www.MegaLab.it

[Amantide]

Ciao e benvenuto.

Scarica ComboFix ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto

[LOG]qui va inserito il log[/LOG]

[Yashal]

Ciao ragazzi, vedo da questo topic che avete salvato la vita a un sacco di gente !! se salverete anche la mia ve ne sarò immensamente grato!
Ho lo stesso identico problema di ZENITH
… tantissimi file strani e zippati nella cartella INCOMING, non so piu cosa fare

Ho seguito prima questo consiglio che voi avete precedentemente scritto

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il flag su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:
Codice: Seleziona tutto
Files to delete:
C.\WINDOWS\System32\WinSecure.exe
C:\WINDOWS\System32\NTSpool.exe


Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

MA NIENTE! Al riavvio i file tutti li di nuovo!
E allora ho provato a seguire quest’altro consiglio…

Scarica HijackThis
Salvalo in una cartella (non aprirlo direttamente, sennò non farà i backup!)
Apri l'eseguibile
Clicca quindi su "Do a System Scan and Save a Logfile"
Attendi che finisca la scansione
Quindi copia il contenuto del blocco note qui sul forum.

E quindi vi copio qui il contenuto del blocco note che mi è comparso

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.33.01, on 12/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\AntiVir PersonalEdition Premium\sched.exe
C:\Programmi\AntiVir PersonalEdition Premium\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\AntiVir PersonalEdition Premium\avesvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AntiVir PersonalEdition Premium\avmailc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\documents and settings\savi\impostazioni locali\dati applicazioni\ockme.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Java\jre1.6.0_07\bin\jucheck.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof0.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programmi\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O3 - Toolbar: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof0.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Proc pure bold multi] C:\Documents and Settings\All Users\Dati applicazioni\aim mix proc pure\loud play.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Programmi\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Metabait] C:\DOCUME~1\Savi\DATIAP~1\AMENSI~1\junk64upload.exe
O4 - HKCU\..\Run: [ockme] "c:\documents and settings\savi\impostazioni locali\dati applicazioni\ockme.exe" ockme
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services5] dllhosts.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] doskeys.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.otherchance.com
O15 - Trusted Zone: www.redfunny.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://hermeneuticaldimension.spaces.li ... nPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir Mail Security Service (AntiVirMailService) - H+BEDV Datentechnik GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programmi\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AntiVir Engine Service (AVEService) - H+BEDV Datentechnik GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 11659 bytes

CHE ALTRO DEVO FARE??

[ste_95]

Seleziona a sinistra queste voci in HijackThis e premi in basso il pulsante Fix Checked:

O4 - HKLM\..\Run: [Proc pure bold multi] C:\Documents and Settings\All Users\Dati applicazioni\aim mix proc pure\loud play.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [Metabait] C:\DOCUME~1\Savi\DATIAP~1\AMENSI~1\junk64upload.exe
O4 - HKCU\..\Run: [ockme] "c:\documents and settings\savi\impostazioni locali\dati applicazioni\ockme.exe" ockme
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services5] dllhosts.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] doskeys.exe
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.otherchance.com
O15 - Trusted Zone: http://www.redfunny.com

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto

Files to delete:
C:\documents and settings\savi\impostazioni locali\dati applicazioni\ockme.exe
C:\documents and settings\savi\impostazioni locali\dati applicazioni\ockme.nav
C:\documents and settings\savi\impostazioni locali\dati applicazioni\ockme_nav.dat
C:\documents and settings\savi\impostazioni locali\dati applicazioni\ockme_navps.dat

Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Se Avenger riporta un errore, prova a riscrivere manualmente la prima riga (Files to delete:) ricordando i due punti.

[Yashal]

Ho usato HijackThis come mi hai detto anche se quando ho cliccato sul pulsante indicato (dopo aver spuntato a sinistra i pochi file che mi hai segnalato) stranamente la lista si è cancellata.Tutta. Non sapendo cosa fare ho chiuso il programma e ho fatto ciò che mi hai detto di fare con avenger. Ecco il file log.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\documents and settings\savi\impostazioni locali\dati applicazioni\ockme.exe" deleted successfully.

Error: file "C:\documents and settings\savi\impostazioni locali\dati applicazioni\ockme.nav" not found!
Deletion of file "C:\documents and settings\savi\impostazioni locali\dati applicazioni\ockme.nav" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist

File "C:\documents and settings\savi\impostazioni locali\dati applicazioni\ockme_nav.dat" deleted successfully.
File "C:\documents and settings\savi\impostazioni locali\dati applicazioni\ockme_navps.dat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[Yashal]

Dimenticavo, al riavvio del pc alla fine di aver usato avenger, i file sono magicamente ricomparsi nella cartella incoming.
Insomma, niente di nuovo.

