mi date una controllata al log?

[zero87]

ciao ragazzi un paio di settimane fa sono incappato nel virus beagle è stata un odissea rimuoverlo e installare un buon antivurs. e fino a qui tutto ok da un paio di giorni però mi è capitato di notare che aprendo internet explore o firefox che mi appaio finestre con su scritto che il mio pc è infettato o che è a rischio e questo su ogni sito che vado se questo non bastasse ho notato una notevole diminuzione della velocità di connessione. In più ho notato che aprendo il task manager di processi mai visti prima. Mi potreste dare un occhiata al mio log e di consegueza un aiuto possibile?
vi ringrazzio in anticipo delle future risposte e mi scuso se ho infranto qualche regola oh se ho sbagliato la sezione da postare ^_^

http://www.zshare.net/download/7092576d8ac617/

(il log lo trovate al link qui sopra scusate ma con firefox non mi apre la paginetta per allegare i file)

[hydra]

Sposto.

[zero87]

ragazzi proprio nessuno che mi da una mano?

[Luke57]

Ciao, scarica questi 2 files sul desktop
ComboFix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
VundoFix
http://www.atribune.org/ccount/click.php?id=4

Disconettiti da internet
disattiva l'antivirus



Esegui vundofix
VundoFix si chiuderà e si riaprirà da solo, una volta riaperto, clicca sul pulsante "Scan for Vundo" quando la scansione è finita, clicca sul pulsante "Remove Vundo" a questo punto ti chiederà se vuoi eliminare i files, rispondi Yes una volta cliccato su Yes, non preoccuparti se il desktop scompare, è normale dato che è iniziata la procedura di eliminazione, finito la rimozione ti chiederà se vuoi riavviare, rispondi Yes e si riavvierà il pc.
E' possibile che vundofix non riesca ad eliminare alcuni files, in questo caso, vedrai vundofix apparire al riavvio basta che premi il pulsante Remove vundo per continuare la rimoazione.
Finito tutto, riavvia il pc

Avvia il file ComboFix.exe
Digita 1 per avviare il tool (non fare altre manovre durante la scansione)
Segui le instruzioni e alla fine verrà generato un log.

Riavvia il pc, collegati e posta questi 2 logs (copiandoli e incollandoli in un post)
C:\vundofix.txt
C:\combofix.txt

[zero87]

grazie luke della repentiva risposta ti metto i log dei programmi che mi hai fatto partite


VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 11.36.30 03/02/2008

Listing files found while scanning....

C:\windows\system32\aazkeykw.dllbox
C:\WINDOWS\system32\alwgywrm.dll
C:\WINDOWS\system32\aqbxubar.dll
C:\WINDOWS\system32\bkwxrhwe.ini
C:\WINDOWS\system32\cqpushwk.dll
C:\WINDOWS\system32\djmyjfwj.dll
C:\WINDOWS\system32\ewhrxwkb.dll
C:\WINDOWS\system32\kwhsupqc.ini
C:\WINDOWS\system32\mrwygwla.ini
C:\WINDOWS\system32\rbbafvru.dll
C:\WINDOWS\system32\sehasmwr.dll

Beginning removal...

Attempting to delete C:\windows\system32\aazkeykw.dllbox
C:\windows\system32\aazkeykw.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\system32\alwgywrm.dll
C:\WINDOWS\system32\alwgywrm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\aqbxubar.dll
C:\WINDOWS\system32\aqbxubar.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\bkwxrhwe.ini
C:\WINDOWS\system32\bkwxrhwe.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\cqpushwk.dll
C:\WINDOWS\system32\cqpushwk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\djmyjfwj.dll
C:\WINDOWS\system32\djmyjfwj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ewhrxwkb.dll
C:\WINDOWS\system32\ewhrxwkb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kwhsupqc.ini
C:\WINDOWS\system32\kwhsupqc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mrwygwla.ini
C:\WINDOWS\system32\mrwygwla.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rbbafvru.dll
C:\WINDOWS\system32\rbbafvru.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sehasmwr.dll
C:\WINDOWS\system32\sehasmwr.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\aqbxubar.dll
C:\WINDOWS\system32\aqbxubar.dll Has been deleted!

Performing Repairs to the registry.
Done!

