aiuto non ne posso più!!

[DIRRTYMATRIX]

salve a tutti,vi espongo il mio problema:è da un paio d giorni ke mi continuano a spuntare avvisi di virus firmati windows security alert,scritti in inglese con vari trojan (m spuntano una volta cn un trojan una volta con un'altro);i trojan sono :trojan-spy.win32.keylogger.aa,trojan-clicker.win32.tiny.h,trojan-spy.win32.greenscreen....c'è da dire che prima oltre a questi disturbi prima mi dava ure lo schermo desktop bianco (con le opzioni per desktop e screensaver divattivate,che neanche mi si visualizzavano e il task manager bloccato).precisando che comunque sono riuscito a risolvere questi ultimi due problemi come posso fare x gli avvisi???aiutatemi vi prego

[axelrox]

Utilizza degli antispyware.. spyware terminator, SpyBot.. e dei pulitori di registro.. CCleaner.. dovresti risolvere.

[DIRRTYMATRIX]

non ha funzionato

[Luke57]

Ciao, scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Per eseguirlo,doppio click su Combofix.exe
Si aprirà una finestra blu....Attendere....
Dopo qualche attimo apparirà l'avviso che declina l'autore da ogni problema legato ad una errata utilizzazione del tool.
A questo punto selezionate 1 quindi ENTER per lanciare lo scan..
Attendere.....(non fare altre manovre duante lo scan, se spariscono le icone dal desktop è del tutto normale)
Un avviso ti segnalerà la fine dell'operazione e dopo qualche attimo apparirà il log con i dettagli dello scan.
IL log verrà memorizzato in C:\Combofix.txt
Allegalo o incollalo a un post

[DIRRTYMATRIX]

ecco il risultato della scansione

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1484 [GMT 2:00]
Eseguito da: C:\Documents and Settings\GIOVANNI\Documenti\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2008-07-23 al 2008-08-23 )))))))))))))))))))))))))))))))))))
.

