Aiuto Bastione Antivirus

[mainevent]

ciao a tutti gli utenti.

anche io ho avuto problemi con il malefico bastione antivirus.
per fortuna mi rallenta solo internet explorer e apre automaticamente la pagina di installazione dell'antivirus ma per ora non fa altri danni.

ho letto le discussioni di altri utenti e ho cominciato a seguire i consigli. quindi posto il logfile di hijackthis e attendo altri aiuti. grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.07.10, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Palm\Hotsync.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Philips\Philips SPC220NC Webcam\TrayMin220.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {62DF542A-9520-4D7C-A8C7-7784F32B9A34} - c:\windows\system32\iukykol.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {761F33EE-FBDB-4B55-9834-B7CB6215E227} - C:\DOCUME~1\rodolfo\IMPOST~1\Temp\InfoWindowd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615. 5858\swg.dll
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ChristmasTree] C:\DOCUME~1\rodolfo\IMPOST~1\Temp\Rar$EX01.786\Chr istmas.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programmi\File comuni\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Palm Registration.lnk = C:\Programmi\Palm\register.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Programmi\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: msupd38451.exe
O4 - Global Startup: TrayMin220.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programmi\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://markenzo1982.spaces.live.com/...d/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1177611280140
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://markenzo1982.spaces.live.com/...d/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DF4FE3-9365-4D04-9A73-0C47EBE9B614}: NameServer = 193.70.152.15,193.70.152.25
O20 - Winlogon Notify: zilqdgsn - C:\WINDOWS\SYSTEM32\iukykol.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10392 bytes

[hell's bells]

Segui questa procedura:

scarica Systemscan Systemscan

1) disconnetti il pc da internet
2) disattiva l'antivirus
3) esegui systemscan
4) clicca su "Scan Now"

Il programma ti rilascerà un file di report, salvalo e postalo sul forum secondo questa scaletta:

1) andare sul sito http://www.savefile.com/
2) clicca su Upload My file
3) clicca su upload oppure registrarsi per avere più opzioni
4) clicca su browser e scegli il file di log, txt ecc dal tuo computer
5) compila i restanti campi e clicca su Upload File
6) copia ed incolla sul forum il link per il download che trovi sotto la voce [If you want to link directly to the file: ]

[mainevent]

grazie per il supporto. ecco il link del report di systemscan


link del report

[Deifobe]

Scarica Avenger e CCleaner

Esegui avenger e nella finestra copia/incolla tutta la citazione:

files to delete:
C:\WINDOWS\system32\AppCert\prx992h.dll
C:\WINDOWS\system32\AppCert\hb241g.dll
C:\WINDOWS\system32\AppCert\wsil32.dll
C:\DOCUME~1\rodolfo\IMPOST~1\Temp\InfoWindowd.dll
c:\windows\system32\iukykol.dll
C:\DOCUME~1\rodolfo\IMPOST~1\Temp\Rar$EX01.786\Chr istmas.exe
C:\DOCUME~1\rodolfo\IMPOST~1\Temp\crthjuad.ini
C:\DOCUME~1\rodolfo\IMPOST~1\Temp\10467.exe
C:\DOCUME~1\rodolfo\IMPOST~1\Temp\jar_cache32744.t mp
C:\WINDOWS\temp\crthjuad.ini
C:\WINDOWS\system32\drivers\vfyujpfl.sys

folders to delete:
C:\Documents and Settings\rodolfo\Dati applicazioni\tarxqexk
C:\WINDOWS\system32\AppCert

registry values to delete:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run | ChristmasTree

registry keys to delete:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zilqdgsn
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{761F33EE-FBDB-4B55-9834-B7CB6215E227}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{62DF542A-9520-4D7C-A8C7-7784F32B9A34}
HKLM\system\currentcontrolset\services\vfyujpfl
HKLM\system\controlset002\services\vfyujpfl
HKLM\system\currentcontrolset\enum\root\legacy_vfy ujpfl
HKLM\system\controlset002\enum\root\legacy_vfyujpf l

Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato

Esegui CCleaner e ripulisci i file temporanei e i cookie (eseguilo 2 volte).

