Ciao a tutti,è tutto il giorno che combatto contro Il virus Vitro,scansioni con avast,Malwarebyte,asquared etc....avast ha inziato a trovarmi virus a raffica....il virus sembra che abbia infettato Office e mi appare una finestra che mi dice Protezione file Windows...i file necesessarei per l'esecuzione sono stati sostituiti etc....
Questo è il LOg di Hijack....aiutatemi sono disperato!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.22.03, on 09/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\bcd2kcpan.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vieri\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programmi\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BCD2000] %SystemRoot%\system32\bcd2kcpan.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ter8m] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Defence] "C:\Documents and Settings\All Users\Defence\smss.exe" -SystemDefence
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB58CD81-81F4-41DB-B5E3-489B4345B237}: NameServer = 193.70.152.70 193.70.152.15
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate1ca0a21cc10fa86) (gupdate1ca0a21cc10fa86) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 8767 bytes

Hai ragione a disperarti.....perchè hai molte probabilità di formattare.
E forse neanche la formattazione semplice basterà.
Disattiva il ripristino configurazione di sistema, e tienilo disattivato.
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Leggi questo link, ed esegui alla lettera le indicazioni. (ma non illuderti)
http://free.avg.com/it-it/rimozione-dei-virus.ndi-67762

Fai attenzione: devi salvare i 2 file in una sola cartella ,ed eseguire il file rmvirut.exe

Oppure prova cosi:
Scarica DrWeb LiveCD (da un altro pc, è meglio)
ftp://ftp.drweb.com/pub/drweb/livecd/minDrWebLiveCD-5.0.0.iso

Masterizza l'immagine CD .
http://ilarialab.com/2008/11/18/dr-web-live-cd-lantivirus-demergenza/

Sul pc infetto, scollega tutti gli HD esterni e le chiavette USB

Inserisci il CD appena creato

avvia il pc, assicurandoti che parta da CD e fai una scansione completa
Auguri. (senza ironia)

Ciao.
Serve una formattazione a " Basso Livello".
E per farla, hai bisogno di un software specifico.
Di solito questo software, lo fornisce la casa-madre dell'HD.

Scrivimi esattamente la marca dell'HD.
Oppure, vai su Google, e digita: Software per formattare a Basso Livello.
Dovresti trovare il software specifico per il tuo HD.

Può darsi.
Esegui una scansione con Combofix:
Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Devi in fretta e furia scaricare l'SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&DisplayLang=it

Comunque aspetta che veda il log di Combofix.

Il pc non presenta particolari problemi.......la cosa evidente è un Pop up che mi si apre dopo aver acceso il pc....tra l'avvio e l'apertura della videata del desktop...un pop up con :
Nome utente : .........

Password:..........

io clicco Ok e parte windows, questa cosa me la faceva prima della formattazione,al contrario prima quando pigiavo Ok il pc rimaneva fermo solo con l'immagine dello sfondo del pc......cosa può essere???

Ho fatto come hai detto alla lettera!




ComboFix 09-11-09.02 - Vieri 11/11/2009 12.51.57.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1022.675 [GMT 1:00]
Eseguito da: c:\documents and settings\Vieri\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Vieri\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1356 [VPS 091110-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\FastNetSrv.exe"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\irc.txt
c:\windows\system32\FastNetSrv.exe
c:\windows\system32\Install.txt

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BTWSRV
-------\Service_BtwSrv


((((((((((((((((((((((((( Files Creati Da 2009-10-11 al 2009-11-11 )))))))))))))))))))))))))))))))))))
.