---------------------------------------------------------------

ComboFix 08-02.03.1 - Daniele 2008-02-03 11.56.48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.501 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Daniele\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bujlomrg.ini
C:\WINDOWS\system32\cgcwettw.ini
C:\WINDOWS\system32\dehhmguj.ini
C:\WINDOWS\system32\exymakix.ini
C:\WINDOWS\system32\gcudythg.ini
C:\WINDOWS\system32\kmxcgqrc.ini
C:\WINDOWS\system32\ltgodfdu.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\rtstv.ini
C:\WINDOWS\system32\rtstv.ini2
C:\WINDOWS\system32\tiamryuo.ini
C:\WINDOWS\system32\trtswqty.ini
C:\WINDOWS\system32\ucukhond.ini
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\wifhcniw.ini
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32\ytqwstrt.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-01-03 al 2008-02-03 )))))))))))))))))))))))))))))))))))
.

2008-02-03 11:36 . 2008-02-03 11:50 <DIR> d-------- C:\VundoFix Backups
2008-02-02 20:13 . 2008-02-02 20:14 <DIR> d-------- C:\Programmi\Bubble
2008-02-02 20:13 . 1997-01-22 16:34 312,320 --a------ C:\WINDOWS\IsUninst.exe
2008-02-02 20:13 . 2008-02-02 20:13 31 --a------ C:\dxerror.ini
2008-02-02 20:11 . 2008-02-02 20:11 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-02-01 19:40 . 2008-02-01 19:42 <DIR> d-------- C:\Programmi\Unlocker
2008-01-30 22:07 . 2008-01-30 22:07 <DIR> d-------- C:\Programmi\Act-3D
2008-01-30 11:50 . 2008-01-30 14:33 <DIR> d-------- C:\Programmi\Proantivirus Lab
2008-01-30 11:44 . 2008-01-30 11:48 38,400 --a------ C:\WINDOWS\system32\tuvsrrr.dll.vir
2008-01-30 11:42 . 2008-01-30 11:42 294 --ahs---- C:\WINDOWS\system32\ftalciab.ini
2008-01-30 11:41 . 2008-01-30 11:47 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-01-30 11:40 . 2008-01-30 11:40 <DIR> d-------- C:\Documents and Settings\Daniele\Dati applicazioni\Simply Super Software
2008-01-30 11:40 . 2008-01-30 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Simply Super Software
2008-01-30 00:19 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-30 00:19 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-30 00:19 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-29 20:12 . 2008-01-29 20:12 <DIR> d-------- C:\Documents and Settings\Daniele\Dati applicazioni\DAEMON Tools
2008-01-29 19:57 . 2008-01-29 19:57 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-29 12:11 . 2008-01-29 12:11 94 --a------ C:\WINDOWS\wininit.ini
2008-01-29 11:50 . 2008-01-30 10:06 1,144,171 --a------ C:\WINDOWS\system32\trtswqty.ini.vir
2008-01-29 11:37 . 2008-01-29 11:37 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-01-29 11:37 . 2008-01-29 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-01-29 11:35 . 2008-02-03 11:31 13,452 --a------ C:\WINDOWS\BM8b5202e2.xml
2008-01-29 11:35 . 2008-02-03 10:51 22 --a------ C:\WINDOWS\pskt.ini
2008-01-28 19:44 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-01-28 19:27 . 2008-01-28 19:27 <DIR> d-------- C:\Programmi\Microsoft Works
2008-01-28 19:26 . 2008-01-28 19:26 <DIR> d-------- C:\Programmi\MSBuild
2008-01-28 19:10 . 2008-01-29 01:03 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-01-27 17:46 . 2008-01-27 17:46 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-01-27 17:46 . 2008-01-27 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-01-24 17:56 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-01-24 17:56 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-01-24 16:16 . 2008-01-24 16:23 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-24 16:16 . 2008-01-24 16:23 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-24 15:59 . 2008-01-24 18:03 <DIR> d-------- C:\Programmi\Norton AntiVirus
2008-01-24 15:58 . 2008-01-24 16:23 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-24 15:58 . 2008-01-24 16:23 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-24 15:57 . 2008-01-24 16:23 <DIR> d-------- C:\Programmi\Symantec
2008-01-24 15:57 . 2008-02-01 09:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-01-24 15:56 . 2008-01-31 21:05 <DIR> d-------- C:\Programmi\File comuni\Symantec Shared
2008-01-24 10:46 . 2008-01-24 10:59 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-24 10:46 . 2008-01-24 10:46 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-24 10:46 . 2008-01-24 10:46 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-24 10:46 . 2008-01-24 10:46 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-23 22:22 . 2008-01-23 22:22 38,400 --a------ C:\WINDOWS\system32\tuvsrrr.dll
2008-01-21 18:41 . 2008-01-21 18:41 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-01-21 18:41 . 2008-02-03 10:52 <DIR> d-------- C:\Documents and Settings\Daniele\Dati applicazioni\skypePM
2008-01-21 18:41 . 2008-01-21 18:41 32 --a------ C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-01-19 00:18 . 2008-01-24 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SiteAdvisor
2008-01-18 21:12 . 2008-01-24 11:55 250 --a------ C:\WINDOWS\gmer.ini
2008-01-18 20:54 . 2008-01-18 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-01-18 19:11 . 2008-01-24 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\McAfee
2008-01-16 13:11 . 2008-01-16 13:11 <DIR> d-------- C:\Programmi\iPod
2008-01-16 13:11 . 2008-02-03 12:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 13:11 . 2008-01-16 13:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 13:10 . 2008-01-24 11:01 <DIR> d-------- C:\Programmi\iTunes
2008-01-14 19:01 . 2008-01-14 19:01 <DIR> d-------- C:\Documents and Settings\Daniele\Dati applicazioni\vlc
2008-01-14 19:00 . 2008-01-14 19:02 <DIR> d-------- C:\Programmi\VideoLAN
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-05 13:31 . 2008-01-05 13:31 54 --a------ C:\WINDOWS\Composer.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 10:53 --------- d-----w C:\Documents and Settings\Daniele\Dati applicazioni\Skype
