rootkit trojan malware..li ho tutti...ma non riesco a elimiarli

[Prisko]

salve a tutti---
ho un problema abbastanza serio nel senso che il computer che è infetto è in rete...
è collegato a un server di una televisione...
se entra in rete un virus sono fregato....
dunque i problemi sono cominciati con adobe premiere che si bloccava spesso e si chiudeva da solo..
ho fatto un paio di scansioni con avg e ha trovato un trojan che ha eliminato..
il problema però si è ripetuto ma quando andavo ad aprire il task manager...beh mi usciva la trayicon vicino l'orologio ma non si apriva..
credo di aver fatto tutte le operazioni descritte nelle regole del forum..
ma il risultato è che con spyware ho trovato un casino di cose..
tra cui un rootkit che dicono sia grave..
poi un trojan downloader che credo sia quello mi provochi tutti sti problemi..
mi date un'okkiata al log di hitkjack e mi dite da dove posso cominciare a eliminare sti file..
nel frattempo sto facendo un back-up di sistema e successivamente formatterò..
la mia ultima osservazione è: in questi file che sto salvando..può essere nascosto qualke file infetto?evito e faccio tuto dopo?
anticipatamente un grazie sincero a tutti

[hell's bells]

mi date un'okkiata al log di hitkjack e mi dite da dove posso cominciare a eliminare sti file

Puoi postare il log cortesemente.

[Prisko]

mentre stavo per riscrivere il post inserendo il log.mi si è sparato il sistema o.
domani lo faccio ripartire e cerco di inserire il log....grazie

p.s. ora scrivo da un altro pc

[Prisko]

ecco il log ..ero convinto di aver postato stamattina..boh
- inserisco successivamente anche log di Norman Malware Cleaner

log hjthis:
Logfile of HijackThis v1.99.1
Scan saved at 08:27:14, on 15/06/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sat Time Synchronizer\SatTimeSynchronizer.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rete Azzurra\Desktop\hjT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = fritz.box;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\hidr.exe
O4 - HKCU\..\Run: [german.exe] C:\Windows\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Users\Rete Azzurra\AppData\Roaming\m\flec006.exe
O4 - Global Startup: Launch SatTimeSynchronizer.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB9D92EF-CD6D-4ABA-A28C-47A2C9997043}: NameServer = 62.211.69.150,212.48.4.15
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

---------------------- -------------- ------------------------- --------------------

[Prisko]

Running pre-scan cleanup routine:
Operating System: Microsoft Windows Vista 6.0.6000(Safe mode)
Logged on user: EDITING-2\SYSTEM

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "avgrsstx.dll" -> ""

Scan started: 14/06/2008 23:41:39


Scanning running processes and process memory...

Number of processes/threads found: 1043
Number of processes/threads scanned: 1043
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 15s


Scanning file system...

Scanning: C:\*.*

C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img/unknown0 (Error whilst scanning file: I/O Error)
C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb)

