DOPO VIRUS WIFI KO

[esperia75]

Salve,
Sto impazzendo, in genere se mi capita qualche minaccia riesco sempre ad arginarla...ma stavolta non riesco a venirne a capo.
Vado subito al dunque.

Ero su un sito inglese che mi dà l'origine di tutti i nomi di persona...e AVG mi dà una serie di alert di virus-trojan.
Mi dice che li ha eliminati, ma mi si apre una schermata "ANTIVIRUS" del tipo AVG con un nome tipo "Animal spyware doctor" o qualcosa del genere. A quel punto lo chiudo, blocco la connessione wifi, vlocco il ripristino sistema, vado in msconfig a togliere 5-6 files anomali, nelle chiavi di registro in un pò di chiavi, faccio uno scan con AVG: tutto ok; scarico VirIt che non mi dà nulla, scarico Gmer che mi dà tutto nero ma niente rosso...
...Il problema è che la wifi non mi si connette più. Dà i numeri, a volte sembra connessa ma non lo è, nel senso che manda files ma non ne riceve. A volte, msn pare connettersi, ma solo per poco e poi da errore. Da ricerca errori, dice che il proxi non c'è.
Non solo, ma va lento...ho provato a trasferire i dati su un HD esterno per savarli in caso di formattazione...ma si blocca mentre trasferisce

Infine, ultima particolarità: normalmente uso CHROME(dove l'ho beccato) ma è explorer che sto usando ora(con una chiavetta tim) e ogni tot prova ad aprirmi una ricerca per cercarsi quell'animal spyware doctor...

...Active X mi blocca gli scan online, Anche se dico "installa", "autorizza"...li ho provato tutti...mentre parliamo sta riuscendo solo active scan di panda...

Uso un netbook della samsung(n120) con xp.

Vi allego il file di hijackthis, sperando sia la sezione giusta per postarlo...vi prego, aiutatemi. Ho il mondo qu sopra, se lo formatto è finita...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23.30.14, on 22/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\AAA CARTELLA PROTEGGIMI AGO2010\a-squared Free\a2service.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLite\viritsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\VEXPLite\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Programmi\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\VEXPLite\VIRITEXP.EXE
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://skydrive.live.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Programmi\Samsung Electronics Co., Ltd.\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Programmi\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Programmi\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Programmi\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BatteryLifeExtender] C:\Programmi\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe /2
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\AAA CARTELLA PROTEGGIMI AGO2010\a-squared Free\a2service.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: QXZFMSZR - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\QXZFMSZR.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Programmi\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe
O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLite\viritsvc.exe

--
End of file - 8917 bytes

[esperia75]

Ah, dimeticavo, ho usato anche asquared.
Ho paura di aprire qualsiasi sito per timore che mi spiino °_°

[Luke57]

Ciao
scarica e installa malwarebytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Poi posta il rapporto di malwarebytes

[esperia75]

Ciao Luke,
innanzitutto immensamente GRAZIE.
Tuttavia, ti anticipo che il problema pare solo PARZIALMENTRE risolto: nel senso che malwarebytes mi ha eliminato 12 files infetti(come ti allego di seguito) ma, nonsotante abbia reinstallato i drivers Atheros della wifi presi dal sito Samsung, la wi non funziona
pare mandi in uscita dati ma non in entrata!
Ma perchè mai?
Come DIAMINE devo fare?

Una nota spiritosa. Quando l'ho acceso, stasera, per utilizzare MalwareB., mentre preparavo il pc mi si è aperta una finestra di dialogo comandi con un cursorino che ballava per lo schermo °_°
Ho detto"il mio pc è alla frutta" °_°

Ora non so se è tutto ok, ma ne dubito. Aiutami se puoi...

Infine, c'era anche quel benedetto Antimalaware doctor tra le chiavi non tolte...

