Olimpo Informatico

[vegeta]

Usando spybot ho trovato virtumundo e nn riesco a cancellarlo.

Vi posto il log di hijackthis.

Vi prego aiutatemi, nn ne capisco molto.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.00.41, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5F42001E-529F-4E06-9229-A2AD6299A8A9} - C:\WINDOWS\system32\ssqpo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: (no name) - {AEBF6926-DBA6-4100-A838-1CED0169AB78} - C:\WINDOWS\system32\iifcbby.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {34c1713d-0902-e5aa-cf44-f771751a53cc} - {cc35a157-177f-44fc-aa5e-2090d3171c43} - C:\WINDOWS\system32\omldkigv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [98a9b988] rundll32.exe "C:\WINDOWS\system32\blvbpync.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173370515477
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CDE34A8-0CA3-4A6F-89A4-570DE3BE65B2}: NameServer = 85.37.17.39 85.38.28.71
O20 - Winlogon Notify: iifcbby - C:\WINDOWS\SYSTEM32\iifcbby.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6660 bytes

[Orange]

ciao vegeta

Comincia con questi due tool: VundoFix e VirtumundoBegone

Scaricali e salvali sul desktop.
Avvia VundoFix
Seleziona Scan for Vundo e a scansione terminata scegli Remove Vundo.
Clicca Yes e alla richiesta di riavviare il Pc rispondi Ok.
Al riavvio dovrebbe comparire il blocco-note con dentro il log, copia e posta sul forum il contenuto.

Ora avvia in modalità provvisoria
Avvia VirtumundoBeGone e segui le indicazioni a video.
riavvia il Pc in modalità normale e posta il log.

Fai anche un nuovo log di HijackThis e mettilo qui.

[vegeta]

Intanto grazie per l'aiuto.

Allora, ho fatto la scansione col VundoFix, ma non ha trovato niente di infetto.Ecco il log.

VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 16.57.07 09/01/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 17.00.55 09/01/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 17.04.07 09/01/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...






Cmq poi ho fatto ripartire il Pc in modalità provvisoria e ho avviato il VirtumundeBeGone. Ora vi posto il log.

