Salve a tutti! Ho fatto una scansione con avira antivir personal edition e ho salvato il file di log perchè ho notato qualcosa di strano... premetto che avevo già seguito la guida alla disinfezione... e tutti i problemi trovati erano stati eliminati! ma ancora qualcosa non va! :muro: vi posto il log:


Avira AntiVir Personal
Report file date: venerdì 20 marzo 2009 17:01

Scanning for 1308885 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Andrea
Computer name : DJKAMMAC-EC6D31

Version information:
BUILD.DAT : 9.0.0.386 17962 Bytes 11/03/2009 15:55:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 11:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 19:33:26
ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 11/03/2009 09:51:15
ANTIVIR3.VDF : 7.1.2.193 243712 Bytes 20/03/2009 09:51:16
Engineversion : 8.2.0.120
AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 16:36:42
AESCRIPT.DLL : 8.1.1.67 364923 Bytes 20/03/2009 09:51:21
AESCN.DLL : 8.1.1.8 127346 Bytes 20/03/2009 09:51:20
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 17:24:41
AEPACK.DLL : 8.1.3.10 397686 Bytes 04/03/2009 12:06:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 19:01:56
AEHEUR.DLL : 8.1.0.107 1663352 Bytes 20/03/2009 09:51:19
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 19:01:56
AEGEN.DLL : 8.1.1.30 336245 Bytes 20/03/2009 09:51:18
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 17/02/2009 13:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 06:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 10:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 14:55:12

Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: c:\programmi\avira\antivir desktop\alldrives.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: delete
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:, G:, D:, F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Optimised scan......................: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Deviating archive types.............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic.....................: on
File heuristic......................: high
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: venerdì 20 marzo 2009 17:01

Initiating scan of system files:
Signed -> 'C:\WINDOWS\system32\svchost.exe'
Signed -> 'C:\WINDOWS\system32\winlogon.exe'
Signed -> 'C:\WINDOWS\explorer.exe'
Signed -> 'C:\WINDOWS\system32\smss.exe'
Signed -> 'C:\WINDOWS\system32\wininet.DLL'
Signed -> 'C:\WINDOWS\system32\wsock32.DLL'
Signed -> 'C:\WINDOWS\system32\ws2_32.DLL'
Signed -> 'C:\WINDOWS\system32\services.exe'
Signed -> 'C:\WINDOWS\system32\lsass.exe'
Signed -> 'C:\WINDOWS\system32\csrss.exe'
Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys'
Signed -> 'C:\WINDOWS\system32\spoolsv.exe'
Signed -> 'C:\WINDOWS\system32\alg.exe'
Signed -> 'C:\WINDOWS\system32\wuauclt.exe'
Signed -> 'C:\WINDOWS\system32\advapi32.DLL'
Signed -> 'C:\WINDOWS\system32\user32.DLL'
Signed -> 'C:\WINDOWS\system32\gdi32.DLL'
Signed -> 'C:\WINDOWS\system32\kernel32.DLL'
Signed -> 'C:\WINDOWS\system32\ntdll.DLL'
Signed -> 'C:\WINDOWS\system32\ntoskrnl.exe'
Signed -> 'C:\WINDOWS\system32\ctfmon.exe'
The system files were scanned ('21' files)

Starting search for hidden objects.
'41414' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'cidaemon.exe' - '1' Module(s) have been scanned
Scan process 'cidaemon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'tor.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '1' Module(s) have been scanned
Scan process 'privoxy.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'vidalia.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'SUPERANTISPYWARE.EXE' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'prevx.exe' - '0' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'vmnetdhcp.exe' - '1' Module(s) have been scanned
Scan process 'vmnat.exe' - '1' Module(s) have been scanned
Scan process 'uphclean.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'prevx.exe' - '0' Module(s) have been scanned
Scan process 'cisvc.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
61 processes with 61 modules were scanned

Starting master boot sector scan:

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '65' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd5085.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\vaxscsi.sys
[WARNING] The file could not be opened!
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [1005]: Il volume non contiene un file system riconosciuto.
Begin scan in 'G:\' <FREECOM HDD>
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [87]: Parametro non corretto.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Periferica non pronta.


End of the scan: venerdì 20 marzo 2009 18:10
Used time: 1:08:33 Hour(s)

The scan has been done completely.

15025 Scanned directories
488825 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
4 Files cannot be scanned
488821 Files not concerned
13748 Archives were scanned
4 Warnings
1 Notes
41414 Objects were scanned with rootkit scan
0 Hidden objects were found


IDEE?????? :help:

Il log è OK

come ok???? e i file che non riesce a leggere?
e poi... ehm.. ho un altro "piccolo" problema... non mi fa modificare i valori nella chiave di registro HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run con tutte le sue sotto-chiavi! IMAIL MAPI MSFS ecc... accedo con i diritti di admin e mi dice comunque che non ho le autorizzazioni, anche dalla modalità provvisoria! non mi fa modificare l'elenco dei programmi che si avviano all'avvio di windows... scusa il gioco di parole xD

come ok???? e i file che non riesce a leggere?

