Olimpo Informatico

[Maina]

Ciao a tutti!Ho bisogno del vostro aiuto..
Da tempo il mio pc s'impalla spesso,va lentissimo,alcuni programmi non partono all'avvio di windows (es. Myspace IM, lo status del mio modem etc.) quando navigo mi si aprono parecchie pagine pubblicitarie e finestre nelle quali mi esce un messaggio di errore con scritto:
"Microsoft Visual c++ Runtime Library

Buffer overrun detected

Program: c:\windows\explorer.exe

A buffer overrun has been detected wich has corrupted the programs internal state. The program cannot safely continue execution and must now terminated."

Per queste ragioni ho disinstallato Avast e ho scaricato e installato McAfee Security Center ma non ho riscontrato benefici. Questa mattina Spybot è riuscito a trovarmi file infetti da Win32 Agent.pz,da Virtumonde e da un altro virus di cui non ricordo il nome in quanto procedendo all'eliminazione degli stessi il programma mi si è bloccato e per ciò non riesco più ad aprirlo...
Cosa devo fare?
Vi ringrazio anticipatamente della risposta e ne approfitto per farvi i complimenti in merito al forum, davvero interessante!
Ciao,Maina.

[Sante62]

Ciao Maina e benvenuto..
Salva questo file sul desktop.
Avvia il pc in modalità provvisoria.
Esegui il programma appena scaricato.
Al termine, riavvia il pc in modalità normale e posta qui il log generato.
Per sicurezza guarda questa discussione
relativa a Combofix, e fai la scansione del PC postando il risultato come indicato. Allega anche un log di Hijackthis seguendo le istruzioni di questo topic

[Maina]

Allora,ieri ho scaricato sia VundoFix che VirtuMundo (come consigliato negli altri post) per cui ho già provveduto alla scansione.Adesso eseguo nuovamente VirtuMundo e posto il log.
Ti ringrazio della tua risposta (sempre tempestiva!) e del tuo sostegno...
Fra un paio di minuti ti inoltro il risultato di VirtuMundo!
A presto,Maina.

[Maina]

Sante69 ho seguito le tue direttive e adesso posto tutti i risultati qui:



Log di VirtuMundo:


[02/18/2008, 22:30:17] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\_\Documenti\VirtumundoBeGone.exe" )
[02/18/2008, 22:30:25] - Detected System Information:
[02/18/2008, 22:30:25] - Windows Version: 5.1.2600, Service Pack 2
[02/18/2008, 22:30:25] - Current Username: _ (Admin)
[02/18/2008, 22:30:25] - Windows is in NORMAL mode.
[02/18/2008, 22:30:25] - Searching for Browser Helper Objects:
[02/18/2008, 22:30:25] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/18/2008, 22:30:25] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[02/18/2008, 22:30:25] - BHO 3: {59F5E6FB-6873-4A13-ABEF-C2DA7344F18E} ()
[02/18/2008, 22:30:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:30:25] - No filename found. Continuing.
[02/18/2008, 22:30:25] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/18/2008, 22:30:25] - BHO 5: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[02/18/2008, 22:30:25] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/18/2008, 22:30:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:30:25] - No filename found. Continuing.
[02/18/2008, 22:30:25] - BHO 7: {828E8D1E-642A-4085-B140-474E5A8A6A53} ()
[02/18/2008, 22:30:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:30:25] - Checking for HKLM\...\Winlogon\Notify\ddccd
[02/18/2008, 22:30:25] - Key not found: HKLM\...\Winlogon\Notify\ddccd, continuing.
[02/18/2008, 22:30:25] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[02/18/2008, 22:30:25] - BHO 9: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} (Encarta Web Companion Oggetto helper)
[02/18/2008, 22:30:25] - BHO 10: {bd05f334-27a8-4ea9-b5f7-b7668cf4bbe5} ()
[02/18/2008, 22:30:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:30:25] - Checking for HKLM\...\Winlogon\Notify\jkpbbftd
[02/18/2008, 22:30:25] - Key not found: HKLM\...\Winlogon\Notify\jkpbbftd, continuing.
[02/18/2008, 22:30:25] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[02/18/2008, 22:30:25] - BHO 12: {F551DE09-B74A-49E9-B724-A28AB076A46A} ()
[02/18/2008, 22:30:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:30:25] - No filename found. Continuing.
[02/18/2008, 22:30:25] - Finished Searching Browser Helper Objects
[02/18/2008, 22:30:25] - Finishing up...
[02/18/2008, 22:30:25] - Nothing found! Exiting...