2008-02-01 18:44 --------- d-----w C:\Programmi\eMule
2008-02-01 10:12 141,612 ----a-w C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2008-02-01 09:47 --------- d-----w C:\Documents and Settings\Daniele\Dati applicazioni\LimeWire
2008-01-27 16:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-01-27 16:48 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-01-27 16:46 --------- d-----w C:\Programmi\Lavasoft
2008-01-24 10:01 --------- d-----w C:\Programmi\QuickTime
2008-01-24 10:01 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-01-24 10:00 --------- d-----w C:\Programmi\PC Connectivity Solution
2008-01-24 09:59 --------- d-----w C:\Programmi\Star Downloader
2008-01-22 23:10 --------- d-----w C:\Documents and Settings\Daniele\Dati applicazioni\PC Suite
2008-01-18 23:00 --------- d-----w C:\Programmi\Yahoo!
2008-01-17 18:41 --------- d-----w C:\Programmi\File comuni\Elecard
2008-01-16 16:02 --------- d-----w C:\Documents and Settings\Daniele\Dati applicazioni\IMVU
2008-01-12 16:44 --------- d-----w C:\Programmi\K-Lite Codec Pack
2008-01-12 16:44 --------- d-----w C:\Programmi\BitComet
2008-01-05 14:32 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-05 12:15 --------- d-----w C:\Programmi\IMVU
2007-12-30 19:35 --------- d-----w C:\Programmi\Fireplace 3D Screensaver
2007-12-30 19:35 --------- d-----w C:\Programmi\3Planesoft Screensaver Manager
2007-12-30 19:31 --------- d-----w C:\Programmi\3D Realistic Fireplace 3
2007-12-30 17:21 --------- d-----w C:\Programmi\Magic Video Studio
2007-12-29 09:37 --------- d-----w C:\Programmi\RegCleaner
2007-12-26 23:15 --------- d-----w C:\Programmi\LifeView TVR
2007-12-17 10:53 --------- d-----w C:\Programmi\MSN Messenger
2007-12-10 19:49 --------- d-----w C:\Programmi\Windows Live
2007-12-10 19:48 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-12-01 11:29 81,920 ----a-w C:\Documents and Settings\Daniele\Dati applicazioni\ezpinst.exe
2007-12-01 11:29 47,360 ----a-w C:\Documents and Settings\Daniele\Dati applicazioni\pcouffin.sys
2007-11-27 13:22 2,521,600 ----a-w C:\WINDOWS\3D Realistic Fireplace 3.scr
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04272D89-0DF7-420D-B998-65A93EA9DEF6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0dbc62e1-a9d0-41e9-82e9-6c336ee5bb90}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F39250B-0BCA-437D-9D03-ED60CD956600}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DCA410-C9E3-4123-9CB6-1B319C05DB29}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1edaaf16-1d22-432d-b04a-a07abd776287}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39FF2B40-72B6-4C69-B886-AD4A649769E4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{437A71AC-2867-41E9-8BC7-901761C35B80}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4873EC3E-BA5A-47F8-A36B-64763924CA3C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49D63E18-33B1-46F2-82C2-39431FB94794}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56402C34-F423-42E8-B537-D4E0CCC77BDE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BED7523-B667-41A0-A0E6-9296D67F8FCF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82BDA718-794F-44C1-A1CB-3301FAAC00FD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A85EC2C8-D667-429D-8BC6-FB187E48DBE4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAD210E1-BBF5-4396-BD1E-78D43DDE7054}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7B8BAF8-F917-44DC-B2BA-7833AAFA0623}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF465E3F-A595-458B-ADFF-AEB82A53A625}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4bdc11b-67a4-4ddd-86d1-7fbf7b0a6be5}]
C:\WINDOWS\system32\djmyjfwj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f8bdc543-292d-48b4-ab6e-2c6e31336cb8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA24E381-2835-4256-BDE2-07705B1FF87C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-30 21:00 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-12-10 20:50 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-25 19:11 94208]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"DAEMON Tools Lite"="C:\Programmi\DAEMON Tools Lite\daemon.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 08:34 16143872 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37 69632]
"RecSche"="C:\Programmi\LifeView TVR\RecSche.exe" [2003-11-12 07:38 466944]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 19:11 155648]
"CloneCDTray"="C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47 57344]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-02-21 18:17 185896]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-30 21:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2006-09-03 00:04 84640]
"osCheck"="C:\Programmi\Norton AntiVirus\osCheck.exe" [2006-09-05 18:22 26248]
"Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-06-30 00:42 707376]
"BM8b5202e2"="C:\WINDOWS\system32\aqbxubar.dll" [ ]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 11:43 69632 C:\WINDOWS\ALCMTR.EXE]
"8861317e"="C:\WINDOWS\system32\ytqwstrt.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC7852"="cmd /c del C:\WINDOWS\system32\nxhfhoce.dllbox" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-30 21:00 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\Daniele\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
IMVU.lnk - C:\Programmi\IMVU\IMVUClient.exe [2008-01-15 20:49:10 49408]
Ritaglio schermata e avvio di OneNote 2007.lnk - C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2007-02-15 17:13:34 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"Service"= C:\WINDOWS\sysnet32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aazkeykw]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvsrrr]
tuvsrrr.dll 2008-01-23 22:22 38400 C:\WINDOWS\system32\tuvsrrr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
-ra------ 2006-06-30 00:42 707376 C:\WINDOWS\vVX1000.exe