Scarica, installa e aggiorna malwarebytes, esegui una scansione completa (spunta l'opzione) e posta il rapporto.

[mainevent]

ecco il report di avenger

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Fri Jul 11 01:55:08 2008

01:54:36: Error: Invalid registry syntax in command:
"HKCU\Software\Microsoft\Windows\CurrentVersion\Ru n|ChristmasTree"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\AppCert\prx992h.dll" deleted successfully.
File "C:\WINDOWS\system32\AppCert\hb241g.dll" deleted successfully.
File "C:\WINDOWS\system32\AppCert\wsil32.dll" deleted successfully.

Error: could not open file "C:\DOCUME~1\rodolfo\IMPOST~1\Temp\InfoWindowd.dll "
Deletion of file "C:\DOCUME~1\rodolfo\IMPOST~1\Temp\InfoWindowd.dll " failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: could not open file "c:\windows\system32\iukykol.dll"
Deletion of file "c:\windows\system32\iukykol.dll" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: could not open file "C:\DOCUME~1\rodolfo\IMPOST~1\Temp\Rar$EX01.786\Ch ristmas.exe"
Deletion of file "C:\DOCUME~1\rodolfo\IMPOST~1\Temp\Rar$EX01.786\Ch ristmas.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

File "C:\DOCUME~1\rodolfo\IMPOST~1\Temp\crthjuad.in i" deleted successfully.
File "C:\DOCUME~1\rodolfo\IMPOST~1\Temp\10467.exe" deleted successfully.
File "C:\DOCUME~1\rodolfo\IMPOST~1\Temp\jar_cache32744. tmp" deleted successfully.
File "C:\WINDOWS\temp\crthjuad.ini" deleted successfully.

Error: could not open file "C:\WINDOWS\system32\drivers\vfyujpfl.sys"
Deletion of file "C:\WINDOWS\system32\drivers\vfyujpfl.sys" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Folder "C:\Documents and Settings\rodolfo\Dati applicazioni\tarxqexk" deleted successfully.
Folder "C:\WINDOWS\system32\AppCert" deleted successfully.

Error: could not open registry key "HKLM\system\currentcontrolset\services\vfyujp fl" for deletion
Deletion of registry key "HKLM\system\currentcontrolset\services\vfyujp fl" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: could not open registry key "HKLM\system\controlset002\services\vfyujpfl" for deletion
Deletion of registry key "HKLM\system\controlset002\services\vfyujpfl" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Registry key "HKLM\system\currentcontrolset\enum\root\legacy_vf yujpfl" deleted successfully.
Registry key "HKLM\system\controlset002\enum\root\legacy_vfyujp fl" deleted successfully.

Error: could not open registry key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zilqdgsn" for deletion
Deletion of registry key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zilqdgsn" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: could not open registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{761F33EE-FBDB-4B55-9834-B7CB6215E227}" for deletion
Deletion of registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{761F33EE-FBDB-4B55-9834-B7CB6215E227}" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: could not open registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{62DF542A-9520-4D7C-A8C7-7784F32B9A34}" for deletion
Deletion of registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{62DF542A-9520-4D7C-A8C7-7784F32B9A34}" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished! Terminate.

[mainevent]

questo invece è il rapporto di malwarebytes



Malwarebytes' Anti-Malware 1.20
Versione del database: 938
Windows 5.1.2600 Service Pack 2

3.11.25 11/07/2008
mbam-log-7-11-2008 (03-11-15).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 98426
Tempo trascorso: 51 minute(s), 11 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 4
Elementi dato del registro infetti: 0
Cartelle infette: 2
File infetti: 59

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\bug doctor_is1 (Rogue.BugDoctor) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Programmi\Bug Doctor (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin (Rogue.BugDoctor) -> No action taken.