[02/18/2008, 22:31:07] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\_\Documenti\VirtumundoBeGone.exe" )
[02/18/2008, 22:31:10] - Detected System Information:
[02/18/2008, 22:31:10] - Windows Version: 5.1.2600, Service Pack 2
[02/18/2008, 22:31:10] - Current Username: _ (Admin)
[02/18/2008, 22:31:10] - Windows is in NORMAL mode.
[02/18/2008, 22:31:10] - Searching for Browser Helper Objects:
[02/18/2008, 22:31:10] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/18/2008, 22:31:10] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[02/18/2008, 22:31:10] - BHO 3: {59F5E6FB-6873-4A13-ABEF-C2DA7344F18E} ()
[02/18/2008, 22:31:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:31:10] - No filename found. Continuing.
[02/18/2008, 22:31:10] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/18/2008, 22:31:10] - BHO 5: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[02/18/2008, 22:31:10] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/18/2008, 22:31:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:31:10] - No filename found. Continuing.
[02/18/2008, 22:31:10] - BHO 7: {828E8D1E-642A-4085-B140-474E5A8A6A53} ()
[02/18/2008, 22:31:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:31:10] - Checking for HKLM\...\Winlogon\Notify\ddccd
[02/18/2008, 22:31:10] - Key not found: HKLM\...\Winlogon\Notify\ddccd, continuing.
[02/18/2008, 22:31:10] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[02/18/2008, 22:31:10] - BHO 9: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} (Encarta Web Companion Oggetto helper)
[02/18/2008, 22:31:10] - BHO 10: {bd05f334-27a8-4ea9-b5f7-b7668cf4bbe5} ()
[02/18/2008, 22:31:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:31:10] - Checking for HKLM\...\Winlogon\Notify\jkpbbftd
[02/18/2008, 22:31:10] - Key not found: HKLM\...\Winlogon\Notify\jkpbbftd, continuing.
[02/18/2008, 22:31:10] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[02/18/2008, 22:31:10] - BHO 12: {F551DE09-B74A-49E9-B724-A28AB076A46A} ()
[02/18/2008, 22:31:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:31:10] - No filename found. Continuing.
[02/18/2008, 22:31:10] - Finished Searching Browser Helper Objects
[02/18/2008, 22:31:10] - Finishing up...
[02/18/2008, 22:31:10] - Nothing found! Exiting...

[02/19/2008, 10:33:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\_\Documenti\VirtumundoBeGone.exe" )
[02/19/2008, 10:33:18] - Detected System Information:
[02/19/2008, 10:33:18] - Windows Version: 5.1.2600, Service Pack 2
[02/19/2008, 10:33:18] - Current Username: _ (Admin)
[02/19/2008, 10:33:18] - Windows is in NORMAL mode.
[02/19/2008, 10:33:18] - Searching for Browser Helper Objects:
[02/19/2008, 10:33:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/19/2008, 10:33:18] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[02/19/2008, 10:33:18] - BHO 3: {59F5E6FB-6873-4A13-ABEF-C2DA7344F18E} ()
[02/19/2008, 10:33:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 10:33:18] - No filename found. Continuing.
[02/19/2008, 10:33:18] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/19/2008, 10:33:18] - BHO 5: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[02/19/2008, 10:33:18] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/19/2008, 10:33:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 10:33:18] - No filename found. Continuing.
[02/19/2008, 10:33:18] - BHO 7: {828E8D1E-642A-4085-B140-474E5A8A6A53} ()
[02/19/2008, 10:33:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 10:33:18] - Checking for HKLM\...\Winlogon\Notify\ddccd
[02/19/2008, 10:33:18] - Key not found: HKLM\...\Winlogon\Notify\ddccd, continuing.
[02/19/2008, 10:33:18] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[02/19/2008, 10:33:18] - BHO 9: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} (Encarta Web Companion Oggetto helper)
[02/19/2008, 10:33:18] - BHO 10: {bd05f334-27a8-4ea9-b5f7-b7668cf4bbe5} ()
[02/19/2008, 10:33:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 10:33:18] - Checking for HKLM\...\Winlogon\Notify\jkpbbftd
[02/19/2008, 10:33:18] - Key not found: HKLM\...\Winlogon\Notify\jkpbbftd, continuing.
[02/19/2008, 10:33:18] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[02/19/2008, 10:33:18] - BHO 12: {F551DE09-B74A-49E9-B724-A28AB076A46A} ()
[02/19/2008, 10:33:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 10:33:19] - No filename found. Continuing.
[02/19/2008, 10:33:19] - Finished Searching Browser Helper Objects
[02/19/2008, 10:33:19] - Finishing up...
[02/19/2008, 10:33:19] - Nothing found! Exiting...





Log di Combofix:


ComboFix 08-02-19.2 - _ 2008-02-19 10.37.37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.79 [GMT 1:00]
Eseguito da: C:\Documents and Settings\_\Documenti\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\cdeeg.ini2
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\q1

.
((((((((((((((((((((((((( Files Creati Da 2008-01-19 al 2008-02-19 )))))))))))))))))))))))))))))))))))
.

