www.MegaLab.it

[trilly80]

Ciao ste 95, ho effettuato l operazione di cancellare quelle due cose con hijackthis ma niente e' cambiato ancora... come devo procedere???

[ste_95]

Vediamo un nuovo log di hijackthis.

[Amantide]

Ciao Stefano, perdonami se sono insistente....ma sono un po' confusa sui passaggi da fare...seguo la tua guida o quello che mi ha precedentemente scritto crazy cat?o priam luno e poi l altro?
Io purtroppo non ci capisco niente di pc e davvero non so da dove iniziare...mentre faccio una cosa poi ne leggo un altra...

Il punto è che oltre a qualche log di Hijackthis noi non abbiamo visto nulla di quello che hai fatto, ne se hai fatto la scansione con qualche programma ne eventuali report di scansioni.. sempre se sono statie fatte

Fai così, ritorna a leggere la prima risposta alla tua discussione ed inizia a seguire i consigli uno alla volta, così come sono stati postati.
Quindi, segui un punto - posti subito qui i risultati.. e solo dopo passi al prossimo punto, ok?

[trilly80]

Ciao Ste95 ti posto il log come tu chiaramente mi hai spiegato, spero che questa volta ci azzecco!!
Aspetto tuoi aggiornamenti, grazie...ancora nulla e' cambiato il mess appare sempre...e i file immagini non si vedono da nessuna parte...ne' su internet ne' nei miei documenti...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:21, on 06/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Sony\MD Simple Burner\NetMDSB.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Programmi\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\windows\explorer.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphclobj0e5dn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iol.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Infostrada LIBERO
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Programmi\Multi_Media\tbMult.dll
F2 - REG:system.ini: Shell=c:\windows\explorer.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Programmi\Multi_Media\tbMult.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lphclobj0e5dn] C:\WINDOWS\system32\lphclobj0e5dn.exe
O4 - HKLM\..\Run: [ecd2d7d4] rundll32.exe "C:\WINDOWS\system32\apmqaxsy.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmi\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?d626a129dd814b3fa59374a83ebee36c
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?d626a129dd814b3fa59374a83ebee36c
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Programmi\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Programmi\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.iol.it
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8964652484
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E8E3424-B8AA-48E7-8B63-61A9FD8F19BF}: NameServer = 193.70.152.15 193.70.152.25
O22 - SharedTaskScheduler: lksdfj98w3rmsekfnaui3rgfdgf - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsd72hf4t.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Programmi\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/IMPOST~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8785 bytes

[Amantide]

Ciao Ste95 ti posto il log come tu chiaramente mi hai spiegato, spero che questa volta ci azzecco!!

Non riuscivi ad allegare il log perché sotto spuntavi/oppure si spuntava da sola la voce Disabilita BBCode.
Il tuo post precedende ho sistemato io, la prossima volta fai caso tu a quella voce, ok?

Per quanto riguarda il log, c'è il solito trojan di prima, ha cambiato solo i nomi dei file. E' abbastanza inutile eliminare solo questi file visibili nel log, perché ci ne saranno tanti altri ancora nascosti.
Ti consiglio per l'ennessima volta di eseguire la scansione completa con Malwarebytes Anti-malware ed allegare qui il report della scansione.

[trilly80]

Grazie mille Amantide!!
Almeno abbiamo risolto il problema "log"...io non avevo spuntato niente forse gia' era impostato cosi'...per questo non trovavo pace!!
Appena faccio la nuova scansione col programma che mi dici tu ti invio il nuovo log....
Non abbandonarmiiiii!!
Grazie ancora.

[trilly80]

Ciao Amantide, ti invio (ce l ho fatta finalmente!) il log di Malware...eccc...fammi sapere tu il prossimo passo da fare.

Malwarebytes' Anti-Malware 1.28
Versione del database: 1235
Windows 5.1.2600 Service Pack 2

06/10/2008 23:52:56
mbam-log-2008-10-06 (23-52-56).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 46826
Tempo trascorso: 2 minute(s), 52 second(s)

Processi delle memoria infetti: 1
Moduli della memoria infetti: 4
Chiavi di registro infette: 47
Valori di registro infetti: 11
Elementi dato del registro infetti: 5
Cartelle infette: 7
File infetti: 67

Processi delle memoria infetti:
C:\WINDOWS\system32\lphclobj0e5dn.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Moduli della memoria infetti:
C:\WINDOWS\system32\wvUmLEtR.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jkkLDVNf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mbuyxl.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\jsd72hf4t.dll (Trojan.BHO) -> Delete on reboot.