...HELP

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4466

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/08/2010 0.04.25
mbam-log-2010-08-24 (00-04-25).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 267508
Tempo trascorso: 2 ore, 26 minuti, 58 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 5
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 1
File infetti: 7

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

File infetti:
C:\Documents and Settings\All Users\Dati applicazioni\{784E3329-1B2A-421E-9427-596088B766F6}\OFFLINE\71747601\2302A1E7\memman.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\AMY75WINGSNETBOOK\Impostazioni locali\Temporary Internet Files\Content.IE5\6MGS9FC5\mqupjickr[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\AMY75WINGSNETBOOK\Impostazioni locali\Temporary Internet Files\Content.IE5\F2IAAI66\mqupjickr[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\AMY75WINGSNETBOOK\Impostazioni locali\Temporary Internet Files\Content.IE5\LE6NZORI\newsecureapp70700[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\AMY75WINGSNETBOOK\Impostazioni locali\Temporary Internet Files\Content.IE5\LE6NZORI\nezgb[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\AMY75WINGSNETBOOK\Impostazioni locali\Temporary Internet Files\Content.IE5\RYI9RUQW\cgbvd[1].htm (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
D:\aceramalia\GIOCHINI PICCOLI\Bookworm Deluxe\cfbwd102\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

[Luke57]

Ciao, prova questa utility:
http://www.suspectfile.com/forum/viewto ... f=8&t=2761

scegli l'opzione Restore Wireless
e riavvia il comuter.

[esperia75]

Luke, devo avere ancora qualcosa, che non mi molla.
Innanzitutto, stasera, al primo riavvio, ha provato ad aprirsi una finestra di dialogo dos come quella degli scherzetti l'altra volta, e poi si è chiusa.
Il computer in modalità normale è lento e si blocca 2 volte su 3.
Ho utilizzato l'utility che mi hai consigliato, ma non ha sortito effetto.
Ho inoltre avuto molte difficoltà ad aggionrare l'antivirus di default, AVG.
Proprio ora explorer ha provato a caricarmi il sito www.changingfaces.com/php
°_°
Hai altre idee, per piacere? Non so, antivirus, azione violenta?
Grazie...

[Luke57]

Ciao, Scarica Combofix da qui, sul desktop:
http://www.bleepingcomputer.com/combofi ... e-combofix
all'interno della pagina troverai una guida sul corretto utilizzo del programma, leggila attentamente.
Non installare la Console di Ripristino.

Portati, finita la scansione, in C:\ apri il file di testo ComboFix.txt copia ed incolla il suo contenuto in un prossimo post.

NB
durante la rimozione non dev'essere attiva la connessione internet e l'antivirus dev'essere disattivato.

Inoltre, se qualcosa ti mpedisse di avviare combofix.exe, eliminalo e scaricalo di nuovo, ma prima prima di salvarlo sul desktop rinomina il file in abc.exe
(per rinominare il file, quando lo scarichi ti chiede dove salvarlo e ti compare la casella "nome file", cambia il nome che ti appare in abc.exe e salvalo obbligatoriamente sul desktop)

Poi, da start > esegui, nel box bianco copia e incolla questo comando, virgolette comprese:
"%userprofile%\desktop\abc.exe" /killall
Premi OK, si dovrebbe avviare la scansione.

[esperia75]

Luke, ti aggiorno da altro pc.
Sto seguendo scrupolosamente le istruzioni per combofix...ma ad un certo punto non ha proceduto secondo manuale, ha detto che ha rilevato la presenza di un rootkit ed era necessario riavviare...in verità l'ha fatto anche appena lanciato...tutto normale? Ora ha ricominciato con la videata"di solito ci mette dieci minuti ma con i pc infetti di più..."
...speriamo solo vada avanti...devo postare il log?

[Luke57]

E' assolutamente necessario esaminare il report di combofix

[esperia75]

ComboFix 10-08-24.0A - AMY75WINGSNETBOOK 25/08/2010 11.26.24.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.631 [GMT 2:00]
Eseguito da: c:\documents and settings\AMY75WINGSNETBOOK\Desktop\abc.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Microsoft\~DFK20bb07.tmp
c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Microsoft\1eaadjc.dll
c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Microsoft\bass.dll
c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Microsoft\engine_vx.dll
c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Microsoft\kfgresk.dll
c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Microsoft\mjcriu.dll
c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Microsoft\peaadje.dll
c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Microsoft\qwadjb.dll
c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Microsoft\rsaadjd.dll
c:\documents and settings\AMY75WINGSNETBOOK\Impostazioni locali\Dati applicazioni\Windows Server
c:\documents and settings\AMY75WINGSNETBOOK\Impostazioni locali\Dati applicazioni\Windows Server\admin.txt
c:\documents and settings\AMY75WINGSNETBOOK\Impostazioni locali\Dati applicazioni\Windows Server\server.dat
c:\windows\SEC
c:\windows\SEC\DelMt.cmd
c:\windows\SEC\JRE150.exe
c:\windows\SEC\Marker.exe
c:\windows\SEC\MEMIO.sys
c:\windows\SEC\MEMIO.vxd
c:\windows\SEC\MP10ITA.exe
c:\windows\SEC\SECINSTALL.EXE
c:\windows\SEC\SECINSTALL.INI
c:\windows\SEC\StartMem.exe
c:\windows\system32\ctfmon_D.exe
c:\windows\system32\skinboxer43.dll
c:\windows\tempf.txt
c:\windows\tempf2.txt
C:\zip.exe

