OK ho fatto tutto, i log sono questi:
GMER 1.0.10.10122 -
http://www.gmer.net
Rootkit 2006-08-24 15:30:35
Windows 5.1.2600
---- Processes - GMER 1.0.10 ----
Library C:\WXPH\npbkp1.dll (*** hidden *** ) @ C:\WXPH\Explorer.EXE [1268] 0x02930000 <-- ROOTKIT !!!
Library C:\WXPH\npbkp1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\IEXPLORE.EXE [1508] 0x01080000 <-- ROOTKIT !!!
Process C:\WXPH\svchost.exe (*** hidden *** ) 1564 <-- ROOTKIT !!!
---- Registry - GMER 1.0.10 ----
Reg \Registry\MACHINE\SOFTWARE\0D92R7F92J
Reg \Registry\MACHINE\SOFTWARE\0D92R7F92J@0D92R7F92J 0x01 0x00 0x00 0x7E ...
Reg \Registry\MACHINE\SOFTWARE\0D92R7F92J@0D92R7F92J 0x01 0x00 0x00 0x7E ...
---- Files - GMER 1.0.10 ----
File C:\WXPH\system32\prn.iwv
File C:\WXPH\npbkp1.del
File C:\WXPH\npbkp1.dll
---- EOF - GMER 1.0.10 ----
GMER 1.0.10.10122 -
http://www.gmer.net
Autostart 2006-08-24 15:31:22
Windows 5.1.2600
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WXPH\system32\userinit.exe,
Windows@AppInit_DLLs = \\?\C:\WXPH\System32\prn.iwv
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
admcntrl /*Gestione Active Desktop Manager*/@ = C:\WXPH\Downlo~1\nvkwji\jehpclu.exe
InoRPC /*Server RPC di eTrust Antivirus */@ = "C:\Programmi\CA\eTrust Antivirus\InoRpc.exe"
InoRT /*Server Realtime di eTrust Antivirus */@ = "C:\Programmi\CA\eTrust Antivirus\InoRT.exe"
InoTask /*Server Processi di eTrust Antivirus */@ = "C:\Programmi\CA\eTrust Antivirus\InoTask.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Realtime MonitorC:\PROGRA~1\CA\ETRUST~1\realmon.exe -s = C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
@hppwrsavC:\SCANJET\PrecisionScanLT\hppwrsav.exe = C:\SCANJET\PrecisionScanLT\hppwrsav.exe
@feecp.exeC:\WXPH\System32\feecp.exe = C:\WXPH\System32\feecp.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WXPH\svchost.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run@CTFMON.EXE = C:\WXPH\System32\ctfmon.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
@{DCED20BE-3645-11D4-BC95-00C04F0E0588} /*InoShell*/C:\Programmi\CA\eTrust Antivirus\InoShell.dll = C:\Programmi\CA\eTrust Antivirus\InoShell.dll
@{AF32DAFE-1358-4F35-A673-FB123BC6303F} /*Cutter 4.1 Shell Extension*/(null) =
@{310A0C95-EA11-42AE-A8E4-53E69E650310} /*ZipGenius Zip Drop handler*/C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL = C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL
@{FE8D01BF-610A-4261-9C6E-32D65A42C907} /*ZipGenius 5.5 DnD Extract handler*/C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL = C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL
@{3E307794-57B9-473A-98CC-4A039255063F} /*OpenOffice.org/ZipGenius Shell Extension*/C:\PROGRA~1\ZIPGEN~1\oodll.dll = C:\PROGRA~1\ZIPGEN~1\oodll.dll
@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} /*ZipGenius Shell Extension*/C:\PROGRA~1\ZIPGEN~1\contmenu.dll = C:\PROGRA~1\ZIPGEN~1\contmenu.dll
@{2E5AC2E0-406D-11D4-86B3-FA5861508E25} /*ZipGenius Zip InfoTip*/C:\PROGRA~1\ZIPGEN~1\zgtips.dll = C:\PROGRA~1\ZIPGEN~1\zgtips.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
InoShell@{DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Programmi\CA\eTrust Antivirus\InoShell.dll
ZipGenius 5@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} = C:\PROGRA~1\ZIPGEN~1\contmenu.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
InoShell@{DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Programmi\CA\eTrust Antivirus\InoShell.dll
ZipGenius 5@{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} = C:\PROGRA~1\ZIPGEN~1\contmenu.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
@{0712FB8F-FE45-166D-F477-DDE972BE5CC5}C:\WXPH\npbkp1.dll = C:\WXPH\npbkp1.dll
@{493C64A2-68D8-00DB-49B1-A424B3007DC4}C:\WXPH\npbkp1.dll = C:\WXPH\npbkp1.dll
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WXPH\System32\logon.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome =
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start
Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home =
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WXPH\System32\blank.htm = C:\WXPH\System32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WXPH\System32\msvidctl.dll
its@CLSID = C:\WXPH\System32\itss.dll
lid@CLSID = C:\WXPH\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WXPH\System32\itss.dll
tv@CLSID = C:\WXPH\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WXPH\System32\msdxm.ocx
wia@CLSID = C:\WXPH\System32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain = plasticacesena.lan
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{38BAD992-0FEA-4017-B93B-713EE1AD01D7} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.0.54 = 192.168.0.54
@NameServer192.168.0.254 = 192.168.0.254
@DefaultGateway192.168.0.254 = 192.168.0.254
@Domain =
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Microsoft Office.lnk = Microsoft Office.lnk
Avvia Pc.lnk = Avvia Pc.lnk
---- EOF - GMER 1.0.10 ----