Olimpo Informatico

bahamut · Mortale devoto Registrato: 12/07/06 03:05 Messaggi: 14

ragazzi sto diventando pazzo....è dal 4 luglio che ormai vado avanti così...all'inizio era C:\Windows\Temp\rexa1.exe....è comparso alle 4&16 del 4 luglio appunto....ilmcafee me l'aveva bloccato subito...la prima volta il file .exe era bloccato..ma levarlo non mi è stato particolarmente difficile...cmq pensavo fossi riuscito a eliminare quella che mi sembrava la solita cretinata....sbagliavo...fatto un giretto su vari forum mi sono imbattuto in 2000 antimaleware antispybot anticacchivari e ho letto le varie procedure da seguire(faccio presente che i forum erano tutti dei primi di giugno...)ho levato la cartella LINKOPTIMIZER che era esattamente in C:\, ho seguito alla lettera tutto quanto..ma il problema si ripresentava...oddio non che la cosa mi dia fastidi particolari...al di là che la comparsa del LINKOPTIMIZER tra le applicazioni ogni volta che apro IE e quel simpatico popup che ti ridice esattamente ciò che gli hai chiesto di cercare...(a proposito...avete notato che lo fa solo con parole "nuove"??nel senso che se la parola chiave è già nella cronologia oppure è già stata digitata il popup non si apre...)
Cmq oggi pomeriggio (è da allora che combatto...sono quasi le 5 del mattino!!!!!!)mi sono imbattuto nel vostro di forum.....ragazzi che si fa?????...la cosa strana è che dopo 1 paio di volte che avevo levato il file rexa1.exe( non ricordo esattamente quando e dopo quanti riavvii) il file si è trasformato in ddixa1.exe(cambio di nome riportato dai vari forum) xò poi non è cambiato più....tra l'altro la cartella con molte lettere casuali (non solo 3lettere)nascosta tra gli users segnalata nell'ultimo post l'avevo già levata 1paio di giorni fa quando mi ero accorto casualmente che riportava la stessa data e più o meno la stessa ora della prima volta che il mcafee mi aveva segnalato sto cacchio di trojan....
Inoltre io non sono espertissimo...però devo ammettere che ho seguto per filo e per segno le varie dritte dei vari forum (sono più o meno tutte le stesse) talmente tante di quelle volte che tra 1pò mi prendo la laurea in "procedure inutili xchè tanto sto maledetto virus non se ne va..."
no scherzi a parti sono un pò esasperato...RAGAZZI SONO NELLE VOSTRE MANI....

P.S.: grazie x le varie dritte su programmi e programmini...gente poco esperta come me vi dovrebbe fare una statua...invio il log di Hijackthis...l'ultimo che ho fatto...tanto ogni volta che cancello una chiave mi basta far ripartire IE che si ricreano tutte....che amarezza

LOGFILE DI BAHAMUT

Logfile of HijackThis v1.99.1
Scan saved at 4.19.38, on 12/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAMMI\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\McAfee\McAfee VirusScan\VsStat.exe
C:\Programmi\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\McAfee\McAfee VirusScan\Avconsol.exe
C:\Programmi\McAfee\McAfee Firewall\CPD.EXE
C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\antiviruzzz\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {9A6CFFA7-246B-50CE-F0DA-6C449D852B57} - C:\WINDOWS\ddixa1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Programmi\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\PROGRAMMI\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Programmi\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Programmi\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\PROGRAMMI\VEXPLITE\viritsvc.exe

chemicalbit · Dio maturo Registrato: 01/04/05 18:59 Messaggi: 18597 Residenza: Milano

Non ho capito quale sia la tua situazione attuale:
Il problema continua a ripresentarsi?
Oppure hai già sistemato tutto e vuoi la conferma di essere "pulito"?

Non sono esperto "statuabile" (per restare alla tua definizione Jump

)
In attesa dei veri esperti ho provvato a dare una guardatina al tuo log.