2008-08-23 11:44 . 2008-08-23 11:51 <DIR> d-------- C:\Programmi\DNA
2008-08-23 11:44 . 2008-08-23 11:44 <DIR> d-------- C:\Programmi\BitTorrent
2008-08-23 11:44 . 2008-08-23 11:51 <DIR> d-------- C:\Documents and Settings\GIOVANNI\Application Data\DNA
2008-08-23 11:44 . 2008-08-23 11:54 <DIR> d-------- C:\Documents and Settings\GIOVANNI\Application Data\BitTorrent
2008-08-23 11:32 . 2008-08-23 11:49 <DIR> d-------- C:\Programmi\Yahoo!
2008-08-23 11:30 . 2008-08-23 11:30 <DIR> d-------- C:\Programmi\Microsoft Works
2008-08-22 11:30 . 2008-08-22 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-08-21 17:43 . 2008-08-23 10:33 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-21 17:43 . 2008-08-21 17:43 <DIR> d-------- C:\Programmi\AVG
2008-08-21 17:43 . 2008-08-21 21:29 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-21 17:43 . 2008-08-21 21:29 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-21 17:43 . 2008-08-21 21:29 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-08-21 17:43 . 2008-08-21 21:29 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-21 17:34 . 2008-08-21 17:34 <DIR> d-------- C:\WINDOWS\Profiles
2008-08-21 17:33 . 2008-08-21 17:33 <DIR> d--hs---- C:\Documents and Settings\NetworkService\Temporary Internet Files
2008-08-21 17:33 . 2008-08-21 17:33 <DIR> d--hs---- C:\Documents and Settings\NetworkService\Cronologia
2008-08-20 16:34 . 2008-08-20 17:37 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-08-20 15:51 . 2008-08-20 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\sdypwlet
2008-08-20 15:51 . 2008-08-20 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\jczutcte
2008-08-20 15:51 . 2008-08-20 15:51 77,824 --a------ C:\WINDOWS\system32\wbmnkpen.exe
2008-08-18 12:23 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-08-18 12:23 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-08-18 12:23 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-08-18 12:23 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-08-17 15:26 . 2008-08-17 15:26 268 --ah----- C:\sqmdata01.sqm
2008-08-17 15:26 . 2008-08-17 15:26 244 --ah----- C:\sqmnoopt01.sqm
2008-08-17 14:18 . 2008-08-17 14:18 268 --ah----- C:\sqmdata00.sqm
2008-08-17 14:18 . 2008-08-17 14:18 244 --ah----- C:\sqmnoopt00.sqm
2008-08-16 20:46 . 2004-01-25 17:49 303,104 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2008-08-14 23:01 . 2008-08-14 23:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-08-14 18:00 . 2008-04-11 21:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 17:58 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 11:40 . 2008-08-13 12:14 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-08-13 11:40 . 2008-08-13 11:44 <DIR> d-------- C:\WINDOWS\Logs
2008-08-12 20:05 . 2008-08-12 20:06 4 --a------ C:\WINDOWS\num41.jbd
2008-08-12 20:05 . 2008-08-12 20:06 4 --a------ C:\WINDOWS\info147.sys
2008-08-12 20:04 . 2008-08-12 20:04 <DIR> d-------- C:\Programmi\File comuni\Totem Shared
2008-08-09 10:07 . 2008-08-09 10:07 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-05 20:57 . 2008-08-23 11:26 <DIR> d-------- C:\Programmi\eMule
2008-08-04 12:17 . 2008-08-04 12:17 <DIR> d-------- C:\Documents and Settings\GIOVANNI\Application Data\CyberLink
2008-08-03 15:36 . 2008-08-03 15:36 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-03 15:34 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002757_.tmp
2008-07-31 11:19 . 2008-07-31 11:19 14,693 --a------ C:\Documents and Settings\GIOVANNI\ttryebps.exe
2008-07-31 10:35 . 2008-07-31 10:35 <DIR> d-------- C:\Programmi\TomTom HOME 2
2008-07-31 10:35 . 2008-07-31 10:35 <DIR> d-------- C:\Documents and Settings\GIOVANNI\Application Data\TomTom
2008-07-31 10:35 . 2008-07-31 10:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TomTom
2008-07-31 10:28 . 2008-07-31 10:28 <DIR> d-------- C:\Programmi\TomTom DesktopSuite
2008-07-28 13:12 . 2008-07-28 13:12 18,773 --a------ C:\Documents and Settings\GIOVANNI\vxawzpuf.exe
2008-07-28 13:06 . 2008-07-28 13:06 18,773 --a------ C:\Documents and Settings\GIOVANNI\ujdbjmug.exe
2008-07-28 13:01 . 2008-07-28 13:01 11,973 --a------ C:\Documents and Settings\GIOVANNI\grceeghb.exe
2008-07-28 13:00 . 2008-07-28 13:00 18,773 --a------ C:\Documents and Settings\GIOVANNI\afrebudc.exe
2008-07-26 10:14 . 2008-07-26 10:14 11,973 --a------ C:\Documents and Settings\GIOVANNI\aateghzl.exe
2008-07-26 10:12 . 2008-07-26 10:12 11,973 --a------ C:\Documents and Settings\GIOVANNI\gojdazdd.exe
2008-07-25 15:33 . 2008-07-25 15:33 <DIR> d-------- C:\Programmi\Red Kawa
2008-07-25 10:36 . 2008-07-25 10:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-07-25 10:36 . 2008-07-25 10:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-07-25 10:07 . 2008-08-23 11:50 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-23 18:50 . 2008-07-23 18:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 18:48 . 2008-07-23 18:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-07-23 18:48 . 2008-07-23 18:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-07-23 18:46 . 2008-07-23 18:46 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-23 18:41 . 2008-07-23 18:41 <DIR> d-------- C:\Documents and Settings\GIOVANNI\Application Data\Nero
2008-07-23 18:38 . 2008-07-23 18:38 <DIR> d-------- C:\Programmi\Nero
2008-07-23 18:38 . 2008-07-23 18:39 <DIR> d-------- C:\Programmi\File comuni\Nero
2008-07-23 16:36 . 2008-07-23 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet
2008-07-23 16:33 . 2008-07-23 16:33 <DIR> d-------- C:\Programmi\Bonjour
2008-07-23 16:23 . 2008-07-23 16:23 <DIR> d-------- C:\Programmi\File comuni\Macrovision Shared
2008-07-23 15:06 . 2008-07-23 16:03 <DIR> d-------- C:\Programmi\File comuni\Ahead
2008-07-23 15:06 . 2008-07-23 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Ahead
2008-07-23 15:06 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 09:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-08-21 15:43 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-08-18 10:21 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-08-16 18:46 --------- d-----w C:\Programmi\Real Alternative
2008-08-07 16:17 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\AdobeUM
2008-08-06 17:33 --------- d-----w C:\Programmi\DivX
2008-07-24 16:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-07-23 16:38 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-07-23 14:33 --------- d-----w C:\Programmi\File comuni\Adobe
2008-07-22 19:24 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-22 19:24 --------- d--h--r C:\Documents and Settings\GIOVANNI\Application Data\SecuROM
2008-07-22 17:16 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\HP
2008-07-22 17:07 --------- d-----w C:\Programmi\Java
2008-07-22 04:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-07-21 19:29 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-07-21 19:28 --------- d-----w C:\Programmi\Windows Live