[01/09/2008, 17:14:25] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Utente\Desktop\VirtumundoBeGone.exe" )
[01/09/2008, 17:14:33] - Detected System Information:
[01/09/2008, 17:14:33] - Windows Version: 5.1.2600, Service Pack 2
[01/09/2008, 17:14:33] - Current Username: Utente (Admin)
[01/09/2008, 17:14:33] - Windows is in SAFE mode with Networking.
[01/09/2008, 17:14:33] - Searching for Browser Helper Objects:
[01/09/2008, 17:14:33] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/09/2008, 17:14:33] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/09/2008, 17:14:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/09/2008, 17:14:33] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/09/2008, 17:14:33] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/09/2008, 17:14:33] - BHO 3: {5F42001E-529F-4E06-9229-A2AD6299A8A9} ()
[01/09/2008, 17:14:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/09/2008, 17:14:33] - Checking for HKLM\...\Winlogon\Notify\ssqpo
[01/09/2008, 17:14:33] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
[01/09/2008, 17:14:33] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/09/2008, 17:14:33] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/09/2008, 17:14:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/09/2008, 17:14:33] - No filename found. Continuing.
[01/09/2008, 17:14:33] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/09/2008, 17:14:33] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/09/2008, 17:14:33] - BHO 8: {AEBF6926-DBA6-4100-A838-1CED0169AB78} ()
[01/09/2008, 17:14:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/09/2008, 17:14:33] - Checking for HKLM\...\Winlogon\Notify\iifcbby
[01/09/2008, 17:14:33] - Found: HKLM\...\Winlogon\Notify\iifcbby - This is probably Virtumundo.
[01/09/2008, 17:14:33] - Assigning {AEBF6926-DBA6-4100-A838-1CED0169AB78} MSEvents Object
[01/09/2008, 17:14:33] - BHO list has been changed! Starting over...
[01/09/2008, 17:14:33] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/09/2008, 17:14:33] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/09/2008, 17:14:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/09/2008, 17:14:33] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/09/2008, 17:14:33] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/09/2008, 17:14:33] - BHO 3: {5F42001E-529F-4E06-9229-A2AD6299A8A9} ()
[01/09/2008, 17:14:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/09/2008, 17:14:33] - Checking for HKLM\...\Winlogon\Notify\ssqpo
[01/09/2008, 17:14:33] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
[01/09/2008, 17:14:33] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/09/2008, 17:14:33] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/09/2008, 17:14:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/09/2008, 17:14:34] - No filename found. Continuing.
[01/09/2008, 17:14:34] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/09/2008, 17:14:34] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/09/2008, 17:14:34] - BHO 8: {AEBF6926-DBA6-4100-A838-1CED0169AB78} (MSEvents Object)
[01/09/2008, 17:14:34] - ALERT: Found MSEvents Object!
[01/09/2008, 17:14:34] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[01/09/2008, 17:14:34] - BHO 10: {cc35a157-177f-44fc-aa5e-2090d3171c43} ()
[01/09/2008, 17:14:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/09/2008, 17:14:34] - Checking for HKLM\...\Winlogon\Notify\omldkigv
[01/09/2008, 17:14:34] - Key not found: HKLM\...\Winlogon\Notify\omldkigv, continuing.
[01/09/2008, 17:14:34] - Finished Searching Browser Helper Objects
[01/09/2008, 17:14:34] - *** Detected MSEvents Object
[01/09/2008, 17:14:34] - Trying to remove MSEvents Object...
[01/09/2008, 17:14:35] - Terminating Process: IEXPLORE.EXE
[01/09/2008, 17:14:35] - Terminating Process: RUNDLL32.EXE
[01/09/2008, 17:14:35] - Disabling Automatic Shell Restart
[01/09/2008, 17:14:35] - Terminating Process: EXPLORER.EXE
[01/09/2008, 17:14:36] - Suspending the NT Session Manager System Service
[01/09/2008, 17:14:36] - Terminating Windows NT Logon/Logoff Manager
[01/09/2008, 17:14:36] - Re-enabling Automatic Shell Restart
[01/09/2008, 17:14:36] - File to disable: C:\WINDOWS\system32\iifcbby.dll
[01/09/2008, 17:14:36] - Renaming C:\WINDOWS\system32\iifcbby.dll -> C:\WINDOWS\system32\iifcbby.dll.vir
[01/09/2008, 17:14:36] - File successfully renamed!
[01/09/2008, 17:14:36] - Removing HKLM\...\Browser Helper Objects\{AEBF6926-DBA6-4100-A838-1CED0169AB78}
[01/09/2008, 17:14:36] - Removing HKCR\CLSID\{AEBF6926-DBA6-4100-A838-1CED0169AB78}
[01/09/2008, 17:14:36] - Adding Kill Bit for ActiveX for GUID: {AEBF6926-DBA6-4100-A838-1CED0169AB78}
[01/09/2008, 17:14:36] - Deleting ATLEvents/MSEvents Registry entries
[01/09/2008, 17:14:36] - Removing HKLM\...\Winlogon\Notify\iifcbby
[01/09/2008, 17:14:36] - Searching for Browser Helper Objects:
[01/09/2008, 17:14:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/09/2008, 17:14:36] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/09/2008, 17:14:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/09/2008, 17:14:36] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/09/2008, 17:14:36] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/09/2008, 17:14:36] - BHO 3: {5F42001E-529F-4E06-9229-A2AD6299A8A9} ()
[01/09/2008, 17:14:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/09/2008, 17:14:36] - Checking for HKLM\...\Winlogon\Notify\ssqpo
[01/09/2008, 17:14:36] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
[01/09/2008, 17:14:36] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/09/2008, 17:14:36] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/09/2008, 17:14:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/09/2008, 17:14:36] - No filename found. Continuing.
[01/09/2008, 17:14:36] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/09/2008, 17:14:36] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/09/2008, 17:14:36] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[01/09/2008, 17:14:36] - BHO 9: {cc35a157-177f-44fc-aa5e-2090d3171c43} ()
[01/09/2008, 17:14:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/09/2008, 17:14:36] - Checking for HKLM\...\Winlogon\Notify\omldkigv
[01/09/2008, 17:14:37] - Key not found: HKLM\...\Winlogon\Notify\omldkigv, continuing.
[01/09/2008, 17:14:37] - Finished Searching Browser Helper Objects
[01/09/2008, 17:14:37] - Finishing up...
[01/09/2008, 17:14:37] - A restart is needed.
[01/09/2008, 17:14:49] - Attempting to Restart via STOP error (Blue Screen!)