2008-02-18 17:47 . 2008-02-18 19:12 <DIR> d-------- C:\VundoFix Backups
2008-02-16 23:52 . 2008-03-17 12:30 1,734 --ahs---- C:\WINDOWS\system32\ftxefvxl.ini
2008-02-16 20:02 . 2008-02-16 23:52 1,554 --ahs---- C:\WINDOWS\system32\avbvgwqq.ini
2008-02-16 17:18 . 2008-02-16 17:17 720,896 --a------ C:\WINDOWS\iun6002.exe
2008-02-16 17:17 . 2008-02-16 17:26 <DIR> d-------- C:\Programmi\X-Fusions Wallpaper
2008-02-16 11:10 . 2004-08-30 21:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-16 10:54 . 2008-02-16 10:54 <DIR> d-------- C:\Programmi\MSXML 4.0
2008-02-16 10:52 . 2008-02-16 11:21 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-15 22:32 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-02-15 22:32 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-02-15 22:32 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-02-15 22:32 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-02-15 22:32 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-02-15 21:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-15 21:46 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-15 21:46 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-15 21:41 . 2008-02-19 10:42 5,232 --a------ C:\WINDOWS\system32\Config.MPF
2008-02-15 21:36 . 2008-02-15 22:31 <DIR> d-------- C:\mcafee_mcpr
2008-02-15 21:36 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-02-15 21:33 . 2008-02-15 21:35 <DIR> d-------- C:\Programmi\McAfee.com
2008-02-15 21:32 . 2002-01-01 00:01 <DIR> d-------- C:\Programmi\McAfee
2008-02-15 21:32 . 2008-02-15 22:31 <DIR> d-------- C:\Programmi\File comuni\McAfee
2008-02-15 20:14 . 2008-02-15 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\McAfee
2008-02-15 19:54 . 2008-02-16 17:57 1,434 --ahs---- C:\WINDOWS\system32\fvfoxqnp.ini
2008-02-14 19:45 . 2008-02-15 19:50 834 --ahs---- C:\WINDOWS\system32\umaqvdav.ini
2008-02-14 10:18 . 2008-02-14 10:18 50,688 --a------ C:\Documents and Settings\_\957123845.exe
2008-02-14 10:18 . 2008-02-14 10:18 50,688 --a------ C:\Documents and Settings\_\957123844.exe
2008-02-14 10:18 . 2008-02-14 10:18 50,688 --a------ C:\Documents and Settings\_\289.exe
2008-02-13 20:49 . 2008-02-13 20:55 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 20:49 . 2008-02-15 20:25 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 20:49 . 2008-02-15 20:25 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 20:49 . 2008-02-15 20:25 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 16:00 . 2008-02-18 16:03 253 --a------ C:\WINDOWS\wininit.ini
2008-02-11 11:27 . 2003-03-15 22:15 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-02-11 11:24 . 2001-05-16 00:48 38,232 --a------ C:\WINDOWS\wmprfsky.prx
2008-02-11 11:24 . 2001-05-16 00:49 33,580 --a------ C:\WINDOWS\wmprfslv.prx
2008-02-11 11:24 . 2001-05-16 00:49 33,314 --a------ C:\WINDOWS\wmprfsve.prx
2008-02-11 11:24 . 2001-05-16 00:49 32,022 --a------ C:\WINDOWS\wmprftrk.prx
2008-02-11 11:20 . 2008-02-11 11:26 <DIR> d-------- C:\Programmi\Pinnacle
2008-02-11 11:20 . 2008-02-11 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
2008-02-11 11:19 . 2002-03-19 09:29 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
2008-02-02 13:15 . 2008-02-17 16:54 <DIR> d-------- C:\Programmi\Coolspot
2008-02-02 13:15 . 2008-02-02 13:15 <DIR> d-------- C:\Programmi\AntiDialer
2008-02-01 19:02 . 2008-02-01 19:02 268 --ah----- C:\sqmdata01.sqm
2008-02-01 19:02 . 2008-02-01 19:02 244 --ah----- C:\sqmnoopt01.sqm
2008-02-01 10:06 . 2008-02-01 10:06 268 --ah----- C:\sqmdata00.sqm
2008-02-01 10:06 . 2008-02-01 10:06 244 --ah----- C:\sqmnoopt00.sqm
2008-01-28 23:19 . 2002-01-01 00:02 <DIR> d-------- C:\Documents and Settings\_\Contacts
2008-01-28 19:40 . 2008-01-28 19:41 <DIR> d-------- C:\Programmi\Windows Live Toolbar
2008-01-28 19:40 . 2008-01-28 19:40 <DIR> d-------- C:\Programmi\Windows Live Favorites
2008-01-28 19:34 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-28 19:32 . 2008-01-28 19:32 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2008-01-26 12:46 . 2008-02-19 10:34 <DIR> dr-h----- C:\Documents and Settings\_\Recent
2008-01-25 16:56 . 2008-01-25 16:56 <DIR> d-------- C:\Documents and Settings\_\Dati applicazioni\Nokia Multimedia Player
2008-01-25 16:24 . 2008-01-25 16:24 <DIR> d-------- C:\D&ocuments and Settings
2008-01-25 13:25 . 2004-11-26 05:04 150,369 --a------ C:\WINDOWS\system32\drivers\gwausb.sys
2008-01-25 13:25 . 2004-11-26 05:04 37,376 --a------ C:\WINDOWS\system32\CoInst.dll
2008-01-25 13:25 . 2004-11-26 05:04 17,110 --------- C:\WINDOWS\wwdslcfg.ini
2008-01-25 13:24 . 2004-11-26 05:04 38,400 --a------ C:\WINDOWS\system32\GsiDi32.dll
2008-01-23 17:04 . 2008-01-23 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations
2008-01-23 12:39 . 2008-01-23 17:07 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-01-23 12:39 . 2008-01-23 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-01-22 23:23 . 2008-01-22 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MailFrontier
