Olimpo Informatico

[seby.panto]

ciao a tutti sono nuovo del forum....complimenti a chi lo ha realizzato...

Il mio problema è proprio lui virtumonde

posto il log di hijack, qualcuno è disposto ad aiutare un povero ignorante???????
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.45.40, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\ACD Systems\EN\DevDetect.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\Programmi\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [64431337] rundll32.exe "C:\WINDOWS\system32\jqsdfysb.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S9F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [prov] prov.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202032584000
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{702AA6D0-26F4-4F74-BCB9-1F6CDF1CC6E0}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8790 bytes

[Sante62]

Ciao seby.panto e benvenuto...

Scarica Vundofix sul desktop
- Esegui VundoFix.exe
- Clicca Scan for Vundo.
- al termine della scansione, clicca Remove Vundo.
- ti chiede se vuoi eliminare i files infetti, clicca YES
- il tuo video diventerà nero durante la rimozione di Vundo.
- al termine ti chiederà di riavviare il pc, clicca OK.
- Copia qui il contenuto del log C:\vundofix.txt.

Nota: VundoFix potrebbe non riuscire ad eliminare qualche file. In questo caso, VundoFix si avvierà automaticamente al riavvio del pc, ripeti le operazioni indicate sopra partendo da "Clicca Scan for Vundo" quando VundoFix apparirà al riavvio.

Salva questo file sul desktop.
avvia il PC in modalità provvisoria

Esegui il programma appena scaricato.
Al termine, riavvia il pc in modalità normale e posta qui il log generato;

Scarica Combofix
e fai la scansione del PC postando il risultato come indicato, insieme ad un nuovo log di Hijackthis...

[seby.panto]

ciao sante ecco il log di combofix...sembra abbia svolto bene il sio lavoro...



ComboFix 08-03-10.1 - Seby 2008-03-13 14:27:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1556 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Seby\Desktop\virtumonde fix\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\afpepxwv.dll
C:\WINDOWS\system32\awanvvsc.dll
C:\WINDOWS\system32\awtrsqq.dll
C:\WINDOWS\system32\ayeygkww.ini
C:\WINDOWS\system32\crsqubxn.dll
C:\WINDOWS\system32\ddcdbby.dll
C:\WINDOWS\system32\dmvsfyxa.dll
C:\WINDOWS\system32\dqmfegng.dll
C:\WINDOWS\system32\efcaaaw.dll
C:\WINDOWS\system32\fccaxvw.dll
C:\WINDOWS\system32\gebbccb.dll
C:\WINDOWS\system32\hgkqmjfo.dll
C:\WINDOWS\system32\ijpkmrgd.dll
C:\WINDOWS\system32\ljjkhed.dll
C:\WINDOWS\system32\oakxldkc.dll
C:\WINDOWS\system32\pvlmusxq.dll
C:\WINDOWS\system32\rqrrool.dll
C:\WINDOWS\system32\rtdbyhmu.dll
C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\tuvwwww.dll
C:\WINDOWS\system32\vduqrunf.dll
C:\WINDOWS\system32\vlwpxqoo.dll
C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\wvutuuv.dll
C:\WINDOWS\system32\wwkgyeya.dll
C:\WINDOWS\system32\xlgiwmnn.dll
C:\WINDOWS\system32\yayvuur.dll
C:\WINDOWS\system32\yaywuvt.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-02-13 al 2008-03-13 )))))))))))))))))))))))))))))))))))
.

