Olimpo Informatico

apopax · Mortale devoto Registrato: 28/12/07 22:25 Messaggi: 12

Vi scongiuro ragazzi!!!!!!! AIUTATEMI perchè non so veramente cosa fare e non so neanche da dove cominciare per eliminare questo stramaledettissimo Virtumonde!!!!!
Se qualcuno di voi è capace, per favore, MI AIUTI!!!!!!!!!!

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Ciao apopax:)
Salva questo file sul desktop.
Avvia il pc in modalità provvisoria.
Esegui il programma appena scaricato.
Al termine, riavvia il pc in modalità normale e posta qui il log generato.
Poi guarda questa discussione e posta un log di Hijackthis.-

apopax · Mortale devoto Registrato: 28/12/07 22:25 Messaggi: 12

Ecco qua il log generato dal programma che mi hai consigliato:

[12/28/2007, 23:24:16] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Pietro\Desktop\VirtumundoBeGone.exe" )
[12/28/2007, 23:24:24] - Detected System Information:
[12/28/2007, 23:24:24] - Windows Version: 5.1.2600, Service Pack 2
[12/28/2007, 23:24:24] - Current Username: Pietro (Admin)
[12/28/2007, 23:24:24] - Windows is in SAFE mode with Networking.
[12/28/2007, 23:24:24] - Searching for Browser Helper Objects:
[12/28/2007, 23:24:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[12/28/2007, 23:24:24] - BHO 2: {213e4897-6719-4604-addb-c502927aeb49} ()
[12/28/2007, 23:24:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 23:24:24] - Checking for HKLM\...\Winlogon\Notify\hpsrjfyj
[12/28/2007, 23:24:24] - Key not found: HKLM\...\Winlogon\Notify\hpsrjfyj, continuing.
[12/28/2007, 23:24:24] - BHO 3: {29BCF4D0-1D74-4A4F-BDAC-F116105EDBE2} ()
[12/28/2007, 23:24:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 23:24:24] - Checking for HKLM\...\Winlogon\Notify\mljji
[12/28/2007, 23:24:24] - Key not found: HKLM\...\Winlogon\Notify\mljji, continuing.
[12/28/2007, 23:24:24] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/28/2007, 23:24:24] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[12/28/2007, 23:24:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 23:24:24] - No filename found. Continuing.
[12/28/2007, 23:24:24] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[12/28/2007, 23:24:24] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[12/28/2007, 23:24:24] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[12/28/2007, 23:24:24] - BHO 9: {FED51DF2-9644-4C58-9104-90244EDD6EEC} ()
[12/28/2007, 23:24:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 23:24:24] - Checking for HKLM\...\Winlogon\Notify\ssqpmkh
[12/28/2007, 23:24:24] - Found: HKLM\...\Winlogon\Notify\ssqpmkh - This is probably Virtumundo.
[12/28/2007, 23:24:24] - Assigning {FED51DF2-9644-4C58-9104-90244EDD6EEC} MSEvents Object
[12/28/2007, 23:24:24] - BHO list has been changed! Starting over...
[12/28/2007, 23:24:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[12/28/2007, 23:24:24] - BHO 2: {213e4897-6719-4604-addb-c502927aeb49} ()
[12/28/2007, 23:24:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 23:24:24] - Checking for HKLM\...\Winlogon\Notify\hpsrjfyj
[12/28/2007, 23:24:24] - Key not found: HKLM\...\Winlogon\Notify\hpsrjfyj, continuing.
[12/28/2007, 23:24:24] - BHO 3: {29BCF4D0-1D74-4A4F-BDAC-F116105EDBE2} ()
[12/28/2007, 23:24:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 23:24:24] - Checking for HKLM\...\Winlogon\Notify\mljji
[12/28/2007, 23:24:24] - Key not found: HKLM\...\Winlogon\Notify\mljji, continuing.
