Ciao
come immaginavo sei infetto da una variante del Linkoptimizer .... (infezione molto coriace e resistente )
Proprio oggi ho creato una <b><u>guida</u></b> appositamente per quell'infezione , quindi se vuoi ripulire il tuo sistema , armati di pazienza e comincia a seguire nell'ordine i passaggi descritti .....

A volte basta semplicemente un ripristino , mentre a volte bisogna eseguire tutti i passaggi , quindi segui i primi consigli , e se i problemi persistono continueremo con il resto

Effettivamente Virit qualcosina l'ha eliminata....
fai anche uno scan online con BitDefender . Poi postaci un nuovo log hijackthis , e dicci se i problemi persistono .....
Forse riesci a risparmiartella tutta quella procedura

se fa la scansione all-avvio , vuol dire che hai lasciato le impostazioni di defaut , vai su
<b>tools</b>, <b>scheduler</b> e metti la spunta su <b>ogni settimana</b>

poi vai su <b>opzioni</b>, e metti la spunta su <b>disabilita l-esecuzione automatica di macro virus analizer</b>....

Per quanto riguarda le tue infezioni , se non mi mostri nessun log , sara difficile poterti dire cosa rimane e cosa [ sparito

mi dispiace dirtelo , ma nel log ci sono ancora varie tracce di linkoptimizer ....
fai cosi:
vai sulla mia guida e scarica Rootkitrevealer , fai lo scan e alla fine posta il suo log

mi ero dimenticato di chiederti un'altra cosa, se dovessi spedirti i log di rootkitrevealer,, come faccio per fare selezionarli tutti e postarli, non si selezionano tutti contemporaneamente ,e poi è scritto in inglese, quindi ci capisco ancora meno

<BLOCKQUOTE id=quote><font size=1 face="Sans Serif, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
Vai su file->save , quindi salvalo.... e poi potrai copiarlo per incollarlo qui in un post di risposta

Devi postarmi , anche il log GMER fatto sia dal tab "rootkit" che dal tab "autostart"...

e anche uno di hijackthis aggiornato
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Sans Serif, Arial, Helvetica" size=2 id=quote>


dovresti spiegarmi meglio questa frase con parole che possano farmi capire qualcosa, faccio un pò di fatica a seguire il tutto:

Devi postarmi , anche il log GMER fatto sia dal tab "rootkit" che dal tab "autostart"...

GMER l' ho trovato nella tua guida, ma non riesco a capire che significa fatto sia dal tab rootkit che dal tab autostart( autostart dove lo trovo?), devo scricare GMER e poi fare le scansioni con questi 2 programmi?, intanto ti mando i log di rootkitrevealer che ho appena fatto:


HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 22/08/2006 23.22 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs 20/08/2006 1.52 66 bytes Windows API length not consistent with raw hive data.
C:\Documents and Settings\User\Cookies\user@as1.falkag[1].txt 22/08/2006 23.30 0 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\User\Cookies\user@cgi-bin[10].txt 22/08/2006 23.23 120 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Cookies\user@cgi-bin[9].txt 22/08/2006 23.27 120 bytes Hidden from Windows API.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\2KJQ3II7\:3D3:26Forum_Title:3DProblemi:2BInformatici:26Topic_Title:3Dproblemi:2BJava:26M:3Dandcc=99andu_h=768andu_w=1024andu_ah=738andu_aw=1024andu_cd=16andu_tz=120andu_his=6andu_java=t 22/08/2006 23.29 1.64 KB Hidden from Windows API.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\2KJQ3II7\aiutamiciadv468[44].asp 22/08/2006 21.30 417 bytes Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\2KJQ3II7\bg=FFFFFFandcolor_text=000080andcolor_link=000080andcolor_url=0000FFandcolor_border=FFCC00andcc=99andu_h=768andu_w=1024&u_ah=738&u_aw=1024&u_cd=16&u_tz=120&u_his=4&u_java=t 22/08/2006 23.20 1.92 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\2KJQ3II7\CA2JGPO9 22/08/2006 23.30 0 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\2KJQ3II7\CAYFPRNG.HTM 22/08/2006 23.29 1.15 KB Hidden from Windows API.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\2KJQ3II7\extas[4].htm 22/08/2006 23.07 1.10 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\2KJQ3II7\imgad[24].gif 22/08/2006 22.11 8.73 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\2KJQ3II7\popunder[1].htm 22/08/2006 20.49 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\2KJQ3II7\script[1].htm 22/08/2006 23.29 1.27 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\2KJQ3II7\sel[17].htm 22/08/2006 23.26 827 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\42NQQ6JE\aiutamiciadv120[47].asp 22/08/2006 23.29 417 bytes Hidden from Windows API.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\42NQQ6JE\aiutamiciadv120[54].asp 22/08/2006 22.16 417 bytes Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\42NQQ6JE\CA2WI24C.htm 22/08/2006 21.30 7.79 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\42NQQ6JE\CA2Z270V.htm 22/08/2006 21.32 8.07 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\42NQQ6JE\CA6749M3.HTM 22/08/2006 23.26 1.15 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\42NQQ6JE\CAARCTIF.HTM 22/08/2006 23.29 1.15 KB Hidden from Windows API.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\42NQQ6JE\CAFIM65D.htm 22/08/2006 21.31 9.67 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\42NQQ6JE\popup[1].htm 22/08/2006 23.29 1.04 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\42NQQ6JE\rich[1].htm 22/08/2006 23.26 2.11 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\42NQQ6JE\script[1].htm 22/08/2006 23.26 1.27 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\42NQQ6JE\sel[2].htm 22/08/2006 23.30 7.90 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\42NQQ6JE\topic[1].htm 22/08/2006 23.25 79.65 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\IBGDCZ47\120x120[1].htm 22/08/2006 23.20 1.87 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\IBGDCZ47\6CAT_ID:3D3:26Topic_Title:3Dproblemi:2BJava:26Forum_Title:3DProblemi:2BInformatici&cc=99&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=16&u_tz=120&u_his=5&u_java=t 22/08/2006 23.27 2.86 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\IBGDCZ47\aiutamiciadv468[32].asp 22/08/2006 22.08 417 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\IBGDCZ47\aiutamiciadv468[33].asp 22/08/2006 22.11 417 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\IBGDCZ47\aiutamiciadv468[34].asp 22/08/2006 22.13 417 bytes Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\IBGDCZ47\CA6E0UXZ.HTM 22/08/2006 23.26 1.15 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\IBGDCZ47\CA8L1FZK.HTM 22/08/2006 23.30 1.15 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\IBGDCZ47\CAKZ0LAF.htm 22/08/2006 23.29 4.08 KB Hidden from Windows API.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\IBGDCZ47\CANKY1LQ.htm 22/08/2006 21.30 7.84 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\IBGDCZ47\extas[3].htm 22/08/2006 23.29 1.10 KB Hidden from Windows API.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\IBGDCZ47\script[2].htm 22/08/2006 23.29 1.27 KB Hidden from Windows API.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\NMTJ7DJG\aiutamiciadv468[41].asp 22/08/2006 23.29 417 bytes Hidden from Windows API.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\NMTJ7DJG\aiutamiciadv468[47].asp 22/08/2006 22.07 417 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\NMTJ7DJG\bg=FFFFFF&color_text=000080&color_link=000080&color_url=0000FF&color_border=FFCC00&cc=99&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=16&u_tz=120&u_his=4&u_java=t 22/08/2006 23.19 2.54 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\NMTJ7DJG\CA0TTVY3.htm 22/08/2006 21.07 3.69 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\NMTJ7DJG\CAJ14CQY.htm 22/08/2006 21.29 1.80 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\NMTJ7DJG\index[3].htm 22/08/2006 21.28 128.53 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\NMTJ7DJG\link[1].asp 22/08/2006 23.20 472 bytes Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\NMTJ7DJG\popup[1].htm 22/08/2006 22.53 1.04 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\NMTJ7DJG\post_info[6].htm 22/08/2006 23.29 7.82 KB Hidden from Windows API.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\NMTJ7DJG\rich[1].htm 22/08/2006 23.29 2.11 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\NMTJ7DJG\topic[2].htm 22/08/2006 22.14 16.18 KB Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\NMTJ7DJG\topic[4].htm 22/08/2006 23.29 80.44 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\NMTJ7DJG\trpix[51].gif 22/08/2006 23.29 43 bytes Hidden from Windows API.
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\NMTJ7DJG\trpix[52].gif 22/08/2006 23.30 43 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\kldkt1.dll 21/08/2006 12.44 64.16 KB Hidden from Windows API.
C:\WINDOWS\system32 22/08/2006 23.27 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32:diskmgmr.msc 22/08/2006 23.27 119.35 KB Hidden from Windows API.

<BLOCKQUOTE id=quote><font size=1 face="Sans Serif, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
allora , c'è scritto anche nella guida , scarichi GMER , lo decomprimi , lo avvii , vai nel tab rootkit e premi su scan .... quando ha finito selezioni tutto e lo vai a copiare in una pagina del bloc notes....
Fai la stessa cosa anche dal tab autostart ...

Una cosa è sicura , il rootkit nel tuo sistema c'è e quindi se vuoi eliminarlo senza formattare , cerca di concentrarti e fare le procedure alla lettera.... anche perchè non lo stai facendo....
Nella guida c'è scritto che il log con rootkitrevealer và fatto con tutte le applicazioni chiuse e disconnesso da internet....tu non lo hai fatto a quanto sembra...