2008-07-21 19:23 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-07-21 17:33 --------- d-----w C:\Programmi\MSXML 4.0
2008-07-21 14:40 --------- d-----w C:\Programmi\Motorola Phone Tools
2008-07-21 12:38 --------- d-----w C:\Programmi\File comuni\LightScribe
2008-07-21 12:02 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\DivX
2008-07-21 11:47 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\Nokia Multimedia Player
2008-07-21 11:03 --------- d--h--w C:\Documents and Settings\All Users\Dati applicazioni\CanonBJ
2008-07-21 10:42 155,995 ----a-w C:\WINDOWS\java\Packages\6M9Z1VDV.ZIP
2008-07-21 10:41 --------- d-----w C:\Programmi\Telecom Italia
2008-07-20 16:04 --------- d-----w C:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-07-20 07:26 --------- d-----w C:\Programmi\HP
2008-07-20 07:00 --------- d-----w C:\Programmi\EA Sports
2008-07-20 06:57 --------- d-----w C:\Programmi\Logitech
2008-07-20 06:57 --------- d-----w C:\Programmi\File comuni\Logitech
2008-07-20 06:42 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
2008-07-20 06:33 --------- d-----w C:\Programmi\Philips
2008-07-20 06:32 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-07-20 06:32 --------- d-----w C:\Programmi\Avanquest update
2008-07-20 06:29 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-20 06:29 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-20 06:29 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\PC Suite
2008-07-20 06:29 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-07-20 06:28 --------- d-----w C:\Programmi\PC Connectivity Solution
2008-07-20 06:28 --------- d-----w C:\Programmi\Nokia
2008-07-20 06:28 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-07-20 06:28 --------- d-----w C:\Programmi\File comuni\Nokia
2008-07-20 06:28 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\Nokia
2008-07-20 06:27 --------- d-----w C:\Programmi\File comuni\Motorola Shared
2008-07-20 06:27 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\InstallShield
2008-07-20 06:27 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-07-20 05:41 --------- d-----w C:\Programmi\Windows Plus
2008-07-20 05:41 --------- d-----w C:\Programmi\Synaptics
2008-07-20 05:40 --------- d-----w C:\Programmi\Servizi in linea
2008-07-20 05:40 --------- d-----w C:\Programmi\NetWaiting
2008-07-20 05:40 --------- d-----w C:\Programmi\microsoft frontpage
2008-07-20 05:38 --------- d-----w C:\Programmi\File comuni\Java
2008-07-20 05:38 --------- d-----w C:\Programmi\CONEXANT
2008-07-20 05:35 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dati applicazioni\Symantec
2008-07-20 05:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Sonic
2008-07-20 05:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SBSI
2008-07-20 05:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\InstallShield
2008-07-20 05:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\HP
2008-07-20 05:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2008-07-20 05:35 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Symantec
2008-07-19 23:07 --------- d-----w C:\Programmi\MSBuild
2008-07-19 23:06 --------- d-----w C:\Programmi\Microsoft.NET
2008-07-19 23:03 --------- d-----w C:\Programmi\DAEMON Tools
2008-07-19 23:02 --------- d-----w C:\Programmi\AC3Filter
2008-07-19 23:01 --------- d-----w C:\Programmi\Xvid
2008-07-19 22:50 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-19 22:49 --------- d-----w C:\Programmi\Google
2008-07-19 22:45 --------- d-----w C:\Programmi\Ligos
2008-07-19 22:16 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-07-19 22:11 --------- d-----w C:\Programmi\Windows Media Connect 2
2008-07-19 22:09 --------- d-----w C:\Programmi\VideoLAN
2008-07-19 22:09 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\vlc
2008-07-19 22:05 --------- d-----w C:\Programmi\QuickTime
2008-07-19 22:05 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\Apple Computer
2008-07-19 22:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-07-19 21:59 --------- d-----w C:\Programmi\Hewlett-Packard
2008-07-19 21:56 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-07-19 21:50 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-07-19 21:03 1,731 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RR374EA#ABZ)_YN_0Pavi_QCNF6441YX1_E419857061_46_I30BC_SQuanta_V66.21_BF.06_T061026_WXP2_L410_M2047_J120_7Intel_8Core2 T5500_91.66_#060913_N8086109A_(RR374EA#ABZ)_XMOBILE_CN10_Z.MRK
2008-07-19 21:00 --------- d-----w C:\Programmi\HPQ
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:27 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:42 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 14:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-24 11:45 1,414,440 ----a-w C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-06-24 08:15 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:22 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:22 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 247,296 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:32 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 12:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-06-06 12:54 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:14 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-20 00:45 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 16:06 1840424]
"uimsg"="C:\WINDOWS\system32\wbmnkpen.exe" [2008-08-20 15:51 77824]
"WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:56 204288]
"BitTorrent DNA"="C:\Programmi\DNA\btdna.exe" [2008-08-23 11:44 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-18 06:40 64512]
"hpWirelessAssistant"="C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 07:58 7581696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 07:58 86016]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 07:22 794713]
"QPService"="C:\Programmi\HP\QuickPlay\QPService.exe" [2006-07-19 15:14 102400]
"Cpqset"="C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 10:50 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-21 21:29 1235736]
"nwiz"="nwiz.exe" [2006-07-20 07:58 1519616 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2008-04-13 19:13 177152 C:\WINDOWS\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 17:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:14 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
HP Pavilion Webcam Tray Icon.lnk - C:\Programmi\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2008-07-19 23:05:32 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Italian\\setup.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-21 21:29]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-21 21:29]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-21 21:29]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-21 21:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25837292-5ed5-11dd-a110-001636a9abb2}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'