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ea5fb64b-1ca5-4939-a93a-9e76234b0a67} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkldvnf (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ea5fb64b-1ca5-4939-a93a-9e76234b0a67} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{efe044e5-39ed-4e28-920e-185d90a70f87} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{efe044e5-39ed-4e28-920e-185d90a70f87} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mbuyxl (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati3yxxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati3yxxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati3yxxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati3yxxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ecd2d7d4 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\qipinit_dlls (Spyware.Agent.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ea5fb64b-1ca5-4939-a93a-9e76234b0a67} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphclobj0e5dn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvumletr -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvumletr -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:
C:\Documents and Settings\Administrator\Dati applicazioni\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

File infetti:
C:\WINDOWS\system32\jkkLDVNf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wvUmLEtR.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\RtELmUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RtELmUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\apmqaxsy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ysxaqmpa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ryudkglx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xlgkduyr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\upbscipc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cpicsbpu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\46251568.Evt (Rootkit.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvrsol32.dll (Spyware.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mbuyxl.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\jsd72hf4t.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\nnnoNhgH.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBtSKeE.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtQKAsR.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ltrkiwan.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfgHXnK.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUnLFXR.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\36fee1b.sys (Rootkit.Rustok) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\40bba375.sys (Rootkit.Rustok) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\7ee4f57.sys (Rootkit.Rustok) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\8259a475.sys (Rootkit.Rustok) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati3yxxx(11).sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati3yxxx(2).sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati3yxxx(3).sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati3yxxx(4).sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati3yxxx(5).sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati3yxxx(6).sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati3yxxx(7).sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati3yxxx(8).sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati3yxxx(9).sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati3yxxx.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\c7cde170.sys (Rootkit.Rustok) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1085031214-287218729-725345543-500\Dc7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3B7885E5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\48A897C1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\E915E419.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Dati applicazioni\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Programmi\SAV\sav0.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Programmi\SAV\sav1.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Programmi\SAV\sav.ooo (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\winlogen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hi.sfc (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cs.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rc.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmds.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMefe1e448.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMefe1e448.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphclobj0e5dn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phclobj0e5dn.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rs32net.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

[Amantide]

Nel tuo pc c'era di tutto e di più e nel log di Hijackthis si vedeva solo una cinquantesima parte d'infezione.

La maggioranza dei file infetti sono stati rimossi sin da subito, altra doveva essere rimossa al riavvio del pc. Penso che di notte avrai spento il pc e quindi oggi, avviandolo, il resto dei file infetti dovrebbero essere rimossi.
Rifai un'altra scansione con Mawarebytes e dopo fammi sapere come vanno le cose.

[Amantide]

... ho contratto un probabile virus che non mi permette di visualizzare lo sfondo del desktop e tutte le immagini nelle pagine internet explorer, sul desktop se premo il tasto destro in proprieta' mi esce la scritta: impossibile trovare il file C:\WINDOWS\system32\rundll32.exe, lo sfondo e' scomparso inoltre anche altre scritte compaiono con nomi di file strani....

Pare che si trattava di una variante di Rogue, quello che da Malwarebytes è stato rilevato come Trojan.FakeAlert. Ora che è stato rimosso il problema di rundll32.exe non dovrebbe comparire più.

[trilly80]

Cara Amantide, io sto facendo di nuovo la scansione con Malwarebytes.....ma purtroppo devo dirti gia' in anticipo che sul desktop e ogni volta che apro proprieta' ancora compare il messaggio odioso che e' impossibile trovare rundll32....
ti pregooooooooooooo!!!!!!!!!
cos' altro possiamo fare???

[trilly80]

Amantide questo e' l ultimo log di Malware....

Malwarebytes' Anti-Malware 1.28
Versione del database: 1235
Windows 5.1.2600 Service Pack 2

07/10/2008 12:52:29
mbam-log-2008-10-07 (12-52-29).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 97326
Tempo trascorso: 26 minute(s), 39 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 46