2008-03-12 17:07 . 2008-03-12 17:07 <DIR> d-------- C:\VundoFix Backups
2008-03-12 14:41 . 2008-03-12 14:41 <DIR> d-------- C:\Programmi\Trend Micro
2008-03-12 13:04 . 2008-03-13 13:43 1,321,586 ---hs---- C:\WINDOWS\system32\bsyfdsqj.ini
2008-03-12 11:38 . 2008-02-02 21:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-03-12 11:38 . 2008-02-02 21:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-03-12 11:38 . 2008-02-02 21:06 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-03-12 11:38 . 2008-02-02 20:10 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-03-12 11:38 . 2008-02-02 21:06 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-03-12 11:38 . 2008-03-13 14:29 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-03-12 11:38 . 2008-02-02 21:06 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-03-12 11:38 . 2008-02-02 21:06 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-03-12 11:30 . 2008-03-12 11:30 4,608 --a------ C:\aegjtn.exe
2008-03-12 10:14 . 2008-03-12 12:59 1,323,984 ---hs---- C:\WINDOWS\system32\etplfphi.ini
2008-03-11 17:08 . 2008-03-11 17:08 <DIR> d--hs---- C:\found.000
2008-03-11 16:31 . 2008-03-12 10:11 1,319,707 ---hs---- C:\WINDOWS\system32\wjetoxfn.ini
2008-03-11 09:18 . 2008-03-11 16:28 1,318,807 ---hs---- C:\WINDOWS\system32\suqtwtjp.ini
2008-03-10 20:24 . 2008-03-11 09:15 1,318,643 ---hs---- C:\WINDOWS\system32\mbsgdrrw.ini
2008-03-10 16:22 . 2008-03-10 16:22 <DIR> d-------- C:\Programmi\IKEA HomePlanner
2008-03-10 16:22 . 2008-03-10 16:22 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-03-10 15:25 . 2008-03-10 15:25 93 --a------ C:\WINDOWS\wininit.ini
2008-03-10 14:51 . 2008-03-10 14:51 <DIR> d-------- C:\WINDOWS\Sun
2008-03-10 08:55 . 2008-03-10 20:18 1,318,403 ---hs---- C:\WINDOWS\system32\updvcdrh.ini
2008-03-09 22:14 . 2008-03-09 22:14 <DIR> d-------- C:\Intel
2008-03-09 22:13 . 2008-03-09 22:13 <DIR> dr------- C:\WINDOWS\AsDmiHtm
2008-03-09 22:12 . 2008-03-09 22:12 15,520 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-03-09 22:11 . 2006-10-12 04:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-03-08 13:05 . 2008-03-08 13:05 32 --a------ C:\WINDOWS\CD_Start.INI
2008-03-07 17:37 . 2005-05-23 07:27 137,884 -ra------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-03-07 17:37 . 2005-05-23 07:27 11,877 -ra------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-03-07 17:37 . 2005-05-23 07:27 11,877 -ra------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-03-07 17:37 . 2005-05-23 07:27 10,864 -ra------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-03-07 17:36 . 2005-05-23 07:27 80,272 -ra------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-03-07 17:36 . 2005-05-23 07:27 11,188 -ra------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-03-07 17:36 . 2005-05-23 07:27 11,188 -ra------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-03-07 17:33 . 2008-03-07 17:33 <DIR> d-------- C:\Programmi\Samsung
2008-03-07 17:33 . 2008-03-07 17:33 <DIR> d-------- C:\Hermes
2008-02-23 19:54 . 2008-02-23 19:54 <DIR> d-------- C:\Documents and Settings\Seby\Dati applicazioni\dvdcss
2008-02-23 19:13 . 2008-02-23 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Creative
2008-02-23 18:47 . 2008-02-23 19:15 <DIR> d-------- C:\Documents and Settings\Seby\Dati applicazioni\Creative
2008-02-23 18:45 . 2000-05-22 09:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx
2008-02-23 18:44 . 2008-02-23 19:05 <DIR> d-------- C:\WINDOWS\CtDrvInstall
2008-02-23 18:43 . 2008-02-23 18:44 <DIR> d-------- C:\Programmi\SightSpeed
2008-02-23 18:40 . 2008-02-23 19:04 <DIR> d-------- C:\Programmi\Creative
2008-02-22 15:20 . 2008-02-26 22:54 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-02-22 15:20 . 2008-02-23 14:42 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-02-21 14:00 . 2008-02-21 14:00 <DIR> d-------- C:\Documents and Settings\Seby\Dati applicazioni\Leadertech
2008-02-21 12:33 . 2008-02-21 12:33 <DIR> d-------- C:\Programmi\File comuni\EPSON
2008-02-21 12:33 . 2001-08-23 01:04 139,264 --a------ C:\WINDOWS\system32\EBAPI2.dll
2008-02-21 12:26 . 2008-03-11 18:01 13,758 --a------ C:\WINDOWS\EPISMI00.SWB
2008-02-18 14:39 . 2008-02-25 09:56 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-18 14:39 . 2008-02-18 15:38 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-18 14:39 . 2008-02-25 09:56 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-18 14:02 . 2008-02-18 14:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-18 13:55 . 2008-02-18 13:55 <DIR> d-------- C:\Programmi\Electronic Arts
2008-02-17 23:19 . 2008-02-17 23:19 268 --ah----- C:\sqmdata00.sqm
2008-02-17 23:19 . 2008-02-17 23:19 244 --ah----- C:\sqmnoopt00.sqm
2008-02-13 14:27 . 2008-02-13 14:27 <DIR> d-------- C:\Programmi\SEGA
2008-02-13 14:26 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-02-13 14:26 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-02-13 14:26 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-02-13 14:26 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-02-13 14:26 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-02-13 14:26 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-02-13 14:26 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 20:05 --------- d-----w C:\Programmi\eMule
2008-03-10 12:32 --------- d-----w C:\Documents and Settings\Seby\Dati applicazioni\Azureus
2008-03-09 20:51 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-03-08 12:11 --------- d-----w C:\Programmi\Azureus