O2 - BHO: Class - {9A6CFFA7-246B-50CE-F0DA-6C449D852B57} - C:\WINDOWS\ddixa1.dll (file missing)

Da quello che hai scritto prima, quel file l'haigià eliminato, vero?
Controlla ch attlemnte non ci sia.
Dopo di che fixa quella chiave del registro (puoi farlo con HijackThis, vedi le altre discussioni qui nel forum su quesoto malawere, oppure la giuda scritta da Holifay sul sito di Zues Nes

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

Benvenuto bahamut nei nostri forum Very Happy

Sì, come ha visto chemicalbit la chiave incriminata è l´indizio che hai questo maledetto adware. Pensa che qualche azienda AV ancora non lo considera un trojan a tutti gli effetti, ma solo un potentially unwanted application

La difficoltà a rimuoverlo è legata al fatto che alcune varianti usano tecniche di rootkit per nascondersi, quindi l´antivirus, hijackthis... servono poco

Dovremmo comunque riuscire a rimuoverlo senza grosse difficoltà con l´ausilio di alcuni tool particolari.

Leggiti bene la seconda parte della guida nella quale avevi postato, da dove inizia con SOLO SE IL PROBLEMA NON E´ RISOLTO.

Mi servono tutti i log che ho elencato, più tutte le altre informazioni sui file e cartelle del PC.

Fai tutti i log richiesti e i controlli delle cartelle e file sulPC e poi posta le informazioni qui.

Se hai problemi a farli, fai un fischio Wink

bahamut · Mortale devoto Registrato: 12/07/06 03:05 Messaggi: 14

cara holi...adesso sono alavoro e non posso darti tutte le cose che mi hai chiesto...in effetti stamattina ero un pò rincoglionito e mi sono scordato diversi passaggi...
cmq il problema ancora si pone...avrò levato quella chiave con hijack non so quante volte...ho pulito tutto...in teoria non dovrebbe esserci più niente...non so dove sia rintanato il trojan....
fixato,pulito con cleaner,con smitfrau(o come ddiavolo si scrive), virit,ewido,etc etc.....nel tardo pomeriggioo in serata sarò a casa a postare di nuovo....
grazie a tutti x l'interessamento!!!!!!!

bahamut · Mortale devoto Registrato: 12/07/06 03:05 Messaggi: 14

oltretutto stamattina stavo proprio male...ho postato 2volte lo stesso messaggio...ho dato una 1/2 occhiata a cosa devo fare SE IL PROBLEMA NON E' RISOLTO....ovviamente questa strada non l'avevo provata (la mia solita superficialità nel fare certe cose..... Sad

.....)
vedremo cosa accade....appena esco dal lavoro mi rimetto davanti al maledetto!!!!!

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

bahamut · Mortale devoto Registrato: 12/07/06 03:05 Messaggi: 14

ebbene si sono 1pò tossico...ho di nuovo postato nella guida...vabbè dai perdonatemi....ecco qui sotto il testo copiato.... Shocked

Ok?sono le 18&34?inizio a seguire le istruzioni chiare e specifiche?mi segno qua passo passo ciò che faccio?poi copio&incollo sul post?

Iniziamo?mi accendo una sigaretta va?.per prima cosa faccio un log con HIJACKTHIS prima di cominciare e lo metto qui a seguire:

Logfile of HijackThis v1.99.1
Scan saved at 18.43.23, on 12/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAMMI\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\McAfee\McAfee VirusScan\VsStat.exe
C:\Programmi\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\McAfee\McAfee VirusScan\Avconsol.exe
C:\Programmi\McAfee\McAfee Firewall\CPD.EXE
C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Microsoft Office\Office10\WINWORD.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\antiviruzzz\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {9A6CFFA7-246B-50CE-F0DA-6C449D852B57} - C:\WINDOWS\ddixa1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Programmi\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\PROGRAMMI\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\antiviruzzz\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Programmi\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Programmi\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\PROGRAMMI\VEXPLITE\viritsvc.exe

Ok...primo problema......la scansione con ADS spy è possibile solo su partizioni NTFS?la mia C:\ è ?ovviamente FAT?già mi sono bloccato?.

Non mi arrendo e faccio la scansione con silent runner?che appiccico qua sotto?..

Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"H/PC Connection Agent" = ""C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Hcontrol" = "C:\WINDOWS\ATK0100\Hcontrol.exe" [empty string]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"ASUS Live Update" = "C:\Programmi\ASUS\ASUS Live Update\ALU.exe" [empty string]
"Power_Gear" = "C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1" ["ASUSTeK Computer Inc."]
"SynTPLpr" = "C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"QuickTime Task" = ""C:\Programmi\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"DataLayer" = "C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."]
"PCSuiteTrayApplication" = "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray" ["Nokia"]
"VIRIT LITE MONITOR" = "C:\PROGRAMMI\VEXPLITE\MONLITE.EXE" ["TG Soft S.a.s."]
"UnlockerAssistant" = ""C:\antiviruzzz\Unlocker\UnlockerAssistant.exe"" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{9A6CFFA7-246B-50CE-F0DA-6C449D852B57}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Class"
\InProcServer32\(Default) = "C:\WINDOWS\ddixa1.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Estensione panoramica video del Pannello di controllo"
-> {HKLM...CLSID} = "Estensione panoramica video del Pannello di controllo"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Estensione di icona di HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

ora ho scaricato GMER e seguo la procedura...appena partito mi ha trovato 3 voci del maledetto ddixa...ora scanno e poi loggo anche questo?.intanto la sigaretta è finita e 1zanzara mi ha pizzicato?

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-07-12 19:01:40
Windows 5.1.2600 Service Pack 1

---- System - GMER 1.0.10 ----

SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Programmi\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.10 ----

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 822FF008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 822FF008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8235E008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8235E008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_CREATE 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_CREATE_NAMED_PIPE 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_CLOSEIRP_MJ_READ 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_WRITE 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_QUERY_INFORMATION 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_SET_INFORMATION 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_QUERY_EA 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_SET_EA 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_FLUSH_BUFFERS 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_SET_VOLUME_INFORMATION 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_DIRECTORY_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_DEVICE_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_SHUTDOWN 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_LOCK_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_CLEANUP 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_CREATE_MAILSLOT 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_QUERY_SECURITY 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_SET_SECURITY 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_POWER 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_SYSTEM_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_DEVICE_CHANGE 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_QUERY_QUOTA 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_SET_QUOTA 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_PNP 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_PNP_POWER 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSEIRP_MJ_READ 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 8235E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP_POWER 8235E008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 822FF008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 822FF008
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE_NAMED_PIPE 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CLOSEIRP_MJ_READ 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_WRITE 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_INFORMATION 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_INFORMATION 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_EA 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_EA 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_FLUSH_BUFFERS 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_VOLUME_INFORMATION 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DIRECTORY_CONTROL 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_FILE_SYSTEM_CONTROL 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DEVICE_CONTROL 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SHUTDOWN 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_LOCK_CONTROL 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CLEANUP 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE_MAILSLOT 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_SECURITY 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_SECURITY 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_POWER 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SYSTEM_CONTROL 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DEVICE_CHANGE 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_QUOTA 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_QUOTA 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_PNP 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_PNP_POWER 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_WRITE 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_SET_EA 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 820DA298
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 820DA298
---- Processes - GMER 1.0.10 ----

Library C:\WINDOWS\ddixa1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\IEXPLORE.EXE [480] 0x01CE0000 <-- ROOTKIT !!!
Library C:\WINDOWS\ddixa1.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1128] 0x01790000 <-- ROOTKIT !!!
Library C:\WINDOWS\ddixa1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\IEXPLORE.EXE [3088] 0x01CE0000 <-- ROOTKIT !!!

---- Modules - GMER 1.0.10 ----

Module _________ F8475000

---- Files - GMER 1.0.10 ----

File C:\WINDOWS\system32\lpt4.joh
File C:\WINDOWS\ddixa1.dll

---- EOF - GMER 1.0.10 ----

?cacchio sarà lunghissimo sto post?ora metto la copia dell?AUTOSTART con GMER?

