Salve.
Così per sola curiosità ho provato una scansione con Gmer con il seg. risultato (Sophos antirootkit non mi ha segnalato nulla):

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-06-17 14:47:25
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.14 ----

.text C:\Programmi\HPQ\IAM\bin\asghost.exe[600] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 01B617D7; RET
.text C:\Programmi\HPQ\IAM\bin\asghost.exe[600] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 01B61386; RET
.text C:\Programmi\HPQ\IAM\bin\asghost.exe[600] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 01B6155D; RET
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 01AD17D7; RET
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 01AD1386; RET
.text C:\WINDOWS\Explorer.EXE[692] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 01AD155D; RET
.text C:\Programmi\ProtectTools\Embedded Security Software\PSDrt.exe[1444] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 022517D7; RET
.text C:\Programmi\ProtectTools\Embedded Security Software\PSDrt.exe[1444] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 02251386; RET
.text C:\Programmi\ProtectTools\Embedded Security Software\PSDrt.exe[1444] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 0225155D; RET
.text C:\Documents and Settings\dario\Desktop\gmer\gmer.exe[2108] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, D7, 17, CC ]
.text C:\Documents and Settings\dario\Desktop\gmer\gmer.exe[2108] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Documents and Settings\dario\Desktop\gmer\gmer.exe[2108] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 86, 13, CC ]
.text C:\Documents and Settings\dario\Desktop\gmer\gmer.exe[2108] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Documents and Settings\dario\Desktop\gmer\gmer.exe[2108] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 5D, 15, CC ]
.text C:\Documents and Settings\dario\Desktop\gmer\gmer.exe[2108] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\WINDOWS\SMINST\Scheduler.exe[2228] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, D7, 17, EF ]
.text C:\WINDOWS\SMINST\Scheduler.exe[2228] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\WINDOWS\SMINST\Scheduler.exe[2228] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 86, 13, EF ]
.text C:\WINDOWS\SMINST\Scheduler.exe[2228] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\WINDOWS\SMINST\Scheduler.exe[2228] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 5D, 15, EF ]
.text C:\WINDOWS\SMINST\Scheduler.exe[2228] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\WINDOWS\SMINST\Scheduler.exe[2228] USER32.dll!GetSysColor 7E398E68 5 Bytes JMP 00419330 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2228] USER32.dll!GetSysColorBrush 7E398E9B 5 Bytes JMP 004193A0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2228] USER32.dll!SetScrollInfo 7E399046 7 Bytes JMP 00419220 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2228] USER32.dll!GetScrollInfo 7E3A17D8 7 Bytes JMP 00419170 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2228] USER32.dll!ShowScrollBar 7E3AF2E7 5 Bytes JMP 004192F0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2228] USER32.dll!GetScrollPos 7E3AF6F4 5 Bytes JMP 004191B0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2228] USER32.dll!SetScrollPos 7E3AF740 5 Bytes JMP 00419260 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2228] USER32.dll!GetScrollRange 7E3AF777 5 Bytes JMP 004191E0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2228] USER32.dll!SetScrollRange 7E3AF98B 5 Bytes JMP 004192A0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2228] USER32.dll!EnableScrollBar 7E3E7F55 7 Bytes JMP 00419130 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe[2292] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, D7, 17, EF ]
.text C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe[2292] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe[2292] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 86, 13, EF ]
.text C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe[2292] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe[2292] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 5D, 15, EF ]
.text C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe[2292] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\Logitech\iTouch\iTouch.exe[2344] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, D7, 17, F1 ]
.text C:\Programmi\Logitech\iTouch\iTouch.exe[2344] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\Logitech\iTouch\iTouch.exe[2344] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 86, 13, F1 ]
.text C:\Programmi\Logitech\iTouch\iTouch.exe[2344] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\Logitech\iTouch\iTouch.exe[2344] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 5D, 15, F1 ]
.text C:\Programmi\Logitech\iTouch\iTouch.exe[2344] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[2416] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, D7, 17, A6 ]
.text C:\WINDOWS\system32\ctfmon.exe[2416] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[2416] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 86, 13, A6 ]
.text C:\WINDOWS\system32\ctfmon.exe[2416] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\WINDOWS\system32\ctfmon.exe[2416] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 5D, 15, A6 ]
.text C:\WINDOWS\system32\ctfmon.exe[2416] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2432] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 019A17D7; RET
.text C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2432] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 019A1386; RET
.text C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[2432] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 019A155D; RET
.text C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[2452] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, D7, 17, A0 ]
.text C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[2452] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[2452] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 86, 13, A0 ]
.text C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[2452] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[2452] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 5D, 15, A0 ]
.text C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[2452] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\UltraVNC\winvnc.exe[2588] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, D7, 17, E2 ]
.text C:\Programmi\UltraVNC\winvnc.exe[2588] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\Programmi\UltraVNC\winvnc.exe[2588] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 86, 13, E2 ]
.text C:\Programmi\UltraVNC\winvnc.exe[2588] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\Programmi\UltraVNC\winvnc.exe[2588] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 5D, 15, E2 ]
.text C:\Programmi\UltraVNC\winvnc.exe[2588] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\Microsoft Office\Office10\OUTLOOK.EXE[2820] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 012B17D7; RET
.text C:\Programmi\Microsoft Office\Office10\OUTLOOK.EXE[2820] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 012B1386; RET
.text C:\Programmi\Microsoft Office\Office10\OUTLOOK.EXE[2820] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 012B155D; RET
.text C:\WINDOWS\system32\igfxsrvc.exe[3220] ntdll.dll!NtEnumerateKey 7C91D94C 4 Bytes [ 68, D7, 17, DF ]
.text C:\WINDOWS\system32\igfxsrvc.exe[3220] ntdll.dll!NtEnumerateKey + 5 7C91D951 1 Byte [ C3 ]
.text C:\WINDOWS\system32\igfxsrvc.exe[3220] ntdll.dll!NtEnumerateValueKey 7C91D976 4 Bytes [ 68, 86, 13, DF ]
.text C:\WINDOWS\system32\igfxsrvc.exe[3220] ntdll.dll!NtEnumerateValueKey + 5 7C91D97B 1 Byte [ C3 ]
.text C:\WINDOWS\system32\igfxsrvc.exe[3220] ntdll.dll!NtQuerySystemInformation 7C91E1AA 4 Bytes [ 68, 5D, 15, DF ]
.text C:\WINDOWS\system32\igfxsrvc.exe[3220] ntdll.dll!NtQuerySystemInformation + 5 7C91E1AF 1 Byte [ C3 ]
.text C:\Programmi\Alcatel_PIMphony\aocphone.exe[3844] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 08E917D7; RET
.text C:\Programmi\Alcatel_PIMphony\aocphone.exe[3844] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 08E91386; RET
.text C:\Programmi\Alcatel_PIMphony\aocphone.exe[3844] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 08E9155D; RET
.text C:\Bus\Business.exe[4556] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 014817D7; RET
.text C:\Bus\Business.exe[4556] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 01481386; RET
.text C:\Bus\Business.exe[4556] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 0148155D; RET
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[5044] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 023617D7; RET
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[5044] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 02361386; RET
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[5044] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 0236155D; RET
.text \\w2003-moll\wpi$\Utente\WPi_Ordini.exe[5220] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 019F17D7; RET
.text \\w2003-moll\wpi$\Utente\WPi_Ordini.exe[5220] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 019F1386; RET
.text \\w2003-moll\wpi$\Utente\WPi_Ordini.exe[5220] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 019F155D; RET
.text \\w2003-moll\wpi$\Utente\WPi_Dati_Tecnici.exe[5680] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 018317D7; RET
.text \\w2003-moll\wpi$\Utente\WPi_Dati_Tecnici.exe[5680] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 01831386; RET
.text \\w2003-moll\wpi$\Utente\WPi_Dati_Tecnici.exe[5680] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 0183155D; RET
.text C:\Programmi\Microsoft Office\Office\EXCEL.EXE[5684] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 01C017D7; RET
.text C:\Programmi\Microsoft Office\Office\EXCEL.EXE[5684] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 01C01386; RET
.text C:\Programmi\Microsoft Office\Office\EXCEL.EXE[5684] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 01C0155D; RET
.text \\W2003-moll\wpi$\Utente\Start_WPi_25.exe[5848] ntdll.dll!NtEnumerateKey 7C91D94C 6 Bytes PUSH 017117D7; RET
.text \\W2003-moll\wpi$\Utente\Start_WPi_25.exe[5848] ntdll.dll!NtEnumerateValueKey 7C91D976 6 Bytes PUSH 01711386; RET
.text \\W2003-moll\wpi$\Utente\Start_WPi_25.exe[5848] ntdll.dll!NtQuerySystemInformation 7C91E1AA 6 Bytes PUSH 0171155D; RET