2008-07-22 C:\WINDOWS\Tasks\OGADaily.job
- C:\WINDOWS\system32\OGAVerify.exe [2008-04-23 17:17]

2008-08-23 C:\WINDOWS\Tasks\OGALogon.job
- C:\WINDOWS\system32\OGAVerify.exe [2008-04-23 17:17]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Explorer_Run-HfPeTtRt99 - C:\Documents and Settings\GIOVANNI\Documenti\Nuova cartella\AdobeFlashPlayerHD.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\GIOVANNI\Application Data\Mozilla\Firefox\Profiles\j59sd8lo.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.virgilio.it/
FF -: plugin - C:\Programmi\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Programmi\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
FF -: plugin - C:\Programmi\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 11:59:12
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe??@?????????????L?@????? \??????`?@?????L?@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-23 11:59:59
ComboFix-quarantined-files.txt 2008-08-23 09:59:47

Pre-Run: 83,827,249,152 byte disponibili
Post-Run: 83,814,113,280 byte disponibili

343 --- E O F --- 2008-08-14 16:24:56

[Luke57]

Ciao, copia questo codice:

Codice: Seleziona tutto

File::
C:\Documents and Settings\GIOVANNI\vxawzpuf.exe
C:\Documents and Settings\GIOVANNI\ujdbjmug.exe
C:\Documents and Settings\GIOVANNI\grceeghb.exe
C:\Documents and Settings\GIOVANNI\afrebudc.exe
C:\Documents and Settings\GIOVANNI\aateghzl.exe
C:\Documents and Settings\GIOVANNI\gojdazdd.exe

Folder::
C:\Documents and Settings\All Users\Dati applicazioni\sdypwlet
C:\Documents and Settings\All Users\Dati applicazioni\jczutcte

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uimsg"=-

apri un file di testo (dal blocco note di windows), incollaci lo script, salva il file di testo nella stessa posizione di combofix, chiamandolo obbligatoriamente CFScript.txt trascinalo con il puntatore del mouse sull'icona di combofi per una nuova scansione. Allega il nuovo report se prodotto.

[DIRRTYMATRIX]

ehm....che devo incollarci?

