in base all'ultimo log cosa devo fare?

lo posso scaricare da qualche altra parte?

Ciao Carissimi,

mi intrometto solo per dare un consiglio all'amico Emiliorc

Appena risolvi i tuoi problemi, ti consiglio di usare il programma Macrium Reflect cosi la prossima volta che c'è qualcosa che non va perdi solo una trentina di minuti per ripristinare il sistema cosi come era nel momento che avevi fatto la copia, senza dover ne riparare il danno e ne reinstallare tutti i programmi che utilizzi, uno per uno.

Amici: Shapiro e R16, date anche voi questo consiglio durante la vostra assistenza, qui se aumentano i visitatori non ce la faremo più a stare dietro a tutte le richieste di aiuto.

Scusatemi per l'intromissione e con l'occasione Auguro a tutti, buone feste di fine anno.

---

alfonso_aiutamici@hotmail.it

ecco cosa esce
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\windows\system32\B.tmp" not found!
Deletion of file "c:\windows\system32\B.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

ecco il risultato


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 6817.
Files Totali: 6817.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

---

14/12/2009 - 18:41:53

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Programmi\Trend Micro\HijackThis\backups\backup-20091212-233547-371.dll Infetto da BHO.Shopper.D
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Programmi\Search Settings\SearchSettings.exe.vir Infetto da Trojan.Win32.Agent.BJT
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Programmi\ShoppingReport\Bin\2.6.58\ShoppingReport.dll.vir Infetto da BHO.Shopper.D
* * * RIMOSSO * * *
C:\System Volume Information\_restore{E370FEBC-7E96-4F3E-A494-EF4CECF412F4}\RP490\A0123329.exe Infetto da Trojan.Win32.Agent.BJT
* * * RIMOSSO * * *
C:\System Volume Information\_restore{E370FEBC-7E96-4F3E-A494-EF4CECF412F4}\RP490\A0123330.dll Infetto da BHO.Shopper.D
* * * RIMOSSO * * *
C:\System Volume Information\_restore{E370FEBC-7E96-4F3E-A494-EF4CECF412F4}\RP493\A0131366.exe Infetto da Trojan.Win32.Zapchast.UY
* * * RIMOSSO * * *
C:\System Volume Information\_restore{E370FEBC-7E96-4F3E-A494-EF4CECF412F4}\RP493\A0131756.dll Infetto da BHO.Shopper.D
* * * RIMOSSO * * *
C:\UTILITY\WINRAR 3.62 ITALIANO.ZIP -> winrar.3.xx.generic.patch.exe Infetto da Trojan.Win32.Agent.BGM
* * * RIMOSSO * * *

[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK



Chiavi Registro infette: 0.
Files Infetti: 8.
Files Sospetti: 0.
Files Analizzati: 133843.
Files Totali: 133843.
Chiavi Registro rimosse: 0.
Virus Rimossi: 8.

eccolo
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.46.30, on 14/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Trend Micro\Internet Security\UfSeAgnt.exe
C:\VEXPLite\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Programmi\Intel\IntelDH\CCU\AlertService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\Java\jre6\bin\jqs.exe
c:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLite\viritsvc.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Programmi\Trend Micro\BM\TMBMSRV.exe
C:\Programmi\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Programmi\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Programmi\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rsvp.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\internet explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Programmi\Trend Micro\Internet Security\TmProxy.exe
C:\Programmi\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\Emilio\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Emilio\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Programmi\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1360035731-1467615003-4010307876-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Programmi\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Programmi\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Programmi\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Server Multimediale Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Programmi\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Programmi\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Programmi\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Programmi\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Componente Central Control Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Programmi\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Programmi\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Programmi\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLite\viritsvc.exe

--
End of file - 8757 bytes

esegui queste operazioni, voglio verificare una cosa

scarica sul desktop questo file- non e' una scansione, dura pochi secondi

http://wikisend.com/download/457390/1.bat

eseguilo con doppio click, successivamente in C dovresti trovare i file .txt da 1 a 10 o perlomeno quelli che sono stati individuati, Inseriscili tutti in una cartella .zip e allegali a un post.

non ha creato nessun txt

prova a vedere in C:\ dovresti trovare i file .txt

metti i file trovati in una cartella e li comprimi con winrar

caricalo qui >>>>> www.wikisend.com