Che faccio?

[ste_95]

Scarica ComboFix ed esegui una scansione, le istruzioni le trovi in fondo a questo articolo.

[Amantide]

Riposta il nuovo log di Hijackthis ed elimina manualmente tutti i file zippati dalla cartella Incoming.

EDIT:
Il tempo di pensare ed avete ripostato tutti i due

Ritiro tutto e prosegui con la scansione con Combofix come è stato suggerito da ste_95.

[Yashal]

Ho fatto come mi è stato detto e al riavvio del pc effettivamente i file sono spariti

Grazie mille!

FUNZIONA!

Vi copio il log risultato dalla scansione di Combofix.

ComboFix 09-03-10.03 - Savi 2009-03-12 20:53:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1023.527 [GMT 1:00]
Eseguito da: c:\documents and settings\Savi\Desktop\ComboFix.exe
AV: AntiVir PersonalEdition Premium Virus Protection *On-access scanning enabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Savi\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\plug&play.lnk
c:\documents and settings\Savi\Menu Avvio\plug&play.lnk
c:\documents and settings\Savi\Menu Avvio\Programmi\Videos.url
c:\documents and settings\Savi\Preferiti\plug&play.lnk
c:\documents and settings\Savi\Preferiti\Videos.url
c:\windows\system32\ceme25.dll
c:\windows\system32\kavo.exe
c:\windows\system32\kavo0.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-02-12 al 2009-03-12 )))))))))))))))))))))))))))))))))))
.