[12/28/2007, 23:24:24] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/28/2007, 23:24:24] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[12/28/2007, 23:24:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 23:24:24] - No filename found. Continuing.
[12/28/2007, 23:24:24] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[12/28/2007, 23:24:24] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[12/28/2007, 23:24:24] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[12/28/2007, 23:24:24] - BHO 9: {FED51DF2-9644-4C58-9104-90244EDD6EEC} (MSEvents Object)
[12/28/2007, 23:24:24] - ALERT: Found MSEvents Object!
[12/28/2007, 23:24:24] - Finished Searching Browser Helper Objects
[12/28/2007, 23:24:24] - *** Detected MSEvents Object
[12/28/2007, 23:24:24] - Trying to remove MSEvents Object...
[12/28/2007, 23:24:25] - Terminating Process: IEXPLORE.EXE
[12/28/2007, 23:24:26] - Terminating Process: RUNDLL32.EXE
[12/28/2007, 23:24:26] - Disabling Automatic Shell Restart
[12/28/2007, 23:24:26] - Terminating Process: EXPLORER.EXE
[12/28/2007, 23:24:26] - Suspending the NT Session Manager System Service
[12/28/2007, 23:24:26] - Terminating Windows NT Logon/Logoff Manager
[12/28/2007, 23:24:26] - Re-enabling Automatic Shell Restart
[12/28/2007, 23:24:26] - File to disable: C:\WINDOWS\system32\ssqpmkh.dll
[12/28/2007, 23:24:26] - Renaming C:\WINDOWS\system32\ssqpmkh.dll -> C:\WINDOWS\system32\ssqpmkh.dll.vir
[12/28/2007, 23:24:26] - File successfully renamed!
[12/28/2007, 23:24:26] - Removing HKLM\...\Browser Helper Objects\{FED51DF2-9644-4C58-9104-90244EDD6EEC}
[12/28/2007, 23:24:26] - Removing HKCR\CLSID\{FED51DF2-9644-4C58-9104-90244EDD6EEC}
[12/28/2007, 23:24:26] - Adding Kill Bit for ActiveX for GUID: {FED51DF2-9644-4C58-9104-90244EDD6EEC}
[12/28/2007, 23:24:26] - Deleting ATLEvents/MSEvents Registry entries
[12/28/2007, 23:24:26] - Removing HKLM\...\Winlogon\Notify\ssqpmkh
[12/28/2007, 23:24:26] - Searching for Browser Helper Objects:
[12/28/2007, 23:24:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[12/28/2007, 23:24:26] - BHO 2: {213e4897-6719-4604-addb-c502927aeb49} ()
[12/28/2007, 23:24:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 23:24:26] - Checking for HKLM\...\Winlogon\Notify\hpsrjfyj
[12/28/2007, 23:24:26] - Key not found: HKLM\...\Winlogon\Notify\hpsrjfyj, continuing.
[12/28/2007, 23:24:26] - BHO 3: {29BCF4D0-1D74-4A4F-BDAC-F116105EDBE2} ()
[12/28/2007, 23:24:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 23:24:26] - Checking for HKLM\...\Winlogon\Notify\mljji
[12/28/2007, 23:24:26] - Key not found: HKLM\...\Winlogon\Notify\mljji, continuing.
[12/28/2007, 23:24:26] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/28/2007, 23:24:26] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[12/28/2007, 23:24:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 23:24:26] - No filename found. Continuing.
[12/28/2007, 23:24:26] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[12/28/2007, 23:24:26] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[12/28/2007, 23:24:26] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[12/28/2007, 23:24:26] - Finished Searching Browser Helper Objects
[12/28/2007, 23:24:26] - Finishing up...
[12/28/2007, 23:24:26] - A restart is needed.
[12/28/2007, 23:24:38] - Attempting to Restart via STOP error (Blue Screen!)