File infetti:
C:\Documents and Settings\rodolfo\Desktop\eagle\BugdoctorSetup.exe (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\BugDoctor.exe (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\BugDoctorLiveUpdate.exe (Rogue.BugDoctor) -> No action taken.
C:\Programmi\WinRAR\Default.SFX (Rogue.Installer) -> No action taken.
C:\Programmi\Bug Doctor\Bug Doctor Help.chm (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\Get Bonuses.url (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin.ini (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\unins000.dat (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\unins000.exe (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\bug.swf (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\fixing_error-disable.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\fixing_error-normal.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\fixing_error-pressed.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\fixing_error-rollover.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\fix_complete-disable.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\fix_complete-normal.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\fix_complete-pressed.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\fix_complete-roll_over.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\LiveUpdate_disable.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\LiveUpdate_normal.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\LiveUpdate_pressed.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\LiveUpdate_rollover.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\main_disable.jpg (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\main_enable.jpg (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\main_pressed.jpg (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\main_roll_over.jpg (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\mask.bmp (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\mask1.bmp (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\scan.swf (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\scancomplete.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\scanning_error-disable.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\scanning_error-normal.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\scanning_error-pressed.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\scanning_error-rollover.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\scan_complete-disable.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\scan_complete-normal.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\scan_complete-pressed.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\scan_complete-roll_over.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\schedule_disable.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\schedule_normal.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\schedule_pressed.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\schedule_rollover.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\skin.ini (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\SubMainDisable.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\SubMainNormal.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\SubMainPressed.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\SubMainRollOver.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\support_disable.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\support_normal.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\support_pressed.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\support_rollover.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\unlock_key-disable.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\unlock_key-normal.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\unlock_key-pressed.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\Bug Doctor\skin\unlock_key-roll_over.gif (Rogue.BugDoctor) -> No action taken.
C:\Programmi\setup.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\rodolfo\Desktop\BugDoctor.lnk (Rogue.BugDoctor) -> No action taken.
C:\Documents and Settings\rodolfo\Desktop\Get Bonuses!.lnk (Rogue.BugDoctor) -> No action taken.
C:\Documents and Settings\rodolfo\Preferiti\Online Security Test.url (Rogue.Link) -> No action taken.

[Deifobe]

ok, non so se il rapporto postato e' completo, comunque ora ripulisci tutto quanto trovato.

Ciao

[mainevent]

innanzitutto ti ringrazio per l'aiuto.

il logfile era completo. ho provato a rimuovere tutti i malware ma mi ha detto che alcuni non aveva potuto rimuoverli ed ha generato un nuovo report praticamente identico al primo. secondo me non ha eliminato niente. diceva che li avrebbe eliminati in automatico riavviando il pc. l'ho riavviato ma non ha datto cenni. ho fatto una prova e il virus è ancora li.

puoi darmi altri consigli?

[Deifobe]

no, facciamo così, riesegui Malwarebytes, carica il rapporto su Sendmefile e posta il link ottenuto. Mi sa che quello che hai postato non è completo.

Poi, trova i files:
c:\windows\system32\iukykol.dll
C:\WINDOWS\system32\drivers\vfyujpfl.sys

clicca su ciascun file con il tasto destro del mouse e seleziona "proprietà".
dimmi se sono indicati sociatà o copyright.

Se non trovi queste informazioni, scarica Registry Search Tool e cerca prima vfyujpfl e poi iukykol . Posta i risultati ottenuti (puoi zipparli insieme al rapporto di Malwarebytes)

ciao

[mainevent]

sto facendo la scansione con malwarebytes.

intanto ti posto quello che mi hai chiesto:

per il file c:\windows\system32\iukykol.dll c'è il copyright:

© SMCORPNAME Corporation. All rights reser


per il file C:\WINDOWS\system32\drivers\vfyujpfl.sys c'è il copyright

© Microsoft Corporation. All rights reserved.


spero siano le informazioni che ti servivano.. nel frattempo aspetto il report di malwarebytes e te lo invio.

grazie ancora per la disponibilità