[DIRRTYMATRIX]

ecco il nuovo report


Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1372 [GMT 2:00]
Eseguito da: C:\Documents and Settings\GIOVANNI\Documenti\ComboFix.exe
Command switches used :: C:\Documents and Settings\GIOVANNI\Documenti\CFScript.txt
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

FILE ::
C:\Documents and Settings\GIOVANNI\aateghzl.exe
C:\Documents and Settings\GIOVANNI\afrebudc.exe
C:\Documents and Settings\GIOVANNI\gojdazdd.exe
C:\Documents and Settings\GIOVANNI\grceeghb.exe
C:\Documents and Settings\GIOVANNI\ujdbjmug.exe
C:\Documents and Settings\GIOVANNI\vxawzpuf.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\jczutcte
C:\Documents and Settings\All Users\Dati applicazioni\sdypwlet
C:\Documents and Settings\GIOVANNI\aateghzl.exe
C:\Documents and Settings\GIOVANNI\afrebudc.exe
C:\Documents and Settings\GIOVANNI\gojdazdd.exe
C:\Documents and Settings\GIOVANNI\grceeghb.exe
C:\Documents and Settings\GIOVANNI\ujdbjmug.exe
C:\Documents and Settings\GIOVANNI\vxawzpuf.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-07-23 al 2008-08-23 )))))))))))))))))))))))))))))))))))
.