La copia infetta di c:\windows\system32\drivers\acpiec.sys è stata trovata e disinfettata
ipristinata copia da - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Creati Da 2010-07-25 al 2010-08-25 )))))))))))))))))))))))))))))))))))
.

2010-08-24 23:05 . 2010-08-24 23:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-08-24 22:09 . 2010-08-24 22:09 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-08-23 19:23 . 2010-08-23 19:23 -------- d-----w- c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Malwarebytes
2010-08-23 19:21 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 19:21 . 2010-08-23 19:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-08-23 19:21 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 21:59 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-08-22 21:59 . 2010-08-22 21:59 -------- d-----w- c:\programmi\Panda Security
2010-08-22 21:10 . 2010-08-22 21:10 388096 ----a-r- c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-22 21:10 . 2010-08-22 21:10 -------- d-----w- c:\programmi\Trend Micro
2010-08-22 20:32 . 2010-08-22 20:47 574 ----a-w- C:\cleanup.bat
2010-08-22 20:32 . 2010-08-22 20:32 61440 ----a-w- c:\windows\system32\drivers\lzks.sys
2010-08-22 18:26 . 2010-08-24 23:10 -------- d-----w- C:\AAA CARTELLA PROTEGGIMI AGO2010
2010-08-22 18:21 . 2010-08-22 18:21 -------- d-----w- c:\programmi\Marvell
2010-08-22 18:19 . 2010-08-22 18:19 -------- d-----w- c:\windows\OPTIONS
2010-08-22 18:19 . 2010-06-18 17:34 530664 ----a-w- c:\windows\system32\drivers\rtl819xp.sys
2010-08-22 18:19 . 2010-08-22 18:19 -------- d-----w- c:\programmi\REALTEK Wireless LAN Software
2010-08-21 11:07 . 2010-08-21 11:07 0 ----a-w- c:\windows\nsreg.dat
2010-08-21 11:07 . 2010-08-21 11:07 -------- d-----w- c:\documents and settings\AMY75WINGSNETBOOK\Impostazioni locali\Dati applicazioni\Mozilla
2010-08-21 10:42 . 2010-07-19 09:11 126976 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\361580F9\76AC2E42\viritupg.dll
2010-08-21 10:42 . 2009-11-26 09:40 41 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\4019ACE7\76AC2E42\filesys32.bat
2010-08-21 10:42 . 2007-01-29 18:38 114688 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\2D8CD269\76AC2E42\MSCUISTF.DLL
2010-08-21 10:42 . 2000-02-23 17:04 40960 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\4CB6811E\76AC2E42\TGWORD.dll
2010-08-21 10:42 . 1996-11-26 11:00 89088 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\284EA5AB\76AC2E42\MSCOMSTF.DLL
2010-08-21 10:42 . 1996-11-26 11:00 69632 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\33D9DDD5\76AC2E42\MSINSSTF.DLL
2010-08-21 10:42 . 2010-08-21 10:43 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}
2010-08-21 10:42 . 2010-07-16 15:05 49152 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\22028FD3\76AC2E42\tgdlg.dll
2010-08-21 10:42 . 2009-11-11 07:53 45312 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\277632B2\76AC2E42\VIRAGTLT.sys
2010-08-21 10:42 . 2007-03-06 16:59 45056 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\1F32D12A\76AC2E42\Dislite.exe
2010-08-21 10:42 . 2005-01-23 11:16 127879 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\1CAEB15D\76AC2E42\register.exe
2010-08-21 10:42 . 2002-03-13 15:46 53248 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\17E710A5\76AC2E42\zlib.dll
2010-08-21 10:42 . 1996-11-26 11:00 49152 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\12FD329C\76AC2E42\MSUILSTF.DLL
2010-08-21 10:40 . 2010-08-21 10:40 -------- d-----w- c:\documents and settings\AMY75WINGSNETBOOK\Impostazioni locali\Dati applicazioni\PackageAware
2010-08-21 09:41 . 2010-08-21 09:41 -------- d-----w- c:\programmi\Resource Kit
2010-08-21 00:25 . 2010-08-21 00:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 22:59 . 2010-03-10 19:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-08-23 22:15 . 2009-03-24 21:02 64576 ----a-w- c:\windows\system32\perfc010.dat
2010-08-23 22:15 . 2009-03-24 21:02 428898 ----a-w- c:\windows\system32\perfh010.dat
2010-08-22 20:32 . 2010-08-22 20:32 50 ----a-w- c:\programmi\opzgncw.txt
2010-08-22 18:19 . 2009-03-25 07:00 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-08-21 10:48 . 2009-11-11 07:53 45312 ----a-w- c:\windows\system32\drivers\VIRAGTLT.sys
2010-08-21 00:49 . 2010-04-10 10:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-08-15 22:48 . 2009-11-23 01:59 -------- d-----w- c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Audacity
2010-08-13 23:38 . 2010-01-24 14:19 -------- d-----w- c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\vlc
2010-08-13 23:27 . 2010-03-02 00:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-08-13 15:14 . 2009-11-19 17:29 -------- d-----w- c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\BitTorrent
2010-08-01 23:49 . 2009-07-03 11:13 -------- d-----w- c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\U3
2010-07-21 16:31 . 2010-08-21 10:43 2955280 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\vnlt6700.exe
2010-07-20 16:32 . 2010-08-21 10:43 1146880 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\5BF53870\76AC2E42\viritexp.exe
2010-07-20 16:31 . 2010-08-21 10:43 81920 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\__Nas01_sviluppo_varie\Setup\VIRITLite\Files\viritsvc.exe
2010-07-15 23:01 . 2009-09-03 20:55 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 23:01 . 2010-07-15 23:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 23:01 . 2009-09-03 20:55 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-06 18:09 . 2010-07-06 17:56 -------- d-----w- c:\programmi\FFmpeg for Audacity
2010-07-06 17:52 . 2010-07-06 17:52 -------- d-----w- c:\programmi\Lame for Audacity
2010-06-30 12:31 . 2009-03-24 21:02 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2009-03-24 21:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2009-03-24 21:02 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-24 07:25 . 2010-08-21 10:43 278528 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\D89A54DE\76AC2E42\MONLITE.exe
2010-06-22 15:13 . 2010-08-21 10:43 360448 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\BB22A901\76AC2E42\Scan.dll