2008-01-22 23:23 . 2008-01-23 12:25 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-01-22 23:22 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-01-22 23:20 . 2008-01-23 12:31 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-22 23:17 . 2008-01-23 12:31 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-01-22 22:51 . 2008-01-22 22:51 <DIR> d-------- C:\Documents and Settings\_\Dati applicazioni\Skype
2008-01-22 22:40 . 2008-01-22 22:40 <DIR> d-------- C:\Documents and Settings\_\Dati applicazioni\Help
2008-01-22 16:59 . 2008-01-22 16:59 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-20 23:22 . 2008-01-20 23:22 166 --a------ C:\key.shm
2008-01-19 16:33 . 2005-05-23 07:27 137,884 -ra------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-01-19 16:33 . 2005-05-23 07:27 80,272 -ra------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-01-19 16:33 . 2005-05-23 07:27 11,877 -ra------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-01-19 16:33 . 2005-05-23 07:27 11,877 -ra------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-01-19 16:33 . 2005-05-23 07:27 11,188 -ra------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-01-19 16:33 . 2005-05-23 07:27 11,188 -ra------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-01-19 16:33 . 2005-05-23 07:27 10,864 -ra------ C:\WINDOWS\system32\drivers\sscdmdfl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 09:42 4,456,448 ---ha-w C:\Documents and Settings\_\NTUSER.DAT
2008-02-17 19:12 --------- d-----w C:\Programmi\eMule
2008-02-15 16:58 --------- d-----w C:\Documents and Settings\_\Dati applicazioni\Adobe
2008-02-11 14:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
2008-02-11 10:41 --------- d-----w C:\Documents and Settings\_\Dati applicazioni\ZipGenius
2008-02-11 10:23 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-09 10:56 --------- d-----w C:\Programmi\DVD Shrink
2008-02-01 11:23 --------- d-----w C:\Programmi\Lexmark 1200 Series
2008-01-29 11:55 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-01-29 11:55 --------- d-----w C:\Documents and Settings\_\Dati applicazioni\Nokia
2008-01-28 18:37 --------- d-----w C:\Programmi\Windows Live
2008-01-28 18:12 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-01-28 17:55 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-01-25 15:22 --------- d-----w C:\Documents and Settings\_\Dati applicazioni\PC Suite
2008-01-12 09:21 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-01-12 09:21 --------- d-----w C:\Documents and Settings\_\Dati applicazioni\AVG7
2008-01-11 11:48 --------- d-----w C:\Programmi\Alwil Software
2008-01-06 11:48 --------- d-----w C:\Documents and Settings\_\Dati applicazioni\Mozilla
2008-01-06 11:47 --------- d-----w C:\Programmi\SecondLife
2008-01-05 23:15 --------- d-----w C:\Documents and Settings\_\Dati applicazioni\SecondLife
2008-01-05 23:05 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-01-05 17:10 --------- d-----w C:\Programmi\SystemRequirementsLab
2008-01-05 12:17 2,585,872 ----a-w C:\Programmi\WindowsInstaller-KB893803-v2-x86.exe
2008-01-05 12:09 2,402,320 ----a-w C:\Programmi\WLinstaller.exe
2008-01-05 11:25 --------- d-----w C:\Programmi\CCleaner
2008-01-05 09:36 --------- d-----w C:\Programmi\MySpace
2008-01-05 09:36 --------- d-----w C:\Documents and Settings\_\Dati applicazioni\MySpace
2008-01-04 13:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-01-04 13:15 --------- d-----w C:\Programmi\DIFX
2008-01-04 13:14 --------- d-----w C:\Programmi\Nokia
2008-01-04 13:14 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-01-04 13:14 --------- d-----w C:\Programmi\File comuni\Nokia
2008-01-04 13:13 --------- d-----w C:\Programmi\PC Connectivity Solution
2008-01-02 13:27 --------- d-----w C:\Programmi\ABBYY FineReader 6.0
2008-01-02 13:27 --------- d-----w C:\Programmi\ABBYY FineReader 5.0 Sprint
2008-01-02 13:26 --------- d-----w C:\Programmi\FaxTools
2008-01-02 13:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
2008-01-02 09:25 --------- d-----w C:\Programmi\Java
2008-01-02 09:25 --------- d-----w C:\Documents and Settings\_\Dati applicazioni\Sun
2008-01-02 09:21 --------- d-----w C:\Programmi\File comuni\Java
2008-01-01 22:15 --------- d-----w C:\Programmi\Samsung
2007-12-30 22:07 --------- d-----w C:\Documents and Settings\_\Dati applicazioni\CyberLink
2007-12-30 11:05 --------- d-----w C:\Programmi\Sony Corporation
2007-12-30 11:05 --------- d-----w C:\Programmi\PIXELA
2007-12-28 16:31 --------- d-----w C:\Programmi\File comuni\Adobe
2007-12-28 13:03 --------- d-----w C:\Documents and Settings\_\Dati applicazioni\Macromedia
2007-12-28 09:26 --------- d-----w C:\Programmi\Intel
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 16,384 2004-11-26 04:05:01 C:\Program Files\D-Link\DSL-200\bak\dslagent.exe