2008-08-23 11:44 . 2008-08-23 11:51 <DIR> d-------- C:\Programmi\DNA
2008-08-23 11:44 . 2008-08-23 11:44 <DIR> d-------- C:\Programmi\BitTorrent
2008-08-23 11:44 . 2008-08-23 12:41 <DIR> d-------- C:\Documents and Settings\GIOVANNI\Application Data\DNA
2008-08-23 11:44 . 2008-08-23 12:44 <DIR> d-------- C:\Documents and Settings\GIOVANNI\Application Data\BitTorrent
2008-08-23 11:32 . 2008-08-23 11:49 <DIR> d-------- C:\Programmi\Yahoo!
2008-08-23 11:30 . 2008-08-23 11:30 <DIR> d-------- C:\Programmi\Microsoft Works
2008-08-22 11:30 . 2008-08-22 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-08-21 17:43 . 2008-08-23 10:33 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-21 17:43 . 2008-08-21 17:43 <DIR> d-------- C:\Programmi\AVG
2008-08-21 17:43 . 2008-08-21 21:29 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-21 17:43 . 2008-08-21 21:29 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-21 17:43 . 2008-08-21 21:29 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-08-21 17:43 . 2008-08-21 21:29 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-21 17:34 . 2008-08-21 17:34 <DIR> d-------- C:\WINDOWS\Profiles
2008-08-21 17:33 . 2008-08-21 17:33 <DIR> d--hs---- C:\Documents and Settings\NetworkService\Temporary Internet Files
2008-08-21 17:33 . 2008-08-21 17:33 <DIR> d--hs---- C:\Documents and Settings\NetworkService\Cronologia
2008-08-20 16:34 . 2008-08-20 17:37 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-08-20 15:51 . 2008-08-20 15:51 77,824 --a------ C:\WINDOWS\system32\wbmnkpen.exe
2008-08-18 12:23 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-08-18 12:23 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-08-18 12:23 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-08-18 12:23 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-08-17 15:26 . 2008-08-17 15:26 268 --ah----- C:\sqmdata01.sqm
2008-08-17 15:26 . 2008-08-17 15:26 244 --ah----- C:\sqmnoopt01.sqm
2008-08-17 14:18 . 2008-08-17 14:18 268 --ah----- C:\sqmdata00.sqm
2008-08-17 14:18 . 2008-08-17 14:18 244 --ah----- C:\sqmnoopt00.sqm
2008-08-16 20:46 . 2004-01-25 17:49 303,104 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2008-08-14 23:01 . 2008-08-14 23:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-08-14 18:00 . 2008-04-11 21:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 17:58 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 11:40 . 2008-08-13 12:14 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-08-13 11:40 . 2008-08-13 11:44 <DIR> d-------- C:\WINDOWS\Logs
2008-08-12 20:05 . 2008-08-12 20:06 4 --a------ C:\WINDOWS\num41.jbd
2008-08-12 20:05 . 2008-08-12 20:06 4 --a------ C:\WINDOWS\info147.sys
2008-08-12 20:04 . 2008-08-12 20:04 <DIR> d-------- C:\Programmi\File comuni\Totem Shared
2008-08-09 10:07 . 2008-08-09 10:07 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-05 20:57 . 2008-08-23 11:26 <DIR> d-------- C:\Programmi\eMule
2008-08-04 12:17 . 2008-08-04 12:17 <DIR> d-------- C:\Documents and Settings\GIOVANNI\Application Data\CyberLink
2008-08-03 15:36 . 2008-08-03 15:36 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-03 15:34 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002757_.tmp
2008-07-31 11:19 . 2008-07-31 11:19 14,693 --a------ C:\Documents and Settings\GIOVANNI\ttryebps.exe
2008-07-31 10:35 . 2008-07-31 10:35 <DIR> d-------- C:\Programmi\TomTom HOME 2
2008-07-31 10:35 . 2008-07-31 10:35 <DIR> d-------- C:\Documents and Settings\GIOVANNI\Application Data\TomTom
2008-07-31 10:35 . 2008-07-31 10:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TomTom
2008-07-31 10:28 . 2008-07-31 10:28 <DIR> d-------- C:\Programmi\TomTom DesktopSuite
2008-07-25 15:33 . 2008-07-25 15:33 <DIR> d-------- C:\Programmi\Red Kawa
2008-07-25 10:36 . 2008-07-25 10:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-07-25 10:36 . 2008-07-25 10:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-07-25 10:07 . 2008-08-23 11:50 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-23 18:50 . 2008-07-23 18:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 18:48 . 2008-07-23 18:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-07-23 18:48 . 2008-07-23 18:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-07-23 18:46 . 2008-07-23 18:46 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-23 18:41 . 2008-07-23 18:41 <DIR> d-------- C:\Documents and Settings\GIOVANNI\Application Data\Nero
2008-07-23 18:38 . 2008-07-23 18:38 <DIR> d-------- C:\Programmi\Nero
2008-07-23 18:38 . 2008-07-23 18:39 <DIR> d-------- C:\Programmi\File comuni\Nero
2008-07-23 16:36 . 2008-07-23 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet
2008-07-23 16:33 . 2008-07-23 16:33 <DIR> d-------- C:\Programmi\Bonjour
2008-07-23 16:23 . 2008-07-23 16:23 <DIR> d-------- C:\Programmi\File comuni\Macrovision Shared
2008-07-23 15:06 . 2008-07-23 16:03 <DIR> d-------- C:\Programmi\File comuni\Ahead
2008-07-23 15:06 . 2008-07-23 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Ahead
2008-07-23 15:06 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 09:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-08-21 15:43 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-08-18 10:21 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-08-16 18:46 --------- d-----w C:\Programmi\Real Alternative
2008-08-07 16:17 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\AdobeUM
2008-08-06 17:33 --------- d-----w C:\Programmi\DivX
2008-07-24 16:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-07-23 16:38 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-07-23 14:33 --------- d-----w C:\Programmi\File comuni\Adobe
2008-07-22 19:24 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-22 19:24 --------- d--h--r C:\Documents and Settings\GIOVANNI\Application Data\SecuROM
2008-07-22 17:16 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\HP
2008-07-22 17:07 --------- d-----w C:\Programmi\Java
2008-07-22 04:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-07-21 19:29 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-07-21 19:28 --------- d-----w C:\Programmi\Windows Live
2008-07-21 19:23 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-07-21 17:33 --------- d-----w C:\Programmi\MSXML 4.0
2008-07-21 14:40 --------- d-----w C:\Programmi\Motorola Phone Tools
2008-07-21 12:38 --------- d-----w C:\Programmi\File comuni\LightScribe
2008-07-21 12:02 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\DivX
2008-07-21 11:47 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\Nokia Multimedia Player
