"Il virus senza nome" per favore aiutatemi ho uno strano virus

[Rael84]

salve a tutti,
ringrazio anticipatamente chiunque mi aiuti nel risolvere il seguente problema:
ho scaricato un file che si è dimostrato essere un virus (o qualcos'altro) che si autoattiva e che è in grado di disattivarmi tutti i sistemi di sicurezza(antivirus e firewall). Ho gia utilizzato il tool della Symantec contro i BugBear, ma sembra che il mio "amico" nn sia un BugBear. Ho notato uno strano processo in Task Manager chiamato "wscntfy.exe" che ho provato a far terminare; purtroppo esso si riattiva e windows mi informa della mancanza di firewall e antivirus. potreste aiutarmi????

P.S. se volete mandatemi un parere sull'antivirus McAfee, dei pregi del quale dubito un tantino....

[ercolino]

Benvenuto nel forum

dai un'occhiata qui:

http://www.liutilities.com/products/...brary/wscntfy/

http://hijackthis.myblogsite.com/blog/wscntfyexe


E' un servizio di Xp è si trova c:\windows\System32 folder. In other cases, wscntfy.exe is a virus, spyware, trojan or worm!



vedi se riesci a fare una scansione on-line qui:

http://it.trendmicro-europe.com/cons...all_launch.php

[Rael84]

in effetti è un processo del SP2 di XP.

[FOXYLADY]

Scarica hijackthis da qui
http://www.majorgeeks.com/download3155.html
avvialo e posta il log (copia incolla).

Ciao

[Rael84]

Ecco il Log:


Logfile of HijackThis v1.99.1
Scan saved at 14.09.57, on 04/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\system32\svchost2.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Giuseppe\IMPOST~1\Temp\Rar$EX00.391\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [svchost] C:\windows\system32\svchost2.exe
O4 - HKLM\..\RunServices: [svchost] C:\windows\system32\svchost2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GMT.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1116967545485
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A668BB4-7B9D-4579-A9BD-668F843F5FCD}: NameServer = 80.19.114.21 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A668BB4-7B9D-4579-A9BD-668F843F5FCD}: NameServer = 80.19.114.21 151.99.125.1
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Programmi\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: McShield - Unknown owner - C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe

[FOXYLADY]

Da fixare questo
O4 - Global Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GMT.exe

Anche questi mi sembrtano sospetti
C:\windows\system32\svchost2.exe
O4 - HKLM\..\Run: [svchost] C:\windows\system32\svchost2.exe
O4 - HKLM\..\RunServices: [svchost] C:\windows\system32\svchost2.exe

Però è meglio se aspetti il parere di qualcuno più esperto di me.

Ciao

[Rael84]

svchost.exe c'è sempre stato penso che derivi dalla connessione in rete , mentre per l'altro chissa. aspetto il parere di qualcun'altro prima di fare mosse avventate. grazie mille!

[bluepix]

Quote:

Originariamente inviato da FOXYLADY

Da fixare questo
O4 - Global Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GMT.exe

Anche questi mi sembrtano sospetti
C:\windows\system32\svchost2.exe
O4 - HKLM\..\Run: [svchost] C:\windows\system32\svchost2.exe
O4 - HKLM\..\RunServices: [svchost] C:\windows\system32\svchost2.exe

Però è meglio se aspetti il parere di qualcuno più esperto di me.

Ciao

concordo su tutte le linee indicate.
Disabilita il "ripristino di sistema"
In modalità protetta
cancella il file svchost2.exe (quello giusto si chiama scvhost.exe)

ed è necessario un giro di spybot in quanto GMT.exe è un file di gator.

[Rael84]

che significa che devo disattivare il ripristino di sistema?

[bluepix]

Quote:

Originariamente inviato da Rael84

che significa che devo disattivare il ripristino di sistema?

Tutto quello che serve conoscere sull'argomento lo trovi qui:
http://service1.symantec.com/SUPPORT...20823151930924

[Rael84]

sembra che il problema sia stato risolto!!!
vi ringrazio tutti per la disponibilita e la pazienza che avete dimostrato. spero di esservi utile in un prossimo futuro (ho i miei dubbi)

[bluepix]

Quote:

Originariamente inviato da Rael84

sembra che il problema sia stato risolto!!!
vi ringrazio tutti per la disponibilita e la pazienza che avete dimostrato. spero di esservi utile in un prossimo futuro (ho i miei dubbi)

Bene!!!!!!