C:\Users\Rete Azzurra\AppData\Roaming\m\data.oct (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\12Ghosts_Shredder _8.11.zip/12Ghosts_Shredder_8.11.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\12Ghosts_TrayProt ect_8.11_(KeyGen).zip/12Ghosts_TrayProtect_8.11_(KeyGen).exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\2006_Olympic_Ice_ Mascot_Screensaver.zip/2006_Olympic_Ice_Mascot_Screensaver.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\5Star Game Copy 1.0.5.124.zip/5Star Game Copy 1.0.5.124.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\70-270_Microsoft_MCSE_Windows_XP_Professional_8.02.05 .zip/70-270_Microsoft_MCSE_Windows_XP_Professional_8.02.05 .exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\AaxRegistry_1.0.z ip/AaxRegistry_1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\ActionScrambler 1.0.zip/ActionScrambler 1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\AD Picture Viewer Lite 1.5.zip/AD Picture Viewer Lite 1.5.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Agora Plastic 2005 4.5.5.zip/Agora Plastic 2005 4.5.5.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Alfa Ebooks Manager 0.4.5.0.zip/Alfa Ebooks Manager 0.4.5.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Allok_Video_to_iP od_Converter_4.2.0709_[With_Crack].zip/Allok_Video_to_iPod_Converter_4.2.0709_[With_Crack].exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Almyta_Inventory_ Control_System_2.90.29.zip/Almyta_Inventory_Control_System_2.90.29.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\AlphaEdit+ 2.0.3 build 251.zip/AlphaEdit+ 2.0.3 build 251.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Anti Red Eye 1.7.zip/Anti Red Eye 1.7.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Applications_Prio rity_Master_1.10.zip/Applications_Priority_Master_1.10.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Atomic Memory Model 2.2.zip/Atomic Memory Model 2.2.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Audubon Close Up - Birds and Flowers 1.0.zip/Audubon Close Up - Birds and Flowers 1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\AVG Anti-Malware 7.5.523a1293.zip/AVG Anti-Malware 7.5.523a1293.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Better_Gmail_1.0. zip/Better_Gmail_1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\BitCalc 1.0.zip/BitCalc 1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Box Monitor 1.51.zip/Box Monitor 1.51.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Breakage_13.zip/Breakage_13.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\CFX_Industry_2.3. zip/CFX_Industry_2.3.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Chess_Clock_5.00_ Crack.zip/Chess_Clock_5.00_Crack.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Chime Clock 1.70a.zip/Chime Clock 1.70a.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\CineGobs Keyer 1.6.2.74.zip/CineGobs Keyer 1.6.2.74.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\CoCoMiner 1.0.zip/CoCoMiner 1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Collidoscope 1.1.zip/Collidoscope 1.1.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Computer Inventory Server 1.1.0.zip/Computer Inventory Server 1.1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Contact_Your_Clie nt_Professional_3.3.4.36.zip/Contact_Your_Client_Professional_3.3.4.36.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Crack.Panda.Plati num.Internet.Security.V.8.03.00.Codigo.Activaciòn .Garantizado.Por.Luismi.zip/Crack.Panda.Platinum.Internet.Security.V.8.03.00.C odigo.Activaciòn.Garantizado.Por.Luismi.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\CrossIPTC 1.2.0.zip/CrossIPTC 1.2.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Currency_Converte r_FX_1.zip/Currency_Converter_FX_1.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\CutePDF Form Filler 3.24.zip/CutePDF Form Filler 3.24.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Cyberfetch_Websit e_Submitter_2.0.5.zip/Cyberfetch_Website_Submitter_2.0.5.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\CyD Careful Observer 2.0.zip/CyD Careful Observer 2.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\CZ_Plotter_Monito r_3.0_[With_Crack].zip/CZ_Plotter_Monitor_3.0_[With_Crack].exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Daily_Dose_2.1.zi p/Daily_Dose_2.1.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Direct MP3 Splitter Joiner 2.1 [Serial].zip/Direct MP3 Splitter Joiner 2.1 [Serial].exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Discover_Your_Fav orite.com_1.4.6.zip/Discover_Your_Favorite.com_1.4.6.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\EasyLandlord_2.0. zip/EasyLandlord_2.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\eMail_Bounce_Hand ler_3.3.1.zip/eMail_Bounce_Handler_3.3.1.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\ExactSpent Time Tracking Software 2006.zip/ExactSpent Time Tracking Software 2006.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Fatman_Adventures _1.04.zip/Fatman_Adventures_1.04.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Fluid Clock ScreenSaver 2.3.zip/Fluid Clock ScreenSaver 2.3.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Fx_Magic_Music_an d_CD_Writer_5.7.8_KeyGen.zip/Fx_Magic_Music_and_CD_Writer_5.7.8_KeyGen.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\GoToMeeting 3.0 [KeyGen].zip/GoToMeeting 3.0 [KeyGen].exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\GoXML_Transform_6 .1.zip/GoXML_Transform_6.1.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Graham Process Mapping Starter Edition 7.01.1018.zip/Graham Process Mapping Starter Edition 7.01.1018.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\HashCash 1.09.zip/HashCash 1.09.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\HTML-Kit 1.0 Build 292.zip/HTML-Kit 1.0 Build 292.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\IEButtons 1.00.zip/IEButtons 1.00.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\InfoManager_2.1.z ip/InfoManager_2.1.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\IrcA Service 1.0.0.1.zip/IrcA Service 1.0.0.1.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Isg WaveSqueezer 1.3a.zip/Isg WaveSqueezer 1.3a.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\JRFile Viewer Activex 1.2.zip/JRFile Viewer Activex 1.2.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Just_Play_Somethi ng_1.0.zip/Just_Play_Something_1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Legends_of_Kronia _1.0.8.zip/Legends_of_Kronia_1.0.8.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\LingvoSoft_Talkin g_Dictionary_2006_Russian_Estonian_3.1.41_(With_Cr ack).zip/LingvoSoft_Talking_Dictionary_2006_Russian_Estonia n_3.1.41_(With_Crack).exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Links_Organizer_2 .1.157.zip/Links_Organizer_2.1.157.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\LogonStudio 1.0.64 (Cracked).zip/LogonStudio 1.0.64 (Cracked).exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Lost Island Screensaver 1.0.zip/Lost Island Screensaver 1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