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-07-12 19:05:51
Windows 5.1.2600 Service Pack 1

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = PDBoot.exe autocheck autochk *

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
Windows@AppInit_DLLs = \\?\C:\WINDOWS\System32\lpt4.joh

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AvSynMgr /*AVSync Manager*/@ = "C:\Programmi\McAfee\McAfee VirusScan\Avsynmgr.exe"
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Programmi\ewido anti-spyware 4.0\guard.exe
McAfee Firewall /*McAfee Firewall*/@ = "C:\Programmi\McAfee\McAfee Firewall\CPD.EXE" /SERVICE
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\System32\nvsvc32.exe
PDSched /*PDScheduler*/@ = C:\Programmi\Raxco\PerfectDisk\PDSched.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\PROGRAMMI\VEXPLITE\viritsvc.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@HcontrolC:\WINDOWS\ATK0100\Hcontrol.exe = C:\WINDOWS\ATK0100\Hcontrol.exe
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@ASUS Live UpdateC:\Programmi\ASUS\ASUS Live Update\ALU.exe = C:\Programmi\ASUS\ASUS Live Update\ALU.exe
@Power_GearC:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1 /*file not found*/ = C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1 /*file not found*/
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@NeroCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@DataLayerC:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe = C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
@PCSuiteTrayApplicationC:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray /*file not found*/ = C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray /*file not found*/
@VIRIT LITE MONITORC:\PROGRAMMI\VEXPLITE\MONLITE.EXE = C:\PROGRAMMI\VEXPLITE\MONLITE.EXE
@UnlockerAssistant"C:\antiviruzzz\Unlocker\UnlockerAssistant.exe" = "C:\antiviruzzz\Unlocker\UnlockerAssistant.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@H/PC Connection Agent = "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Estensione finestra proprietà di aggiornamento automatico*/C:\WINDOWS\System32\wuaueng.dll = C:\WINDOWS\System32\wuaueng.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{FBFE7864-D495-41f0-B7DC-4BB601CC295E} /*Contact View*/C:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll = C:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll
@{C0C4375A-5B72-4efe-929D-3B848C3A1E91} /*Message View*/C:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll = C:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\antiviruzzz\Unlocker\UnlockerCOM.dll = C:\antiviruzzz\Unlocker\UnlockerCOM.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{97F51F2B-E87A-4349-84B1-2D91CB2C0C1B} = C:\Programmi\McAfee\McAfee VirusScan\VSCShellExtension.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\antiviruzzz\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{97F51F2B-E87A-4349-84B1-2D91CB2C0C1B} = C:\Programmi\McAfee\McAfee VirusScan\VSCShellExtension.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{9A6CFFA7-246B-50CE-F0DA-6C449D852B57}C:\WINDOWS\ddixa1.dll = C:\WINDOWS\ddixa1.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\ssstars.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
mctp@CLSID = C:\Programmi\Microsoft ActiveSync\aatp.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{72DD4BDB-CF80-48DC-B5DA-5BD0471BF152} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.0.55 = 192.168.0.55
@NameServer =
@DefaultGateway192.168.0.50 = 192.168.0.50
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL
000000000002@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL
000000000003@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL
000000000004@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL
000000000005@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL
000000000006@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL
000000000007@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL
000000000008@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL
000000000009@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL
000000000010@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL
000000000011@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL
000000000012@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL
000000000013@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL
000000000014@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL
000000000015@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL
000000000016@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL
000000000017@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL
000000000018@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000037@PackedCatalogItem = C:\WINDOWS\System32\CSLSP.DLL

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Microsoft Office.lnk = Microsoft Office.lnk
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk

---- EOF - GMER 1.0.10 ----

mmm?ora vado a vedere la situazione CARTELLE?.(ho tutte le cartelle nascoste e di sistema ?visibili??.)

ok la ricerca non ha dato frutti?credo di avere eliminato alcuni di questi file in precedenti tentativi?per quanto riguarda la cartella C:\Programmi ho anche cercato in tutte le sottocartelle?ma nulla?.

Per quanto riguarda le cartelle degli users in Document and Settings ho trovato la cartella Administrator che porta come data di creazione il 12.7.2006(oggi) alle 0&54?.sta cartella Aministrator non ce l?ho mai avuto sullo start up iniziale?ho visto che è comparsa nello start up della modalità provvisoria dalla prima volta che ho fatto ripartire il pc in tale modalità?.la cartella NON E? nascosta?..

A questo punto dovrei aver finito?certo non so se quella storia degli ADS risulterà importante?ti posto tutto?e ti mando un grosso olè di incitamento?.

Sono le 19&26?le zanzare le ho uccise tutte?.