<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Sans Serif, Arial, Helvetica" size=2 id=quote>,ammetto, errore da svista, ma non riesco a capire autostar cosa sia e dove sia, finche non riesco a capire cos'è e dov'è.non riesco a farlo funzionare

<BLOCKQUOTE id=quote><font size=1 face="Sans Serif, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
a quanto pare le sviste continuano <img src=icon_smile_big.gif border=0 align=middle>
Dai applicati un po di piu.... vedrai che sarai soddisfatto quando riuscirai ad eliminarlo


più tardi sono riuscito a trovare, non lo trovavo solo perchè non avevo scaricato GMER, stasera farò tutto e poi ti spedisco, spero di riuscire nonostante le mie difficoltà a risolvere il tutto. grazie ancora per la tua pazienza
ciao

<img src="http://img218.imageshack.us/img218/1219/gmer1wy3.jpg" border=0>
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Sans Serif, Arial, Helvetica" size=2 id=quote>

ho fatto la scansione con GMER-rootkit ho tentato di copiare mi viene fuori: text Was copied u the clipboard.
Paste the output into your favoutite editor ( ie note pad) useing Ctrl+V keys.

Sono andato a cercare il blocc notes di gMER ma ho trovato tuut'altra versione rispetto a quello che ho scaricato.
E' giusto questo: t[GMER]
Version=1.0.10
[AVScanner]
1=http://www.mks.com.pl/skaner/skaner.html
2=http://arcaonline.arcabit.com/skaner.html
3=http://www.kaspersky.pl/resources/virusscanner/kavwebscan.html
4=http://www.kaspersky.com/downloads/kws/kavwebscan.html
Se è giusto dammi l' ok o altrimenti spiegami come devo fare per riuscire a copiare rootkit e autostart

dopo lunga e penosa malattia dovrei essere riuscito a fare quello che ni avevi chiesto. spero sia quello che ni avevi chiesto.

questi sono i risultati del rootkit:
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-23 22:08:33
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwCreateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwOpenKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys ZwTerminateThread
SSDT \??\C:\WINDOWS\system32\PavSRK.sys ZwWriteVirtualMemory

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7BB1810] ShldDrv.SYS
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7BB1BD8] ShldDrv.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE [F7BB17D2] ShldDrv.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA [F7BB1B9A] ShldDrv.SYS
Device \Driver\Modem \Device\00000067 IRP_MJ_QUERY_INFORMATION [F7D309D4] COMFiltr.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F7BB17D2] ShldDrv.SYS
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F7BB1B9A] ShldDrv.SYS

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\WINDOWS\kldkt1.dll
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log

---- EOF - GMER 1.0.10 ----

e invece questi sono i risultai di autostart:

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-23 22:15:30
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = :SystemRoot:\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr@DLLName = avldr.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = C:\WINDOWS\system32:diskmgmr.msc

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
PAVFNSVR /*Panda Function Service*/@ = "C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe"
PavPrSrv /*Panda Process Protection Service*/@ = "C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe"
PAVSRV /*Panda anti-virus service*/@ = "C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe"
pmshellsrv /*Panda Antispam Engine*/@ = C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
PNMSRV /*Panda Network Manager*/@ = "c:\programmi\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE"
PSIMSVC /*Panda IManager Service*/@ = "C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe"
RichVideo /*Cyberlink RichVideo Service(CRVS)*/@ = "C:\Programmi\CyberLink\Shared files\RichVideo.exe" ??????????????????????????????????????????????????
Spooler /*Spooler di stampa*/@ = :SystemRoot:\system32\spoolsv.exe
SysUid /*SysUid*/@ = "C:\Programmi\File comuni\System\RiG.exe"
TPSrv /*Panda TPSrv*/@ = "C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NeroFilterCheckC:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe = C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@LanguageShortcutC:\Programmi\CyberLink\PowerDVD\Language\Language.exe = C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
@SiS Windows KeyHookC:\WINDOWS\system32\keyhook.exe = C:\WINDOWS\system32\keyhook.exe
@APVXDWIN"C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s = "C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
@SCANINICIO"C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe" = "C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/:SystemRoot:\system32\twext.dll = :SystemRoot:\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/:SystemRoot:\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll" = "C:\Programmi\OpenOffice.org 2.0\program\shlxthdl.dll"
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{65756541-C65C-11CD-0000-4B656E696100} /*Panda Antivirus*/C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\PAVOLE.DLL = C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\PAVOLE.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Panda Antivirus@{65756541-C65C-11CD-0000-4B656E696100} = C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\PAVOLE.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Panda Antivirus@{65756541-C65C-11CD-0000-4B656E696100} = C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\PAVOLE.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{75DDA4D6-AB74-81FD-D93A-80E9E6580E42}C:\WINDOWS\kldkt1.dll = C:\WINDOWS\kldkt1.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ieandpver=6andar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ieandpver=6andar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}andclcid={SUB_CLSID}andpver={SUB_PVER}andar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}andclcid={SUB_CLSID}andpver={SUB_PVER}andar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.libero.it/ = http://www.libero.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll
000000000002@PackedCatalogItem = C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll
000000000003@PackedCatalogItem = C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015@PackedCatalogItem = C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\pavlsp.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
Microsoft Office.lnk = Microsoft Office.lnk
Utility Tray.lnk = Utility Tray.lnk
WinZip Quick Pick.lnk = WinZip Quick Pick.lnk

---- EOF - GMER 1.0.10 ----

questo è tutto, ora attendo una risposta, e garzie ancora per la pazienza, ma spero tu possa capire.ciao e grazie