rimozione trojan.agent ( generico?)

[blur]

ciao,

sto cercando disperatamente di rimuovere dal mio laptop un trojan che spyware doctor lo identifica come trojan.agent ( generico?).
ho provato in tutti i modi con i vari nod32, panda online, ad-aware e spyware doctor, ma questo proprio non ci riesco.
Spyware mi individua il trojan nel registro:
HKEY_USERS\S-1-5-21-1971986232-2378466238-2406581434-1000\Software\Microsoft\rdfa

[blur]

e questo è il logfile di hijackthis: (parte 1)

codice:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.17.41, on 23/05/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\bin\httpd.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Windows\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

[blur]

(parte 2):

codice:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [netpot.exe] C:\windows\netpot.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljJDUmLb.dll,#1
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SBI] C:\Users\Dario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFBIPYTH\install_sbd_it[1].exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Dario\AppData\Local\Temp\iifddbbb.dll,c
O4 - HKCU\..\Run: [mdm] C:\Windows\mdm.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Dario\AppData\Local\Temp\hgGayxUN.dll,#1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [367507c5] rundll32.exe "C:\Users\Dario\AppData\Local\Temp\jqtxnvsa.dll",b
O4 - HKCU\..\Run: [BM35463459] Rundll32.exe "C:\Users\Dario\AppData\Local\Temp\alucgcqj.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?IT (file missing)
O13 - Gopher Prefix: 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14080 bytes

[Deifobe]

scarica Avenger e CCleaner

da hjt fixa:

O4 - HKLM\..\Run: [netpot.exe] C:\windows\netpot.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljJDUmLb.dll,#1
O4 - HKLM\..\Run: [SBI] C:\Users\Dario\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\EFBIPYTH\install_sbd_it[1].exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Dario\AppData\Local\Temp\iifddbbb.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Dario\AppData\Local\Temp\hgGayxUN.dll,#1
O4 - HKCU\..\Run: [367507c5] rundll32.exe "C:\Users\Dario\AppData\Local\Temp\jqtxnvsa.dl l",b
O4 - HKCU\..\Run: [BM35463459] Rundll32.exe "C:\Users\Dario\AppData\Local\Temp\alucgcqj.dl l",s

Invece questi puoi fixarli perchè non necessari all'avvio:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

esegui avenger e nella finestra che si apre copia/incolla:

files to delete:
C:\windows\netpot.exe
C:\Windows\system32\ljJDUmLb.dll
C:\Users\Dario\AppData\Local\Temp\iifddbbb.dll
C:\Users\Dario\AppData\Local\Temp\hgGayxUN.dll
C:\Users\Dario\AppData\Local\Temp\jqtxnvsa.dll
C:\Users\Dario\AppData\Local\Temp\alucgcqj.dll
C:\Users\Dario\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\EFBIPYTH\install_sbd_it[1].exe

Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato

Esegui CCleaner e ripulisci i file temporanei e i cookie (eseguilo 2 volte).


Scarica SystemScan, disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus, carica il rapporto che trovi sul desktop su Freefilehosting e posta il link ottenuto.

(ricordati di postare anche il rapporto di avenger => c:\avenger)

[blur]

ecco qua:

systemscan-->report
avenger-->report

adesso il pc è "pulito"?

[Deifobe]

controllo e ti faccio sapere.
Ciao

[Deifobe]

No,
fai prima una scansione con kaspersky:
vai su Kaspersky_virusscanner
clicca su "kaspersky online scanner"
clicca su "accept"
--- verrà eseguito il download dei componenti necessari alla scansione
quando è terminato clicca su "next"
=> clicca su "my computer"
clicca su "scan settings"
Finita la scansione, salva e posta il rapporto


Poi riesegui systemscan (il rapporto postato su freefilehosting, se vedi, è stato compattato dal sito e non è analizzabile)

Posta i rapporti caricandoli su Savefile (posta il link ottenuto).

Ci sono ancora le .dll in C:\Users\Dario\AppData\Local\Temp\

[blur]

report di kaspersky
ha trovato vari files infetti ma non li ha eliminati, solo a pagamento...

report systemscan

scusa il ritardo, ma il tempo è quello che è
adesso com'è la situazione?

grazie mille per la pazienza

[Deifobe]

Forse sei tu che dovrai avere un po' di pazienza...

