Olimpo Informatico

[House]

Ciao a tutti; sono incorso in questo Malware, sul forum ho letto molti post a riguardo.

Io per rimuovere il bruto ho seguito le istruzioni contenute qui;

http://www.viritpro.info/articoli/rootkit_d-e.htm

Ora a dir la verità il computer sembra funzionare molto meglio (prima era diventato lentissimo e il tasto dx pure) per ad ogni lancio di VirIt mi trova questo maledetto

C:\WINDOWS\system32\lpt5.ydo Infetto da Trojan.Win32.RootKit.E
IMPOSSIBILE DA RIMUOVERE!

Detto questo in avvio non ho più alcun Appl__.dll e simili (da quando l'ho camcellato), e cmq non mi ha mai creato alcun nuovo utente o amministratore come segnalato da altri.

Domanda: quel file lpt5.ydo (sempre uguale in ogni riavvio) è attivo o no?!? Devo rimuoverlo lo stesso??

grazie e ciao!

ps. qui sotto posto le istruzioni che ho seguito per la rimozione.

Come eliminare il Trojan.Win32.Rootkit.D e Trojan.Win32.Rootkit.E

Analizziamo i 2 casi in base al sistema operativo:


[Windows NT/2000/XP/2003]

La procedura di rimozione del rootkit è costituita da più fasi ed è complessa da eseguire manualmente.
Gli utenti della versione PROFESSIONAL possono telefonare alla TG Soft Tel. 049631748 per l'assistenza tecnica.

Prima di procedere è necessario installare VirIT eXplorer e aggiornarlo all'ultima versione (menu TOOLS->Aggiornamenti OnLine) con i diritti di Administrator. E' importante aggiornarlo, perché in questa fase viene attivato un servizio di VirIT necessario alla rimozione del rootkit.

Dopo averlo aggiornato riavviare il computer, al successivo boot sarà attivo VirIT Secuirty Monitor (nella versione Professional) o VirIT Lite Monitor (nella versione Lite) vicino all'orologio di Windows.

Aspettare almeno 2 minuti prima di procedere alla fase 1, in questo periodo il sistema di Intrusion Detection di VirIT assegnerà le autorizzazioni necessarie all'utente corrente per accedere al servizio incriminato della fase 1.

FASE 1:

In questa fase dobbiamo disabilitare un servizio creato dal malware. Il nome del servizio è casuale, cioè cambia da infezione a infezione.

Gli utenti della PROFESSIONAL possono contattare l'assistenza tecnica, la quale indicherà il nome del servizio da disabilitare.


Dal pannello di controllo, clickare su STRUMENTI DI AMMINISTRAZIONE e dopo su SERVIZI.
Ora compare la lista dei servizi, nella colonna "Connessione" troverete le voci "Sistema Locale", "Servizio di rete" e una voce insolita:

".\nome casuale".



Il "nome casule" indica il nome di un utente creato dal malware nel vostro computer.

Selezionare il servizio incriminato relativo alla connessione ".\nome casuale", clickare il tasto destro del mouse, facendo comparire il menu a tendina e selezionare PROPRIETA'.

Dalle proprietà del servizio, dovete segnarVi la cartella ed il file del servizio che trovate sotto a "PERCORSO FILE ESEGUIBILE" (questo vi servirà per cancellare i file successivamente).

Successivamente impostare il TIPO DI AVVIO: DISABILITATO (importantissimo!)
A questo punto riavviare il computer e passare alla fase 2.

Se Windows non vi permette di disabilitare il servizio incriminato, allora dovete riavviare il computer in modalità provvisoria, ed eseguire la procedura:
1) Eseguire il programma REGEDIT e selezionare il percorso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NOME_DEL_SERVIZIO_INCRIMINATO
2) Modificare il valore di START da 2 a 4 relativo al servizio incriminato
3) Riavviare il computer



FASE 2:

Prima di procedere è consigliabile chiudere tutti i programmi e aggiornare VirIT all'ultima versione (menu TOOLS->Aggiornamenti OnLine).

Per i computer notebook, bisogna operare senza la batteria e collegarlo solo all'alimentazione della rete elettrica.