2008-07-21 11:03 --------- d--h--w C:\Documents and Settings\All Users\Dati applicazioni\CanonBJ
2008-07-21 10:42 155,995 ----a-w C:\WINDOWS\java\Packages\6M9Z1VDV.ZIP
2008-07-21 10:41 --------- d-----w C:\Programmi\Telecom Italia
2008-07-20 16:04 --------- d-----w C:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-07-20 07:26 --------- d-----w C:\Programmi\HP
2008-07-20 07:00 --------- d-----w C:\Programmi\EA Sports
2008-07-20 06:57 --------- d-----w C:\Programmi\Logitech
2008-07-20 06:57 --------- d-----w C:\Programmi\File comuni\Logitech
2008-07-20 06:42 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
2008-07-20 06:33 --------- d-----w C:\Programmi\Philips
2008-07-20 06:32 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-07-20 06:32 --------- d-----w C:\Programmi\Avanquest update
2008-07-20 06:29 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-20 06:29 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-20 06:29 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\PC Suite
2008-07-20 06:29 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-07-20 06:28 --------- d-----w C:\Programmi\PC Connectivity Solution
2008-07-20 06:28 --------- d-----w C:\Programmi\Nokia
2008-07-20 06:28 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-07-20 06:28 --------- d-----w C:\Programmi\File comuni\Nokia
2008-07-20 06:28 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\Nokia
2008-07-20 06:27 --------- d-----w C:\Programmi\File comuni\Motorola Shared
2008-07-20 06:27 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\InstallShield
2008-07-20 06:27 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-07-20 05:41 --------- d-----w C:\Programmi\Windows Plus
2008-07-20 05:41 --------- d-----w C:\Programmi\Synaptics
2008-07-20 05:40 --------- d-----w C:\Programmi\Servizi in linea
2008-07-20 05:40 --------- d-----w C:\Programmi\NetWaiting
2008-07-20 05:40 --------- d-----w C:\Programmi\microsoft frontpage
2008-07-20 05:38 --------- d-----w C:\Programmi\File comuni\Java
2008-07-20 05:38 --------- d-----w C:\Programmi\CONEXANT
2008-07-20 05:35 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dati applicazioni\Symantec
2008-07-20 05:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Sonic
2008-07-20 05:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SBSI
2008-07-20 05:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\InstallShield
2008-07-20 05:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\HP
2008-07-20 05:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2008-07-20 05:35 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Symantec
2008-07-19 23:07 --------- d-----w C:\Programmi\MSBuild
2008-07-19 23:06 --------- d-----w C:\Programmi\Microsoft.NET
2008-07-19 23:03 --------- d-----w C:\Programmi\DAEMON Tools
2008-07-19 23:02 --------- d-----w C:\Programmi\AC3Filter
2008-07-19 23:01 --------- d-----w C:\Programmi\Xvid
2008-07-19 22:50 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-19 22:49 --------- d-----w C:\Programmi\Google
2008-07-19 22:45 --------- d-----w C:\Programmi\Ligos
2008-07-19 22:16 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-07-19 22:11 --------- d-----w C:\Programmi\Windows Media Connect 2
2008-07-19 22:09 --------- d-----w C:\Programmi\VideoLAN
2008-07-19 22:09 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\vlc
2008-07-19 22:05 --------- d-----w C:\Programmi\QuickTime
2008-07-19 22:05 --------- d-----w C:\Documents and Settings\GIOVANNI\Application Data\Apple Computer
2008-07-19 22:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-07-19 21:59 --------- d-----w C:\Programmi\Hewlett-Packard
2008-07-19 21:56 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-07-19 21:50 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-07-19 21:03 1,731 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RR374EA#ABZ)_YN_0Pavi_QCNF6441YX1_E419857061_46_I30BC_SQuanta_V66.21_BF.06_T061026_WXP2_L410_M2047_J120_7Intel_8Core2 T5500_91.66_#060913_N8086109A_(RR374EA#ABZ)_XMOBILE_CN10_Z.MRK
2008-07-19 21:00 --------- d-----w C:\Programmi\HPQ
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:27 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:42 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 14:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-24 11:45 1,414,440 ----a-w C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-06-24 08:15 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:22 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:22 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 247,296 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:32 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 12:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-06-06 12:54 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:14 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-20 00:45 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 16:06 1840424]
"WMPNSCFG"="C:\Programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:56 204288]
"BitTorrent DNA"="C:\Programmi\DNA\btdna.exe" [2008-08-23 11:44 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-18 06:40 64512]
"hpWirelessAssistant"="C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 07:58 7581696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 07:58 86016]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 07:22 794713]
"QPService"="C:\Programmi\HP\QuickPlay\QPService.exe" [2006-07-19 15:14 102400]
"Cpqset"="C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 10:50 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-21 21:29 1235736]
"nwiz"="nwiz.exe" [2006-07-20 07:58 1519616 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2008-04-13 19:13 177152 C:\WINDOWS\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 17:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:14 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
HP Pavilion Webcam Tray Icon.lnk - C:\Programmi\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2008-07-19 23:05:32 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Italian\\setup.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-21 21:29]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-21 21:29]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-21 21:29]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-21 21:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25837292-5ed5-11dd-a110-001636a9abb2}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'