Più partecipi al forum e più impari.

ciao

[Rael84]

un'ultima domanda: secondo voi il McAfee è un buon antivirus?

[bluepix]

Si lo è.
Ma,come tutti gli antivirus, non garantisce una protezione al 100%.
Dovrebbe essere affiancato da un firewall (quello di McAfee è molto buono) e da uno spyware (consiglio quello di Microsoft ex Giant).
Da non dimenticare anche qualche antivirus on line da lanciare ogni tanto.
Il Panda antivirus per esempio.
Nel bagaglio per la sicurezza non dovrebbero anche mancare:
-Ad aware PE della Lavasoft(gratis)
-Spybot (gratis)
-Ccleaner (gratis)
-Spyblaster (gratis)
-Mwav (gratis)

insomma in po' di roba utile.

ciauzzzzz

[lord2]

Quote:

Originariamente inviato da Rael84

un'ultima domanda: secondo voi il McAfee è un buon antivirus?

ti garantisco che è buono ma senza firewall ti sconsiglio la frequentazione di siti che offorno poca garanzia tipo warez crack sex porno etc etc l antivirus da solo NON PUò FARE TUTTO ricordatelo in rete non girano solo virus ma altra robccia ancora più pericolosa per gli effetti negativi che puoi subire tipo numeri bancari dati personali etc etc parafrasando è meglio un virus che mangia hard disk che dati e password in mano di chissà chì ..
allora piccolo sunto

ANTIVIRUS AGGIORNATO Engine REAL TIME
FIREWALL OBBLIGATORIO TE DICO PER ESPERIENZA
ANTI SPY/MALWARE
AGGIORNAMENTO SERVICE PACK 2 E TUTTE LE PATCH SICUREZZA
ALMENO 1 PROGRAMMA PROTEZIONE PRIVACY

[Ciccio6]

Mi sa che ho preso lo stesso virus...mi killa avast e il sygate...mi disabilita gli aggiornamenti automatici di windows e non riesco ad aprire il task manager. Qualcuno mi può aiutare? Io non so piu cosa fare...sono andato anche in modalita provvisoria ho fatto la scansione con avast con ad-aware e con spybot-sd....questo è il log di haijackthis

Logfile of HijackThis v1.99.1
Scan saved at 15.43.28, on 26/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\WINDOWS\svchost.exe
C:\windows\SOUNDMAN.EXE
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rmctrl.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\winlog.exe
C:\PROGRA~1\FREEME~1\fmempro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\windows\system32\winlog.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\windows\system32\nvsvc32.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Xfire\Xfire.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\windows\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\setup\avast01.setup
C:\DOCUME~1\Luca\IMPOST~1\Temp\Rar$EX05.812\procexp.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Luca\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=svchost.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programmi\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BHR4.1] C:\Programmi\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [key2] C:\windows\system32\winlog.exe
O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRA~1\FREEME~1\fmempro.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Programmi\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [key2] C:\windows\system32\winlog.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk = C:\Programmi\Diskeeper Corporation\Diskeeper\ESIRegister.exe
O4 - Startup: Xfire.lnk = C:\Programmi\Xfire\Xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14c52928...dxIE601_it.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136385502484
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/down...derActiveX.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe



e su questo link non riesco ad andarci

http://service1.symantec.com/SUPPOR...020823151930924

[svetonio]

Quote:

Originariamente inviato da Ciccio6

Mi sa che ho preso lo stesso virus...mi killa avast e il sygate...mi disabilita gli aggiornamenti automatici di windows e non riesco ad aprire il task manager. Qualcuno mi può aiutare? Io non so piu cosa fare...sono andato anche in modalita provvisoria ho fatto la scansione con avast con ad-aware e con spybot-sd....questo è il log di haijackthis