La fase 2 va eseguita dalla modalità normale, seguendo alla lettera tutti i passi della procedura.

1) Eseguire il programma REGEDIT e selezionare il percorso HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2) Ridurre ad icona il REGEDIT
3) Eseguire il file C:\VIRITEXP\GOVIRITEXPSVC.BAT (IMPORTANTISSIMO!!!) (per gli utenti della Lite c:\vexplite\GOVIRITEXPSVC.BAT)
4) Da VirIT eXplorer clickare sul menu TOOLS->Process Manager
5) Scrivere nel box relativo a "Terminare i thread in base all'indirizzo" il valore 2a93671a oppure il valore 3ee85b73 a seconda della variante,
e dopo clickare varie volte sul pulsante "Kill Thread"

Rootkit

valore

Trojan.Win32.Rootkit.D

2a93671a

Trojan.Win32.Rootkit.E

3ee85b73

N.B: Si consiglia di ripetere l'operazione di Kill Thread per entrambi i valori indicati

6) Uscire da VirIT eXplorer Pro
7) Adesso clickare sul programma Regedit ridotto ad icona, selezionare con tasto destro il nome AppInit_DLLs clickare su MODIFICA, compare la finestra Modifica stringa, scrivere nel campo Dati valore: prova.dll e confermare
8) Premere varie volte il pulsante F5, per verificare se su AppInit_DLLs rimane scritto nella colonna DATI il valore Prova.dll, altrimenti ripetere la fase 2.
9) Adesso lasciando aperti tutti i programmi premere il pulsante RESET del computer (quello del case) per riavviarlo brutalmente (importante). Se il computer è sprovvisto di pulsante di RESET, allora togliere l'alimentazione elettrica. Per i computer notebook, bisogna operare senza la batteria e collegarlo solo all'alimentazione della rete elettrica. Non servono a niente riavviare il computer o chiudere la sessione, perché il rootkit viene eseguito di nuovo, l'unico modo è quello di "resettare" il computer.

Al successivo riavvio verificare se AppInit_DLLs è uguale a "Prova.dll"


FASE 3:
Se AppInit_DLLs è diverso da "Prova.dll" si deve ripetere la FASE 2.

Adesso eseguire VirIT eXplorer Pro/Lite e procedere alla scansione anti-virus per rimuovere il rootkit.

VirIT, molto probabilmente troverà dei file infetti che verranno rimossi.
Nel caso VirIT eXplorer Pro trovi dei file SOSPETTI segnalati come POSSIBILI VIRUS DI NUOVA GENERAZIONE, contattare TG Soft per l'assistenza (solo per i clienti della versione Professional in assistenza)..

Per i clienti della versione Professional, si consilgia di inviare il file di esecuzione automatica, da VirIT Security Monitor clickare sull'uomo spia e dopo su INVIA MAIL.

Nella FASE 1, vi è stato detto di segnarVi il percorso del file del servizio incriminato, per eliminare questo file, si deve verificare se è un file CRITTOGRAFATO.
Windows XP segnala i file CRITTOGRAFATI di colore VERDE !!! se il file incriminato è verde, allora si deve cambiare le autorizzazioni del file.
Selezionare il file con il tasto destro e clickare su PROPRIETA', qui' selezionare su PROTEZIONE.
Adesso clickare su AVANZATE e dopo su PROPRIETARIO, quì selezionare account di ADMINISTRATORS
e fare OK (o applica) e dopo ancora OK fino ad uscire dalle PROPRIETA'.
Adesso rientrare su PROPRIETA', PROTEZIONE e dopo su AVANZATE, clickare su AGGIUNGI da AUTORIZZAZIONI
e aggiungere l'account di ADMINISTRATOR, dopo selezionare da CONSENTI "CONTROLLO COMPLETO"
e fare OK per uscire.
Adesso clickare su PROPRIETA' del file e togliere i flags di "SOLO LETTURA" e NASCOSTO.
Ora potete cancellare il file.