2010-06-21 15:27 . 2009-03-24 21:02 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2009-03-24 21:02 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-03-25 06:52 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2009-03-24 21:02 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 14:51 . 2010-06-11 14:51 3055600 ----a-w- c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 14:36 . 2010-06-11 14:36 275952 ----a-w- c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Mozilla\plugins\npgoogletalk.dll
2010-06-04 18:29 . 2009-03-25 07:02 1606368 ----a-w- c:\windows\system32\drivers\athw.sys
2010-06-02 13:14 . 2009-09-03 20:55 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 12:04 1664256 ----a-w- c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BatteryLifeExtender"="c:\programmi\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe" [2009-03-13 550912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMHotKey"="c:\programmi\Samsung Electronics Co." [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-18 137752]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"MagicKeyboard"="c:\programmi\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]
"UCam_Menu"="c:\programmi\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2010-08-21 278528]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 23:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^AMY75WINGSNETBOOK^Menu Avvio^Programmi^Esecuzione automatica^Antimalware Doctor.lnk]
path=c:\documents and settings\AMY75WINGSNETBOOK\Menu Avvio\Programmi\Esecuzione automatica\Antimalware Doctor.lnk
backup=c:\windows\pss\Antimalware Doctor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^AMY75WINGSNETBOOK^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\documents and settings\AMY75WINGSNETBOOK\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^AMY75WINGSNETBOOK^Menu Avvio^Programmi^Esecuzione automatica^StarOffice 9.lnk]
path=c:\documents and settings\AMY75WINGSNETBOOK\Menu Avvio\Programmi\Esecuzione automatica\StarOffice 9.lnk
backup=c:\windows\pss\StarOffice 9.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-06 00:24 135664 ----atw- c:\documents and settings\AMY75WINGSNETBOOK\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-06-26 21:08 1211176 ----a-w- c:\programmi\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10 142120 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-08-19 09:01 57344 ----a-w- c:\programmi\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\programmi\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPBackGround]
2008-12-03 15:20 298664 ----a-w- c:\programmi\Samsung\Samsung Update Plus\SUPBackGround.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMSAccess"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AVG Security Toolbar Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\AMY75WINGSNETBOOK\\Impostazioni locali\\Dati applicazioni\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\AMY75WINGSNETBOOK\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [22/08/2010 23.59.59 28552]
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.sys [11/11/2009 9.53.20 45312]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/09/2009 22.55.03 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/09/2009 22.55.11 243024]
R2 a2free;a-squared Free Service;c:\aaa cartella proteggimi ago2010\a-squared Free\a2service.exe [22/08/2010 20.27.42 1872320]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [16/07/2010 1.01.43 308136]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [25/03/2009 8.59.04 4300]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\programmi\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe [18/02/2009 21.08.44 74992]
R2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [20/07/2010 18.31.00 81920]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [24/03/2009 23.02.40 14336]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [25/03/2009 9.02.56 238464]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25/03/2009 9.00.36 1684736]
S3 QXZFMSZR;QXZFMSZR;c:\docume~1\ADMINI~1\IMPOST~1\Temp\QXZFMSZR.exe --> c:\docume~1\ADMINI~1\IMPOST~1\Temp\QXZFMSZR.exe [?]
S3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [18/02/2009 21.08.48 25560]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programmi\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/04/2010 12.40.48 369920]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/11/2009 19.16.20 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1386744058-3159075676-1805530102-1005Core.job
- c:\documents and settings\AMY75WINGSNETBOOK\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-12-06 00:24]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1386744058-3159075676-1805530102-1005UA.job
- c:\documents and settings\AMY75WINGSNETBOOK\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-12-06 00:24]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=SMSN
uInternet Connection Wizard,ShellNext = hxxp://skydrive.live.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-cxvmemxj - c:\documents and settings\AMY75WINGSNETBOOK\Impostazioni locali\Dati applicazioni\jqwshdkaf\vedbgqvshdw.exe
MSConfigStartUp-juvoxyrm - c:\documents and settings\AMY75WINGSNETBOOK\Impostazioni locali\Dati applicazioni\yohuhyiur\vhiuomdshdw.exe
MSConfigStartUp-MChk - c:\windows\system32\R1890.exe
MSConfigStartUp-newsecureapp70700 - c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\27712E038BA9A1161A42A7D3269172CE\newsecureapp70700.exe
MSConfigStartUp-nkkskrgq - c:\documents and settings\AMY75WINGSNETBOOK\Impostazioni locali\Dati applicazioni\cpkthsjpy\votesrcshdw.exe
MSConfigStartUp-sta - E1890.dll
MSConfigStartUp-SUPERAntiSpyware - c:\aaa cartella proteggimi ago2010\SUPERAntiSpyware.exe
MSConfigStartUp-swg - c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 11:33
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,e5,f1,c0,10,58,cd,46,98,63,74,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,e5,f1,c0,10,58,cd,46,98,63,74,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Ora fine scansione: 2010-08-25 11:35:24
ComboFix-quarantined-files.txt 2010-08-25 09:35