2008-03-08 12:10 --------- d-----w C:\Programmi\File comuni\Nero
2008-03-08 12:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-02-26 21:56 --------- d-----w C:\Programmi\File comuni\Adobe
2008-02-24 10:24 --------- d-----w C:\Programmi\ESET
2008-02-23 18:18 84,856 ----a-w C:\WINDOWS\system32\drivers\cmdGuard.sys
2008-02-23 18:18 23,800 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-02-23 18:18 139,008 ----a-w C:\WINDOWS\system32\guard32.dll.vir
2008-02-23 11:20 34,816 ----a-w C:\WINDOWS\system32\WinUpdating.exe
2008-02-19 22:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-02-13 13:35 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-11 12:03 --------- d-----w C:\Programmi\epson
2008-02-11 09:57 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-02-11 09:35 --------- d-----w C:\Programmi\File comuni\DirectX
2008-02-11 09:12 --------- d-----w C:\Programmi\THQ
2008-02-09 14:05 --------- d-----w C:\Documents and Settings\Seby\Dati applicazioni\EPSON
2008-02-08 16:31 --------- d-----w C:\Programmi\Firefly Studios
2008-02-07 18:06 25,322 ----a-w C:\svcipa.exe
2008-02-05 17:05 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\EPSON
2008-02-05 17:03 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-02-05 17:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\UDL
2008-02-03 21:25 --------- d-----w C:\Programmi\RegCleaner
2008-02-03 21:22 --------- d-----w C:\Programmi\VideoLAN
2008-02-03 21:22 --------- d-----w C:\Documents and Settings\Seby\Dati applicazioni\vlc
2008-02-03 21:15 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-03 21:05 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-02-03 20:56 --------- d-----w C:\Programmi\CCleaner
2008-02-03 14:07 --------- d-----w C:\Programmi\Alcohol Soft
2008-02-03 13:29 --------- d-----w C:\Documents and Settings\Seby\Dati applicazioni\Nero
2008-02-03 13:28 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-03 13:27 --------- d-----w C:\Programmi\Nero
2008-02-03 13:16 --------- d-----w C:\Documents and Settings\Seby\Dati applicazioni\ACD Systems
2008-02-03 13:15 --------- d-----w C:\Programmi\File comuni\ACD Systems
2008-02-03 13:15 --------- d-----w C:\Programmi\ACD Systems
2008-02-03 13:15 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ACD Systems
2008-02-03 12:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-02-03 12:21 --------- d-----w C:\Programmi\MSBuild
2008-02-03 12:21 --------- d-----w C:\Programmi\Microsoft Works
2008-02-03 12:20 --------- d-----w C:\Programmi\Microsoft.NET
2008-02-03 12:18 --------- d-----w C:\Programmi\Microsoft Visual Studio 8
2008-02-03 10:48 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-03 10:48 --------- d--h--r C:\Documents and Settings\Seby\Dati applicazioni\SecuROM
2008-02-03 10:40 --------- d-----w C:\Programmi\KONAMI
2008-02-03 10:17 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-02-03 10:17 --------- d-----w C:\Programmi\Windows Live Favorites
2008-02-03 10:17 --------- d-----w C:\Programmi\Windows Live
2008-02-03 10:16 --------- d-----w C:\Programmi\Microsoft SQL Server Compact Edition
2008-02-03 10:13 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-02-03 10:10 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-02-02 20:20 14,656 ----a-w C:\WINDOWS\gdrv.sys
2008-02-02 20:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\comodo
2008-02-02 20:19 --------- d-----w C:\Programmi\Google
2008-02-02 20:16 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-02-02 20:16 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-02-02 20:16 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-02-02 20:01 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-02-02 19:36 --------- d-----w C:\Programmi\Java
2008-02-02 19:35 --------- d-----w C:\Programmi\File comuni\Java
2008-02-02 19:31 --------- d-----w C:\Programmi\ATI Technologies
2008-02-02 19:25 --------- d-----w C:\Programmi\COMODO
2008-02-02 19:25 --------- d-----w C:\Documents and Settings\Seby\Dati applicazioni\Comodo
2008-02-02 19:19 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-02 19:19 --------- d-----w C:\Programmi\Realtek
2008-02-02 19:19 --------- d-----w C:\Programmi\DIFX
2008-02-02 19:18 --------- d-----w C:\Documents and Settings\Seby\Dati applicazioni\InstallShield
2008-02-02 19:17 --------- d-----w C:\Programmi\Yahoo!
2008-02-02 19:13 --------- d-----w C:\Programmi\microsoft frontpage
2008-02-02 19:12 --------- d-----w C:\Programmi\Servizi in linea
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-30 21:00 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"AlcoholAutomount"="C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:23 221568]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-03-01 07:01 180736]
"Creative Live! Cam Manager"="C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00 143360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2007-10-23 14:19 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 11:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-02-02 21:16 949376]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Device Detector"="DevDetect.exe" []
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
"AVFX Engine"="C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]
"V0250Mon.exe"="C:\WINDOWS\V0250Mon.exe" [2006-06-07 18:00 32768]
"COMODO Firewall Pro"="C:\Programmi\COMODO\Firewall\cfp.exe" [2008-02-23 19:16 1502976]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-30 21:00 15360]

