella.
Se cliccando con il destro su proprietà non trovi la finestra Protezione, da risorse del computer>strumenti>opzioni cartella>visualizzazione, togli la spunta a Utilizza condivisione dei file semplici>OK.

[aprile]

Incollo i due log come mi ha detto Luke57.
Il primo,con rootkit:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-10 20:13:18
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.10 ----

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86B2C4F0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86B2C4F0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 86B2C4F0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 86B71F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 86B71F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 86B71F00
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_CREATE 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_WRITE 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_SET_INFORMATION 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_QUERY_EA 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_SET_EA 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_SHUTDOWN 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_CLEANUP 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_SET_SECURITY 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_POWER 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_SET_QUOTA 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_PNP 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port1Path0Target0Lun0 IRP_MJ_PNP_POWER 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE_NAMED_PIPE 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CLOSEIRP_MJ_READ 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_WRITE 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_INFORMATION 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_INFORMATION 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_EA 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_EA 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_FLUSH_BUFFERS 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_VOLUME_INFORMATION 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DIRECTORY_CONTROL 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_FILE_SYSTEM_CONTROL 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DEVICE_CONTROL 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SHUTDOWN 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_LOCK_CONTROL 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CLEANUP 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE_MAILSLOT 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_SECURITY 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_SECURITY 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_POWER 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SYSTEM_CONTROL 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DEVICE_CHANGE 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_QUOTA 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_QUOTA 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_PNP 86BF13C8
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_PNP_POWER 86BF13C8

---- Modules - GMER 1.0.10 ----

Module _________ F7384000

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{D5A749AC-A504-4219-AC34-9F71BF750816}

---- EOF - GMER 1.0.10 ----


il secondo, con autostart:
GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-09-10 20:15:05
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName = igfxdev.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = ,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AdobeActiveFileMonitor4.0 /*Adobe Active File Monitor V4*/@ = C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
EvtEng /*EvtEng*/@ = C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
NOD32krn /*NOD32 Kernel Service*/@ = C:\Programmi\Eset\nod32krn.exe
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
RegSrvc /*RegSrvc*/@ = C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
S24EventMonitor /*Spectrum24 Event Monitor*/@ = C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
VCI /*VAIO Cooporated Initialisation*/@ = C:\Programmi\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
WSCM /*Windows Service Manager*/@ = %SystemRoot%\System32\service.exe /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ApointC:\Programmi\Apoint\Apoint.exe = C:\Programmi\Apoint\Apoint.exe
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@RTHDCPLRTHDCPL.EXE = RTHDCPL.EXE
@AlcmtrALCMTR.EXE = ALCMTR.EXE
@AzMixerSelC:\Programmi\Realtek\InstallShield\AzMixerSel.exe = C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
@Mouse Suite 98 DaemonICO.EXE = ICO.EXE
@IgfxTrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@HotKeysCmdsC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@PersistenceC:\WINDOWS\system32\igfxpers.exe = C:\WINDOWS\system32\igfxpers.exe
@ISBMgr.exeC:\Programmi\Sony\ISB Utility\ISBMgr.exe = C:\Programmi\Sony\ISB Utility\ISBMgr.exe
@PDService.exeC:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe = C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe
@Acrobat Assistant 7.0"C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" = "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
@ /*file not found*/ = /*file not found*/
@SsAAD.exeC:\PROGRA~1\Sony\SONICS~1\SsAAD.exe = C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe"
@WinPatrolC:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe = C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
@nod32kuiC:\Programmi\Eset\nod32kui.exe /WAITSERVICE = C:\Programmi\Eset\nod32kui.exe /WAITSERVICE