----a-w 356,352 2004-11-26 04:05:02 C:\Program Files\D-Link\DSL-200\bak\dslstat.exe

----a-w 132,496 2007-09-25 00:11:35 C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe

----a-w 57,344 2006-03-16 07:20:30 C:\Programmi\Lexmark 1200 Series\bak\lxczbmgr.exe

----a-w 301,776 2005-06-04 16:06:28 C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\bak\EDICT.EXE

----a-w 8,720,384 2007-12-19 01:47:24 C:\Programmi\MySpace\IM\bak\MySpaceIM.exe

----a-w 695,808 2007-12-10 09:12:22 C:\Programmi\Nokia\Nokia PC Suite 6\bak\PCSuite.exe

----a-w 1,460,560 2007-08-31 15:46:28 C:\Programmi\Spybot - Search & Destroy\bak\TeaTimer.exe

----a-w 5,724,184 2007-10-18 10:34:14 C:\Programmi\Windows Live\Messenger\bak\MsnMsgr.Exe
----a-w 5,724,184 2007-10-18 10:34:14 C:\Programmi\Windows Live\Messenger\msnmsgr.exe

----a-w 15,360 2004-08-30 20:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-30 20:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59F5E6FB-6873-4A13-ABEF-C2DA7344F18E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{828E8D1E-642A-4085-B140-474E5A8A6A53}]
C:\WINDOWS\system32\ddccd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd05f334-27a8-4ea9-b5f7-b7668cf4bbe5}]
C:\WINDOWS\system32\jkpbbftd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F551DE09-B74A-49E9-B724-A28AB076A46A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-30 21:00 15360]
"E06IXLRD_2650562"="C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.exe" [ ]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\bak\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"PC Suite Tray"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [ ]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-07-12 16:33 1581056 C:\WINDOWS\mixer.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 12:34 406016]
"b09daf23"="C:\WINDOWS\system32\skmneokk.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-30 21:00 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Image Transfer.lnk - C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe [2007-12-30 12:05:27 73728]

S3 AtmElan;LAN ATM emulata;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-30 21:00]
S3 AtmLane;Emulazione LAN ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-30 21:00]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-16 23:00:07 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-04 08:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-14 09:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-18 10:00:05 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-18 11:00:01 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-18 12:00:03 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-18 13:00:02 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-18 14:00:04 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-18 15:00:01 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-18 16:00:03 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-18 17:00:11 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-09 00:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-18 18:00:02 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-18 19:00:01 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-18 20:00:01 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-18 21:00:01 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-18 22:00:01 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-04 01:00:01 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-04 02:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-04 03:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-05 04:00:04 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-05 05:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-04 06:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-04 07:00:01 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\HO2Bv7Kb.exe
"2008-02-15 20:35:35 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-15 20:35:32 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-02-18 21:56:03 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 10:44:41
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FILECO~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FILECO~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
.
**************************************************************************
.
Ora fine scansione: 2008-02-19 10:50:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-19 09:50:02
.
2008-02-18 09:43:08 --- E O F ---





Log di Hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.53.10, on 19/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FILECO~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FILECO~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\bak\MsnMsgr.Exe
C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\_\Documenti\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59F5E6FB-6873-4A13-ABEF-C2DA7344F18E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {828E8D1E-642A-4085-B140-474E5A8A6A53} - C:\WINDOWS\system32\ddccd.dll (file missing)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: {5ebb4fc8-667b-7f5b-9ae4-8a72433f50db} - {bd05f334-27a8-4ea9-b5f7-b7668cf4bbe5} - C:\WINDOWS\system32\jkpbbftd.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F551DE09-B74A-49E9-B724-A28AB076A46A} - (no file)
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [b09daf23] rundll32.exe "C:\WINDOWS\system32\skmneokk.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06IXLRD_2650562] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\bak\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199535021078
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/it/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FILECO~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FILECO~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FILECO~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmi\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8882 bytes






Ascolta,quando accendo il pc e si avvia Windows mi esce una finestra con scritto:

RUNDLL

Errore durante il caricamento di C:\WINDOWS\System32\skmneokk.dll

Impossibile trovare il modulo specificato.


Che significa?Che questo file non esiste più?

Aspetto tue notizie...

Buona giornata Sante!!!E...

[Sante62]

Sarebbe interessante conoscere il log "vecchio" di Virtumundo e Vundofix se ne sei ancora in possesso, perchè ovviamente al secondo giro non ha trovato nulla.

[Maina]

Eccomi qua!
Adesso inserisco il log di VirtuMundo relativo alla scansione che ho fatto ieri prima che tu mi indicassi la procedura che dovevo seguire (quello di VirtuFix purtroppo non sono riuscita a salvarlo!)

Eccolo:


[02/18/2008, 22:30:17] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\_\Documenti\VirtumundoBeGone.exe" )
[02/18/2008, 22:30:25] - Detected System Information:
[02/18/2008, 22:30:25] - Windows Version: 5.1.2600, Service Pack 2
[02/18/2008, 22:30:25] - Current Username: _ (Admin)
[02/18/2008, 22:30:25] - Windows is in NORMAL mode.
[02/18/2008, 22:30:25] - Searching for Browser Helper Objects:
[02/18/2008, 22:30:25] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/18/2008, 22:30:25] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[02/18/2008, 22:30:25] - BHO 3: {59F5E6FB-6873-4A13-ABEF-C2DA7344F18E} ()
[02/18/2008, 22:30:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:30:25] - No filename found. Continuing.
[02/18/2008, 22:30:25] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/18/2008, 22:30:25] - BHO 5: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[02/18/2008, 22:30:25] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/18/2008, 22:30:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:30:25] - No filename found. Continuing.
[02/18/2008, 22:30:25] - BHO 7: {828E8D1E-642A-4085-B140-474E5A8A6A53} ()
[02/18/2008, 22:30:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:30:25] - Checking for HKLM\...\Winlogon\Notify\ddccd
[02/18/2008, 22:30:25] - Key not found: HKLM\...\Winlogon\Notify\ddccd, continuing.
[02/18/2008, 22:30:25] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[02/18/2008, 22:30:25] - BHO 9: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} (Encarta Web Companion Oggetto helper)
[02/18/2008, 22:30:25] - BHO 10: {bd05f334-27a8-4ea9-b5f7-b7668cf4bbe5} ()
[02/18/2008, 22:30:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:30:25] - Checking for HKLM\...\Winlogon\Notify\jkpbbftd
[02/18/2008, 22:30:25] - Key not found: HKLM\...\Winlogon\Notify\jkpbbftd, continuing.
[02/18/2008, 22:30:25] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[02/18/2008, 22:30:25] - BHO 12: {F551DE09-B74A-49E9-B724-A28AB076A46A} ()
[02/18/2008, 22:30:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:30:25] - No filename found. Continuing.
[02/18/2008, 22:30:25] - Finished Searching Browser Helper Objects
[02/18/2008, 22:30:25] - Finishing up...
[02/18/2008, 22:30:25] - Nothing found! Exiting...

[02/18/2008, 22:31:07] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\_\Documenti\VirtumundoBeGone.exe" )
[02/18/2008, 22:31:10] - Detected System Information:
[02/18/2008, 22:31:10] - Windows Version: 5.1.2600, Service Pack 2
[02/18/2008, 22:31:10] - Current Username: _ (Admin)
[02/18/2008, 22:31:10] - Windows is in NORMAL mode.
[02/18/2008, 22:31:10] - Searching for Browser Helper Objects:
[02/18/2008, 22:31:10] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/18/2008, 22:31:10] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[02/18/2008, 22:31:10] - BHO 3: {59F5E6FB-6873-4A13-ABEF-C2DA7344F18E} ()
[02/18/2008, 22:31:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:31:10] - No filename found. Continuing.
[02/18/2008, 22:31:10] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/18/2008, 22:31:10] - BHO 5: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[02/18/2008, 22:31:10] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/18/2008, 22:31:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:31:10] - No filename found. Continuing.
[02/18/2008, 22:31:10] - BHO 7: {828E8D1E-642A-4085-B140-474E5A8A6A53} ()
[02/18/2008, 22:31:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:31:10] - Checking for HKLM\...\Winlogon\Notify\ddccd
[02/18/2008, 22:31:10] - Key not found: HKLM\...\Winlogon\Notify\ddccd, continuing.
[02/18/2008, 22:31:10] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[02/18/2008, 22:31:10] - BHO 9: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} (Encarta Web Companion Oggetto helper)
[02/18/2008, 22:31:10] - BHO 10: {bd05f334-27a8-4ea9-b5f7-b7668cf4bbe5} ()
[02/18/2008, 22:31:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:31:10] - Checking for HKLM\...\Winlogon\Notify\jkpbbftd
[02/18/2008, 22:31:10] - Key not found: HKLM\...\Winlogon\Notify\jkpbbftd, continuing.
[02/18/2008, 22:31:10] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[02/18/2008, 22:31:10] - BHO 12: {F551DE09-B74A-49E9-B724-A28AB076A46A} ()
[02/18/2008, 22:31:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2008, 22:31:10] - No filename found. Continuing.
[02/18/2008, 22:31:10] - Finished Searching Browser Helper Objects
[02/18/2008, 22:31:10] - Finishing up...
[02/18/2008, 22:31:10] - Nothing found! Exiting...

[02/19/2008, 10:33:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\_\Documenti\VirtumundoBeGone.exe" )
[02/19/2008, 10:33:18] - Detected System Information:
[02/19/2008, 10:33:18] - Windows Version: 5.1.2600, Service Pack 2
[02/19/2008, 10:33:18] - Current Username: _ (Admin)
[02/19/2008, 10:33:18] - Windows is in NORMAL mode.
[02/19/2008, 10:33:18] - Searching for Browser Helper Objects:
[02/19/2008, 10:33:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/19/2008, 10:33:18] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[02/19/2008, 10:33:18] - BHO 3: {59F5E6FB-6873-4A13-ABEF-C2DA7344F18E} ()
[02/19/2008, 10:33:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 10:33:18] - No filename found. Continuing.
[02/19/2008, 10:33:18] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/19/2008, 10:33:18] - BHO 5: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[02/19/2008, 10:33:18] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/19/2008, 10:33:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 10:33:18] - No filename found. Continuing.
[02/19/2008, 10:33:18] - BHO 7: {828E8D1E-642A-4085-B140-474E5A8A6A53} ()
[02/19/2008, 10:33:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 10:33:18] - Checking for HKLM\...\Winlogon\Notify\ddccd
[02/19/2008, 10:33:18] - Key not found: HKLM\...\Winlogon\Notify\ddccd, continuing.
[02/19/2008, 10:33:18] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[02/19/2008, 10:33:18] - BHO 9: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} (Encarta Web Companion Oggetto helper)
[02/19/2008, 10:33:18] - BHO 10: {bd05f334-27a8-4ea9-b5f7-b7668cf4bbe5} ()
[02/19/2008, 10:33:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 10:33:18] - Checking for HKLM\...\Winlogon\Notify\jkpbbftd
[02/19/2008, 10:33:18] - Key not found: HKLM\...\Winlogon\Notify\jkpbbftd, continuing.
[02/19/2008, 10:33:18] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[02/19/2008, 10:33:18] - BHO 12: {F551DE09-B74A-49E9-B724-A28AB076A46A} ()
[02/19/2008, 10:33:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/19/2008, 10:33:19] - No filename found. Continuing.
[02/19/2008, 10:33:19] - Finished Searching Browser Helper Objects
[02/19/2008, 10:33:19] - Finishing up...
[02/19/2008, 10:33:19] - Nothing found! Exiting...