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

---- Processes - GMER 1.0.14 ----

Process C:\WINDOWS\cpuserv.exe (*** hidden *** ) 2052

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run@GT15J4R49V C:\WINDOWS\cpuserv.exe
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell@WinPos1280x1024(1).left 401
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell@WinPos1280x1024(1).top 306
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell@WinPos1280x1024(1).right 1135
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\7\Shell@WinPos1280x1024(1).bottom 958

---- EOF - GMER 1.0.14 ----


QUALCHE BUONANIMA MI SA INTERPRETARE E DIRE CHE FARE?
GRAZIE

Ciao dario-vr .
Hai un Rootkit.
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Trova e cancella i file in rosso:
C:\WINDOWS\cpuserv.exe
Poi si deve eliminare questa voce (quella in rosso) nell'Editor del Registro.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run@GT15J4R49V C:\WINDOWS\cpuserv.exe


Start\Esegui|digita:regedit\ok.
Clicca sul + di HKEY_LOCAL_MACHINE
Clicca sul + di SOFTWARE
Clicca sul + di Microsoft
Clicca sul + di Windows
Clicca sul + di CurrentVersion
Clicca sul + di policies
Clicca sul + di Explorer
Scorri finchè trovi la cartella RUN
Cliccando sopra la cartella RUN,guarda nella pagina a destra,e vedrai la voce che ho segnalato in Rosso.
Lo elimini (tasto destro,elimina)
Se hai qualche dubbio,domanda,sono qui.

Ciao ho rilanciato Gmer e con la funzione Kill process eliminato cpuserv.exe.
Poi ho seguito alla lettera di nuovo le tue istruzioni e stavolta sono riuscito a cancellare in C/windows il file cpuserv.exe ed in seguito anche la chiave nel registro.
Domanda: c'è un file cpuserv.dll in windows che immagino però sia di sistema , giusto???

Dimenticavo .. alla fine di tutto ho spento e riacceso il pc, rilanciato Gmer che non ha segnalato nulla di sospetto.
Ora ho ripristinato cartelle nascoste, files e cartelle di sistema nascosti e riattivato ripristino di configurazione.


Grazie ancora

Ciao r16 stanne certo che lo faccio subito
Grazie ancora per il preziosissimo aiuto