2009-11-11 11:56 . 2009-11-11 11:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-11-11 11:08 . 2009-11-11 11:57 -------- d-----w- c:\documents and settings\Vieri\Dati applicazioni\Skype
2009-11-11 11:04 . 2009-11-11 11:04 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-11-11 11:03 . 2009-11-11 11:03 -------- d-----w- c:\programmi\File comuni\Skype
2009-11-11 11:03 . 2009-11-11 11:03 -------- d-----r- c:\programmi\Skype
2009-11-11 11:03 . 2009-11-11 11:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-11-11 10:35 . 2009-11-11 10:35 -------- d-----w- c:\programmi\CCleaner
2009-11-11 10:31 . 2009-11-11 10:31 -------- d-----w- c:\programmi\File comuni\ArcSoft
2009-11-11 10:31 . 2003-09-19 14:45 21248 ----a-w- c:\windows\system32\drivers\pfc.sys
2009-11-11 10:31 . 1995-08-01 03:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-11-11 10:31 . 2009-11-11 10:31 -------- d-----w- c:\programmi\ArcSoft
2009-11-11 10:30 . 2009-11-11 10:30 -------- d-----w- c:\windows\PixArt
2009-11-11 10:30 . 2009-11-11 10:30 -------- d-----w- c:\programmi\Trust
2009-11-11 10:30 . 2009-11-11 10:30 -------- d-----w- c:\programmi\File comuni\PCCamera
2009-11-11 10:30 . 2009-11-11 10:30 -------- d-----w- c:\windows\Downloaded Installations
2009-11-11 09:54 . 2009-11-11 11:57 -------- d-----w- c:\documents and settings\Vieri\Tracing
2009-11-11 09:53 . 2009-11-11 09:53 -------- d-----w- c:\programmi\Microsoft
2009-11-11 09:53 . 2009-11-11 09:53 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-11-11 09:53 . 2009-11-11 09:54 -------- d-----w- c:\programmi\Windows Live
2009-11-10 22:24 . 2009-11-11 11:00 -------- d-----w- c:\programmi\a-squared Free
2009-11-10 22:15 . 2009-11-10 22:15 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-11-10 21:17 . 2009-11-10 21:17 -------- d-----w- c:\windows\system32\drivers\umdf
2009-11-10 21:16 . 2009-11-10 21:16 359040 -c--a-w- c:\windows\system32\dllcache\TCPIP.SYS
2009-11-10 20:59 . 2009-11-10 20:59 -------- d-----w- c:\documents and settings\Vieri\Contacts
2009-11-10 20:58 . 2009-11-11 09:54 -------- dc----w- c:\windows\system32\DRVSTORE
2009-11-10 20:31 . 2009-11-10 20:31 0 ----a-w- c:\windows\nsreg.dat
2009-11-10 20:31 . 2009-11-10 20:31 -------- d-----w- c:\documents and settings\Vieri\Impostazioni locali\Dati applicazioni\Mozilla
2009-11-10 20:22 . 2009-11-10 20:22 -------- d-----w- c:\windows\system32\Lang
2009-11-10 20:18 . 2007-01-16 09:39 1189542 ----a-w- c:\windows\RtlUpd.exe
2009-11-10 20:18 . 2006-07-21 15:14 86016 ----a-w- c:\windows\SoundMan.exe
2009-11-10 20:18 . 2007-04-10 18:04 4397568 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-10 20:18 . 2007-03-23 18:19 9716736 ----a-w- c:\windows\RTLCPL.exe
2009-11-10 20:18 . 2007-04-10 14:28 16128512 ----a-w- c:\windows\RTHDCPL.exe
2009-11-10 20:18 . 2006-10-11 16:42 2158592 ----a-w- c:\windows\MicCal.exe
2009-11-10 20:18 . 2006-05-04 15:26 2810880 ----a-w- c:\windows\alcwzrd.exe
2009-11-10 20:18 . 2009-11-10 20:18 -------- d-----w- c:\programmi\Realtek
2009-11-10 20:18 . 2009-11-10 20:18 315392 ----a-w- c:\windows\HideWin.exe