2010-03-09 02:25 . 2010-03-09 06:19 <DIR> d-------- c:\windows\system32\AVGUARD_4b9af801
2010-03-09 01:40 . 2010-03-09 01:40 <DIR> d-------- c:\programmi\Logitech
2010-03-09 01:40 . 2009-03-09 12:52 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\LogiShrd
2009-03-12 20:59 . 2009-03-12 20:59 <DIR> d-------- c:\windows\system32\AVGUARD_49bc29cc
2009-03-12 14:32 . 2009-03-12 14:32 <DIR> d-------- c:\programmi\Trend Micro
2009-03-09 19:00 . 2009-03-11 14:32 <DIR> d-------- c:\programmi\Windows Live Safety Center
2009-03-05 00:59 . 2009-03-05 01:00 2,197,125 --a------ c:\windows\system32\AdnzANEW.exe
2009-03-05 00:56 . 2009-03-12 21:00 97 --a------ c:\windows\system32\Monitored2.dat
2009-03-05 00:55 . 2004-08-30 21:00 365,568 --a------ c:\windows\system32\doskeys.exe
2009-03-05 00:55 . 2009-03-05 00:55 51,712 --a------ c:\windows\system32\dllhosts.exe
2009-03-05 00:55 . 2009-03-05 00:56 37,888 --a------ c:\windows\system32\rar.exe
2009-03-05 00:43 . 2009-03-05 00:45 1,943 --a------ c:\windows\CDEX.INI
2009-03-03 15:11 . 2009-03-05 00:56 <DIR> d-------- c:\windows\system32\AVGUARD_49b39ec9
2009-03-02 22:27 . 2009-03-03 07:30 <DIR> d-------- c:\windows\system32\AVGUARD_49b2ac99
2009-03-02 03:27 . 2009-03-02 19:05 <DIR> d-------- c:\windows\system32\AVGUARD_49b30151
2009-03-01 03:30 . 2009-03-02 03:17 <DIR> d-------- c:\windows\system32\AVGUARD_49ace8ae
2009-02-27 16:09 . 2009-02-27 16:09 <DIR> d-------- c:\programmi\amen sixth mess
2009-02-27 16:09 . 2009-02-27 16:10 <DIR> d-------- c:\documents and settings\Savi\Dati applicazioni\amen sixth mess
2009-02-27 16:08 . 2009-02-27 16:08 <DIR> d-------- c:\programmi\Circle Developement
2009-02-27 10:06 . 2009-02-27 10:06 <DIR> d-------- c:\windows\system32\AVGUARD_49abd6bf
2009-02-26 03:00 . 2009-02-26 03:00 <DIR> d-------- C:\5647370dacf4d77290ba73dc9210e3
2009-02-25 18:19 . 2009-02-25 18:19 <DIR> d-------- c:\windows\system32\AVGUARD_49a756bb
2009-02-25 18:15 . 2009-02-25 18:15 <DIR> d-------- c:\windows\system32\AVGUARD_49a73675
2009-02-25 17:19 . 2009-02-25 17:24 <DIR> d-------- c:\windows\nview
2009-02-25 17:19 . 2006-08-12 22:42 208,896 --a------ c:\windows\system32\nvudisp.exe
2009-02-25 17:19 . 2009-03-12 20:59 81,191 --a------ c:\windows\system32\nvapps.xml
2009-02-25 17:19 . 2006-08-12 22:42 16,960 --a------ c:\windows\system32\nvdisp.nvu
2009-02-25 17:18 . 2006-08-16 17:55 208,896 --a------ c:\windows\system32\NVUNINST.EXE
2009-02-25 17:14 . 2006-08-12 22:42 4,496,128 --a------ c:\windows\system32\nv4_disp.dll
2009-02-25 17:14 . 2006-08-12 22:42 4,496,128 --a--c--- c:\windows\system32\dllcache\nv4_disp.dll
2009-02-25 17:14 . 2006-08-12 22:42 3,958,496 --a------ c:\windows\system32\drivers\nv4_mini.sys
2009-02-25 17:14 . 2006-08-12 22:42 3,958,496 --a--c--- c:\windows\system32\dllcache\nv4_mini.sys
2009-02-25 17:14 . 2004-08-03 23:07 42,368 --a------ c:\windows\system32\drivers\AGP440.SYS
2009-02-25 17:14 . 2004-08-03 23:07 42,368 --a--c--- c:\windows\system32\dllcache\agp440.sys
2009-02-20 18:13 . 2009-02-20 18:13 <DIR> d-------- c:\programmi\iTunes
2009-02-20 18:13 . 2009-02-20 18:13 <DIR> d-------- c:\programmi\iPod
2009-02-20 18:13 . 2009-02-20 18:13 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-20 18:12 . 2009-02-20 18:12 <DIR> d-------- c:\programmi\Bonjour
2009-02-20 18:11 . 2009-02-20 18:11 <DIR> d-------- c:\programmi\QuickTime
2009-02-20 18:09 . 2009-02-20 18:09 <DIR> d-------- c:\programmi\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 00:51 --------- d-----w c:\programmi\Windows Live
2010-03-09 00:51 --------- d-----w c:\programmi\MSN Messenger
2010-03-09 00:43 --------- d-----w c:\programmi\File comuni\Logitech
2010-03-09 00:40 --------- d-----w c:\programmi\File comuni\LogiShrd
2010-03-08 09:45 --------- d-----w c:\programmi\Softonic_Italia
2010-03-08 09:43 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\AntiVir PersonalEdition Premium
2009-03-12 20:00 --------- d-----w c:\documents and settings\Savi\Dati applicazioni\Free Download Manager
2009-03-12 18:37 --------- d-----w c:\programmi\AdunanzA
2009-03-05 22:04 --------- d-----w c:\documents and settings\Savi\Dati applicazioni\Skype
2009-03-05 20:00 --------- d-----w c:\documents and settings\Savi\Dati applicazioni\skypePM
2009-03-05 12:05 --------- d-----w c:\programmi\Acoustica Mp3 To Wave Converter Plus
2009-02-28 02:12 --------- d-----w c:\programmi\Messenger Plus! Live
2009-02-27 15:10 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\aim mix proc pure
2009-02-27 09:06 --------- d-----w c:\programmi\Microsoft Silverlight
2009-02-20 17:11 --------- d-----w c:\programmi\File comuni\Apple
2009-02-11 22:52 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\1A1C5
2009-01-17 02:41 --------- d-----w c:\programmi\Google
2009-01-14 03:14 --------- d-----w c:\documents and settings\Savi\Dati applicazioni\BearShare
2009-01-14 03:02 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\1D128
2009-01-12 02:37 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\2F109
2008-04-09 01:19 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2007-10-05 17:08 102,352 -c--a-w c:\documents and settings\All Users\Dati applicazioni\firstlsp.reg.dat
2008-12-20 12:04 67,688 ----a-w c:\programmi\mozilla firefox\components\jar50.dll
2008-12-20 12:04 54,368 ----a-w c:\programmi\mozilla firefox\components\jsd3250.dll
2008-12-20 12:04 34,944 ----a-w c:\programmi\mozilla firefox\components\myspell.dll
2008-12-20 12:04 46,712 ----a-w c:\programmi\mozilla firefox\components\spellchk.dll
2008-12-20 12:04 172,136 ----a-w c:\programmi\mozilla firefox\components\xpinstal.dll
2008-11-11 19:11 16,384 -csha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-11-11 19:11 32,768 -csha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
2008-11-11 19:11 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008111120081112\index.dat
2008-11-11 19:11 32,768 -csha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2008-04-14 03:13 296960 fe5a5329ccfc33d645c33077ff04f052 c:\windows\SoftwareDistribution\Download\8dab4f2c899f11c2863dff51dfb836e7\termsrv.dll
2006-12-16 11:15 296960 f959d929a6a22d78e3a6851a9361ce18 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\programmi\Softonic_Italia\tbSof0.dll" [2010-03-08 1883672]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
2010-03-08 10:45 1883672 --a------ c:\programmi\Softonic_Italia\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\programmi\Softonic_Italia\tbSof0.dll" [2010-03-08 1883672]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4EDD5C14-2D22-4D7A-9748-C975A7FD933B}"= "c:\programmi\Softonic_Italia\tbSof0.dll" [2010-03-08 1883672]