Logfile of HijackThis v1.99.1
Scan saved at 15.43.28, on 26/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\WINDOWS\svchost.exe
C:\windows\SOUNDMAN.EXE
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rmctrl.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\winlog.exe
C:\PROGRA~1\FREEME~1\fmempro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\windows\system32\winlog.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\windows\system32\nvsvc32.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Xfire\Xfire.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\windows\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\setup\avast01.setup
C:\DOCUME~1\Luca\IMPOST~1\Temp\Rar$EX05.812\procexp.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Luca\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=svchost.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programmi\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BHR4.1] C:\Programmi\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [key2] C:\windows\system32\winlog.exe
O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRA~1\FREEME~1\fmempro.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Programmi\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [key2] C:\windows\system32\winlog.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk = C:\Programmi\Diskeeper Corporation\Diskeeper\ESIRegister.exe
O4 - Startup: Xfire.lnk = C:\Programmi\Xfire\Xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14c52928...dxIE601_it.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136385502484
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/down...derActiveX.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe



e su questo link non riesco ad andarci

http://service1.symantec.com/SUPPOR...020823151930924

FIXA:

C:\WINDOWS\svchost.exe

C:\WINDOWS\system32\winlog.exe

C:\windows\system32\winlog.exe

O4 - HKLM\..\Run: [key2] C:\windows\system32\winlog.exe

O4 - HKCU\..\Run: [key2] C:\windows\system32\winlog.exe


ciao

[darioooo]

ho lo stesso problema.
ecco il log

Logfile of HijackThis v1.99.1
Scan saved at 16.13.08, on 05/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\khooker.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\FSI\F-Prot\F-Sched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\AC Milan Alerts\ACMilanAlerts.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programmi\Webshots\WebshotsTray.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\slrundll.exe
C:\Programmi\GetRight\GetRight.exe
C:\Programmi\GetRight\GetRight.exe
C:\Programmi\FSI\F-Prot\F-StopW.exe
C:\WINDOWS\TEMP\smwzba.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\AdunanzA\eMule_AdnzA.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\LIUtilities\WinTasks\wintasks.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\DARIUS~1.DAR\IMPOST~1\Temp\Rar$EX00.309\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programmi\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Programmi\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zzdoaa.exe] C:\DOCUME~1\DARIUS~1.DAR\IMPOST~1\Temp\zzdoaa.exe
O4 - HKLM\..\Run: [monlaqpe] "c:\windows\system32\monlaqpe.exe"
O4 - HKLM\..\Run: [ztzkra.exe] C:\WINDOWS\TEMP\ztzkra.exe
O4 - HKLM\..\Run: [smwzba.exe] C:\WINDOWS\TEMP\smwzba.exe
O4 - HKCU\..\Run: [AC Milan Alerts] "C:\Programmi\AC Milan Alerts\ACMilanAlerts.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster2] C:\Programmi\Uniblue\RegistryBooster2\RegistryBooster.exe /S
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Darius.DARIO\Dati applicazioni\Mozilla\Firefox\Profiles\urrci3e4.Dario\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Darius.DARIO\Dati applicazioni\Mozilla\Firefox\Profiles/urrci3e4.Dario\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\WebshotsTray.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?2f2a230cb0b64395a6435963bf9533fd
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?2f2a230cb0b64395a6435963bf9533fd
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~2\Agnitum\OUTPOS~1\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1151660867498
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~2\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~2\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Programmi\FSI\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe


Grazie.

[Gianky....! :D :)]

@ Dariooooo

FIXA :

C:\WINDOWS\TEMP\smwzba.exe

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


O4 - HKLM\..\Run: [zzdoaa.exe] C:\DOCUME~1\DARIUS~1.DAR\IMPOST~1\Temp\zzdoaa.exe

O4 - HKLM\..\Run: [ztzkra.exe] C:\WINDOWS\TEMP\ztzkra.exe


O4 - HKLM\..\Run: [smwzba.exe] C:\WINDOWS\TEMP\smwzba.exe

O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~2\Agnitum\OUTPOS~1\Plugins\BrowserBar\ie_bar.dll (file missing)


E SOPRATTUTTO QUESTO CHE è UNA BELLA BACKDOOR

O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe (file missing)


Dopo aver fatto ciò fai una scansione on-line con bitdefender : http://www.bitdefender.com/scan8/ie.html

Facci sapere
Ciao

[Tidus Strife]

@Ciccio6
disabilita il system restore
fixa (magari in mod provvisoria):

F3 - REG:win.ini: load=svchost.exe
O4 - HKLM\..\Run: [key2] C:\windows\system32\winlog.exe
O4 - HKCU\..\Run: [key2] C:\windows\system32\winlog.exe

poi scarica the avenger e inserisci questo script:

Files to delete:

C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\winlog.exe

dimmi se hai risolto così