Adesso invece ti riporto di seguito il log di Avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jihglfrj

*******************

Script file located at: \??\C:\Documents and Settings\ipdavttq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\ftxefvxl.ini deleted successfully.
File C:\WINDOWS\system32\avbvgwqq.ini deleted successfully.
File C:\Documents and Settings\_\957123845.exe deleted successfully.
File C:\Documents and Settings\_\957123844.exe deleted successfully.
File C:\Documents and Settings\_\289.exe deleted successfully.


File C:\WINDOWS\system32\jkpbbftd.dll not found!
Deletion of file C:\WINDOWS\system32\jkpbbftd.dll failed!

Could not process line:
C:\WINDOWS\system32\jkpbbftd.dll
Status: 0xc0000034

File C:\WINDOWS\Tasks\At1.job deleted successfully.
File C:\WINDOWS\Tasks\At10.job deleted successfully.
File C:\WINDOWS\Tasks\At11.job deleted successfully.
File C:\WINDOWS\Tasks\At12.job deleted successfully.
File C:\WINDOWS\Tasks\At13.job deleted successfully.
File C:\WINDOWS\Tasks\At14.job deleted successfully.
File C:\WINDOWS\Tasks\At15.job deleted successfully.
File C:\WINDOWS\Tasks\At16.job deleted successfully.
File C:\WINDOWS\Tasks\At17.job deleted successfully.
File C:\WINDOWS\Tasks\At18.job deleted successfully.
File C:\WINDOWS\Tasks\At19.job deleted successfully.
File C:\WINDOWS\Tasks\At2.job deleted successfully.
File C:\WINDOWS\Tasks\At20.job deleted successfully.
File C:\WINDOWS\Tasks\At21.job deleted successfully.
File C:\WINDOWS\Tasks\At22.job deleted successfully.
File C:\WINDOWS\Tasks\At23.job deleted successfully.
File C:\WINDOWS\Tasks\At24.job deleted successfully.
File C:\WINDOWS\Tasks\At3.job deleted successfully.
File C:\WINDOWS\Tasks\At4.job deleted successfully.
File C:\WINDOWS\Tasks\At5.job deleted successfully.
File C:\WINDOWS\Tasks\At6.job deleted successfully.
File C:\WINDOWS\Tasks\At7.job deleted successfully.
File C:\WINDOWS\Tasks\At8.job deleted successfully.
File C:\WINDOWS\Tasks\At9.job deleted successfully.


Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{828E8D1E-642A-4085-B140-474E5A8A6A53} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{828E8D1E-642A-4085-B140-474E5A8A6A53} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd05f334-27a8-4ea9-b5f7-b7668cf4bbe5} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd05f334-27a8-4ea9-b5f7-b7668cf4bbe5} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F551DE09-B74A-49E9-B724-A28AB076A46A} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F551DE09-B74A-49E9-B724-A28AB076A46A} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{828E8D1E-642A-4085-B140-474E5A8A6A53}] not found!
Deletion of registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{828E8D1E-642A-4085-B140-474E5A8A6A53}] failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


E,per ultimo,quello di Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.58.04, on 19/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FILECO~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\bak\MsnMsgr.Exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FILECO~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\_\Documenti\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06IXLRD_2650562] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\bak\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199535021078
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/it/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FILECO~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FILECO~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FILECO~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmi\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8444 bytes



Ho seguito scrupolosamente tutti i passaggi infatti,dopo ogni riavvio del pc,la finestra di cui ti parlavo prima,è scomparsa!
Non so come ringraziarti!!!Sei un genio!!!

Sante69!!!

[Sante62]

Bene, immagino che hai eseguito il passaggio di DelDomains indicato sopra;
se non l'hai ancora fatto eseguilo;
poi avvia nuovamente Hijackthis e fixa queste altre righe se presenti:

[Maina]

Sante, le righe di cui sopra non le ho fixate perché non erano presenti...
Adesso ti posto il log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.49.13, on 19/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FILECO~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\bak\MsnMsgr.Exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FILECO~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\FILECO~1\McAfee\EmProxy\emproxy.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MySpace\IM\bak\MySpaceIM.exe
C:\Programmi\MySpace\IM\bak\MySpaceIM.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCSVR.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\_\Documenti\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06IXLRD_2650562] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\bak\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MySpaceIM] C:\Programmi\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199535021078
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/it/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C126F591-1156-4774-9639-B7A2AA37EDB6}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FILECO~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FILECO~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FILECO~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmi\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8716 bytes



Ho seguito le istruzioni relative all'installazione di DelDomains (tasto dx mouse-Installa) ma non è successo nulla nel senso che non è partito alcun programma:è normale?

Adesso come consigliato posto il log di GMER nella pagina web che mi hai riportato nel tuo post.