Ora vi posto anche il log di HijackThis.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.24.55, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5F42001E-529F-4E06-9229-A2AD6299A8A9} - C:\WINDOWS\system32\ssqpo.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {34c1713d-0902-e5aa-cf44-f771751a53cc} - {cc35a157-177f-44fc-aa5e-2090d3171c43} - C:\WINDOWS\system32\omldkigv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173370515477
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CDE34A8-0CA3-4A6F-89A4-570DE3BE65B2}: NameServer = 85.37.17.39 85.38.28.71
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6378 bytes

Aspetto vostre notizie, grazie in anticipo.

[vegeta]

cmq credo che sia tornato tutto a posto.
il pc ha riacquistato la velocità che aveva prima del virus.
cmq controllate i log, per avere una maggiore sicurezza.

ciao e grazie di tutto.

[bdoriano]

Ciao vegeta,

Ci sono ancora alcune voci da eliminare, segui le istruzioni di questo topic per postare il log di combofix.

[vegeta]

Ecco il log di combofix.


ComboFix 08-01-09.2 - Utente 2008-01-10 17.17.19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1089 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\blvbpync.dll
C:\WINDOWS\system32\cnypbvlb.ini
C:\WINDOWS\system32\copaosje.ini
C:\WINDOWS\system32\dbrowayd.dll
C:\WINDOWS\system32\dfyehoci.dll
C:\WINDOWS\system32\djtwxygk.ini
C:\WINDOWS\system32\dslrbepv.ini
C:\WINDOWS\system32\eagrrugw.dll
C:\WINDOWS\system32\ejsoapoc.dll
C:\WINDOWS\system32\etslxqid.exe
C:\WINDOWS\system32\fccywtu.dll
C:\WINDOWS\system32\fskbovcd.ini
C:\WINDOWS\system32\gaooutfa.dll
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\hrklsrsi.dll
C:\WINDOWS\system32\icqctesl.ini
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\iskrdhav.dll
C:\WINDOWS\system32\ithxjhyc.exe
C:\WINDOWS\system32\ixdldhwo.dll
C:\WINDOWS\system32\ixvjxrow.dll
C:\WINDOWS\system32\jcgoconv.ini
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jlibjexj.exe
C:\WINDOWS\system32\kbgqluoy.dll
C:\WINDOWS\system32\kgyxwtjd.dll
C:\WINDOWS\system32\kymbcivy.exe
C:\WINDOWS\system32\lkyrqgbe.ini
C:\WINDOWS\system32\lnqbdiib.exe
C:\WINDOWS\system32\lridgaim.dll
C:\WINDOWS\system32\lsetcqci.dll
C:\WINDOWS\system32\mbwahimm.exe
C:\WINDOWS\system32\mcpyvlrs.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\miagdirl.ini
C:\WINDOWS\system32\mstetqhd.exe
C:\WINDOWS\system32\nklidqnu.dll
C:\WINDOWS\system32\nlsjhokx.dll
C:\WINDOWS\system32\nyuvsmfm.ini
C:\WINDOWS\system32\ocfbvdpi.dll
C:\WINDOWS\system32\ochkxjwv.dll
C:\WINDOWS\system32\ohqqgrrj.dll
C:\WINDOWS\system32\okkfnguo.ini
C:\WINDOWS\system32\omldkigv.dll
C:\WINDOWS\system32\oocxlkqq.dll
C:\WINDOWS\system32\opqss.ini
C:\WINDOWS\system32\opqss.ini2
C:\WINDOWS\system32\ougnfkko.dll
C:\WINDOWS\system32\oymokbvj.ini
C:\WINDOWS\system32\pcxwnrxf.dll
C:\WINDOWS\system32\plsurbxm.dll
C:\WINDOWS\system32\ppjcxrrk.exe
C:\WINDOWS\system32\pwgarnrx.ini
C:\WINDOWS\system32\pysjgrku.ini
C:\WINDOWS\system32\qfonlsab.ini
C:\WINDOWS\system32\qfvjwdct.ini
C:\WINDOWS\system32\sorjiqwb.ini
C:\WINDOWS\system32\sutybijt.exe
C:\WINDOWS\system32\tujphhsu.dll
C:\WINDOWS\system32\ulwkuhvm.ini
C:\WINDOWS\system32\unqdilkn.ini
C:\WINDOWS\system32\vahdrksi.ini
C:\WINDOWS\system32\vcpgmbst.ini
C:\WINDOWS\system32\vvvnnoex.ini
C:\WINDOWS\system32\winjyp32.dll
C:\WINDOWS\system32\wxjgqfuw.ini
C:\WINDOWS\system32\xkohjsln.ini
C:\WINDOWS\system32\yifhfrxx.ini
C:\WINDOWS\system32\ypsdpxlq.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Creati Da 2007-12-10 al 2008-01-10 )))))))))))))))))))))))))))))))))))
.