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\69KF6L25\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\CJEL6JQT\kb678031[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\NKEM6W22\uaqrta[1].jpg (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programmi\eMule\emule.exe (Rogue.Fake!emule.exe) -> Quarantined and deleted successfully.
C:\Programmi\eMule\LinkCreator.exe (Rogue.Fake!emule.exe) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP734\A0167494.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP735\A0168490.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP735\A0168498.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP737\A0168536.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP739\A0169535.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP739\A0171542.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP739\A0171547.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP739\A0171553.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP739\A0171559.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP741\A0171567.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP741\A0171568.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP742\A0172577.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP743\A0172584.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP744\A0172594.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP744\A0172596.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP745\A0172608.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP745\A0172617.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP745\A0172618.dll (Trojan,Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP745\A0172619.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP745\A0172621.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP745\A0172627.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP745\A0172642.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP746\A0172663.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP746\A0172647.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP746\A0172649.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP746\A0172657.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP746\A0172658.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP746\A0172659.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP746\A0172660.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP746\A0172661.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP746\A0172662.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP746\A0172664.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP746\A0172665.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP746\A0172666.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP746\A0172669.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP746\A0172670.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP746\A0172675.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP746\A0172682.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP674\A0155806.exe (Rogue.Fake!emule.exe) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C7ABA83D-3FBF-4962-B005-C3C0F754BA4F}\RP698\A0162987.exe (Rogue.Fake!emule.exe) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\8506E31A.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Attendo tue direttive....speriamo bene perche' ci stiamo esaurendo con questo pc!!

[Amantide]

Intanto esegui la seconda scansione con Malwarebytes ed allega qui il report della scansione.

Dopo esegui anche la scansione con Combofix, seguendo questa guida (giù in fondo).

Edit:
Ok, mentre scrivevo hai postato anche il log.
Oltre a fare la scansione con ComboFix disabilita anche Ripristino configurazioni di sistema seguendo questa guida per rimuovere i punti di ripristino infetti.

Un altra cosa, dovresti andare sulla scheda Quarantena del Malwarebytes e ripristinare queste voci, perché il programmino si è preso un abbaglio:

Codice: Seleziona tutto

C:\Programmi\eMule\emule.exe (Rogue.Fake!emule.exe) -> Quarantined and deleted successfully.
C:\Programmi\eMule\LinkCreator.exe (Rogue.Fake!emule.exe) -> Quarantined and deleted successfully.

[trilly80]

Amantide non posso disattivare il ripristino del sistema perche' neanche li' si apre, nel pannello di controllo esce sempre il solito mess....
comunque procedo con combofix...non fa niente che non posso togliere la spunta del ripristino?lo faccio lo stesso lo scan?
ti invio sempre il log?anche di combofix?

[Amantide]

Amantide non posso disattivare il ripristino del sistema perche' neanche li' si apre, nel pannello di controllo esce sempre il solito mess....

Non ti preoccupare che lo sistemeremo in un secondo momento, dopo aver completato la pulizia dei virus.

comunque procedo con combofix...non fa niente che non posso togliere la spunta del ripristino?lo faccio lo stesso lo scan?
ti invio sempre il log?anche di combofix?

A tutte le domande la risposta è Si

[Amantide]

Nell'attesa del log di Combofix intanto ti posto il programma con il guale potrai ripristinare le funzioni disabilitate, come il tasto destro su desktop, voci mancanti nel Panello di controllo, desktop ecc.
Gargaroz

[trilly80]

Cara Amantide penso che la scansione con combo fix non e' andata per niente bene...poiche il file log contiene 362472 caratteri!!
Infatti non riesco neanche a mandartelo...
Panda mi ha dato problemi mentre facevo la scansione diceva che il programma combo era rischioso...non lo so forse ha bloccato qualcosa...sono sempre piu' disperata...
aiuto!!!

[Amantide]

Cara Amantide penso che la scansione con combo fix non e' andata per niente bene...poiche il file log contiene 362472 caratteri!!
Infatti non riesco neanche a mandartelo...
Panda mi ha dato problemi mentre facevo la scansione diceva che il programma combo era rischioso...non lo so forse ha bloccato qualcosa...sono sempre piu' disperata...
aiuto!!!

Prova a rifare la scansione con Combofix disabilitando temporaneamente l'antivirus, il problema del log potrebbe derivare proprio da questo.

[trilly80]

Ciao Amantide combofix e' andato bene senza antivirus ma nulla e' cambiato al riavvio, poi un mio amico ha deciso di installare di nuovo windows con la speranza di rimettere tutto a posto ma addirittura durante l aggiornamento non si sono riusciti a copiare dal dischetto parecchi file di windows sul pc....quindi adesso penso che dobbiamo solo formattare..vero?

[Amantide]

Non puoi allegare il log di Combofix? Così vediamo se è rimasto qualche file infetto nel pc.
Per quanto riguarda l'errore rundll32.exe, hai provato ad usare il programma che ti ho indicato prima, Gargaroz?