Questo invece è quello che mi ha generato hijack This:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23.32.11, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Trust_CR-1200_16-in-1_USB2_CARD_READER\shwicon2k.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\AGEIA Technologies\TrayIcon.exe
E:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Pietro\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tgcom.mediaset.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {94bea729-205c-bdda-4064-91767984e312} - {213e4897-6719-4604-addb-c502927aeb49} - C:\WINDOWS\system32\hpsrjfyj.dll
O2 - BHO: (no name) - {5775AFE7-2CA9-4698-8E07-F3B3466DEF72} - C:\WINDOWS\system32\mljji.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Trust_CR-1200_16-in-1_USB2_CARD_READER\shwicon2k.exe
O4 - HKLM\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Programmi\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [1453344a] rundll32.exe "C:\WINDOWS\system32\flmrjufi.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AWMON] "C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166359795712
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98BFD4A6-CD9E-4B84-8523-E3155E18D2DD}: NameServer = 85.37.17.56 85.38.28.98
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Nero 7\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - E:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8594 bytes

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

disattiva il ripristino di sistema. Avvia Hijackthis e seleziona a sinistra queste righe:

bdoriano

Scusate se mi intrometto... Eh?

Prima di fare i passaggi indicati da Sante, segui le istruzioni di questo topic per postare il log di combofix.
Così gli dovremmo dare un'ulteriore pulita. Twisted Evil

apopax · Mortale devoto Registrato: 28/12/07 22:25 Messaggi: 12

Questo è il lo g che mi esce facendo la scansione con Cpmbofix:

ComboFix 07-12-29.5 - Pietro 2007-12-29 11.52.41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.596 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Pietro\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\axjcaflv.dll
C:\WINDOWS\system32\drivers\RKL9.tmp.sys
C:\WINDOWS\system32\elwxsvtr.ini
C:\WINDOWS\system32\fkwlabgu.ini
C:\WINDOWS\system32\gdprjbqq.dll
C:\WINDOWS\system32\gitktvpn.ini
C:\WINDOWS\system32\hgphsjhv.ini
C:\WINDOWS\system32\hpsrjfyj.dll
C:\WINDOWS\system32\ifujrmlf.ini
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\ijkfvgbw.dll
C:\WINDOWS\system32\jovgpuvl.dll
C:\WINDOWS\system32\jvsknmir.dll
C:\WINDOWS\system32\lbsevlew.dll
C:\WINDOWS\system32\lvotabrb.dll
C:\WINDOWS\system32\lvupgvoj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mielabiu.ini
C:\WINDOWS\system32\mjfsargx.ini
C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\niioccpe.dll
C:\WINDOWS\system32\npvtktig.dll
C:\WINDOWS\system32\nxjtqnxl.dll
C:\WINDOWS\system32\nyeqsuhu.dll
C:\WINDOWS\system32\rtvsxwle.dll
C:\WINDOWS\system32\sltmatps.dll
C:\WINDOWS\system32\sptamtls.ini
C:\WINDOWS\system32\ugbalwkf.dll
C:\WINDOWS\system32\uibaleim.dll
C:\WINDOWS\system32\vhjshpgh.dll
C:\WINDOWS\system32\welvesbl.ini
C:\WINDOWS\system32\xgrasfjm.dll
C:\WINDOWS\system32\xmgljtfy.dll
C:\WINDOWS\system32\yftjlgmx.ini
C:\WINDOWS\system32\ykbbemdx.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE

((((((((((((((((((((((((( Files Creati Da 2007-11-28 al 2007-12-29 )))))))))))))))))))))))))))))))))))
.