2008-01-10 17:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 16:57 . 2008-01-09 16:57 <DIR> d-------- C:\VundoFix Backups
2008-01-08 23:59 . 2008-01-09 17:24 <DIR> d-------- C:\HiJackThis
2008-01-07 04:13 . 2008-01-07 04:13 75,840 --a------ C:\WINDOWS\system32\iqfwwhpj.dll
2008-01-01 21:08 . 2008-01-01 21:08 43,688 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-12-25 00:08 . 2007-12-25 00:08 20,992 --a------ C:\WINDOWS\r-k.exe
2007-12-24 16:31 . 2007-12-24 16:31 <DIR> d-------- C:\WINDOWS\Sun
2007-12-22 00:16 . 2007-12-24 17:30 <DIR> d-------- C:\Documents and Settings\Utente\.housecall6.6
2007-12-21 14:58 . 2007-12-21 15:19 <DIR> d-------- C:\Programmi\Deus Cleaner
2007-12-21 01:50 . 2003-03-19 06:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-12-19 15:17 . 2007-12-19 15:42 193 --a------ C:\WINDOWS\wininit.ini
2007-12-19 14:41 . 2007-12-19 14:43 1,754 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-19 14:39 . 2007-03-08 13:58 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2007-12-19 14:39 . 2007-03-08 13:58 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2007-12-19 14:39 . 2007-03-08 13:58 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2007-12-19 14:39 . 2007-03-08 13:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2007-12-19 14:39 . 2007-03-08 13:58 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2007-12-19 14:39 . 2007-03-08 13:58 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2007-12-19 14:39 . 2007-03-08 13:58 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2007-12-19 14:39 . 2007-03-08 13:58 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2007-12-19 02:22 . 2007-12-19 02:22 268 --ah----- C:\sqmdata08.sqm
2007-12-19 02:22 . 2007-12-19 02:22 244 --ah----- C:\sqmnoopt08.sqm
2007-12-13 15:01 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-13 15:01 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-13 15:01 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-13 15:00 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-13 15:00 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-13 15:00 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-13 15:00 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-13 15:00 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-12 17:28 . 2007-12-12 17:28 <DIR> d-------- C:\Programmi\BitTorrent
2007-12-12 17:28 . 2008-01-10 02:19 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\BitTorrent
2007-12-12 16:57 . 2007-12-12 16:57 37,376 --a------ C:\WINDOWS\system32\iifcbby.dll.vir
2007-12-10 01:09 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-12-10 01:09 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-12-10 01:09 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 01:20 --------- d-----w C:\Programmi\eMule
2008-01-08 15:05 --------- d-----w C:\Programmi\Sports Interactive
2008-01-04 16:42 --------- d-----w C:\Programmi\mIRC
2007-12-12 14:16 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Sports Interactive
2007-12-12 14:01 --------- d-----w C:\Programmi\Windows Live Safety Center
2007-12-07 03:10 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-07 03:02 --------- d-----w C:\Programmi\KONAMI
2007-12-03 04:41 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\dvdcss
2007-11-19 13:23 --------- d--h--w C:\Programmi\FX Uninstall Information
2007-11-18 13:02 --------- d--h--r C:\Documents and Settings\Utente\Dati applicazioni\SecuROM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F42001E-529F-4E06-9229-A2AD6299A8A9}]
C:\WINDOWS\system32\ssqpo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-30 21:00 15360]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 13:29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"DSLSTATEXE"="C:\Programmi\IPM\Adsl\DataWay\dslstat.exe" [2003-04-01 11:32 299008]
"DSLAGENTEXE"="dslagent.exe" [2003-04-01 10:53 16384 C:\WINDOWS\system32\dslagent.exe]
"ATIPTA"="atiptaxx.exe" [2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 14:39 110592 C:\WINDOWS\system32\bthprops.cpl]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-30 21:00 15360]