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

Ma guarda che la situazione era meno drammatica del previsto... si vede che tra una zanzara e l'altra ti eri dato anche da fare per uccidere qualche virus! Smile

Non hai NTFS? Fortunato....

Avvia hijackthis e poi chiudi tutte le finestre e applicazioni aperte. Premi Do a system scan only, metti un segno di spunta accanto a queste voci e poi clicca Fix checked

bahamut · Mortale devoto Registrato: 12/07/06 03:05 Messaggi: 14

fantastica Holifay...ieri sera 1pò per la notte insonne precedente...1pò per la giornata a lavolro...1pò per le zanzare prima di cena...sono crollato a letto in 1stato pietoso alle 21&15....che anziano....
stamattina sono uscito all'alba x andare a lavoro....appena torno a casa faccio tutta la procedura e ti posto quel log(ho capito bene devo postarti 1altro log vero?)...prima xò ti posterò i ringraziamenti...ti posto una birra?
ciao cara

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

bahamut · Mortale devoto Registrato: 12/07/06 03:05 Messaggi: 14

allora tesoro....prima di tutto grazie ancora x la tua disponibilità....nonostante la giornata traumatica credo di essere riuscito a fare tutto...ti posto il log di regsearch ottenuto....

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "ddixa1.dll" 13/07/2006 19.25.17

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8034A0BA-FEBA-5531-2FE2-E48527E24BFB}\InprocServer32]
@="C:\\WINDOWS\\ddixa1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B1F9130-6AAF-3884-28B8-5C708B42E642}\InprocServer32]
@="C:\\WINDOWS\\ddixa1.dll"

e poi quello nuovo di hijackthis...(senza il maledetto!!!!)

Logfile of HijackThis v1.99.1
Scan saved at 19.33.44, on 13/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAMMI\VEXPLITE\viritsvc.exe
C:\Programmi\McAfee\McAfee VirusScan\VsStat.exe
C:\Programmi\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Programmi\McAfee\McAfee Firewall\CPD.EXE
C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe
C:\Programmi\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\antiviruzzz\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Programmi\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\PROGRAMMI\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Programmi\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Programmi\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\PROGRAMMI\VEXPLITE\viritsvc.exe

ma tutti quei residui li tengo li dove sono x sempre???gli devo dare da mangiare?

bahamut · Mortale devoto Registrato: 12/07/06 03:05 Messaggi: 14

ore 20&34....CAMPIONI DEL MON.....no....IL PC E' SANO&SALVO....che sballo.....

sei stata davvero un tesoro....adesso poi so un sacco più cose di prima....quello che non uccide rafforza no??!

come te la posto la birra??
(ma poi tu dove diavolo le hai imparate tutte ste dritte?)...sei stata impagabile..... Grazie

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

Bene

guarda che non sono residui quelli, sono componenti del tuo PC Wink

Se vuoi puoi cancellare tutta la cartella c:\avenger

Per finire: copia/incolla quanto qui sotto in un file che chiamerai forum.reg. Salvalo sul desktop e avvialo (doppio click). Rispondi OK alla richiesta.

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

e ricordati che hai promesso che parlavi bene "in giro" dei nostri forum! Wink

bahamut · Mortale devoto Registrato: 12/07/06 03:05 Messaggi: 14

beh vabbe dai sei stata fantastica...ma ci lavori???...mi ti immagino 1pò crashoverride....che sballo....
grazie davvero...
(ma che cosa ho fatto creando quel file di registro?)
il file.dll è scomparso...e la cartella avenger non me la fa eliminare xchè il file lpt4.joh dice che non è possibile trovarlo...neanche con unlocker si sblocca( sempre che sia bloccato eh...)...non ho permessi di debug
...all'inizio di questo "viaggio" ero impazzito con sta storia del debug...xchè in un forum puzzone (non come zeusnews che è stupendo e poi c'è holifay Pray

) avevo letto che il trojan si levava seguendo un percorso che iniziava con unlocker....boh....

Fiori

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

bahamut · Mortale devoto Registrato: 12/07/06 03:05 Messaggi: 14

no no...tu sei proprio fantastica....l'ho levato subito(con la procedura forum.bat)
poi sai anche chi è crashoverride...che sballo!!!!!!
non trovo emoticons x esprimerti la mia devozione.... Very Happy