2007-12-28 21:38 . 2007-12-28 21:39 <DIR> d-------- C:\Programmi\RogueRemover FREE
2007-12-25 21:15 . 2007-12-25 21:15 <DIR> d-------- C:\WINDOWS\Content.IE5
2007-12-25 20:25 . 2007-12-28 21:06 <DIR> d-------- C:\VundoFix Backups
2007-12-20 20:06 . 2007-12-20 20:06 7,680 --a------ C:\WINDOWS\system32\drivers\RKL15.tmp.sys
2007-12-20 20:01 . 2007-12-20 20:01 <DIR> d-------- C:\Programmi\Lavasoft
2007-12-20 19:45 . 2007-12-20 19:45 <DIR> d-------- C:\OEWmessengerCtrlUninstall
2007-12-20 19:45 . 2007-12-20 19:45 <DIR> d-------- C:\MessengerCtrlUninstall
2007-12-20 19:45 . 2007-12-20 19:45 <DIR> d-------- C:\LSPExplorerUninst
2007-12-20 19:45 . 2003-02-08 22:54 293,888 --a------ C:\~GLH0001.TMP
2007-12-20 19:45 . 2003-10-19 18:17 195,072 --a------ C:\~GLH0002.TMP
2007-12-20 19:45 . 2003-11-15 17:14 194,048 --a------ C:\~GLH0003.TMP
2007-12-20 19:43 . 2007-12-20 19:43 <DIR> d-------- C:\hexdumpuninstall
2007-12-20 19:43 . 2003-01-23 22:15 229,888 --a------ C:\fhexdump.dll
2007-12-20 19:42 . 2007-12-20 19:42 <DIR> d-------- C:\FileSpecsUninstall
2007-12-20 19:42 . 2003-01-16 16:57 347,136 --a------ C:\~GLH0000.TMP
2007-12-19 20:59 . 2007-12-20 20:02 <DIR> d-------- C:\Documents and Settings\Pietro\Dati applicazioni\Lavasoft
2007-12-16 20:50 . 2007-12-16 20:50 37,888 --a------ C:\WINDOWS\system32\ssqpmkh.dll.vir
2007-12-16 19:45 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-12-16 19:45 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-16 19:45 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-12-16 19:45 . 2007-12-16 19:45 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-16 19:45 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-12-16 19:45 . 2007-12-16 19:45 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-15 19:10 . 2007-12-25 13:03 1,142 --a------ C:\WINDOWS\system32\presence_sip_pianofla_alice_it.xml
2007-12-15 19:09 . 2007-12-15 19:09 183 --a------ C:\WINDOWS\system32\presence_sip_pianofla_virgilio_it.xml
2007-12-15 19:08 . 2007-12-15 19:08 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2007-12-15 19:08 . 2007-12-21 18:02 <DIR> d-------- C:\Programmi\Alice Messenger
2007-12-01 03:00 . 2007-12-01 03:00 <DIR> d-------- C:\Programmi\Windows Live Favorites

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-25 19:47 44,184 ----a-w C:\Documents and Settings\Pietro\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-12-20 18:42 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2007-12-16 18:38 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-01 02:00 --------- d-----w C:\Programmi\Windows Live Toolbar
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 07:03 --------- d-----w C:\Programmi\QuickTime
2007-11-10 07:02 --------- d-----w C:\Programmi\File comuni\Apple
2007-11-10 07:02 --------- d-----w C:\Programmi\Apple Software Update
2007-11-10 07:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2007-01-21 10:30 92,064 ----a-w C:\Documents and Settings\Pietro\mqdmmdm.sys
2007-01-21 10:30 9,232 ----a-w C:\Documents and Settings\Pietro\mqdmmdfl.sys
2007-01-21 10:30 79,328 ----a-w C:\Documents and Settings\Pietro\mqdmserd.sys
2007-01-21 10:30 66,656 ----a-w C:\Documents and Settings\Pietro\mqdmbus.sys
2007-01-21 10:30 6,208 ----a-w C:\Documents and Settings\Pietro\mqdmcmnt.sys
2007-01-21 10:30 5,936 ----a-w C:\Documents and Settings\Pietro\mqdmwhnt.sys
2007-01-21 10:30 4,048 ----a-w C:\Documents and Settings\Pietro\mqdmcr.sys
2007-01-21 10:30 25,600 ----a-w C:\Documents and Settings\Pietro\usbsermptxp.sys
2007-01-21 10:30 22,768 ----a-w C:\Documents and Settings\Pietro\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-11-24 15:38]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" []
"AWMON"="C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-01-19 09:18 C:\WINDOWS\soundman.exe]
"NWEReboot"="" []
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Sunkist2k"="C:\Programmi\Trust_CR-1200_16-in-1_USB2_CARD_READER\shwicon2k.exe" [2005-06-29 18:10]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"AGEIA PhysX SysTray"="C:\Programmi\AGEIA Technologies\TrayIcon.exe" [2006-03-20 20:43]
"Adobe Reader Speed Launcher"="E:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Ad-Aware"="C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" [2005-05-27 14:24]
"1453344a"="C:\WINDOWS\system32\flmrjufi.dll" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15]