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{ED58A35B-B554-42AF-A26C-6F3D424200D3} /*Sony Power Management Extensiond*/C:\Programmi\Sony\VAIO Power Management\SPMPanel.dll /*file not found*/ = C:\Programmi\Sony\VAIO Power Management\SPMPanel.dll /*file not found*/
@{F6A51CCC-6AA6-46ad-B726-97466F0A38BF} /*SafeGuard® PrivateDisk extension*/C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdshell.dll = C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdshell.dll
@{C6643EC0-49AC-4c15-A455-04104DB900A9} /*Image Converter context menu extension*/C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll = C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{4EB37360-49E8-11D3-95B5-004033382980} /*ALZip 4.0 Context Menu Shell Extension*/C:\Programmi\ESTsoft\ALZip\AZCTM.dll = C:\Programmi\ESTsoft\ALZip\AZCTM.dll
@{B089FE88-FB52-11d3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Programmi\Eset\nodshex.dll = C:\Programmi\Eset\nodshex.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
ALZip@{4EB37360-49E8-11D3-95B5-004033382980} = C:\Programmi\ESTsoft\ALZip\AZCTM.dll
ImageConverter2@{C6643EC0-49AC-4c15-A455-04104DB900A9} = C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
SGPDMenu@{F6A51CCC-6AA6-46ad-B726-97466F0A38BF} = C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdshell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ALZip@{4EB37360-49E8-11D3-95B5-004033382980} = C:\Programmi\ESTsoft\ALZip\AZCTM.dll
ImageConverter2@{C6643EC0-49AC-4c15-A455-04104DB900A9} = C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
ALZip@{4EB37360-49E8-11D3-95B5-004033382980} = C:\Programmi\ESTsoft\ALZip\AZCTM.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
SGPDMenu@{F6A51CCC-6AA6-46ad-B726-97466F0A38BF} = C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_08\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_08\bin\ssv.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.club-vaio.com/en/ = http://www.club-vaio.com/en/
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = imon.dll
000000000002@PackedCatalogItem = imon.dll
000000000003@PackedCatalogItem = imon.dll
000000000004@PackedCatalogItem = imon.dll
000000000005@PackedCatalogItem = imon.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021@PackedCatalogItem = imon.dll

C:\Documents and Settings\Marialucia\Menu Avvio\Programmi\Esecuzione automatica = Stardock ObjectDock.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk

---- EOF - GMER 1.0.10 ----

grazie + di mille!

aprile

[marcosesto]

purtroppo non trovo più il com9.geq

[Luke57]

@ marcosesto
Ciao, allora eliminare la cartella non dovrebbe essere difficile.

@ aprile
Ciao, ne log non c'è alcun riferimento al linkoptimizer e anche quel file (lp7.exe) non 'è. Hai utilizzato procedure di rimozione?

[marcosesto]

Non lo trovo quel com9.geq, comunque il virus non dovrebbe esserci più, anche l'antivirus non me lo rileva, scusa l'ignoranza, nella cartella avenger c'è un file lpt5 e un altro passpartu cosa sono? I virus?

[Luke57]

Ciao, sì, sono i files infetti.

[aprile]

ho notato che il file lpt7.exe veniva lanciato da AUTOEXEC.NT da C:\WINDOWS\System32 allora:
prima ho remmato la riga (ma il file veniva cmq rilevato dall'antivirus)
poi ho cancellato la riga (ma il file veniva cmq rilevato dall'antivirus)

stessa storia in CONFIG.NT ed anche lì stesso risultato.

è vero che non è nel log che ho postato, ma qualunque scan faccia, lui compare sempre. Mi han consigliato di lasciarlo lì dove è (è 0 kb), ma trovo davvero seccante ritrovarlo ad ogni scansione

grazie
aprile

[marcosesto]

ho cancellato tutto, mi rimane una cartella su C: avenger con dentro lpt5 come l'elimino?

[aprile]

..posto anche il log di hijackthis, dove il "coso maledetto" compare.
ciao
aprile

Logfile of HijackThis v1.99.1
Scan saved at 22.52.19, on 11/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\ESTsoft\ALZip\ALZip.exe
C:\Programmi\ESTsoft\ALZip\ALZip.exe
C:\Documents and Settings\Marialucia\Impostazioni locali\Temp\_AZTMP1_\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/en/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vcl.vaio.sony.co.jp/eu/PforVAIO.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [prpj1.exe] C:\WINDOWS\TEMP\prpj1.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Trasferimento tramite Image Converter 2 Plus - C:\Programmi\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O20 - AppInit_DLLs: ,
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programmi\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SecWnd - Unknown owner - \\?\C:\Programmi\File comuni\Services\lpt7.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programmi\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: Windows Service Manager (WSCM) - Unknown owner - C:\WINDOWS\System32\service.exe (file missing)