R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:54]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-06-30 00:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d793008-ce9e-11dc-aae7-001617d98ee1}]
\Shell\AutoRun\command - G:\setup.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-30 11:50:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-02-01 19:22:10 C:\WINDOWS\Tasks\Norton AntiVirus - Scansione completa sistema - Daniele.job"
- C:\PROGRA~1\NORTON~1\Navw32.exei/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 12:03:59
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tuvsrrr.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2008-02-03 12:06:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-03 11:06:39
.
2008-01-29 00:03:19 --- E O F ---

[Luke57]

Ciao, copia questo codice:

file::
C:\WINDOWS\system32\tuvsrrr.dll.vir
C:\WINDOWS\system32\trtswqty.ini.vir
C:\WINDOWS\system32\tuvsrrr.dll
C:\WINDOWS\system32\djmyjfwj.dll

registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04272D89-0DF7-420D-B998-65A93EA9DEF6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0dbc62e1-a9d0-41e9-82e9-6c336ee5bb90}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F39250B-0BCA-437D-9D03-ED60CD956600}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DCA410-C9E3-4123-9CB6-1B319C05DB29}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1edaaf16-1d22-432d-b04a-a07abd776287}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39FF2B40-72B6-4C69-B886-AD4A649769E4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{437A71AC-2867-41E9-8BC7-901761C35B80}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4873EC3E-BA5A-47F8-A36B-64763924CA3C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49D63E18-33B1-46F2-82C2-39431FB94794}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56402C34-F423-42E8-B537-D4E0CCC77BDE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BED7523-B667-41A0-A0E6-9296D67F8FCF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82BDA718-794F-44C1-A1CB-3301FAAC00FD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A85EC2C8-D667-429D-8BC6-FB187E48DBE4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAD210E1-BBF5-4396-BD1E-78D43DDE7054}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7B8BAF8-F917-44DC-B2BA-7833AAFA0623}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF465E3F-A595-458B-ADFF-AEB82A53A625}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4bdc11b-67a4-4ddd-86d1-7fbf7b0a6be5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f8bdc543-292d-48b4-ab6e-2c6e31336cb8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA24E381-2835-4256-BDE2-07705B1FF87C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM8b5202e2"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
8861317e"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"Service"= -
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aazkeykw]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvsrrr]

apri un file di testo (start>esegui>notepad.exe>OK), ci incolli il codice, lo salvi obbligatoriamente con il nome
CFScript.txt.
Lo trascini con il puntatore del mouse sopra l'icona di combofix e attendi una nuova scansione del programma con eventuale riavvio. Posta poi il nuovo report.

[zero87]

ecco fatto

ComboFix 08-02.03.1 - Daniele 2008-02-03 18.15.40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.497 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Daniele\Desktop\CombFix.exe
Command switches used :: C:\Documents and Settings\Daniele\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-01-03 al 2008-02-03 )))))))))))))))))))))))))))))))))))
.