[holifay]

Ciao e benvenuto

Se Virit ti trova il file è buon segno, vuol dire che probabilmente è inattivo. Prova comunque se vuoi a fare qualche controllo e postami i risultati

1. Log di HijackThis. Fai riferimento a questa parte della guida: http://www.zeusnews.it/index.php3?ar=stampa&cod=4701
2. Rootkit di Gmer: scarica GMER.EXE. Avvialo, vai sul Tab Rootkit , clicca su Scan . Il risultato della scansione si può salvare premendo Copy e incollare dove vuoi.
3. Autostart di GMER: allo stesso modo del punto 1 fai anche la scansione dal tab Autostart di GMER
4. il nome di tutte le cartelle con la loro data di creazione presenti in C:/Documents and settings

[House]

Ciao Holifay e mille grazie della risposta:

allora questo è il log di HjackThis:

Logfile of HijackThis v1.99.1
Scan saved at 18.32.35, on 26/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Norton AntiVirus2006\navapsvc.exe
C:\Programmi\Norton AntiVirus2006\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\sstray.exe
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\Hercules\Audio\Gamesurround Muse Pocket USB\SNXUACP.exe
C:\Programmi\LightSurf\Common\IconMgr.exe
C:\Programmi\LightSurf\Colorific\hgcctl95.exe
C:\Programmi\SpywareGuard\sgmain.exe
C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Programmi\SpywareGuard\sgbhp.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\Opera854\Opera.exe
C:\unzipped\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus2006\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmi\DAP\DAPIEBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus2006\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [StatusClient] C:\Programmi\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Programmi\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programmi\File comuni\Symantec Shared\SymProbe.exe -r "C:\Programmi\Norton AntiVirus2006\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Programmi\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: SpywareGuard.lnk = C:\Programmi\SpywareGuard\sgmain.exe
O4 - Global Startup: Gamesurround Muse Pocket CPL.lnk = C:\Programmi\Hercules\Audio\Gamesurround Muse Pocket USB\SNXUACP.exe
O4 - Global Startup: Lightsurf.lnk = C:\Programmi\LightSurf\Common\IconMgr.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD40A9C5-AD7B-445C-B285-66D885325A6B}: NameServer = 213.205.32.70 213.205.36.70
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus2006\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus2006\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus2006\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[House]

le cartelle in Document sono:

All Users 11/07/2006 18.34
Default User 10/07/2006 17.24
Oleg Primakov 23/07/2006 3.16
oooooo 19/07/2006 4.35 (ps questo utente l'ho creato io con sto nome!)

[House]

Messaggio di test, da cancellare

[House]