NB (edit): durante la procedura accetta le modifiche richieste da spybot per valori eliminati.

Scarica Avenger , SmitfraudFix e CCleaner

Apri il blocco note e nella pagina copia/incolla:

Windows Registry Editor Version 5.00

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"BM35463459"=-
"cmds"=-
"mdm"=-

[-HKCR\CLSID\{0541290B-954E-4B9E-B9D0-907944A5F690}]

salvalo in c:\ con il nome nome: fix.reg
tipo di file: tutti i file

Esegui avenger e nella finestra copia/incolla tutta la citazione:

files to delete:
C:\Users\Dario\AppData\Local\Temp\rQhefFvT.dll
C:\Users\Dario\AppData\Local\Temp\fccyaYRI.dll
C:\Users\Dario\AppData\Local\Temp\opnnkjgG.dll
C:\Users\Dario\AppData\Local\Temp\geBrsPgG.dll
C:\Users\Dario\AppData\Local\Temp\nnnOiiIc.dll
C:\Users\Dario\AppData\Local\Temp\yaywurRj.dll
C:\Users\Dario\AppData\Local\Temp\hgGyabaY.dll
C:\Users\Dario\AppData\Local\Temp\wVPhGwtr.dll
C:\Users\Dario\AppData\Local\Temp\wvUnliii.dll
C:\Users\Dario\AppData\Local\Temp\vtUklkIY.dll
C:\Users\Dario\AppData\Local\Temp\kvuvnesx.ini
C:\Users\Dario\AppData\Local\Temp\pujeumjh.dll
C:\Users\Dario\AppData\Local\Temp\pmnnMfDS.dll
C:\Users\Dario\AppData\Local\Temp\qoMfdebX.dll
C:\Users\Dario\AppData\Local\Temp\rQhgHyYQ.dll
C:\Users\Dario\AppData\Local\Temp\eFWpPJCu.dll
C:\Users\Dario\AppData\Local\Temp\hgGXpoNf.dll
C:\Users\Dario\AppData\Local\Temp\nnnnMExv.dll
C:\Users\Dario\AppData\Local\Temp\jkkLEUMf.dll
C:\Users\Dario\AppData\Local\Temp\ddcBQgHX.dll
C:\Users\Dario\AppData\Local\Temp\wvUllkLf.dll
C:\Users\Dario\AppData\Local\Temp\gEwUMCUn.dll
C:\Users\Dario\AppData\Local\Temp\byXPGXpp.dll
C:\Users\Dario\AppData\Local\Temp\yywnjqkq.dll
C:\Users\Dario\AppData\Local\Temp\asvnxtqj.ini
C:\Users\Dario\AppData\Local\Temp\lnhuwans.ini
C:\Users\Dario\AppData\Local\Temp\snawuhnl.dll
C:\Users\Dario\AppData\Local\Temp\onuubnue.dll
C:\Users\Dario\AppData\Local\Temp\iifddbbb.dll
C:\Windows\mdm.exe
C:\Windows\system32\ljJDUmLb.dll
C:\Users\Dario\AppData\Local\Temp\is-07T8V.tmp
C:\Users\Dario\AppData\Local\Temp\is-07T8V.tmp
C:\Users\Dario\AppData\Local\Temp\ProductPath\pgs. exe

folders to delete:
C:\Users\Dario\Documents\Azureus Downloads\Spyware Doctor 5.5.1.322 +Serials

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks | {0541290B-954E-4B9E-B9D0-907944A5F690}

programs to launch on reboot:
c:\fix.reg

Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato

Esegui CCleaner e ripulisci i file temporanei e i cookie (eseguilo 2 volte).

Svuota C:\Windows\Prefetch

Esegui systemscan

Esegui SmitfraudFix, seleziona l'opzione 1 (Search) e premi invio. Ti verra' visualizzato un file di testo, che dovrai postare, con l'elenco dei file infetti (se presenti): dovresti trovare questo report anche in C:\rapport.txt (NB: process.exe da alcuni antivirus viene rilevato come virus, ovviamente non lo e').

Posta il rapporto di systemscan, di SmitfraudFix e quello di avenger (c:\avenger) (caricali sempre su Savefile)

Ciao

[blur]

report di systemscan
report di avenger
report di smitfraudfx

ma che casino! a questo punto?