2008-02-03 11:36 . 2008-02-03 11:50 <DIR> d-------- C:\VundoFix Backups
2008-02-02 20:13 . 2008-02-02 20:14 <DIR> d-------- C:\Programmi\Bubble
2008-02-02 20:13 . 1997-01-22 16:34 312,320 --a------ C:\WINDOWS\IsUninst.exe
2008-02-02 20:11 . 2008-02-02 20:11 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-02-01 19:40 . 2008-02-01 19:42 <DIR> d-------- C:\Programmi\Unlocker
2008-01-30 22:07 . 2008-01-30 22:07 <DIR> d-------- C:\Programmi\Act-3D
2008-01-30 11:50 . 2008-01-30 14:33 <DIR> d-------- C:\Programmi\Proantivirus Lab
2008-01-30 11:44 . 2008-01-30 11:48 38,400 --a------ C:\WINDOWS\system32\tuvsrrr.dll.vir
2008-01-30 11:42 . 2008-01-30 11:42 294 --ahs---- C:\WINDOWS\system32\ftalciab.ini
2008-01-30 11:41 . 2008-01-30 11:47 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-01-30 11:40 . 2008-01-30 11:40 <DIR> d-------- C:\Documents and Settings\Daniele\Dati applicazioni\Simply Super Software
2008-01-30 11:40 . 2008-01-30 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Simply Super Software
2008-01-30 00:19 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-30 00:19 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-30 00:19 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-29 20:12 . 2008-01-29 20:12 <DIR> d-------- C:\Documents and Settings\Daniele\Dati applicazioni\DAEMON Tools
2008-01-29 19:57 . 2008-01-29 19:57 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-29 12:11 . 2008-01-29 12:11 94 --a------ C:\WINDOWS\wininit.ini
2008-01-29 11:50 . 2008-01-30 10:06 1,144,171 --a------ C:\WINDOWS\system32\trtswqty.ini.vir
2008-01-29 11:37 . 2008-01-29 11:37 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-01-29 11:37 . 2008-01-29 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-01-29 11:35 . 2008-02-03 11:31 13,452 --a------ C:\WINDOWS\BM8b5202e2.xml
2008-01-29 11:35 . 2008-02-03 10:51 22 --a------ C:\WINDOWS\pskt.ini
2008-01-28 19:44 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-01-28 19:27 . 2008-01-28 19:27 <DIR> d-------- C:\Programmi\Microsoft Works
2008-01-28 19:26 . 2008-01-28 19:26 <DIR> d-------- C:\Programmi\MSBuild
2008-01-28 19:10 . 2008-01-29 01:03 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-01-27 17:46 . 2008-01-27 17:46 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-01-27 17:46 . 2008-01-27 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-01-24 17:56 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-01-24 17:56 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-01-24 16:16 . 2008-01-24 16:23 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-24 16:16 . 2008-01-24 16:23 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-24 15:59 . 2008-01-24 18:03 <DIR> d-------- C:\Programmi\Norton AntiVirus
2008-01-24 15:58 . 2008-01-24 16:23 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-24 15:58 . 2008-01-24 16:23 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-24 15:57 . 2008-01-24 16:23 <DIR> d-------- C:\Programmi\Symantec
2008-01-24 15:57 . 2008-02-01 09:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-01-24 15:56 . 2008-01-31 21:05 <DIR> d-------- C:\Programmi\File comuni\Symantec Shared
2008-01-24 10:46 . 2008-01-24 10:59 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-24 10:46 . 2008-01-24 10:46 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-24 10:46 . 2008-01-24 10:46 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-24 10:46 . 2008-01-24 10:46 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-23 22:22 . 2008-01-23 22:22 38,400 --a------ C:\WINDOWS\system32\tuvsrrr.dll
2008-01-21 18:41 . 2008-01-21 18:41 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-01-21 18:41 . 2008-02-03 16:04 <DIR> d-------- C:\Documents and Settings\Daniele\Dati applicazioni\skypePM
2008-01-21 18:41 . 2008-01-21 18:41 32 --a------ C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-01-19 00:18 . 2008-01-24 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SiteAdvisor
2008-01-18 21:12 . 2008-01-24 11:55 250 --a------ C:\WINDOWS\gmer.ini
2008-01-18 20:54 . 2008-01-18 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-01-18 19:11 . 2008-01-24 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\McAfee
2008-01-16 13:11 . 2008-01-16 13:11 <DIR> d-------- C:\Programmi\iPod
2008-01-16 13:11 . 2008-02-03 12:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 13:11 . 2008-01-16 13:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 13:10 . 2008-01-24 11:01 <DIR> d-------- C:\Programmi\iTunes
2008-01-14 19:01 . 2008-01-14 19:01 <DIR> d-------- C:\Documents and Settings\Daniele\Dati applicazioni\vlc