Questo l'Autostart

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-07-26 19:08:14
Windows 5.1.2600 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\System32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier@DLLName = WRLogonNTF.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ccEvtMgr /*Symantec Event Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
ccSetMgr /*Symantec Settings Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
navapsvc /*Norton AntiVirus Auto-Protect Service*/@ = "C:\Programmi\Norton AntiVirus2006\navapsvc.exe"
NPFMntor /*Norton AntiVirus Firewall Monitor Service*/@ = "C:\Programmi\Norton AntiVirus2006\IWP\NPFMntor.exe"
NVSvc /*NVIDIA Driver Helper Service*/@ = %SystemRoot%\System32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SNDSrvc /*Symantec Network Drivers Service*/@ = "C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe"
SPBBCSvc /*SPBBCSvc*/@ = "C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
svcWRSSSDK /*Webroot Spy Sweeper Engine*/@ = C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
Symantec Core LC /*Symantec Core LC*/@ = "C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe"
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe
Utilità di pianificazione di LiveUpdate automatico /*Utilità di pianificazione di LiveUpdate automatico*/@ = "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@nForce Tray Optionssstray.exe /r = sstray.exe /r
@CnxDslTaskBar"C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe" = "C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe"
@pdfFactory Pro Dispatcher v2C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
@FinePrint Dispatcher v5C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
@Samsung LBP SM"C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun = "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@snpstdC:\WINDOWS\vsnpstd.exe = C:\WINDOWS\vsnpstd.exe
@ /*file not found*/ = /*file not found*/
@StatusClientC:\Programmi\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto /*file not found*/ = C:\Programmi\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto /*file not found*/
@TomcatStartupC:\Programmi\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe = C:\Programmi\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
@Zone Labs ClientC:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe = C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE
@ccApp"C:\Programmi\File comuni\Symantec Shared\ccApp.exe" = "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
@SSC_UserPrompt"C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe" = "C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe"
@NAV CfgWizC:\Programmi\File comuni\Symantec Shared\SymProbe.exe -r "C:\Programmi\Norton AntiVirus2006\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" /*file not found*/ = C:\Programmi\File comuni\Symantec Shared\SymProbe.exe -r "C:\Programmi\Norton AntiVirus2006\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" /*file not found*/
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@UnlockerAssistant"C:\Programmi\Unlocker\UnlockerAssistant.exe" = "C:\Programmi\Unlocker\UnlockerAssistant.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\System32\ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
@ares"C:\Programmi\Ares\Ares.exe" -h = "C:\Programmi\Ares\Ares.exe" -h
@SpySweeper"C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0 = "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{81559C35-8464-49F7-BB0E-07A383BEF910}C:\Programmi\SpywareGuard\spywareguard.dll = C:\Programmi\SpywareGuard\spywareguard.dll
@{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}C:\PROGRA~1\Qualcomm\Eudora\EuShlExt.dll = C:\PROGRA~1\Qualcomm\Eudora\EuShlExt.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{81559C35-8464-49F7-BB0E-07A383BEF910} /*SpywareGuard*/C:\Programmi\SpywareGuard\spywareguard.dll = C:\Programmi\SpywareGuard\spywareguard.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{6EE51AA0-77A0-11D7-B4E1-000347126E46} /*Window Washer Shell Shredding Utility*/C:\PROGRA~1\FILECO~1\WEBROO~1\SHELLW~1.DLL = C:\PROGRA~1\FILECO~1\WEBROO~1\SHELLW~1.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{B8323370-FF27-11D2-97B6-204C4F4F5020} /*SmartFTP Shell Extension DLL*/C:\Programmi\SmartFTP\smarthook.dll = C:\Programmi\SmartFTP\smarthook.dll
@{F802F260-519B-11D1-BB5D-0060974C6013} /*ICQ Shell Extension*/C:\Programmi\ICQ\ICQShExt.dll = C:\Programmi\ICQ\ICQShExt.dll
@{330417E8-EF62-4047-82BE-D8305CEFF572} /*AMEncShlExt extension*/C:\PROGRA~1\4MUSIC~1\amshellext.dll = C:\PROGRA~1\4MUSIC~1\amshellext.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
@{2AE413C0-6960-47F8-A32D-5931E70F9A40} /**/(null) =
@{B28C18DB-6816-4F31-9630-397683E3C2C3} /*Filzip Shell Extension*/(null) =
@{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} /*Eudora's Shell Extension*/C:\PROGRA~1\Qualcomm\Eudora\EuShlExt.dll = C:\PROGRA~1\Qualcomm\Eudora\EuShlExt.dll
@{792F0537-F929-4eb7-AC1D-FB6334C71550} /*LG Phone*/C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll = C:\PROGRA~1\LGPCSU~1\LGPHON~1\Phone.dll
@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} /*Webroot Spy Sweeper Context Menu Integration*/C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
@{52B87208-9CCF-42C9-B88E-069281105805} /*Trojan Remover Shell Extension*/C:\PROGRA~1\TROJAN~1\Trshlex.dll = C:\PROGRA~1\TROJAN~1\Trshlex.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Programmi\Unlocker\UnlockerCOM.dll = C:\Programmi\Unlocker\UnlockerCOM.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programmi\Norton AntiVirus2006\NavShExt.dll
Trojan Remover@{52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll
Washer@{6EE51AA0-77A0-11D7-B4E1-000347126E46} = C:\PROGRA~1\FILECO~1\WEBROO~1\SHELLW~1.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
Washer@{6EE51AA0-77A0-11D7-B4E1-000347126E46} = C:\PROGRA~1\FILECO~1\WEBROO~1\SHELLW~1.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
SpySweeper@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programmi\Norton AntiVirus2006\NavShExt.dll
Trojan Remover@{52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programmi\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}C:\Programmi\Norton AntiVirus2006\NavShExt.dll = C:\Programmi\Norton AntiVirus2006\NavShExt.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll
@{AE7CD045-E861-484f-8273-0445EE161910}C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll = C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.padan.org/padan = http://www.msn.it
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.msn.it = http://www.msn.it
@Local Page\blank.htm = \blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19B141E5-C3EA-4E4C-B5E2-DF456FA623F2} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.0.55 = 192.168.0.55
@NameServer =
@DefaultGateway =
@Domain =