R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 10:49]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2004-07-08 15:58]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 15:24]
S3 agony;agony;C:\Documents and Settings\Utente\wininit.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 17:22:00
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-01-10 17:23:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-10 16:23:23
.
2008-01-09 17:49:23 --- E O F ---

[bdoriano]

Oserei dire che combofix ha dato una bella ripulita.

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[vegeta]

questo è il log di avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yjxceept

*******************

Script file located at: \??\C:\rfqmkdqc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Documents and Settings\Utente\wininit.sys not found!
Deletion of file C:\Documents and Settings\Utente\wininit.sys failed!

Could not process line:
C:\Documents and Settings\Utente\wininit.sys
Status: 0xc0000034



File C:\WINDOWS\system32\ssqpo.dll not found!
Deletion of file C:\WINDOWS\system32\ssqpo.dll failed!

Could not process line:
C:\WINDOWS\system32\ssqpo.dll
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5F42001E-529F-4E06-9229-A2AD6299A8A9} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[vegeta]

questo è il log di HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.13.11, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173370515477
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CDE34A8-0CA3-4A6F-89A4-570DE3BE65B2}: NameServer = 85.37.17.39 85.38.28.71
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6001 bytes

[bdoriano]

Il log di hijackthis sembra pulito.

• Fai una scansione online con Bitdefender.
  
• Fai una scansione online con Panda Active Scan.
  
• Fai una scansione online con Eset.
  
• Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
  Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

[vegeta]

questo è il link che mi è stato assegnato:

http://www.freefilehosting.net/download/3a904

[vegeta]

questo è il limk avuto dopo il secondo passaggio:

http://www.freefilehosting.net/download/3a90g

[bdoriano]

I logs di gmer sembrano a posto, fai le scansioni online che ti ho detto:

[vegeta]