[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-30 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208]
"Free Download Manager"="c:\programmi\Free Download Manager\fdm.exe" [2008-11-12 2474031]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 68856]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Metabait"="c:\docume~1\Savi\DATIAP~1\AMENSI~1\junk64upload.exe" [2009-02-27 618496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\programmi\Analog Devices\SoundMAX\SMTray.exe" [2003-01-31 98304]
"DrvLsnr"="c:\programmi\Analog Devices\SoundMAX\DrvLsnr.exe" [2002-05-28 69632]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\programmi\AntiVir PersonalEdition Premium\avgnt.exe" [2006-01-18 229416]
"EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-12 86016]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"nwiz"="nwiz.exe" [2006-08-12 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-30 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NT Printing Services5"="dllhosts.exe" [2009-03-05 c:\windows\system32\dllhosts.exe]

c:\documents and settings\Savi\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe [2007-10-05 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.CDV5"= cdv5codc.dll
"vidc.CLLC"= cllccodc.dll
"vidc.CUVC"= cuvccodc.dll
"vidc.CDVC"= cdvccodc.dll
"vidc.CDVH"= cdvhcodc.dll
"vidc.CMIC"= cmiccodc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2007-10-05 14848]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2007-10-05 31744]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2007-10-04 20864]
R1 cdrport;cdrport;c:\windows\system32\drivers\cdrport.sys [2007-10-04 4608]
R2 AntiVirMailService;AntiVir Mail Security Service;c:\programmi\AntiVir PersonalEdition Premium\avmailc.exe [2007-10-05 167936]
R2 AVEService;AntiVir Engine Service;c:\programmi\AntiVir PersonalEdition Premium\avesvc.exe [2007-10-05 45056]
S2 bsaspi32;bsaspi32; [x]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-05-19 16512]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2007-10-10 178913]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01a81f47-d72b-11dd-ac86-0014c10edb3a}]
\Shell\AutoRun\command - G:\m9ma.exe
\Shell\explore\Command - G:\m9ma.exe
\Shell\open\Command - G:\m9ma.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a6f1d21-03db-11dd-abaa-0014c10edb3a}]
\Shell\AutoRun\command - G:\vmhr.bat
\Shell\explore\Command - G:\vmhr.bat
\Shell\open\Command - G:\vmhr.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90aa8bbf-247b-11dd-abbc-0014c10edb3a}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c89e218a-96ce-11dd-ac1a-0014c10edb3a}]
\Shell\AutoRun\command - G:\vmhr.bat
\Shell\explore\Command - G:\vmhr.bat
\Shell\open\Command - G:\vmhr.bat
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-12 c:\windows\Tasks\ABAA369791BDAC5B.job
- c:\docume~1\savi\datiap~1\amensi~1\plus locks poll.exe [2009-02-27 16:10]

2009-03-12 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-03-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Notify-dimsntfy - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scarica con Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
LSP: avsda.dll
FF - ProfilePath - c:\documents and settings\Savi\Dati applicazioni\Mozilla\Firefox\Profiles\v7ck68oh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 20:59:24
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|é•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\SHSVCS.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\ipsecsvc.dll
c:\windows\system32\avsda.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\AntiVir PersonalEdition Premium\sched.exe
c:\programmi\AntiVir PersonalEdition Premium\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\WGATray.exe
c:\windows\system32\rundll32.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\Internet Explorer\iexplore.exe
c:\programmi\Internet Explorer\iexplore.exe
c:\programmi\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-12 21:04:47 - Il pc è stato riavviato [Savi]
ComboFix-quarantined-files.txt 2009-03-12 20:04:36

Pre-Run: 18,947,366,912 byte disponibili
Post-Run: 26,371,723,264 byte disponibili

261 --- E O F --- 2009-03-12 13:54:54

POSSO DAVVERO STARE TRANQUILLO? CHE DIAGNOSI MI DA QUESTO RISULTATO??
( ripeto di sentirmi davvero grato!)