2008-07-22 C:\WINDOWS\Tasks\OGADaily.job
- C:\WINDOWS\system32\OGAVerify.exe [2008-04-23 17:17]

2008-08-23 C:\WINDOWS\Tasks\OGALogon.job
- C:\WINDOWS\system32\OGAVerify.exe [2008-04-23 17:17]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 12:44:31
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe??@?????????????L?@????? \??????`?@?????L?@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-23 12:45:14
ComboFix-quarantined-files.txt 2008-08-23 10:45:05
ComboFix2.txt 2008-08-23 10:00:00

Pre-Run: 83,737,640,960 byte disponibili
Post-Run: 83,748,519,936 byte disponibili

293 --- E O F --- 2008-08-14 16:24:56

[DIRRTYMATRIX]

c'è nessuno che mi aiuta???:(

[Luke57]

c'è nessuno che mi aiuta???:(

Perchè, fino adesso che cosa pensi che abbia fatto? Avevi il computer pieno di infezioni.....
Scarica malwarebytes da qui:
http://malwarebytes.gt500.org/mbam.jsp
aggiorna il data base e fai una scansione: al termine, prima di scegliere l'opzione elimina, posta il report prodotto.

[DIRRTYMATRIX]

ok scusami ma visto ke nn mi rispondevate più

[DIRRTYMATRIX]

ecco il risultato:


Malwarebytes' Anti-Malware 1.25
Versione del database: 1078
Windows 5.1.2600 Service Pack 3

15.42.27 23/08/2008
mbam-log-08-23-2008 (15-42-23).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 125604
Tempo trascorso: 39 minute(s), 38 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 2
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.

Elementi dato del registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

[Luke57]

Ciao, elimina quelle voci, poi controlla la presenza di questo file:
C:\WINDOWS\system32\wbmnkpen.exe

se presente, eliminalo.

[DIRRTYMATRIX]

ok fatto si c'era,l'ho eliminato.adesso???

[Luke57]

Nel report non vedo più niente, scarica Ccleaner da qui per eliminare i file temporanei:
http://www.filehippo.com/download_ccleaner/
Non installare la toolbar di Yahoo durante la procedura di installazione, ,finita l'installazione, lascia le impostazioni di default del programma tranne che ,
cliccando su "Impostazioni">Avanzate" togli la spunta dalla casella
"Cancella file in windows temp solo se più vecchi di 48 ore"

Fatto ciò. Avvia ccleaner e premi avvia pulizia (meglio se eseguita dalla modalità provisoria).
Esegi due volte l'operazione.

[DIRRTYMATRIX]

ok fatto cm hai detto tu.adexo???

[Luke57]

Nel report, come detto, non trovo più infezioni.

[DIRRTYMATRIX]

ah ok grazie mille t sn debitore ma posso canecellare tutti quei programmi che mi hai fatto installarE??poi cosa mi consigli per proteggermi da altri attakki di questo tipo??considera che ho avg8

[anikanakka]

Avevo 9 trojan Vundo e malwarebytes me li ha tolti tutti é davvero ottimo!!! Adesso però sarà meglio che metto un'altro firewall al posto di quello di windows se no i virus festeggeranno di nuovo molto presto...

[Dhomochevsky]

Salve a tutti, sono nuovo di qui ^^

Ho avuto anche io lo stesso problema di anikanakka, e ho eseguito la scansione e successiva eliminazione dei files con Malwarebyte's, l'ultima pochi minuti fa, con il seguente rapporto:

Malwarebytes' Anti-Malware 1.25
Versione del database: 1087
Windows 6.0.6001 Service Pack 1

11.36.04 25/08/2008
mbam-log-08-25-2008 (11-36-04).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 138406
Tempo trascorso: 1 hour(s), 22 minute(s), 16 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Ho quindi effettuato la pulizia con CCleaner, due volte come suggerito...
Devo fare dell'altro?

ps: avevo fatto queste operazioni anche ieri sera, ma stamattina i pop-up di avviso si sono presentati nuovamente...

Grazie a tutti.