Ciao ragazzi,scusate se non ho più risposto, ma siccome non riuscivo a fare le scansioni online che mi avevate detto, mi ero scocciato. Vi riscivo perchè naturalmente continuo a prendere spywere alla grande,quindi adesso, vi posto di nuovo una scansione con hiackthis, così vedete cosa c'è da fare. Vi ringrazio anticipatamente. ciao.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:36, on 2008-02-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: SXG Advisor - {76F30661-76C7-48CD-B18E-64F388AE030B} - C:\WINDOWS\dwrmntsdnq.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: edfqvrw - {D573EDD4-5DEA-4DF1-9D5A-329D6861EDC8} - C:\WINDOWS\edfqvrw.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173370515477
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CDE34A8-0CA3-4A6F-89A4-570DE3BE65B2}: NameServer = 85.37.17.39 85.38.28.71
O21 - SSODL: bfrgnos - {D5743781-DEA1-4D90-B7E6-6F1FF11B00AB} - C:\WINDOWS\bfrgnos.dll (file missing)
O21 - SSODL: afxlspw - {13A27F7F-12A7-4592-B74A-FF2CCD4D105F} - C:\WINDOWS\afxlspw.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6814 bytes

[bdoriano]

• Scarica VundoFix e VirtumundoBegone e salvali sul desktop.
  
• Avvia VundoFix
  Seleziona Scan for Vundo e a scansione terminata scegli Remove Vundo.
  Clicca Yes e alla richiesta di riavviare il Pc rispondi Ok.
  Al riavvio dovrebbe comparire il blocco-note con dentro il log, copia e posta sul forum il contenuto.
  
• Ora avvia in modalità provvisoria
  Avvia VirtumundoBeGone e segui le indicazioni a video.
  riavvia il Pc in modalità normale e posta il log.
  
• Segui le istruzioni di questo topic per postare il log di combofix.
  
• Fai anche un nuovo log di HijackThis e mettilo qui.

[vegeta]

Allora,ho fatto la scansione con vundofix,come prima cosa, non mi chiesto di riavviare il pc. Come seconda cosa non è apparso il blocco note. Dopo ho fatto lo stesso la scansione con VirtumundoBeGone e ora vi posto il log.




[02/11/2008, 1:55:01] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Utente\Desktop\VirtumundoBeGone.exe" )
[02/11/2008, 1:55:11] - Detected System Information:
[02/11/2008, 1:55:11] - Windows Version: 5.1.2600, Service Pack 2
[02/11/2008, 1:55:11] - Current Username: Utente (Admin)
[02/11/2008, 1:55:11] - Windows is in SAFE mode with Networking.
[02/11/2008, 1:55:11] - Searching for Browser Helper Objects:
[02/11/2008, 1:55:11] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/11/2008, 1:55:11] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/11/2008, 1:55:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/11/2008, 1:55:11] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/11/2008, 1:55:11] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/11/2008, 1:55:11] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/11/2008, 1:55:11] - BHO 4: {76F30661-76C7-48CD-B18E-64F388AE030B} (SXG Advisor)
[02/11/2008, 1:55:11] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/11/2008, 1:55:11] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/11/2008, 1:55:11] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[02/11/2008, 1:55:11] - Finished Searching Browser Helper Objects
[02/11/2008, 1:55:11] - Finishing up...
[02/11/2008, 1:55:11] - Nothing found! Exiting...

[vegeta]

ecco il log di combofix:



ComboFix 08-02.05.3 - Utente 2008-02-11 2:05:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1144 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\dat.txt
C:\WINDOWS\dwrmntsdnq.dll
C:\WINDOWS\edfqvrw.dll
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\iqfwwhpj.dll

----- BITS: Possible infected sites -----

hxxp://softworldnetwork.com
hxxp://onsafepro.com
.
((((((((((((((((((((((((( Files Creati Da 2008-01-11 al 2008-02-11 )))))))))))))))))))))))))))))))))))
.