C:\Documents and Settings\Pietro\Menu Avvio\Programmi\Esecuzione automatica\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 08:43:14]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^LUMIX Simple Viewer.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\LUMIX Simple Viewer.lnk
backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1453344a]
rundll32.exe C:\WINDOWS\system32\flmrjufi.dll,b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ E:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Documents and Settings\Pietro\Documenti\bittorrent.exe --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Programmi\D-Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2005-10-20 14:45 871936 --a------ E:\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-02 18:36 267048 --a------ E:\Programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programmi\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programmi\QuickTime\QTTask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 19:42 32768 --a------ E:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programmi\File comuni\Real\Update_OB\realsched.exe -osboot

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2007-03-19 15:18]
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-09-05 11:25]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 10:36]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2004-10-06 09:39]
S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-10-04 05:28]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]
S3 oflpydin;oflpydin;C:\DOCUME~1\Pietro\IMPOST~1\Temp\oflpydin.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d61d2ca2-f13b-11db-b4ba-0013d48e7dad}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2007-12-14 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programmi\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-24 22:06:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2007-12-29 10:04:00 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 11:57:07
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
Ora fine scansione: 2007-12-29 11:57:56 - machine was rebooted
.
2007-12-13 02:02:45 --- E O F ---

Benny

Ciao Apopax, sei già segiuto da due dei migliori virologi dell'Olimpo, perciò il mio è solo un consiglio pratico:
per non appesantire troppo il thread con i log dei vari programmi, ti consiglio di copiarli su file tipo logcombofix.txt (basta usare il notepad) e caricarli su http://www.freefilehosting.net/ , per poi copiare il direct link e inserirlo nel post.

Ok, cedo la parola agli esimi colleghi!

Ciao!

apopax · Mortale devoto Registrato: 28/12/07 22:25 Messaggi: 12

Grazie mille Benny!
Si vede proprio che sono un novellino su queste cose, eh? Embarassed

Benny

Non preoccuparti, anch'io ho conosciuto il fantastico mondo del file hosting solo da poco... Wink

E' solo utile, non cambia la sostanza. Ciao

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

apopax · Mortale devoto Registrato: 28/12/07 22:25 Messaggi: 12

Questo è quello di Avenger:
http://www.freefilehosting.net/download/39j35
E questo quello di hijack:
http://www.freefilehosting.net/download/39j39

Adesso procedo con gli altri passaggi che mi avevi indicato prima Sante.

Ho fatto con Hijack e ho potuto fixare solo
04 - HKLM\..\Run: [1453344a] rundll32.exe "c:\WINDOWS\system32\flmrjufi.dll",b
perchè le altre voci non le vedevo più.
Infatti appena riavviato il computer non mi ha più dato errore appena entrato in Xp.
Ho passato il pc anche con Virit e questo è il risultato:

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
29/12/2007 - 13:49:48

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Documents and Settings\Pietro\Desktop\A8V\Sim Aquarium 2.06\Sim Aquarium 2.06\keygen.exe Infetto da Backdoor.IRCBot.D
* * * RIMOSSO * * *
C:\qoobox\Quarantine\C\WINDOWS\system32\gdprjbqq.dll.vir Infetto da Trojan.Win32.Vundo.BT
* * * RIMOSSO * * *
C:\qoobox\Quarantine\C\WINDOWS\system32\ijkfvgbw.dll.vir Infetto da Trojan.Win32.Vundo.BT
* * * RIMOSSO * * *
C:\qoobox\Quarantine\C\WINDOWS\system32\jvsknmir.dll.vir Infetto da Trojan.Win32.Vundo.BT
* * * RIMOSSO * * *
C:\qoobox\Quarantine\C\WINDOWS\system32\lvotabrb.dll.vir Infetto da Trojan.Win32.Vundo.BT
* * * RIMOSSO * * *
C:\qoobox\Quarantine\C\WINDOWS\system32\nyeqsuhu.dll.vir Infetto da Trojan.Win32.Vundo.BT
* * * RIMOSSO * * *
C:\qoobox\Quarantine\C\WINDOWS\system32\sltmatps.dll.vir Infetto da Trojan.Win32.Vundo.CE
* * * RIMOSSO * * *
C:\qoobox\Quarantine\C\WINDOWS\system32\uibaleim.dll.vir Infetto da Trojan.Win32.Vundo.CE
* * * RIMOSSO * * *
C:\qoobox\Quarantine\C\WINDOWS\system32\vhjshpgh.dll.vir Infetto da Trojan.Win32.Vundo.CE
* * * RIMOSSO * * *
C:\qoobox\Quarantine\C\WINDOWS\system32\xmgljtfy.dll.vir Infetto da Trojan.Win32.Vundo.CE
* * * RIMOSSO * * *
C:\qoobox\Quarantine\C\WINDOWS\system32\ykbbemdx.dll.vir Infetto da Trojan.Win32.Vundo.BT
* * * RIMOSSO * * *