2009-11-10 20:18 . 2007-01-12 15:54 520192 ----a-w- c:\windows\RtlExUpd.dll
2009-11-10 20:07 . 2009-11-10 20:21 -------- d-----w- c:\windows\nview
2009-11-10 20:07 . 2006-11-17 16:29 208896 ----a-w- c:\windows\system32\nvudisp.exe
2009-11-10 20:07 . 2006-11-17 18:21 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-10 20:06 . 2009-11-10 20:06 -------- d-----w- C:\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 10:31 . 2009-11-10 19:05 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-11 10:30 . 2009-11-10 19:03 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-11-11 09:54 . 2009-11-10 18:28 43528 ----a-w- c:\documents and settings\Vieri\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-10 21:16 . 2009-11-10 21:16 359040 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-11-10 21:16 . 2002-08-29 01:58 359040 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-11-10 20:19 . 2001-08-31 08:00 47814 ----a-w- c:\windows\system32\perfc010.dat
2009-11-10 20:19 . 2001-08-31 08:00 345382 ----a-w- c:\windows\system32\perfh010.dat
2009-11-10 19:57 . 2009-11-10 19:57 -------- d-----w- c:\programmi\Microsoft.NET
2009-11-10 19:17 . 2009-11-10 19:17 -------- d-----w- c:\programmi\Alwil Software
2009-11-10 19:05 . 2009-11-10 19:05 26 ----a-w- c:\windows\system32\drivers\adidsl.cfg
2009-11-10 19:05 . 2009-11-10 19:05 -------- d-----w- c:\programmi\ADSL
2009-11-10 18:26 . 2009-11-10 18:09 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-11-10 18:09 . 2009-11-10 18:09 -------- d-----w- c:\programmi\microsoft frontpage
2009-11-10 18:09 . 2009-11-10 18:09 2678 ----a-w- c:\windows\java\Packages\Data\WNTBBL7B.DAT
2009-11-10 18:09 . 2009-11-10 18:09 558142 ----a-w- c:\windows\java\Packages\YTVDB1N1.ZIP
2009-11-10 18:09 . 2009-11-10 18:09 2678 ----a-w- c:\windows\java\Packages\Data\YF1V5BDZ.DAT
2009-11-10 18:09 . 2009-11-10 18:09 2678 ----a-w- c:\windows\java\Packages\Data\WFP7L3H3.DAT
2009-11-10 18:09 . 2009-11-10 18:09 2678 ----a-w- c:\windows\java\Packages\Data\R7XFX7N1.DAT
2009-11-10 18:09 . 2009-11-10 18:09 2678 ----a-w- c:\windows\java\Packages\Data\JTJL3XRZ.DAT
2009-11-10 18:09 . 2009-11-10 18:09 155995 ----a-w- c:\windows\java\Packages\7V7ZZ9Z7.ZIP
2009-11-10 18:07 . 2009-11-10 18:07 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-10 18:07 . 2009-11-10 18:07 -------- d-----w- c:\programmi\Servizi in linea
2009-09-15 11:59 . 2009-11-10 19:17 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 11:56 . 2009-11-10 19:18 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 11:56 . 2009-11-10 19:18 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 11:55 . 2009-11-10 19:18 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 11:55 . 2009-11-10 19:18 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 11:54 . 2009-11-10 19:18 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 11:54 . 2009-11-10 19:18 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 11:53 . 2009-11-10 19:18 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 11:53 . 2009-11-10 19:18 97480 ----a-w- c:\windows\system32\AvastSS.scr
.