Pre-Run: 33.703.325.696 byte disponibili
Post-Run: 33.736.302.592 byte disponibili

- - End Of File - - 739F98BC45D162745185B88509FDD841



Che faccio ora? Aspetto tuoi lumi...a me pare abbia fatto una strage...e non solo in senso positivo....

[Luke57]

Ciao,Apri il block notes di windows
Copia e incolla all'interno del file testo il seguente script:

Codice: Seleziona tutto

Driver::
yksvc

File::
c:\windows\system32\drivers\lzks.sys
c:\programmi\opzgncw.txt
c:\docume~1\ADMINI~1\IMPOST~1\Temp\QXZFMSZR.exe

Salva il file testo nella stessa posizione dove è presente combofix.exe e chiamalo CFScript.txt
Disconettiti da internet.

Adesso trascina il file CFScript.txt su ComboFix.exe o abc.exe
Il programma eseguirà una nuova scansione,al termine riavvia il pc se ti viene richiesto dal programma.
Posta il nuovo report, metti il testo tra i due tag [code][code]

[esperia75]

Codice: Seleziona tutto

ComboFix 10-08-24.0A - AMY75WINGSNETBOOK 25/08/2010  14.00.05.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.39.1040.18.1014.526 [GMT 2:00]
Eseguito da: c:\documents and settings\AMY75WINGSNETBOOK\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\AMY75WINGSNETBOOK\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\docume~1\ADMINI~1\IMPOST~1\Temp\QXZFMSZR.exe"
"c:\programmi\opzgncw.txt"
"c:\windows\system32\drivers\lzks.sys"
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\opzgncw.txt
c:\windows\system32\Drivers\lzks.sys

.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YKSVC
-------\Service_yksvc


(((((((((((((((((((((((((   Files Creati Da 2010-07-25 al 2010-08-25  )))))))))))))))))))))))))))))))))))
.