[ste_95]

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto

Files to delete:
c:\windows\system32\doskeys.exe

Folders to delete:
c:\programmi\amen sixth mess
c:\documents and settings\Savi\Dati applicazioni\amen sixth mess
c:\docume~1\Savi\DATIAP~1\AMENSI~1

Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Se Avenger riporta un errore, prova a riscrivere manualmente la prima riga (Files to delete:) ricordando i due punti.

Fai scansionare c:\windows\system32\rar.exe su www.virustotal.com

Poi collega tutti i dispositivi USB a tua disposizione e fai girare PRT come spiegato qui.

[Amantide]

Aspetta Ste, mi sa che c'è dell'altro:

2009-03-05 00:59 . 2009-03-05 01:00 2,197,125 --a------ c:\windows\system32\AdnzANEW.exe
2009-03-05 00:56 . 2009-03-12 21:00 97 --a------ c:\windows\system32\Monitored2.dat
2009-03-05 00:55 . 2004-08-30 21:00 365,568 --a------ c:\windows\system32\doskeys.exe
2009-03-05 00:55 . 2009-03-05 00:55 51,712 --a------ c:\windows\system32\dllhosts.exe
2009-03-05 00:55 . 2009-03-05 00:56 37,888 --a------ c:\windows\system32\rar.exe
2009-03-05 00:43 . 2009-03-05 00:45 1,943 --a------ c:\windows\CDEX.INI

Il secondo ed il terzo sono sicuramente da eliminare, ma visto che tutti questi file sono stati creati più o meno nello stesso orario, direi che anche gli altri sono sospetti e non solo il file rar.exe

@ Yashal
Abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti) e carica i file evidenziati, uno alla volta, sul sito www.virustotal.com
Incolla qui il risultato delle scansioni.

[Yashal]

Ragazzi sono una frana, non so cosa è successo, avrò scaricato per sbaglio qualche altro virus… siamo punto e da capo i file maledettissimi e zippati sono di nuovo nella mia cartella incoming e sono tantissimi !

Avevo letto le ultime cose che mi avevate suggerito di fare… ma a questo punto prima di farle faccio un passo indietro (faccio bene?) e seguo questa indicazione :

Scarica HijackThis
Salvalo in una cartella (non aprirlo direttamente, sennò non farà i backup!)
Apri l'eseguibile
Clicca quindi su "Do a System Scan and Save a Logfile"
Attendi che finisca la scansione
Quindi copia il contenuto del blocco note qui sul forum.

E quindi vi copio qui il contenuto del blocco note che mi è comparso

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.27.59, on 22/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\AntiVir PersonalEdition Premium\sched.exe
C:\Programmi\AntiVir PersonalEdition Premium\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\AntiVir PersonalEdition Premium\avesvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AntiVir PersonalEdition Premium\avmailc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Java\jre1.6.0_07\bin\jucheck.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\AdnzANEW.exe
C:\Programmi\eMule AdunanzA\eMule_AdnzA.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof0.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programmi\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O3 - Toolbar: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Programmi\Softonic_Italia\tbSof0.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Free Download Manager] "C:\Programmi\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Metabait] C:\DOCUME~1\Savi\DATIAP~1\AMENSI~1\junk64upload.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services5] dllhosts.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] doskeys.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://hermeneuticaldimension.spaces.li ... nPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir Mail Security Service (AntiVirMailService) - H+BEDV Datentechnik GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programmi\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AntiVir Engine Service (AVEService) - H+BEDV Datentechnik GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10584 bytes


CHE FACCIO???

[ste_95]

Scarica ComboFix ed esegui una scansione, le istruzioni le trovi in fondo a questo articolo.

[stevens]

ci sarebbero anche queste

G:\m9ma.exe

G:\vmhr.bat


e questo che dovrebbe essere un richiamo del registro UFO.exe