Normale vedi la Guida che ti ho linkato -->> http://www.hwupgrade.it/forum/showpost.php?p=17960749&postcount=6 dove trovi alcuni esempi :)

grazie... ma... riguardo ai problemi del registro di sistema... per sicurezza... posso postare i log di hijackthis gmer e sysinpsector?

log di GMER 11 / 03 / 2009


GMER 1.0.15.14878 - http://www.gmer.net
Rootkit scan 2009-03-11 07:43:42
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT pxprot.sys (Prevx Protection Engine/Prevx) ZwAssignProcessToJobObject [0xBA4C8850]
SSDT sptd.sys ZwCreateKey [0xB9EDBC04]
SSDT pxprot.sys (Prevx Protection Engine/Prevx) ZwCreateThread [0xBA4C8880]
SSDT sptd.sys ZwEnumerateKey [0xB9EDBD48]
SSDT sptd.sys ZwEnumerateValueKey [0xB9EDC0C0]
SSDT sptd.sys ZwOpenKey [0xB9EDBAE2]
SSDT pxprot.sys (Prevx Protection Engine/Prevx) ZwOpenProcess [0xBA4C8AD0]
SSDT pxprot.sys (Prevx Protection Engine/Prevx) ZwOpenThread [0xBA4C8990]
SSDT pxprot.sys (Prevx Protection Engine/Prevx) ZwProtectVirtualMemory [0xBA4C88D0]
SSDT sptd.sys ZwQueryKey [0xB9EDC18A]
SSDT sptd.sys ZwQueryValueKey [0xB9EDC022]
SSDT pxprot.sys (Prevx Protection Engine/Prevx) ZwSetContextThread [0xBA4C8820]
SSDT sptd.sys ZwSetValueKey [0xB9EDC212]
SSDT \??\C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA88BBF20]
SSDT pxprot.sys (Prevx Protection Engine/Prevx) ZwTerminateThread [0xBA4C8910]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA550E6D0]
SSDT pxprot.sys (Prevx Protection Engine/Prevx) ZwWriteVirtualMemory [0xBA4C8940]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
? C:\WINDOWS\System32\Drivers\SPTD5085.SYS Impossibile accedere al file. Il file è utilizzato da un altro processo.
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B949D4D0 16 Bytes [BA, 4A, 41, 9C, 3A, 01, BA, ...]
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 B949D4E1 31 Bytes [C0, 49, B9, 92, 64, 50, 8F, ...]
? C:\WINDOWS\System32\Drivers\vaxscsi.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Impossibile trovare il file specificato. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9ED7A32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9ED7B6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9ED7AF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9ED86CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9ED85A2] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EFABBC] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT D:\Andrea\Programmi\Disinfettare il pc\gmer.exe[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT D:\Andrea\Programmi\Disinfettare il pc\gmer.exe[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT D:\Andrea\Programmi\Disinfettare il pc\gmer.exe[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT D:\Andrea\Programmi\Disinfettare il pc\gmer.exe[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A5118C0

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)

Device \FileSystem\Fastfat \FatCdrom 89A8E5A0
Device \FileSystem\InCDfs \InCDFsDisk 89A5FA58

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (Sistema e kernel NT/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A4C3450
Device \Driver\dmio \Device\DmControl\DmConfig 8A4C3450
Device \Driver\dmio \Device\DmControl\DmPnP 8A4C3450
Device \Driver\dmio \Device\DmControl\DmInfo 8A4C3450

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (Sistema e kernel NT/Microsoft Corporation)

Device \Driver\usbstor \Device\000000a1 8A2FC7F8
Device \Driver\00000056 \Device\00000057 sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4C3708
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A4C3708
Device \Driver\Cdrom \Device\CdRom0 8A24FD48
Device \FileSystem\Rdbss \Device\FsWrap 89CC52A0
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A4C3708
Device \Driver\Cdrom \Device\CdRom1 8A24FD48
Device \Driver\NetBT \Device\NetBt_Wins_Export 89AADA60
Device \FileSystem\InCDfs \Device\InCDfsComm 89A5FA58
Device \Driver\sbp2port \Device\Sbp2Port0 8A5110E8
Device \Driver\NetBT \Device\NetbiosSmb 89AADA60
Device \Driver\NetBT \Device\NetBT_Tcpip_{92BC12E5-E925-4DB0-BD11-B29F7A7D659E} 89AADA60

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (Sistema e kernel NT/Microsoft Corporation)

Device \Driver\Disk \Device\Harddisk0\DR0 8A511B78

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (Sistema e kernel NT/Microsoft Corporation)

Device \Driver\Disk \Device\Harddisk1\DR3 8A511B78
Device \Driver\sbp2port \Device\Sbp2\Initio &DVD-RAM UJ-85JS &0&00101003_05210678_Instance00 8A5110E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{FC9455EF-EFDE-4A84-B8AE-C4B49597708B} 89AADA60
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89CB50E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89CB50E8
Device \FileSystem\Npfs \Device\NamedPipe 89AE9D98
Device \Driver\Ftdisk \Device\FtControl 8A4C3708
Device \FileSystem\Msfs \Device\Mailslot 8A207500
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 8A24E0E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port4Path0Target0Lun0 8A24E0E8
Device \Driver\usbstor \Device\0000009a 8A2FC7F8
Device \FileSystem\Fastfat \Fat 89A8E5A0

AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

Device \FileSystem\InCDfs \GLOBAL??\BsUDF 89A5FA58
Device \FileSystem\Cdfs \Cdfs 893DDEB0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -1730368878
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1064893498
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1346894137
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programmi\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF1 0x5A 0x9B 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC6 0x10 0xD3 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC4 0xB4 0xC3 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programmi\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF1 0x5A 0x9B 0x85 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC6 0x10 0xD3 0xDB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC4 0xB4 0xC3 0x78 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@SunJavaUpdateSched "C:\Programmi\Java\jre6\bin\jusched.exe"
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@SynTPEnh C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@LogitechVideo[inspector] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@LogitechCameraService(E) C:\WINDOWS\system32\ElkCtrl.exe /automation
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@LogitechCameraAssistant C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@iTunesHelper "C:\Programmi\iTunes\iTunesHelper.exe"
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@QuickTime Task "C:\Programmi\QuickTime\QTTask.exe" -atboottime
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@AppleSyncNotifier C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@InCD C:\Programmi\Nero\Nero 7\InCD\InCD.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@NeroFilterCheck C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@LVCOMSX C:\WINDOWS\system32\LVCOMSX.EXE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@voip phone charger "C:\Programmi\Acer\VoIP Phone Charger\voip phone charger.exe"
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@BlackBerryAutoUpdate C:\Programmi\File comuni\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@Acrobat Assistant 7.0 "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@HP Software Update "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@HP Component Manager "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@

---- EOF - GMER 1.0.15 ----

posta i log secondo le regole, cioè su wikisend.com

e inoltre fai una scansione con malwarebytes ed a-squared :)

ho finito la scansione con Malwarebites e non ha rilevato niente... cmq qui c'è il link del log:

mbam-log-2009-03-21 (08-54-18).txt (http://wikisend.com/download/556748/mbam-log-2009-03-21 (08-54-18).txt)

al posto di a-squared ho fatto una scansione con spybot poi anche con superantispyware e non risulta nessuna infezione....

ho finito la scansione con Malwarebites e non ha rilevato niente... cmq qui c'è il link del log:

mbam-log-2009-03-21 (08-54-18).txt (http://wikisend.com/download/556748/mbam-log-2009-03-21 (08-54-18).txt)

al posto di a-squared ho fatto una scansione con spybot poi anche con superantispyware e non risulta nessuna infezione....

Per massimo scrupolo puoi fare scansione anche A2 ma come detto in precedenza dal log di Avira non emerge nulla :)

non emerge nulla con nessun software... tranne che con gmer che mi segnala quella famose chiavi di registro che non riesco a modificare

non emerge nulla con nessun software... tranne che con gmer che mi segnala quella famose chiavi di registro che non riesco a modificare

Scusa ma quali chiavi e per quale motivo vorresti modificarle

nella guida alla dinsinfezione c'era anche una guida per capire il log di gmer... a me nel log gmer accanto alle chiavi IMAIL MAPI e MSFS scrive il valore 1... e ciò vuol dire che deve essere reimpostato a 0... ma non riesco ad accedere a queste chiavi... e cmq quando tento di installare la suite grafica corel draw mi da errore perchè non riesce a modificare quelle chiavi... ma del programma non m'interessa... so solo che non riesco più a modificare nemmeno i programmi in autorun all'avvio...

ho fatto uno screenshot di ciò che accade scegliendo una voce qualsiasi: (autorun) http://img23.imageshack.us/img23/1689/immagineivz.jpg (http://img23.imageshack.us/my.php?image=immagineivz.jpg)


e qui c'è lo screenshot della situazione nel registro:
http://img13.imageshack.us/img13/679/immagine2sol.jpg (http://img13.imageshack.us/my.php?image=immagine2sol.jpg)

L'interpretazione del log di Gmer non è assolutamente facile, per quanto riguarda le chiavi di registro indicate e relativi valori sono assolutamente legittimi. Mettere le mani nel registro di Win è cosa assolutamente delicata, da fare con cognizione di causa.

si lo so che può essere dannoso modificare i registri... ma capisci che non è normale ciò che accade no?

Gli Screenshot sono miniaturizzati non si vede nulla :)

d'oh! eccoli...
http://img6.imageshack.us/img6/1220/immagineddt.th.jpg (http://img6.imageshack.us/my.php?image=immagineddt.jpg)

http://img6.imageshack.us/img6/6643/immagine2cfi.th.jpg (http://img6.imageshack.us/my.php?image=immagine2cfi.jpg)

si lo so che può essere dannoso modificare i registri... ma capisci che non è normale ciò che accade no?

Assolutamente normale che tu non possa modificarle, anche perchè non c'è nulla da modificare.

chiamami presuntuoso o troppo scrupoloso... ma quel fatto dell'autorun prima potevo farlo... adesso non me lo fa fare... forse perchè prima avevo AVG free e ora ho avira antivir? xD