Chiavi Registro infette: 0.
Files Infetti: 11.
Files Sospetti: 0.
Files Analizzati: 40798.
Files Totali: 40798.
Chiavi Registro rimosse: 0.
Virus Rimossi: 11.

Ho ripassato con hijack e questo è il log nuovo:
http://www.freefilehosting.net/download/39j45

Adesso faccio con GMER!
Intanto grazie!

Questi sono i risultati della scansione:
- con GMER Autostart: http://www.freefilehosting.net/download/39j4j;
- con GMER Rootkit: http://www.freefilehosting.net/download/39j4k.

Fatemi sapere!!!!
Grazie mille ancora!!!

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

I log di Gmer non presentano nulla di pericoloso.
Avenger non ha trovato nessun file... Sad

forse perchè l'hai usato dopo Virit..
Comunque adesso collegati a Kaspersky online scanner
Quando sta scaricando i file necessari, disattiva momentaneamente l'antivirus ed eventualmente anche il firewall. Non appena inizia la scansione del PC disconnettiti da internet.
Alla fine carica il risultato su www.freefilehosting.net, riportando quì il link che ti viene assegnato.

apopax · Mortale devoto Registrato: 28/12/07 22:25 Messaggi: 12

Fatto e devo dire che mi ha trovato un paio di robette (solo che non ci capisco niente... Embarassed

)!
Questo è il log:
http://www.freefilehosting.net/download/39jag

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Era meglio che lo salvavi in formato HTML e sarebbe stato più leggibile.
Adesso utilizza nuovamente Avenger con questo script:

apopax · Mortale devoto Registrato: 28/12/07 22:25 Messaggi: 12

Salvato in html e questo è il log:
http://www.freefilehosting.net/download/39jbl

Intanto continuo con quello che mi hai detto di fare!
P.S.: visto che te ne intendi molto più di me, me lo potresti consigliare tu il firewall? Laughing

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

OK, lo script di Avenger è giusto. Mi pare di non aver saltato nulla.
Per il firewall, comunque sono tutti ottimi. Io uso Zone Alarm, che oltre ad essere in italiano è il più facile da configurare. poi se hai dimestichezza con l'inglese puoi sceglierne un altro, es. Jetico, Comodo etc.
L'importante per tutti è che si configurano correttamente, altrimenti risulta problematico navigare.

apopax · Mortale devoto Registrato: 28/12/07 22:25 Messaggi: 12

Continua a darmi errore appena carica tutti i programmi per:
C:\WINDOWS\system32\flmrjufi.dll

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Chi ti da l'errore, Avenger?

apopax · Mortale devoto Registrato: 28/12/07 22:25 Messaggi: 12

Appena mi carica gli autopartenti mi compare la scritta:
RUNDLL
ERRORE DURANTE IL CARICAMENTO DI C:\WINDOWS\system32\flmrjufi.dll
IMPOSSIBILE TROVARE IL MODULO SPECIFICATO

Comunque per il resto non mi fa più nessuno scherzo!

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Posta per favore un log aggiornato di Hijackthis. Ora vedo cos'è quell'errore.