2008-01-14 19:00 . 2008-01-14 19:02 <DIR> d-------- C:\Programmi\VideoLAN
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-05 13:31 . 2008-01-05 13:31 54 --a------ C:\WINDOWS\Composer.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 17:11 --------- d-----w C:\Documents and Settings\Daniele\Dati applicazioni\Skype
2008-02-01 18:44 --------- d-----w C:\Programmi\eMule
2008-02-01 10:12 141,612 ----a-w C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2008-02-01 09:47 --------- d-----w C:\Documents and Settings\Daniele\Dati applicazioni\LimeWire
2008-01-27 16:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-01-27 16:48 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-01-27 16:48 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-27 16:46 --------- d-----w C:\Programmi\Lavasoft
2008-01-24 10:01 --------- d-----w C:\Programmi\QuickTime
2008-01-24 10:01 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-01-24 10:00 --------- d-----w C:\Programmi\PC Connectivity Solution
2008-01-24 09:59 --------- d-----w C:\Programmi\Star Downloader
2008-01-22 23:10 --------- d-----w C:\Documents and Settings\Daniele\Dati applicazioni\PC Suite
2008-01-18 23:00 --------- d-----w C:\Programmi\Yahoo!
2008-01-17 18:41 --------- d-----w C:\Programmi\File comuni\Elecard
2008-01-16 16:02 --------- d-----w C:\Documents and Settings\Daniele\Dati applicazioni\IMVU
2008-01-12 16:44 --------- d-----w C:\Programmi\K-Lite Codec Pack
2008-01-12 16:44 --------- d-----w C:\Programmi\BitComet
2008-01-05 14:32 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-05 12:15 --------- d-----w C:\Programmi\IMVU
2007-12-30 19:35 --------- d-----w C:\Programmi\Fireplace 3D Screensaver
2007-12-30 19:35 --------- d-----w C:\Programmi\3Planesoft Screensaver Manager
2007-12-30 19:31 --------- d-----w C:\Programmi\3D Realistic Fireplace 3
2007-12-30 17:21 --------- d-----w C:\Programmi\Magic Video Studio
2007-12-29 09:37 --------- d-----w C:\Programmi\RegCleaner
2007-12-27 13:45 3,489,792 ----a-w C:\WINDOWS\system32\Fireplace 3D Screensaver.exe
2007-12-26 23:15 --------- d-----w C:\Programmi\LifeView TVR
2007-12-26 15:10 850,944 ----a-w C:\WINDOWS\system32\Fireplace_3D_Screensaver.scr
2007-12-24 15:45 450,560 ----a-w C:\WINDOWS\system32\3Planesoft_Screensaver_Manager.scr
2007-12-17 10:53 --------- d-----w C:\Programmi\MSN Messenger
2007-12-10 19:49 --------- d-----w C:\Programmi\Windows Live
2007-12-10 19:48 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-12-01 11:29 81,920 ----a-w C:\Documents and Settings\Daniele\Dati applicazioni\ezpinst.exe
2007-12-01 11:29 47,360 ----a-w C:\Documents and Settings\Daniele\Dati applicazioni\pcouffin.sys
2007-11-27 13:22 2,521,600 ----a-w C:\WINDOWS\3D Realistic Fireplace 3.scr
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4bdc11b-67a4-4ddd-86d1-7fbf7b0a6be5}]
C:\WINDOWS\system32\djmyjfwj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-30 21:00 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-12-10 20:50 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-25 19:11 94208]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"DAEMON Tools Lite"="C:\Programmi\DAEMON Tools Lite\daemon.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 08:34 16143872 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37 69632]
"RecSche"="C:\Programmi\LifeView TVR\RecSche.exe" [2003-11-12 07:38 466944]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 19:11 155648]
"CloneCDTray"="C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47 57344]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-02-21 18:17 185896]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-30 21:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2006-09-03 00:04 84640]
"osCheck"="C:\Programmi\Norton AntiVirus\osCheck.exe" [2006-09-05 18:22 26248]
"Symantec PIF AlertEng"="C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-06-30 00:42 707376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC7852"="cmd /c del C:\WINDOWS\system32\nxhfhoce.dllbox" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-30 21:00 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\Daniele\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
IMVU.lnk - C:\Programmi\IMVU\IMVUClient.exe [2008-01-15 20:49:10 49408]
Ritaglio schermata e avvio di OneNote 2007.lnk - C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2007-02-15 17:13:34 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
-ra------ 2006-06-30 00:42 707376 C:\WINDOWS\vVX1000.exe

