...ho un messaggio di u trojan che mi assilla da due giorni e ne con spybot che con avg riesco ad eliminarlo.....
in piu mi sono sparite tutte le impostazioni del desktop...

questo è il log che ho fatto oggi dopo la scanzione

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.07.55, on 20/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Dati applicazioni\udopwnyd\knunkfux.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\jyxgvudq.exe
C:\Programmi\FinePixViewer\QuickDCF2.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmi\free-downloads.net\tbfree.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmi\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA6142] command /c del "C:\Programmi\PCHealthCenter\2.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3459] cmd /c del "C:\Programmi\PCHealthCenter\2.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5200] command /c del "C:\Programmi\PCHealthCenter\3.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4598] cmd /c del "C:\Programmi\PCHealthCenter\3.gif"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [webact] C:\WINDOWS\system32\jyxgvudq.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8505] command /c del "C:\Programmi\PCHealthCenter\2.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5728] cmd /c del "C:\Programmi\PCHealthCenter\2.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4356] command /c del "C:\Programmi\PCHealthCenter\3.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8706] cmd /c del "C:\Programmi\PCHealthCenter\3.gif"
O4 - HKLM\..\Policies\Explorer\Run: [DxteBWPJfR] C:\Documents and Settings\All Users\Dati applicazioni\udopwnyd\knunkfux.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ExifLauncher2.lnk = C:\Programmi\FinePixViewer\QuickDCF2.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1191420098671
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123705518796
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139406804265
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0E8D28F-5B59-48BA-B153-A457733466C9}: NameServer = 85.37.17.55 85.38.28.93
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: chkhlpsys - {595E2B26-B852-350F-D62E-094DD782BDAF} - C:\Programmi\rdecfld\chkhlpsys.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7462 bytes

grazie mille

Ciao.
Fai bene attenzione a quello che devi fare:
Chiudi HijackThis in una cartella a lui dedicata (possibilmente non sul desktop), altrimenti perdi i backup;

Disattiva il Ripristino configurazione di Sistema come qui descritto;
avvia in modalità provvisoria come qui descritto;
rendi visibili le cartelle nascoste ------ > procedura:
da Risorse del computer:
Strumenti >> Opzioni cartella >> visualizzazione;
metti la spunta su:
Visualizza file e cartelle nascoste;
togli la spunta da:
Nascondi file protetti del sistema(consigliato)

Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:

---

O4 - HKLM\..\RunOnce: [SpybotDeletingA6142] command /c del "C:\Programmi\PCHealthCenter\2.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3459] cmd /c del "C:\Programmi\PCHealthCenter\2.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5200] command /c del "C:\Programmi\PCHealthCenter\3.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4598] cmd /c del "C:\Programmi\PCHealthCenter\3.gif"
O4 - HKCU\..\Run: [webact] C:\WINDOWS\system32\jyxgvudq.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8505] command /c del "C:\Programmi\PCHealthCenter\2.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5728] cmd /c del "C:\Programmi\PCHealthCenter\2.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4356] command /c del "C:\Programmi\PCHealthCenter\3.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8706] cmd /c del "C:\Programmi\PCHealthCenter\3.gif"
O4 - HKLM\..\Policies\Explorer\Run: [DxteBWPJfR] C:\Documents and Settings\All Users\Dati applicazioni\udopwnyd\knunkfux.exe
O21 - SSODL: chkhlpsys - {595E2B26-B852-350F-D62E-094DD782BDAF} - C:\Programmi\rdecfld\chkhlpsys.dll

---

Trova e cancella i file e/o cartelle in rosso (se li trovi):
___________________________________________
C:\Documents and Settings\All Users\Dati applicazioni\udopwnyd ------ >> cartella
C:\WINDOWS\system32\jyxgvudq.exe
C:\Programmi\rdecfld ------ >> cartella

___________________________________________

Start >> Esegui. Scrivi (o copia e incolla) la stringa %temp%, clicca su Ok, svuota la cartella temp; assicurati di svuotarla del tutto, due virus sono proprio lì.
Vai su Strumenti >> Opzioni Internet, elimina la cronologia, i files temporanei internet, i cookies;
svuota il cestino;

posta un log aggiornato e riferiscimi se i problemi sono risolti.

---