C:\Documents and Settings\Oleg Primakov\Menu Avvio\Programmi\Esecuzione automatica = SpywareGuard.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Gamesurround Muse Pocket CPL.lnk = Gamesurround Muse Pocket CPL.lnk
Lightsurf.lnk = Lightsurf.lnk

---- EOF - GMER 1.0.10 ----

[House]

Per il punto 2 ho un problema:

se faccio lo scan normale mi salta il programma
se lo faccio con la spunta su "Show all" lo termina ma il log è lunghissimo!

alla fine mi dice che c'è qualche problema con i rootkit: ti incollo l'ultima parte con le scritte in rosso, se vuoi anche il resto fammi sapere


---- Services - GMER 1.0.10 ----

Service [DISABLED] Abiosdsk <-- ROOTKIT !!!
Service [DISABLED] abp480n5 <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [BOOT] ACPI
Service [DISABLED] ACPIEC <-- ROOTKIT !!!
Service C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe [MANUAL] Adobe LM Service
Service [DISABLED] adpu160m <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD
Service [DISABLED] Aha154x <-- ROOTKIT !!!
Service [DISABLED] aic78u2 <-- ROOTKIT !!!
Service [DISABLED] aic78xx <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Alerter
Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG
Service [DISABLED] AliIde <-- ROOTKIT !!!
Service [DISABLED] amsint <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt
Service C:\WINDOWS\System32\DRIVERS\arp1394.sys [MANUAL] Arp1394
Service [DISABLED] asc <-- ROOTKIT !!!
Service [DISABLED] asc3350p <-- ROOTKIT !!!
Service [DISABLED] asc3550 <-- ROOTKIT !!!
Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state
Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service C:\WINDOWS\System32\DRIVERS\atapi.sys [BOOT] atapi
Service [DISABLED] Atdisk <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv
Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub
Service C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [MANUAL] basic2
Service [SYSTEM] Beep <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS
Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser
Service [DISABLED] cbidf2k <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE
Service C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe [AUTO] ccEvtMgr
Service C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe [AUTO] ccSetMgr
Service [DISABLED] cd20xrnt <-- ROOTKIT !!!
Service [SYSTEM] Cdaudio <-- ROOTKIT !!!
Service [DISABLED] Cdfs <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [SYSTEM] Cdrom
Service [SYSTEM] Changer <-- ROOTKIT !!!
Service C:\WINDOWS\System32\cisvc.exe [MANUAL] cisvc
Service C:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv
Service [DISABLED] CmdIde <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\CnxEtP.sys [MANUAL] CnxEtP
Service C:\WINDOWS\System32\DRIVERS\CnxEtU.sys [MANUAL] CnxEtU
Service C:\WINDOWS\System32\DRIVERS\CnxTgN.sys [MANUAL] CnxTgN
Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp
Service [DISABLED] Cpqarray <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc
Service C:\WINDOWS\System32\DRIVERS\ctljystk.sys [MANUAL] ctljystk
Service [DISABLED] dac2w2k <-- ROOTKIT !!!
Service [DISABLED] dac960nt <-- ROOTKIT !!!
Service C:\WINDOWS\System32\Drivers\DgiVecp.sys [AUTO] DgiVecp
Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp
Service C:\WINDOWS\System32\DRIVERS\disk.sys [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys [BOOT] dmload
Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic
Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache
Service C:\WINDOWS\System32\DRIVERS\Dot4.sys [MANUAL] Dot4
Service C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [MANUAL] Dot4Print
Service C:\WINDOWS\System32\DRIVERS\dot4usb.sys [MANUAL] dot4usb
Service [DISABLED] dpti2o <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys [SYSTEM] eeCtrl
Service C:\WINDOWS\system32\drivers\emu10k1m.sys [MANUAL] emu10k
Service C:\WINDOWS\system32\drivers\ctlfacem.sys [MANUAL] emu10k1
Service C:\WINDOWS\System32\svchost.exe [DISABLED] ERSvc
Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog
Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem
Service C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [AUTO] Fallback
Service [DISABLED] Fastfat <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc
Service [SYSTEM] Fips <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk
Service C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [AUTO] Fsks
Service [SYSTEM] Fs_Rec <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [BOOT] Ftdisk
Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum
Service C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [MANUAL] GEARAspiWDM
Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] Gmer
Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc
Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc
Service C:\WINDOWS\System32\svchost.exe [AUTO] HidServ
Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb
Service [DISABLED] hpn <-- ROOTKIT !!!
Service [DISABLED] hpt3xx <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [MANUAL] hsf_msft
Service [SYSTEM] i2omgmt <-- ROOTKIT !!!
Service [DISABLED] i2omp <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt
Service [SYSTEM] Imapi <-- ROOTKIT !!!
Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService
Service [DISABLED] ini910u <-- ROOTKIT !!!
Service [DISABLED] IntelIde <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat
Service C:\Programmi\iPod\bin\iPodService.exe [MANUAL] iPodService
Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [SYSTEM] IPSec
Service C:\WINDOWS\System32\DRIVERS\irda.sys [AUTO] irda
Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM
Service C:\WINDOWS\System32\svchost.exe [AUTO] Irmon
Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [BOOT] isapnp
Service C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [AUTO] K56
Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer
Service [BOOT] KSecDD <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver
Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc <-- ROOTKIT !!!
Service C:\Programmi\Symantec\LiveUpdate\LuComServer_3_0.EXE [MANUAL] LiveUpdate
Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Messenger
Service [SYSTEM] mnmdd <-- ROOTKIT !!!
Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc
Service [MANUAL] Modem <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [SYSTEM] Mouclass
Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid
Service [BOOT] MountMgr <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\MPUSens.sys [MANUAL] MPUSens
Service [DISABLED] mraid35x <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV
Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb
Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC
Service [SYSTEM] Msfs <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [MANUAL] MSIRCOMM
Service C:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE
Service [BOOT] Mup <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC
Service C:\Programmi\Norton AntiVirus2006\navapsvc.exe [AUTO] navapsvc
Service C:\Programmi\File comuni\Symantec Shared\VirusDefs\20060725.020\NAVENG.SYS [MANUAL] NAVENG
Service C:\Programmi\File comuni\Symantec Shared\VirusDefs\20060725.020\NAVEX15.SYS [MANUAL] NAVEX15
Service [BOOT] NDIS <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\NdisIP.sys [MANUAL] NdisIP
Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service [MANUAL] NDProxy <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service C:\WINDOWS\System32\DRIVERS\netbt.sys [SYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE
Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm
Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman
Service C:\WINDOWS\System32\DRIVERS\nic1394.sys [MANUAL] NIC1394
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla
Service C:\Programmi\Norton AntiVirus2006\IWP\NPFMntor.exe [AUTO] NPFMntor
Service [SYSTEM] Npfs <-- ROOTKIT !!!
Service C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE [MANUAL] NSCService
Service [DISABLED] Ntfs <-- ROOTKIT !!!
Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc
Service [SYSTEM] Null <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv
Service C:\WINDOWS\system32\drivers\nvax.sys [MANUAL] nvax
Service C:\WINDOWS\System32\DRIVERS\NVENET.sys [MANUAL] NVENET
Service C:\WINDOWS\system32\drivers\nvapu.sys [MANUAL] nvnforce
Service C:\WINDOWS\System32\nvsvc32.exe [AUTO] NVSvc
Service C:\WINDOWS\System32\DRIVERS\nv_agp.sys [BOOT] nv_agp
Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\WINDOWS\System32\DRIVERS\ohci1394.sys [BOOT] ohci1394
Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport
Service [BOOT] PartMgr <-- ROOTKIT !!!
Service [AUTO] ParVdm <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\pci.sys [BOOT] PCI
Service [SYSTEM] PCIDump <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\pciide.sys [BOOT] PCIIde
Service [DISABLED] Pcmcia <-- ROOTKIT !!!
Service [MANUAL] PDCOMP <-- ROOTKIT !!!