2010-08-24 23:05 . 2010-08-24 23:05   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-08-24 22:09 . 2010-08-24 22:09   --------   d-----w-   c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-08-23 19:23 . 2010-08-23 19:23   --------   d-----w-   c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Malwarebytes
2010-08-23 19:21 . 2010-04-29 13:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 19:21 . 2010-08-23 19:21   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-08-23 19:21 . 2010-04-29 13:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-08-22 21:59 . 2009-06-30 07:37   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
2010-08-22 21:59 . 2010-08-22 21:59   --------   d-----w-   c:\programmi\Panda Security
2010-08-22 21:10 . 2010-08-22 21:10   388096   ----a-r-   c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-22 21:10 . 2010-08-22 21:10   --------   d-----w-   c:\programmi\Trend Micro
2010-08-22 20:32 . 2010-08-22 20:47   574   ----a-w-   C:\cleanup.bat
2010-08-22 18:26 . 2010-08-24 23:10   --------   d-----w-   C:\AAA CARTELLA PROTEGGIMI AGO2010
2010-08-22 18:21 . 2010-08-22 18:21   --------   d-----w-   c:\programmi\Marvell
2010-08-22 18:19 . 2010-08-22 18:19   --------   d-----w-   c:\windows\OPTIONS
2010-08-22 18:19 . 2010-06-18 17:34   530664   ----a-w-   c:\windows\system32\drivers\rtl819xp.sys
2010-08-22 18:19 . 2010-08-22 18:19   --------   d-----w-   c:\programmi\REALTEK Wireless LAN Software
2010-08-21 11:07 . 2010-08-21 11:07   0   ----a-w-   c:\windows\nsreg.dat
2010-08-21 11:07 . 2010-08-21 11:07   --------   d-----w-   c:\documents and settings\AMY75WINGSNETBOOK\Impostazioni locali\Dati applicazioni\Mozilla
2010-08-21 10:42 . 2010-07-19 09:11   126976   -c--a-w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\361580F9\76AC2E42\viritupg.dll
2010-08-21 10:42 . 2009-11-26 09:40   41   -c--a-w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\4019ACE7\76AC2E42\filesys32.bat
2010-08-21 10:42 . 2007-01-29 18:38   114688   -c--a-w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\2D8CD269\76AC2E42\MSCUISTF.DLL
2010-08-21 10:42 . 2000-02-23 17:04   40960   -c--a-w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\4CB6811E\76AC2E42\TGWORD.dll
2010-08-21 10:42 . 1996-11-26 11:00   89088   -c--a-w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\284EA5AB\76AC2E42\MSCOMSTF.DLL
2010-08-21 10:42 . 1996-11-26 11:00   69632   -c--a-w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\33D9DDD5\76AC2E42\MSINSSTF.DLL
2010-08-21 10:42 . 2010-08-21 10:43   --------   dc-h--w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}
2010-08-21 10:42 . 2010-07-16 15:05   49152   -c--a-w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\22028FD3\76AC2E42\tgdlg.dll
2010-08-21 10:42 . 2009-11-11 07:53   45312   -c--a-w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\277632B2\76AC2E42\VIRAGTLT.sys
2010-08-21 10:42 . 2007-03-06 16:59   45056   -c--a-w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\1F32D12A\76AC2E42\Dislite.exe
2010-08-21 10:42 . 2005-01-23 11:16   127879   -c--a-w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\1CAEB15D\76AC2E42\register.exe
2010-08-21 10:42 . 2002-03-13 15:46   53248   -c--a-w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\17E710A5\76AC2E42\zlib.dll
2010-08-21 10:42 . 1996-11-26 11:00   49152   -c--a-w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\12FD329C\76AC2E42\MSUILSTF.DLL
2010-08-21 10:40 . 2010-08-21 10:40   --------   d-----w-   c:\documents and settings\AMY75WINGSNETBOOK\Impostazioni locali\Dati applicazioni\PackageAware
2010-08-21 09:41 . 2010-08-21 09:41   --------   d-----w-   c:\programmi\Resource Kit
2010-08-21 00:25 . 2010-08-21 00:25   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 22:59 . 2010-03-10 19:05   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-08-23 22:15 . 2009-03-24 21:02   64576   ----a-w-   c:\windows\system32\perfc010.dat
2010-08-23 22:15 . 2009-03-24 21:02   428898   ----a-w-   c:\windows\system32\perfh010.dat
2010-08-22 18:19 . 2009-03-25 07:00   --------   d--h--w-   c:\programmi\InstallShield Installation Information
2010-08-21 10:48 . 2009-11-11 07:53   45312   ----a-w-   c:\windows\system32\drivers\VIRAGTLT.sys
2010-08-21 00:49 . 2010-04-10 10:30   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\avg9
2010-08-15 22:48 . 2009-11-23 01:59   --------   d-----w-   c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Audacity
2010-08-13 23:38 . 2010-01-24 14:19   --------   d-----w-   c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\vlc
2010-08-13 23:27 . 2010-03-02 00:29   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-08-13 15:14 . 2009-11-19 17:29   --------   d-----w-   c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\BitTorrent
2010-08-01 23:49 . 2009-07-03 11:13   --------   d-----w-   c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\U3
2010-07-21 16:31 . 2010-08-21 10:43   2955280   -c--a-w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\vnlt6700.exe
2010-07-20 16:32 . 2010-08-21 10:43   1146880   -c--a-w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\5BF53870\76AC2E42\viritexp.exe
2010-07-20 16:31 . 2010-08-21 10:43   81920   -c--a-w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\__Nas01_sviluppo_varie\Setup\VIRITLite\Files\viritsvc.exe
2010-07-15 23:01 . 2009-09-03 20:55   243024   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-07-15 23:01 . 2010-07-15 23:01   12536   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-07-15 23:01 . 2009-09-03 20:55   216400   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2010-07-06 18:09 . 2010-07-06 17:56   --------   d-----w-   c:\programmi\FFmpeg for Audacity
2010-07-06 17:52 . 2010-07-06 17:52   --------   d-----w-   c:\programmi\Lame for Audacity
2010-06-30 12:31 . 2009-03-24 21:02   149504   ----a-w-   c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2009-03-24 21:02   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2009-03-24 21:02   1851904   ----a-w-   c:\windows\system32\win32k.sys
2010-06-24 07:25 . 2010-08-21 10:43   278528   -c--a-w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\D89A54DE\76AC2E42\MONLITE.exe
2010-06-22 15:13 . 2010-08-21 10:43   360448   -c--a-w-   c:\documents and settings\All Users\Dati applicazioni\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}\OFFLINE\BB22A901\76AC2E42\Scan.dll
