allora se arrivo a postare qui è perchè ho eseguito le direttive del vostro post iniziale...
ho effettuato le analisi con tutti gli strumenti da voi indicati...
alla fine Kaspersky
mi ha dato la seguente analisi:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, October 25, 2005 00:27:18
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 24/10/2005
Kaspersky Anti-Virus database records: 146642
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\ghena1\IMPOST~1\Temp\
Scan Statistics:
Total number of scanned objects: 12499
Number of viruses found: 11
Number of infected objects: 70
Number of suspicious objects: 0
Duration of the scan process: 5064 sec
Infected Object Name - Virus Name
C:\WINDOWS\mspathfinder Infected: Backdoor.Win32.SdBot.xd
C:\WINDOWS\system32\csrssv.exe Infected: Backdoor.Win32.Rbot.gen
C:\WINDOWS\system32\fwdmon.exe Infected: Trojan-Proxy.Win32.Ranky.co
C:\WINDOWS\system32\hhs.pif Infected: Backdoor.Win32.Rbot.agu
C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab
C:\WINDOWS\system32\Msn-7.exe Infected: Backdoor.Win32.Rbot.adf
C:\WINDOWS\system32\pnpmgr.exe Infected: Backdoor.Win32.Codbot.ba
Scan process completed.
ho rieffettuato un controllo con scan & remove
le voci di registro del firewall del antivirus e della sicurezza din windows erano settate "word:0" disabled
ho corretto
Poi ho aperto Hijack e ho usato il fix item su queste voci
C:\WINDOWS\system32\csrssv.exe Infected: Backdoor.Win32.Rbot.gen
C:\WINDOWS\system32\fwdmon.exe Infected: Trojan-Proxy.Win32.Ranky.co
C:\WINDOWS\system32\hhs.pif Infected: Backdoor.Win32.Rbot.agu
C:\WINDOWS\system32\pnpmgr.exe Infected: Backdoor.Win32.Codbot.ba
solo pnpmgr.exe non si è cancellato.
restano quindi i seguenti file:
C:\WINDOWS\mspathfinder Infected: Backdoor.Win32.SdBot.xd
C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab
C:\WINDOWS\system32\Msn-7.exe Infected: Backdoor.Win32.Rbot.adf
C:\WINDOWS\system32\pnpmgr.exe Infected: Backdoor.Win32.Codbot.ba
ho riprovato a killarli con Hijack ma nulla.
Al momento sono senza firewall non riesco ad attivarlo perchè qualcosa poi mi inpedisce di aprire il browser per uscire, non sono i settaggi del firewall perchè ho settato sia explorer che FF per uscire con outpost... ma nulla.
potete darmi qualche consiglio...
*************************************************
Logfile of HijackThis v1.99.1
Scan saved at 1.42.41, on 25/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\mspathfinder
C:\WINDOWS\System32\pnpmgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\hhs.pif
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\ghena1\Desktop\software\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\PROGRA~1\SOFTOM~1\TOOLBA~1\bin\toolbarU.dl_ (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124578907327
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2C4B638-5BA7-4E31-A5B2-28306D80874E}: NameServer = 85.37.17.39 151.99.125.1
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Enables Java Support (Java) - Unknown owner - C:\WINDOWS\System32\winjava.exe (file missing)
O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner - C:\WINDOWS\mspathfinder
O23 - Service: Universal Plug and Play Manager (PnP Manager) - Unknown owner - C:\WINDOWS\System32\pnpmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Rispondi quotando
devi dare una bella sdradicara ai malware poi al log ci pensa amvinfe 
)