Service [MANUAL] PDFRAME <-- ROOTKIT !!!
Service [MANUAL] PDRELI <-- ROOTKIT !!!
Service [MANUAL] PDRFRAME <-- ROOTKIT !!!
Service [DISABLED] perc2 <-- ROOTKIT !!!
Service [DISABLED] perc2hib <-- ROOTKIT !!!
Service C:\Programmi\PeerGuardian2\pgfilter.sys [MANUAL] pgfilter
Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay
Service C:\WINDOWS\System32\HPZipm12.exe [MANUAL] Pml Driver HPZ12
Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent
Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport
Service [SYSTEM] PQNTDrv <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\processr.sys [SYSTEM] Processor
Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage
Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched
Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink
Service C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [BOOT] PxHelp20
Service [DISABLED] ql1080 <-- ROOTKIT !!!
Service [DISABLED] Ql10wnt <-- ROOTKIT !!!
Service [DISABLED] ql12160 <-- ROOTKIT !!!
Service [DISABLED] ql1240 <-- ROOTKIT !!!
Service [DISABLED] ql1280 <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [SYSTEM] RasAcd
Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto
Service C:\WINDOWS\System32\DRIVERS\rasirda.sys [MANUAL] Rasirda
Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp
Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan
Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe
Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti
Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD
Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr
Service [DISABLED] Rdpoap2frks <-- ROOTKIT !!!
Service [MANUAL] RDPWD <-- ROOTKIT !!!
Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr
Service C:\WINDOWS\System32\DRIVERS\redbook.sys [SYSTEM] redbook
Service C:\WINDOWS\System32\Drivers\regguard.sys [MANUAL] RegGuard
Service C:\WINDOWS\System32\svchost.exe [AUTO] RemoteAccess
Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry
Service C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [MANUAL] Rksample
Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs
Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP
Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs
Service C:\Programmi\Norton AntiVirus2006\SAVRT.SYS [MANUAL] SAVRT
Service C:\Programmi\Norton AntiVirus2006\SAVRTPEL.SYS [SYSTEM] SAVRTPEL
Service C:\Programmi\Norton AntiVirus2006\SAVScan.exe [MANUAL] SAVScan
Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv
Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr
Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule
Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv
Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon
Service [DISABLED] SecUjt <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS
Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum
Service C:\WINDOWS\System32\DRIVERS\serial.sys [SYSTEM] Serial
Service [SYSTEM] Sfloppy <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\sfmanm.sys [MANUAL] sfman
Service C:\WINDOWS\System32\svchost.exe [MANUAL] SharedAccess
Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection
Service [DISABLED] Simbad <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\SLIP.sys [MANUAL] SLIP
Service C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe [AUTO] SNDSrvc
Service C:\WINDOWS\System32\DRIVERS\snpstd.sys [MANUAL] snpstd
Service C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [AUTO] SoftFax
Service [DISABLED] Sparrow <-- ROOTKIT !!!
Service C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCDrv.sys [SYSTEM] SPBBCDrv
Service C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe [AUTO] SPBBCSvc
Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler
Service C:\WINDOWS\System32\DRIVERS\sr.sys [BOOT] sr
Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice
Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv
Service C:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV
Service C:\WINDOWS\system32\Drivers\SSI.SYS [BOOT] SSI <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\irstusb.sys [MANUAL] STIrUsb
Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc
Service C:\WINDOWS\System32\DRIVERS\StreamIP.sys [MANUAL] streamip
Service C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe [AUTO] svcWRSSSDK
Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi
Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv
Service C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe [AUTO] Symantec Core LC