C:\Documents and Settings\Seby\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinSpooler.exe
"WinUpdating"= WinUpdating.exe
"prov"= prov.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Seby\\Desktop\\PES2008.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\SEGA\\SEGA Rally\\SEGA Rally.exe"=
"C:\\Programmi\\SEGA\\SEGA Rally\\SEGA Rally_SSE1.exe"=
"C:\\Programmi\\SightSpeed\\SightSpeed.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-02-23 19:18]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-02-23 19:18]
R3 V0250Dev;Live! Cam Notebook Pro;C:\WINDOWS\system32\DRIVERS\V0250Dev.sys [2006-06-27 04:25]
R3 V0250Vfx;V0250Vfx;C:\WINDOWS\system32\DRIVERS\V0250Vfx.sys [2006-03-24 09:24]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-02 21:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaf79cc3-d1c9-11dc-b559-806d6172696f}]
\Shell\AutoRun\command - D:\Run.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-12 23:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-03-10 08:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-03-11 09:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-03-12 10:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-03-10 11:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-03-12 12:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-03-13 13:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-03-12 14:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-03-10 14:59:59 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-03-12 16:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-03-11 17:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-02-13 00:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-03-11 18:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-03-11 19:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-03-11 20:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-03-11 21:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-03-12 22:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-02-02 20:07:33 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-02-02 20:07:33 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-02-02 20:07:33 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-02-02 20:07:33 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-02-02 20:07:33 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-02-02 20:07:33 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-02-06 07:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\d0vTE1Im.exe
"2008-03-13 12:45:00 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 14:31:15
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\ACD Systems\EN\DevDetect.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-03-13 14:32:28 - machine was rebooted [Seby]
ComboFix-quarantined-files.txt 2008-03-13 13:32:25