------------- ----------- ---------- seconda parte giù ---- -------- ------------ ---

[Prisko]

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Masker 7.0.6 (Cracked).zip/Masker 7.0.6 (Cracked).exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\MidToMid 1.0.zip/MidToMid 1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Morpheus_Super_Ac celerator_5.3.3_Cracked.zip/Morpheus_Super_Accelerator_5.3.3_Cracked.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Mountain Eagles 3D 1.0.zip/Mountain Eagles 3D 1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Mr._Random_1.3.0. 106.zip/Mr._Random_1.3.0.106.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Multiple_Integrat ion_1.0.zip/Multiple_Integration_1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\MyFTPUploader 1.2.zip/MyFTPUploader 1.2.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\NFL Woofpool 2006 11.10.zip/NFL Woofpool 2006 11.10.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Nod32.2.70.17.zip/Nod32.2.70.17.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Notebook_Math_Two _3.0.7.zip/Notebook_Math_Two_3.0.7.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Office 2000 HTML Object Tag Vulnerability Patch.zip/Office 2000 HTML Object Tag Vulnerability Patch.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Office Intercom 4.01.zip/Office Intercom 4.01.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\OGG_To_MP3_Active x_1.0_Serial.zip/OGG_To_MP3_Activex_1.0_Serial.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Patriot Clock Screensaver 1.0.zip/Patriot Clock Screensaver 1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\PDF_Page_Numberer _2.03.zip/PDF_Page_Numberer_2.03.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Phantom_Sidekick_ 2.0.zip/Phantom_Sidekick_2.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Phoenix Mail 0.93 alpha 10.zip/Phoenix Mail 0.93 alpha 10.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\PhoneList 1.7.0.zip/PhoneList 1.7.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\PHP_Charts_1.4.7. zip/PHP_Charts_1.4.7.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\PMPro Flash To PSP Converter 2.0 Crack.zip/PMPro Flash To PSP Converter 2.0 Crack.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\QuikGrid_5.3.zip/QuikGrid_5.3.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Quinnsoft_Calcula tor_1.0.zip/Quinnsoft_Calculator_1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Reboot_Buddy_2.1_[Serial].zip/Reboot_Buddy_2.1_[Serial].exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Registry Washer 3.7.5 (With Crack).zip/Registry Washer 3.7.5 (With Crack).exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Restaurant_Maid_1 .1.zip/Restaurant_Maid_1.1.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Schedules4Team_3. 00.0455.zip/Schedules4Team_3.00.0455.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Screenshot_Magic_ 3.0_With_Crack.zip/Screenshot_Magic_3.0_With_Crack.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Seruku_Toolbar_1. 10.04.30.2004.zip/Seruku_Toolbar_1.10.04.30.2004.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\ShortCutter 1.0.zip/ShortCutter 1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Slam_1.121.zip/Slam_1.121.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Smiley_Maker_1.0. zip/Smiley_Maker_1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Smoke_1.06.zip/Smoke_1.06.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Snattei_0.10.zip/Snattei_0.10.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\SoftCollection Shooting-Range 1.58.zip/SoftCollection Shooting-Range 1.58.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Softinabox_Remind _Me!_1.0.0_Build_38.zip/Softinabox_Remind_Me!_1.0.0_Build_38.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\SPYREMOVE_9.3.0.1 0_Key+Serial.zip/SPYREMOVE_9.3.0.10_Key+Serial.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Stash GUI 1.0.zip/Stash GUI 1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\STLport 5.1.4.zip/STLport 5.1.4.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Stylet_File_Manag er_2.06.zip/Stylet_File_Manager_2.06.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Sudoku_Generator_ 1.zip/Sudoku_Generator_1.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Switchboard 1.83.zip/Switchboard 1.83.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Tic Tac Toe Widget 1.0.zip/Tic Tac Toe Widget 1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Tiff-PDF Counter 2.0 build 9.zip/Tiff-PDF Counter 2.0 build 9.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\TIFF_Page_Counter _COM_Component_1.zip/TIFF_Page_Counter_COM_Component_1.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\TimeFix_1.30_Beta _build_90.zip/TimeFix_1.30_Beta_build_90.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Towns_screensaver _1.0.zip/Towns_screensaver_1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\TradeSim_3.0.0.zi p/TradeSim_3.0.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\TRAVELClip_USB_1. 10_[Serial].zip/TRAVELClip_USB_1.10_[Serial].exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Ulead PhotoImpact 13.zip/Ulead PhotoImpact 13.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Ultimate_Su_Doku_ 1.1.zip/Ultimate_Su_Doku_1.1.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Unreal_Tournament _2003_-_Vertical_deathmatch_map.zip/Unreal_Tournament_2003_-_Vertical_deathmatch_map.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Version Control Pro 4.7.zip/Version Control Pro 4.7.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\ViViD Calendar 1.1.zip/ViViD Calendar 1.1.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\WakeMeUp! 1.8.5.34.zip/WakeMeUp! 1.8.5.34.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\WAVChop 1.0.zip/WAVChop 1.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\Xceed FTP for .NET 3.6 [With Crack].zip/Xceed FTP for .NET 3.6 [With Crack].exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\XT Spy 3.0.zip/XT Spy 3.0.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\XYplorer 6.20.0000.zip/XYplorer 6.20.0000.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Users\Rete Azzurra\AppData\Roaming\m\shared\YaCy_0.50.zip/YaCy_0.50.exe (Infected with W32/Malware.CXAM)
Deleted file