2010-06-21 15:27 . 2009-03-24 21:02   354304   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2009-03-24 21:02   80384   ----a-w-   c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-03-25 06:52   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2009-03-24 21:02   1172480   ----a-w-   c:\windows\system32\msxml3.dll
2010-06-11 14:51 . 2010-06-11 14:51   3055600   ----a-w-   c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 14:36 . 2010-06-11 14:36   275952   ----a-w-   c:\documents and settings\AMY75WINGSNETBOOK\Dati applicazioni\Mozilla\plugins\npgoogletalk.dll
2010-06-04 18:29 . 2009-03-25 07:02   1606368   ----a-w-   c:\windows\system32\drivers\athw.sys
2010-06-02 13:14 . 2009-09-03 20:55   29584   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 12:04   1664256   ----a-w-   c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BatteryLifeExtender"="c:\programmi\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe" [2009-03-13 550912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMHotKey"="c:\programmi\Samsung Electronics Co." [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-18 137752]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"MagicKeyboard"="c:\programmi\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]
"UCam_Menu"="c:\programmi\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2010-08-21 278528]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 23:01   12536   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^AMY75WINGSNETBOOK^Menu Avvio^Programmi^Esecuzione automatica^Antimalware Doctor.lnk]
path=c:\documents and settings\AMY75WINGSNETBOOK\Menu Avvio\Programmi\Esecuzione automatica\Antimalware Doctor.lnk
backup=c:\windows\pss\Antimalware Doctor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^AMY75WINGSNETBOOK^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\documents and settings\AMY75WINGSNETBOOK\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^AMY75WINGSNETBOOK^Menu Avvio^Programmi^Esecuzione automatica^StarOffice 9.lnk]
path=c:\documents and settings\AMY75WINGSNETBOOK\Menu Avvio\Programmi\Esecuzione automatica\StarOffice 9.lnk
backup=c:\windows\pss\StarOffice 9.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06   976832   ----a-w-   c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04   35760   ----a-w-   c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03   293376   ------w-   c:\windows\system32\browserchoice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-06 00:24   135664   ----atw-   c:\documents and settings\AMY75WINGSNETBOOK\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-06-26 21:08   1211176   ----a-w-   c:\programmi\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10   142120   ----a-w-   c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-08-19 09:01   57344   ----a-w-   c:\programmi\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44   3883856   ----a-w-   c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53   421888   ----a-w-   c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07   2260480   --sha-r-   c:\programmi\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17   149280   ----a-w-   c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPBackGround]
2008-12-03 15:20   298664   ----a-w-   c:\programmi\Samsung\Samsung Update Plus\SUPBackGround.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMSAccess"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AVG Security Toolbar Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\AMY75WINGSNETBOOK\\Impostazioni locali\\Dati applicazioni\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\AMY75WINGSNETBOOK\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [22/08/2010 23.59.59 28552]
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.sys [11/11/2009 9.53.20 45312]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/09/2009 22.55.03 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/09/2009 22.55.11 243024]
R2 a2free;a-squared Free Service;c:\aaa cartella proteggimi ago2010\a-squared Free\a2service.exe [22/08/2010 20.27.42 1872320]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [16/07/2010 1.01.43 308136]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [25/03/2009 8.59.04 4300]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\programmi\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe [18/02/2009 21.08.44 74992]
R2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [20/07/2010 18.31.00 81920]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [25/03/2009 9.02.56 238464]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25/03/2009 9.00.36 1684736]
S3 QXZFMSZR;QXZFMSZR;c:\docume~1\ADMINI~1\IMPOST~1\Temp\QXZFMSZR.exe --> c:\docume~1\ADMINI~1\IMPOST~1\Temp\QXZFMSZR.exe [?]
S3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [18/02/2009 21.08.48 25560]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programmi\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/04/2010 12.40.48 369920]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/11/2009 19.16.20 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs   REG_MULTI_SZ      yksvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1386744058-3159075676-1805530102-1005Core.job
- c:\documents and settings\AMY75WINGSNETBOOK\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-12-06 00:24]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1386744058-3159075676-1805530102-1005UA.job
- c:\documents and settings\AMY75WINGSNETBOOK\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-12-06 00:24]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Connection Wizard,ShellNext = hxxp://skydrive.live.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 14:07
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,e5,f1,c0,10,58,cd,46,98,63,74,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,e5,f1,c0,10,58,cd,46,98,63,74,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(408)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\programmi\SAMSUNG\MagicKBD\MagicKBD.exe
c:\programmi\SAMSUNG\MagicKBD\PerformanceManager.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Ora fine scansione: 2010-08-25  14:10:52 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2010-08-25 12:10
ComboFix2.txt  2010-08-25 09:35