[seby.panto]

ora che faccio????? A proposito questo è il nuovo log di hijack:






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.40.02, on 13/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\ACD Systems\EN\DevDetect.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\Programmi\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S9F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [prov] prov.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202032584000
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{702AA6D0-26F4-4F74-BCB9-1F6CDF1CC6E0}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9777 bytes

[seby.panto]

e questo quello di VBG....



[03/13/2008, 14:44:40] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Seby\Desktop\virtumonde fix\VirtumundoBeGone.exe" )
[03/13/2008, 14:44:47] - Detected System Information:
[03/13/2008, 14:44:47] - Windows Version: 5.1.2600, Service Pack 2
[03/13/2008, 14:44:47] - Current Username: Seby (Admin)
[03/13/2008, 14:44:47] - Windows is in SAFE mode with Networking.
[03/13/2008, 14:44:47] - Searching for Browser Helper Objects:
[03/13/2008, 14:44:47] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[03/13/2008, 14:44:47] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[03/13/2008, 14:44:47] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[03/13/2008, 14:44:47] - BHO 4: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[03/13/2008, 14:44:47] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/13/2008, 14:44:47] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[03/13/2008, 14:44:47] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/13/2008, 14:44:47] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[03/13/2008, 14:44:47] - BHO 9: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[03/13/2008, 14:44:47] - Finished Searching Browser Helper Objects
[03/13/2008, 14:44:47] - Finishing up...
[03/13/2008, 14:44:47] - Nothing found! Exiting...

[Sante62]

Fai quest'altro

[quote="Sante62"]
Scarica Vundofix sul desktop
- Esegui VundoFix.exe
- Clicca Scan for Vundo.
- al termine della scansione, clicca Remove Vundo.
- ti chiede se vuoi eliminare i files infetti, clicca YES
- il tuo video diventerà nero durante la rimozione di Vundo.
- al termine ti chiederà di riavviare il pc, clicca OK.
- Copia qui il contenuto del log C:\vundofix.txt.

Nota: VundoFix potrebbe non riuscire ad eliminare qualche file. In questo caso, VundoFix si avvierà automaticamente al riavvio del pc, ripeti le operazioni indicate sopra partendo da "Clicca Scan for Vundo" quando VundoFix apparirà al riavvio.

[seby.panto]

vundo fix:



VundoFix V7.0.3

Scan started at 18.21.53 13/03/2008

Listing files found while scanning....

No infected files were found.

[seby.panto]

che dici?ce l'abbiamo fatta?

[Sante62]

Si, però dobbiamo ancora lavorare un pò...

Scarica e fai la scansione con Norman Malware Cleaner
disattiva il ripristino di sistema e avvia il PC in modalità provvisoria
Avvia Norman Malware Cleaner.
Viene generato un log sul desktop chiamandolo NFix_2008-01-gg_hh-mm-ss.log, alla fine della scansione postalo qui.

Riavvia il PC alla modalità normale;

fai la scansione con GMER
Ricorda che i log di GMER sono due: Autostart e Rootkit. Postali su www.freefilehosting.net come indicato quì

Alla fine di tutto posta un nuovo log di Hijackthis...

[seby.panto]

ecco il log di norman:


Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/03/09 20:10:13

Norman Scanner Engine Version: 5.91.10
Nvcbin.def Version: 5.90.00, Date: 2008/03/09 20:10:13, Variants: 1383781

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2
Logged on user: PANTO-9169F65C3\Seby

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = " C:\WINDOWS\system32\guard32.dll" -> ""

Scan started: 13/03/2008 23:36:23


Scanning running processes and process memory...

Number of processes/threads found: 534
Number of processes/threads scanned: 534
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 4s 766ms


Scanning file system...

Scanning: C:\*.*

C:\svcipa.exe (Infected with W32/Smalltroj.CEUG)
Deleted file

C:\Programmi\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img/unknown0 (Error whilst scanning file: I/O Error)
C:\Programmi\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb)

Scanning: H:\*.*

H:\setup programmi\WinRAR 3.71 Retail ITA.zip/cura.exe (Infected with Suspicious_F.gen)
Deleted file

H:\setup programmi\WinRAR 3.71 Retail ITA\cura.exe (Infected with Suspicious_F.gen)
Deleted file

Scanning: c:\System Volume Information\*.*

Scanning: h:\System Volume Information\*.*


Running post-scan cleanup routine:

Number of files found: 102236
Number of archives unpacked: 1374
Number of files scanned: 102214
Number of files not scanned: 22
Number of files skipped due to exclude list: 0
Number of infected files found: 4
Number of infected files repaired/deleted: 3
Number of infections removed: 3
Total scanning time: 12m 29s

[seby.panto]

ho postato i log di gmer sul quel sito....(scusa l'ignoranza, mi spieghi il perchè?mi arrivera qualche messaggio o cosa?)

questo è il nuovo log di hijack:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.12.05, on 14/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\ACD Systems\EN\DevDetect.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0250Mon.exe
C:\Programmi\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S9F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [prov] prov.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202032584000
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{702AA6D0-26F4-4F74-BCB9-1F6CDF1CC6E0}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9728 bytes

