Salve a tutti, eccomi qui disperato ad esporvi il mio problema.

Dopo soli 4 mesi ho dovuto ri formattare a causa di un (presunto) virus maledetto...

In pratica non potevo più usare nessun programma perchè, improvvisamente, mi si apriva il wmp e successivamente decine di volte il browser di firefox con la home page di google, impedendomi di scrivere qualsiasi messaggio o di fare qualsiasi operazione...

Pensavo fosse tutto risolto ma ecco che, dopo un pomeriggio perso, nulla è tornato alla normalità...

Cosa fare adesso?
Non so proprio a che santo votarmi..
Se è successo anche a voi fatemi sapere...
Ho già provato prima del format decine di antispyware ad entivirus con risultati pressocchè nulli...

Ciao, occorre procedere ad un accurata bonifica del tuo pc. ;)

Leggi le REGOLE di SEZIONE (http://www.hwupgrade.it/forum/showthread.php?t=1589984), e poi segui attentamente le indicazioni riportate nella GUIDA alla DISINFEZIONE per INFETTI (http://www.hwupgrade.it/forum/showthread.php?t=1599737) ;)
Ricordati quindi di pubblicarci nell'ordine tutti i log richiesti rispettando le regole di pubblicazione degli stessi.

ho fatto tutto...
Ma non vengo a capo di nulla

Ecco i miei log, nell'odine richiesto.

F- Secure

Scanning Report Sunday, May 11, 2008 21:55:30 - 22:28:00 Computer name: ALFIO-DESKTOP Scanning type: Scan system for malware, rootkits Target: C:\ D:\ L:\ ------------------------------------------------------------------------ Result: 2 malware found Backdoor.Win32.Rbot.pbc (virus) * L:\PROGRAMMI\JASC PAINT SHOP PHOTO ALBUM DELUXE 5.1 KEYGENERATOR.EXE (Renamed & Submitted) Tracking Cookie (spyware) * System ------------------------------------------------------------------------ Statistics Scanned: * Files: 25164 * System: 2355 * Not scanned: 8 Actions: * Disinfected: 0 * Renamed: 1 * Deleted: 0 * None: 1 * Submitted: 1 Files not scanned: * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM * C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{01F9E0CC-BE0E-443B-9242-14917A76F841}.BIN * C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{E457EB63-7356-48F1-BEF3-30BBE135B33F}.BIN ------------------------------------------------------------------------ Options Scanning engines: * F-Secure USS: 2.30.0 * F-Secure Blacklight: 1.0.68 * F-Secure Hydra: 2.8.8110, 2008-05-11 * F-Secure Pegasus: 1.20.0, 2008-02-28 * F-Secure AVP: 7.0.171, 2008-05-11 Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR * Use Advanced heuristics ------------------------------------------------------------------------ Copyright © 1998-2007 Product support |Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.



Sys Inspector (non riesco ad allegare il log)



Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.36.13, on 11/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\a-squared Free\a2service.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Programmi\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programmi\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe

--
End of file - 4888 bytes


Gmer

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-05-11 22:40:48
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT F7BD92FC ZwCreateThread
SSDT F7BD92E8 ZwOpenProcess
SSDT F7BD92ED ZwOpenThread
SSDT F7BD92F7 ZwTerminateProcess
SSDT F7BD92F2 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.14 ----

.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 28001CC0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 28001B00 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 28001A80 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 28001D80 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] kernel32.dll!FindResourceA 7C80BE89 7 Bytes JMP 28001B90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 28001DF0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 28001840 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] kernel32.dll!FindResourceExA 7C835F78 7 Bytes JMP 28001C20 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] kernel32.dll!OutputDebugStringW 7C85A42D 5 Bytes JMP 28001E50 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] ADVAPI32.dll!CryptDeriveKey 77F5A685 7 Bytes JMP 28001000 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] ADVAPI32.dll!CryptDecrypt 77F5A7B1 2 Bytes JMP 28001060 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] ADVAPI32.dll!CryptDecrypt + 3 77F5A7B4 4 Bytes [ 0A, B0, CC, CC ]
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 28004010 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] USER32.dll!CreateWindowExW 7E39FC25 5 Bytes JMP 280037A0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] USER32.dll!SetWindowRgn 7E39FFB2 7 Bytes JMP 28005900 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] USER32.dll!LoadIconW 7E3A0894 5 Bytes JMP 28006210 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] USER32.dll!LoadImageW 7E3A2CFE 5 Bytes JMP 28006020 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] USER32.dll!CreateDialogParamW 7E3A7D4F 5 Bytes JMP 28005A20 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] USER32.dll!SetWindowPlacement 7E3AD84C 5 Bytes JMP 280057C0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 28005C10 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] USER32.dll!TrackPopupMenuEx 7E3ECD28 5 Bytes JMP 280048F0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] WS2_32.dll!send 71A3428A 5 Bytes JMP 28009EE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 28009CC0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] WS2_32.dll!recv 71A3615A 5 Bytes JMP 28009B20 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 2800A0C0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 2800A300 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] SHELL32.dll!Shell_NotifyIconW 7CA31B92 5 Bytes JMP 28002F50 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] ole32.dll!CoInitializeEx 774CEF6B 5 Bytes JMP 28002100 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] ole32.dll!CoRegisterClassObject 774E8720 5 Bytes JMP 28002200 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] WININET.dll!InternetCloseHandle 4330DA59 5 Bytes JMP 28008CE0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] WININET.dll!HttpOpenRequestA 43314331 5 Bytes JMP 280089A0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] WININET.dll!InternetReadFile 4331ABA4 5 Bytes JMP 28008B30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe[2012] WININET.dll!HttpSendRequestA 4331CD28 5 Bytes JMP 28008C10 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

---- EOF - GMER 1.0.14 ----


e per ultimo Prevx

non sono riuscito a generare il log ma compare la scritta "No malware has been found"

riedita il tuo post ed allega tutti i log con il comando gestisci allegati
manca a-squared

non riesco ad editrali in quel modo perchè mi avvisa che sono formati non corretti o riconosiuti..con a squared ho eliminato 5 cookie, nonho salvato il log purtroppo..dovrei rifare la scansione per spedirlo..

manca anche il log di Dr.Web CureIT scaricato oggi
che problemi ti da il log di ESET SysInspector?

completa la guida e poi una domanda stupida ma fondamentale: il ripristino configurazione sistema era (prima di iniziare la guida) ed è ancora disattivato?