R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:54]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-06-30 00:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d793008-ce9e-11dc-aae7-001617d98ee1}]
\Shell\AutoRun\command - G:\setup.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-30 11:50:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-02-01 19:22:10 C:\WINDOWS\Tasks\Norton AntiVirus - Scansione completa sistema - Daniele.job"
- C:\PROGRA~1\NORTON~1\Navw32.exei/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 18:18:06
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tuvsrrr.dll
.
Ora fine scansione: 2008-02-03 18.18.28
ComboFix-quarantined-files.txt 2008-02-03 17:18:25
ComboFix2.txt 2008-02-03 11:06:44
.
2008-01-29 00:03:19 --- E O F ---

[zero87]

scusa luke che altro devo fare ora?

[Luke57]

Ciao, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte seguenti:



files to delete:
C:\WINDOWS\system32\tuvsrrr.dll.vir
C:\WINDOWS\system32\trtswqty.ini.vir
C:\WINDOWS\BM8b5202e2.xml
C:\WINDOWS\system32\tuvsrrr.dll



registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4bdc11b-67a4-4ddd-86d1-7fbf7b0a6be5}


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi ok e poi yes.
Il pc dovrebbe riavviarsi da solo, se così non fosse riavvialo manualmente.
Allega poi il log generato da avenger, lo trovi in C:\avenger.txt è un file di testo.

[zero87]

ecco fatto

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ouxwoehq

*******************

Script file located at: \??\C:\hmlscluq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\tuvsrrr.dll.vir deleted successfully.
File C:\WINDOWS\system32\trtswqty.ini.vir deleted successfully.
File C:\WINDOWS\BM8b5202e2.xml deleted successfully.
File C:\WINDOWS\system32\tuvsrrr.dll deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4bdc11b-67a4-4ddd-86d1-7fbf7b0a6be5} deleted successfully.


Could not get size of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs
Replacement with dummy of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.