------- Sigcheck -------

[-] 2009-11-10 . 6A603809F598332DBEDD535BDBCE313E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2009-11-10 . 6A603809F598332DBEDD535BDBCE313E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-11_09.30.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-11 10:59 . 2009-11-11 10:59 16384 c:\windows\Temp\Perflib_Perfdata_508.dat
- 2009-11-11 09:30 . 2009-11-11 09:30 16384 c:\windows\Temp\Perflib_Perfdata_4e4.dat
+ 2009-11-11 11:56 . 2009-11-11 11:56 16384 c:\windows\Temp\Perflib_Perfdata_4e4.dat
+ 2009-11-11 09:48 . 2005-05-04 13:45 15072 c:\windows\system32\spmsg.dll
+ 2009-07-26 15:44 . 2009-07-26 15:44 48448 c:\windows\system32\sirenacm.dll
+ 2005-01-25 14:15 . 2005-01-25 14:15 10240 c:\windows\system32\PA207USD.DLL
+ 2001-08-31 08:00 . 2005-05-04 13:45 15360 c:\windows\system32\msisip.dll
+ 2002-09-09 13:51 . 2005-05-04 13:45 78848 c:\windows\system32\msiexec.exe
+ 2005-01-14 08:32 . 2005-01-14 08:32 53248 c:\windows\PixArt\PAC207\PAStiSvc.exe
+ 2001-11-05 15:50 . 2001-11-05 15:50 69632 c:\windows\PixArt\PAC207\AMCap.exe
+ 2009-11-11 09:54 . 2009-11-11 09:54 22016 c:\windows\Installer\153adc.msi
+ 2009-11-11 09:53 . 2009-11-11 09:53 27136 c:\windows\Installer\153a8f.msi
+ 2009-11-11 09:53 . 2009-11-11 09:53 83456 c:\windows\Installer\153a7a.msi
+ 2009-11-11 09:53 . 2009-11-11 09:53 58880 c:\windows\Installer\153a75.msi
+ 2009-11-11 10:30 . 2009-11-11 10:30 40960 c:\windows\Installer\{F6CE1230-A694-4B86-B21C-A11A112689DA}\NewShortcut3_B9724615DC4C49C6B74144CFE412CDAF.exe
+ 2009-11-11 10:30 . 2009-11-11 10:30 10134 c:\windows\Installer\{F6CE1230-A694-4B86-B21C-A11A112689DA}\ARPPRODUCTICON.exe
+ 2009-11-11 09:54 . 2009-11-11 09:54 58945 c:\windows\Installer\{E31A24A7-CF73-42B7-8FA1-26644296C9E3}\wlmail.exe
+ 2009-11-11 09:54 . 2009-11-11 09:54 80395 c:\windows\Installer\{E0ABA486-A39B-4B96-BD80-757396151079}\MsblIco.Exe
+ 2009-11-11 09:53 . 2009-11-11 09:53 62304 c:\windows\Installer\{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}\IconWlc.exe
+ 2004-11-22 12:48 . 2004-11-22 12:48 40960 c:\windows\98Setup.exe
+ 2007-11-07 00:19 . 2007-11-07 00:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-06 19:23 . 2007-11-06 19:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2006-12-01 21:54 . 2006-12-01 21:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 21:54 . 2006-12-01 21:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 21:54 . 2006-12-01 21:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2005-09-22 21:48 . 2005-09-22 21:48 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-22 21:48 . 2005-09-22 21:48 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-22 21:48 . 2005-09-22 21:48 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2001-08-31 08:00 . 2005-05-04 13:45 884736 c:\windows\system32\msimsg.dll
- 2001-08-31 08:00 . 2004-08-19 14:38 884736 c:\windows\system32\msimsg.dll
+ 2002-09-09 13:50 . 2005-05-04 13:45 271360 c:\windows\system32\msihnd.dll
+ 2009-11-10 18:04 . 2009-11-11 10:18 193776 c:\windows\system32\FNTCACHE.DAT
+ 2005-02-24 11:29 . 2005-02-24 11:29 162176 c:\windows\system32\drivers\PFC027.sys
+ 2006-10-24 02:01 . 2006-10-24 02:01 780800 c:\windows\Resources\Themes\Zune\Shell\NormalColor\shellstyle.dll
+ 2005-02-21 13:07 . 2005-02-21 13:07 413696 c:\windows\PixArt\PAC207\PASnap.exe
+ 2009-11-11 11:03 . 2009-11-11 11:03 794112 c:\windows\Installer\38567.msi
+ 2009-11-11 09:54 . 2009-11-11 09:54 763904 c:\windows\Installer\153ae1.msi
+ 2009-11-11 09:54 . 2009-11-11 09:54 430080 c:\windows\Installer\153a9b.msi
+ 2009-11-11 09:53 . 2009-11-11 09:53 155648 c:\windows\Installer\153a94.msi
+ 2009-11-11 09:53 . 2009-11-11 09:53 140288 c:\windows\Installer\153a8a.msi
+ 2009-11-11 09:53 . 2009-11-11 09:53 202752 c:\windows\Installer\153a84.msi
+ 2009-11-11 09:53 . 2009-11-11 09:53 152576 c:\windows\Installer\153a7f.msi
+ 2009-11-11 09:53 . 2009-11-11 09:53 107008 c:\windows\Installer\153a70.msi
+ 2009-11-11 09:52 . 2009-11-11 09:52 301056 c:\windows\Installer\153a6b.msi
+ 2009-11-11 11:03 . 2009-11-11 11:03 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2002-09-09 13:50 . 2005-05-04 13:45 2890240 c:\windows\system32\msi.dll
+ 2009-11-11 10:30 . 2009-11-11 10:30 4260352 c:\windows\Installer\a817c.msi
+ 2009-11-11 11:03 . 2009-11-11 11:03 1565696 c:\windows\Installer\38562.msi
+ 2009-11-11 10:52 . 2009-11-11 10:52 1046528 c:\windows\Installer\1ebd55.msi
+ 2009-11-11 10:30 . 2009-11-11 10:30 5919744 c:\windows\Downloaded Installations\{523D1AB7-1C5C-4699-A2EC-3D62EBBE1C5D}\Trust WB-1400T Webcam.msi
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-17 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-17 86016]
"2kadiras"="2kadiras.exe" - c:\windows\2kadiras.EXE [2003-07-18 32768]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-11-17 1622016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16128512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
DSLMON.lnk - c:\programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe [2009-11-10 929792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/11/2009 20.18.06 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/11/2009 20.18.06 20560]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mbr
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Vieri\Dati applicazioni\Mozilla\Firefox\Profiles\q95jsqvu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 12:56
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\a-squared Free\a2service.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\programmi\Windows Live\Contacts\wlcomm.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-11 12.58.29 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-11 11:58
ComboFix2.txt 2009-11-11 09:31