C:\Windows\exefqd\103881.exe (Infected with W32/Bagle.ALG)
Deleted file

C:\Windows\exefqd\14470278.exe (Infected with W32/Bagle.ALG)
Deleted file

C:\Windows\exefqd\14483491.exe (Infected with W32/Bagle.ALG)
Deleted file

C:\Windows\exefqd\14540619.exe (Infected with W32/Bagle.ALG)
Deleted file

C:\Windows\exefqd\40170.exe (Infected with SDBot.gen8)
Deleted file

C:\Windows\exefqd\42837.exe (Infected with SDBot.gen8)
Deleted file

C:\Windows\exefqd\46893.exe (Infected with W32/Bagle.AXS)
Deleted file

C:\Windows\exefqd\56035.exe (Infected with W32/Bagle.ALG)
Deleted file

C:\Windows\exefqd\56862.exe (Infected with W32/Bagle.AXL)
Deleted file

C:\Windows\exefqd\62962.exe (Infected with SDBot.gen8)
Deleted file

C:\Windows\exefqd\73460.exe (Infected with W32/Bagle.ALG)
Deleted file

C:\Windows\exefqd\78172.exe (Infected with W32/Bagle.ALG)
Deleted file

C:\Windows\exefqd\78296.exe (Infected with W32/Bagle.ALG)
Deleted file

C:\Windows\System32\drivers\srosa.sys (Infected with W32/Bagle.AAK)
Removed driver: srosa
Deleted file

Scanning: D:\*.*

Scanning: c:\System Volume Information\*.*


Running post-scan cleanup routine:

Number of files found: 151559
Number of archives unpacked: 546
Number of files scanned: 151505
Number of files not scanned: 54
Number of files skipped due to exclude list: 0
Number of infected files found: 137
Number of infected files repaired/deleted: 136
Number of infections removed: 136
Total scanning time: 38m 40s


Qua dice che un file non l'ha corretto o eliminato e che 54 non ha fatto la scansione..
successivamente ho rifatto scansione con spyware..
e mi dice che il rootkit non c'è più..almeno spero..
ma ci sono ancora 2 trojan..

- trojan downloader bagle
- trojan loader

ho provato a scaricare qualke tool dal web..
ma tipo kaspersky si blocca--avg e ad-aware non lo trovano...
altri siti non si aprivano...che faccio ora?
ancora grazie a chi gentilmente risponderà
oggi comunque la situazione è migliorata....il computer risponde un po meglio ai comandi..
e task manager si apre ...ma premiere non si apre...mentre durante la scansione di avg ora si blocca...
ancora con hjthis non ho eliminato nulla eh!

[Deifobe]

elimina la cartella C:\Windows\exefqd

Scarica SystemScan, disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus

carica il rapporto che trovi sul desktop su Savefile e posta il link ottenuto.

[Prisko]

ehm...
il report del sistem scan è lunghetto..
praticamente per postarlo ci vorranno un 10-11 commenti...(in quanto si possono utilizzare max 10mila caratteri)...
l'ho incollato qui:

http://prisko.interfree.it/report.htm

__________________
Rock is never die

[Deifobe]

lo analizzo.. ti farò sapere qualcosa in mattinata. Ciao

[Prisko]

mui obligado!