Grazie ancora per la disponibilità!

Buonanotte Sante!

[Maina]

...questo è l'url relativo all'upload del primo log di GMER (Autostart:

[URL="http://www.freefilehosting.net/files/3c9f9"]autostart18.txt[/URL]

mentre il link del log Rootkit è questo:

[URL="http://www.freefilehosting.net/files/3c9fc"]root3.txt[/URL]

Un'ultima cosa: ho ritrovato il log di VundoFix relativo alla scansione che ho eseguito ieriprima di provvedere alle tue indicazioni. E' il seguente:


VundoFix V6.7.8

Checking Java version...

Sun Java not detected
Scan started at 17.47.20 18/02/2008

Listing files found while scanning....

C:\WINDOWS\system32\etfhsmfp.dll
C:\WINDOWS\system32\fqtgoxhj.dll
C:\WINDOWS\system32\jkpbbftd.dll
C:\WINDOWS\system32\kkoenmks.ini
C:\WINDOWS\system32\ljlvqryx.dll
C:\WINDOWS\system32\qxuhculu.dll
C:\WINDOWS\system32\skmneokk.dll
C:\WINDOWS\system32\tjfknqri.dll
C:\WINDOWS\system32\tlfnjril.dll
C:\WINDOWS\system32\xyrqvljl.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\etfhsmfp.dll
C:\WINDOWS\system32\etfhsmfp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fqtgoxhj.dll
C:\WINDOWS\system32\fqtgoxhj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkpbbftd.dll
C:\WINDOWS\system32\jkpbbftd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kkoenmks.ini
C:\WINDOWS\system32\kkoenmks.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljlvqryx.dll
C:\WINDOWS\system32\ljlvqryx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qxuhculu.dll
C:\WINDOWS\system32\qxuhculu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\skmneokk.dll
C:\WINDOWS\system32\skmneokk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\tjfknqri.dll
C:\WINDOWS\system32\tjfknqri.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tlfnjril.dll
C:\WINDOWS\system32\tlfnjril.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xyrqvljl.ini
C:\WINDOWS\system32\xyrqvljl.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\skmneokk.dll
C:\WINDOWS\system32\skmneokk.dll Has been deleted!

Performing Repairs to the registry.
Done!



Con questo è tutto.
ArriBuonanotte Sante!

[Sante62]

[Maina]

Sante, questo è il link relativo al report della scansione on-line fatta con Kaspersky:

report4.html

come vedi dalla scansione sono risultati 6 virus e ben 25 oggetti infetti.

Adesso cosa devo fare per eliminarli?

[Sante62]

Allora, disattiva il ripristino di sistema, così cancellerai le chiavi di ripristino infette;

scarica The Avenger
Scompattalo in una sua cartella in c:\
Avvialo
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[Maina]

Ciao Sante!Allora,ho eseguito Avenger,Hijackthis e Ccleaner (avendo disattivato prima il ripristino di sistema)
Questi sono i log:

Avenger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gpggcgbg

*******************

Script file located at: \??\C:\Program Files\lgxvsjwj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\_\Documenti\Maina\ADCFreeInstaller_it.exe deleted successfully.
File C:\Programmi\eMule\Incoming\java gioco della scopa peerbox.exe deleted successfully.
File C:\VundoFix Backups\etfhsmfp.dll.bad deleted successfully.
File C:\VundoFix Backups\fqtgoxhj.dll.bad deleted successfully.
File C:\VundoFix Backups\jkpbbftd.dll.bad deleted successfully.
File C:\VundoFix Backups\ljlvqryx.dll.bad deleted successfully.
File C:\VundoFix Backups\qxuhculu.dll.bad deleted successfully.
File C:\VundoFix Backups\skmneokk.dll.bad deleted successfully.
File C:\VundoFix Backups\tjfknqri.dll.bad deleted successfully.
File C:\VundoFix Backups\tlfnjril.dll.bad deleted successfully.


Error: C:\VundoFix Backups is a folder, not a file!
Deletion of file C:\VundoFix Backups failed!

Could not process line:
C:\VundoFix Backups
Status: 0xc00000ba


Completed script processing.

*******************

Finished! Terminate.


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.18.53, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FILECO~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\PROGRA~1\FILECO~1\mcafee\redirsvc\redirsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\bak\MsnMsgr.Exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programmi\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
C:\Programmi\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCSVR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\_\Documenti\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06IXLRD_2650562] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\bak\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MySpaceIM] C:\Programmi\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199535021078
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/it/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C126F591-1156-4774-9639-B7A2AA37EDB6}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FILECO~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FILECO~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FILECO~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmi\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9267 bytes



Con questa procedura quindi non dovrei ritrovarmi più i virus o gli oggetti infetti,noo?

[Sante62]

[Maina]

Seguirò il tuo consiglio..
Ascolta, ma l'antivirus McAffe secondo te è ottimo oppure dovrei scaricare qualche altro antivirus (free)?

[Sante62]

McAfee è un buon antivirus quindi lo puoi tenere;
resta sempre il fatto che ci vuole accortezza...

[Maina]

Ok Sante!Ne approfitto per ringraziarti per il supporto e per la disponibilità impiegata per aiutarmi:senza di te non avrei saputo proprio come fare! Infinite grazie!



Buonanotte!!!

[Sante62]