2008-02-09 13:59 . 2008-02-09 13:59 <DIR> d-------- C:\Programmi\EsetOnlineScanner
2008-02-09 13:51 . 2008-02-09 13:51 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-09 13:51 . 2008-02-09 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-09 04:46 . 2008-02-09 04:46 <DIR> d-------- C:\VundoFix Backups
2008-02-09 02:38 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-09 02:38 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-09 02:38 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2008-02-09 02:38 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-09 02:38 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-09 02:38 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-09 02:38 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-08 15:25 . 2008-02-05 20:53 266,240 --a------ C:\WINDOWS\afxlspw.dll
2008-02-08 15:25 . 2008-02-05 20:53 94,208 --a------ C:\WINDOWS\frplprg.exe
2008-02-07 01:06 . 2008-02-07 01:06 <DIR> d-------- C:\WINDOWS\Progetto CDZ
2008-02-07 01:06 . 2008-02-07 14:08 <DIR> d-------- C:\Programmi\Progetto CDZ
2008-02-05 22:37 . 2008-02-05 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TERMINAL Studio
2008-02-05 22:37 . 2008-02-06 04:39 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-02-05 22:36 . 2008-02-06 04:40 <DIR> d-------- C:\Programmi\RiseofAtlantis_at
2008-02-04 17:35 . 2008-02-04 17:35 268 --ah----- C:\sqmdata09.sqm
2008-02-04 17:35 . 2008-02-04 17:35 244 --ah----- C:\sqmnoopt09.sqm
2008-01-28 23:46 . 2008-01-28 23:46 <DIR> d-------- C:\Programmi\WIDCOMM
2008-01-11 15:24 . 2008-02-09 14:36 <DIR> d-------- C:\HiJackThis
2008-01-11 15:24 . 2008-01-11 15:24 250 --a------ C:\WINDOWS\gmer.ini
2008-01-11 15:23 . 2008-01-11 16:09 <DIR> d-------- C:\Gmer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 15:19 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-02-06 02:56 --------- d-----w C:\Programmi\Google
2008-01-24 12:55 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-21 13:14 --------- d-----w C:\Programmi\MSN Messenger
2008-01-21 13:14 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-01-17 13:57 --------- d-----w C:\Programmi\eMule
2008-01-10 01:19 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\BitTorrent
2008-01-08 15:05 --------- d-----w C:\Programmi\Sports Interactive
2008-01-04 16:42 --------- d-----w C:\Programmi\mIRC
2007-12-21 14:19 --------- d-----w C:\Programmi\Deus Cleaner
2007-12-19 13:50 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2007-12-12 16:28 --------- d-----w C:\Programmi\BitTorrent
2007-12-12 14:16 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Sports Interactive
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-30 21:00 15360]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 13:29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"DSLSTATEXE"="C:\Programmi\IPM\Adsl\DataWay\dslstat.exe" [2003-04-01 11:32 299008]
"DSLAGENTEXE"="dslagent.exe" [2003-04-01 10:53 16384 C:\WINDOWS\system32\dslagent.exe]
"ATIPTA"="atiptaxx.exe" [2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 14:39 110592 C:\WINDOWS\system32\bthprops.cpl]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-30 21:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bfrgnos"= {D5743781-DEA1-4D90-B7E6-6F1FF11B00AB} - C:\WINDOWS\bfrgnos.dll [ ]
"afxlspw"= {13A27F7F-12A7-4592-B74A-FF2CCD4D105F} - C:\WINDOWS\afxlspw.dll [2008-02-05 20:53 266240]

R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 10:49]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2004-07-08 15:58]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 15:24]
S3 agony;agony;C:\Documents and Settings\Utente\wininit.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 02:09:08
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Programmi\WinRAR\rarext.dll
-> C:\PROGRA~1\DEUSCL~1\SDmodul.dll
.

[vegeta]

ecco il log di hijackthis:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:15, on 2008-02-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173370515477
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CDE34A8-0CA3-4A6F-89A4-570DE3BE65B2}: NameServer = 85.37.17.39 85.38.28.71
O21 - SSODL: bfrgnos - {D5743781-DEA1-4D90-B7E6-6F1FF11B00AB} - C:\WINDOWS\bfrgnos.dll (file missing)
O21 - SSODL: afxlspw - {13A27F7F-12A7-4592-B74A-FF2CCD4D105F} - C:\WINDOWS\afxlspw.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6460 bytes

[bdoriano]

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[vegeta]

gentilmente mi dete dove posso scaricare avenger gratuitamente?