Service [DISABLED] symc810 <-- ROOTKIT !!!
Service [DISABLED] symc8xx <-- ROOTKIT !!!
Service C:\WINDOWS\System32\Drivers\SYMDNS.SYS [MANUAL] SYMDNS
Service C:\Programmi\Symantec\SYMEVENT.SYS [MANUAL] SymEvent <-- ROOTKIT !!!
Service C:\WINDOWS\System32\Drivers\SYMFW.SYS [MANUAL] SYMFW
Service C:\WINDOWS\System32\Drivers\SYMIDS.SYS [MANUAL] SYMIDS
Service C:\Programmi\File comuni\Symantec Shared\SymcData\ids-diskless\20060710.095\SymIDSCo.sys [MANUAL] SYMIDSCO
Service C:\WINDOWS\System32\drivers\symlcbrd.sys [AUTO] symlcbrd
Service C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [MANUAL] SYMNDIS
Service C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [MANUAL] SYMREDRV
Service C:\WINDOWS\System32\Drivers\SYMTDI.SYS [SYSTEM] SYMTDI
Service [DISABLED] sym_hi <-- ROOTKIT !!!
Service [DISABLED] sym_u3 <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv
Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [SYSTEM] Tcpip
Service [MANUAL] TDPIPE <-- ROOTKIT !!!
Service [MANUAL] TDTCP <-- ROOTKIT !!!
Service C:\WINDOWS\System32\DRIVERS\termdd.sys [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes
Service C:\WINDOWS\System32\tlntsvr.exe [MANUAL] TlntSvr
Service C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [AUTO] Tones
Service [DISABLED] TosIde <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks
Service C:\WINDOWS\System32\DRIVERS\uafilter.sys [MANUAL] UAFilter
Service [DISABLED] Udfs <-- ROOTKIT !!!
Service [DISABLED] ultra <-- ROOTKIT !!!
Service C:\WINDOWS\System32\wdfmgr.exe [AUTO] UMWdf
Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update
Service C:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr
Service C:\WINDOWS\System32\svchost.exe [DISABLED] upnphost
Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS
Service C:\WINDOWS\system32\drivers\usbaudio.sys [MANUAL] usbaudio
Service C:\WINDOWS\System32\DRIVERS\usbccgp.sys [MANUAL] usbccgp
Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub
Service C:\WINDOWS\System32\DRIVERS\usbohci.sys [MANUAL] usbohci
Service C:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint
Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] usbstor
Service C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [AUTO] Utilit? di pianificazione di LiveUpdate automatico
Service C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [AUTO] V124
Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave
Service [DISABLED] ViaIde <-- ROOTKIT !!!
Service C:\VEXPLITE\viritsvc.exe [AUTO] viritsvclite
Service [BOOT] VolSnap <-- ROOTKIT !!!
Service C:\WINDOWS\System32\vsdatant.sys [SYSTEM] vsdatant
Service C:\WINDOWS\system32\ZoneLabs\vsmon.exe [AUTO] vsmon
Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS
Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time
Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp
Service [MANUAL] WDICA <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud
Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient
Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt
Service [MANUAL] Winsock <-- ROOTKIT !!!
Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi
Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv
Service C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC
Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv
Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{43EFE589-416C-443F-A345-34EB64DBA92A}
File F:\System Volume Information\tracking.log
File F:\System Volume Information\_restore{43EFE589-416C-443F-A345-34EB64DBA92A}

---- EOF - GMER 1.0.10 ----

[holifay]

Ciao, queste voci andrebbero eliminate dal log di HijackThis:

[House]

Ok, grazie mille.
Ma allora quel file lpt5.ydo incancellabile lo lascio lì tranquillo tranquillo?

Ps. scusa per la curiosità, ma sei un professionista? cMq complimenti.

[holifay]

[Rhapsody]

Ciao un saluto a tutti sn nuovo del foro.Ho seguito la vs discussione si puo' dire che quasi lo stesso analogo problema anche a me compare la scritta dopo ogni avvio del del PC la scritta:\\?\C:|WINDOWS\LPT9.HQF..ho dato una sbirciatina cosi'(grazie a VIRIT) ai programmi in escuzione all'avvio del PC e mi trova:
AppInit_DLLs
\\?\C:\WINDOWS\lpt9.hqf
Stato: File TROVATO
Ho dato un occhiata nella cartella di WINDOWS è ho trovato tramite le date una cartella con il nome" VMSysPr9.prx" con data ultima modifica 19/02/2015
mi sa che il file sospetto è questo..la tentazione di eleminarlo c'è ma nn so se faccio qualche ca....Aspetto vs consigli un saluto