Pre-Run: 33.748.738.048 byte disponibili
Post-Run: 33.658.183.680 byte disponibili

- - End Of File - - 874EC90D20E1CEABEBC142CBB3E990E9


Ecco qua...devo fare altro, magister?
(O preferisci "santo subito"? )
Poi mi dici come fai ad essere così bravo...a me piacerebbe diventarlo...una volta volevo laurearmi in informatica

[esperia75]

In attesa di tue nuove, non so se ho fatto bene...con AVG attivato ho provato la wifi ...pacchetti sempre bloccati

[Luke57]

Ciao, Apri hijackthis (premi "do system scan pnly", cerca e spunta questa voce :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:6522

premi fix checked.
Se la connessione non funziona ancora
apri mozilla firefox
srtumenti-opzioni-avanzate-rete-impostazioni e lascia solo la spunta a "utilizza le impostazioni proxy del sistema"
Apri internet explorer
"Strumenti"
Opzioni Internet
Connessioni
Impostazioni LAN
Togli la spunta a:
Utilizza un server proxy per le connessioni LAN.
Clicca OK.

[esperia75]

...Quando si dice che una persona è VERAMENTE competente.
E' bastato il fissaggio della chiave.
Grazie infinite, Luke.
Per quello che posso aiutarti io...se hai qualche problema col mondo TIM, fammi sapere
Grazie ancora