Pre-Run: 235.769.786.368 byte disponibili
Post-Run: 235.721.326.592 byte disponibili

- - End Of File - - D9F235FAED1D74D3A70010B9D36B1CBE

Farò come mi hai consigliato, ma c'è il problema che nel mio HD esterno c'è tutta la mia roba di anni e anni salvata....perderei tutto...come faccio a salvarla???le cose che mi stanno a cuore non sono i file eseguibili ben si foto musica etc...come posso fare?????

Ah Ok! allora intanto ti posto il Log fatto con il programma che mi hai detto VirIT :


VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK

---

11/11/2009 - 14:46:45

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Qoobox\Quarantine\C\WINDOWS\system32\msxm192z.dll.vir Infetto da Trojan.Win32.WOW.UTA
* * * RIMOSSO * * *
C:\System Volume Information\_restore{31301C19-D41C-403B-8783-6797251FB7B2}\RP1\A0000016.dll Infetto da Trojan.Win32.WOW.UTA
* * * RIMOSSO * * *

[D:]


[E:]


Chiavi Registro infette: 0.
Files Infetti: 2.
Files Sospetti: 0.
Files Analizzati: 21446.
Files Totali: 21446.
Chiavi Registro rimosse: 0.
Virus Rimossi: 2.

Allora,ho disattivato il ripristino di sistema e mi appresto a disinstallare combofix e dopo gli farò un'altra scansione con VirIt....
Il pc funziona abbastanza bene,cioè non da problemi,l'uniche 2 cose sono che :
-Microsoft Office non ha più la sua icona ma ha la classica icona del programma che non si apre,però se lo clicco parte " Mi faceva così prima di formattare " e poi quando il pc parte mi chiede Username e password per partire," Mi faceva così prima di formattare solo che si inchiodava lì dopo aver dato L'OK, invece ora parte pigiando OK"...