[Sante62]

[seby.panto]

ok...
questo è il link di autostart

http://www.freefilehosting.net/download/3dd5b


questo quello di rootkit:
http://www.freefilehosting.net/download/3dd5c

[Sante62]

avvia il PC in modalità provvisoria;

Avvia Hijackthis, seleziona a sinistra queste righe, clicca poi su fix Cheched:

[seby.panto]

ecco il log di avenger...dopo aver cancellato le tre righe con hijack




//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Fri Mar 14 14:25:23 2008

14:25:23: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Fri Mar 14 14:25:44 2008

14:25:44: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\bsyfdsqj.ini" deleted successfully.

Error: file "C:\WINDOWS\system32\bsyfdsqj.ini" not found!
Deletion of file "C:\WINDOWS\system32\bsyfdsqj.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\aegjtn.exe" deleted successfully.
File "C:\WINDOWS\system32\etplfphi.ini" deleted successfully.

Error: "C:\found.000" is a folder, not a file!
Deletion of file "C:\found.000" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory

File "C:\WINDOWS\system32\wjetoxfn.ini" deleted successfully.
File "C:\WINDOWS\system32\suqtwtjp.ini" deleted successfully.
File "C:\WINDOWS\system32\mbsgdrrw.ini" deleted successfully.
File "C:\WINDOWS\system32\updvcdrh.ini" deleted successfully.
File "C:\WINDOWS\system32\rar.exe" deleted successfully.

Error: file "C:\WINDOWS\system32WinSpooler.exe" not found!
Deletion of file "C:\WINDOWS\system32WinSpooler.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32WinUpdating.exe" not found!
Deletion of file "C:\WINDOWS\system32WinUpdating.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\prov.exe" not found!
Deletion of file "C:\WINDOWS\system32\prov.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\Tasks\At1.job" deleted successfully.
File "C:\WINDOWS\Tasks\At10.job" deleted successfully.
File "C:\WINDOWS\Tasks\At11.job" deleted successfully.
File "C:\WINDOWS\Tasks\At12.job" deleted successfully.
File "C:\WINDOWS\Tasks\At13.job" deleted successfully.
File "C:\WINDOWS\Tasks\At14.job" deleted successfully.
File "C:\WINDOWS\Tasks\At15.job" deleted successfully.
File "C:\WINDOWS\Tasks\At16.job" deleted successfully.
File "C:\WINDOWS\Tasks\At17.job" deleted successfully.
File "C:\WINDOWS\Tasks\At18.job" deleted successfully.
File "C:\WINDOWS\Tasks\At19.job" deleted successfully.
File "C:\WINDOWS\Tasks\At2.job" deleted successfully.
File "C:\WINDOWS\Tasks\At20.job" deleted successfully.
File "C:\WINDOWS\Tasks\At21.job" deleted successfully.
File "C:\WINDOWS\Tasks\At22.job" deleted successfully.
File "C:\WINDOWS\Tasks\At23.job" deleted successfully.
File "C:\WINDOWS\Tasks\At24.job" deleted successfully.
File "C:\WINDOWS\Tasks\At3.job" deleted successfully.
File "C:\WINDOWS\Tasks\At4.job" deleted successfully.
File "C:\WINDOWS\Tasks\At5.job" deleted successfully.
File "C:\WINDOWS\Tasks\At6.job" deleted successfully.
File "C:\WINDOWS\Tasks\At7.job" deleted successfully.
File "C:\WINDOWS\Tasks\At8.job" deleted successfully.
File "C:\WINDOWS\Tasks\At9.job" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[seby.panto]

ecco il link di systemscan..

http://www.freefilehosting.net/download/3dddi

ora?quale la prox mossa?

[Sante62]

C'è un piccolo errore nello script di avenger commesso da me...

quindi riutilizzalo con questo:

[seby.panto]

ecco il nuovo log di avenger...

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Fri Mar 14 17:46:16 2008

17:46:16: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Fri Mar 14 17:46:33 2008

17:46:33: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\WinSpooler.exe" not found!
Deletion of file "C:\WINDOWS\system32\WinSpooler.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\WinUpdating.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[Sante62]

Fai questa operazione:

[seby.panto]

ecco il link della scansione cn kaspersky...

http://www.freefilehosting.net/download/3dei9