Olimpo Informatico

[Trinidad]

Ciao a tutti.

Sono stato infettato da networm-i.virus e forse non solo.
Ho fatto un Log con Hijackthis, potreste dare uno sguardo?

---------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11.08.30, on 28/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Video Add-on\icthis.exe
C:\Programmi\Video Add-on\isfmntr.exe
C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Video Add-on\icmntr.exe
C:\Programmi\Video Add-on\isfmm.exe
C:\Programmi\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\TEMP\ET23EC.EXE
C:\WINDOWS\system32\DWRCS.EXE
C:\WINDOWS\system32\DWRCST.exe
C:\Programmi\Trend Micro\OfficeScan Client\pccnt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmi\Internet Explorer\iexplore.exe
\srv-filer\share\Centro_Assistenza\Esterne_Clienti\SI\software drivers Pach & manuali vari\Utility\antivirus_spyware\HijakThis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TBSB00160 - {B629A5B8-6C0D-4BC3-86AA-F9A289719E9F} - C:\Programmi\PagineGialle Visual Toolbar\PagineGialle VisualToolbar\visual.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Programmi\Video Add-on\isfmdl.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BlockAds] "C:\Programmi\Tweak-XP Pro 3\Windows Vista.exe"
O4 - HKCU\..\Run: [AdwareAlert] C:\Programmi\AdwareAlert\AdwareAlert.exe -boot
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programmi\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programmi\Video Add-on\isfmntr.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\Browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\Browseui.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5245 bytes

---------------------------------------------------------------------------------

Il mio Pc è messo molto male?
Aspetto un vostro consiglio
Grazie anticipatamente.

Felix Trinidad

[Sante62]

Ciao Trinidad e benvenuto
disattiva il ripristino di sistema e avvia il PC in modalità provvisoria
Avvia HjT, seleziona queste righe e premi poi fix Checked:

[Trinidad]

Scusa se ti ripondo solo ora.

non avevo software e ho trovato questo link http://forum.zeusnews.com/viewtopic.php?t=20301

ho seguito le indicazioni ma sconsiglio Bit Defender 8 Free perchè al contrario di quanto si dica, ha creato conflitti bloccando il mio pc che si è ripreso solo dopo averlo disinstallato.

il mio log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10.15.34, on 31/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
D:\software\Virus\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CorelCorelDRAW10 Reminder] "C:\Programmi\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Programmi\Corel\Graphics10\Register\NavLoad.ini"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Programmi\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195748195282
O16 - DPF: {88D969C1-F192-11D4-A65F-0040963251E5} (Free Threaded XML DOM Document 4.0) -
O17 - HKLM\Software\..\Telephony: DomainName = akhela.com
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

--
End of file - 5540 bytes


questo forum è GENIALE!!!

[Sante62]

OK, il log di HJT sembra pulito.
Avrei bisogno però del log di Combofix e RogueRemover...

[Trinidad]

Ciao,

Log di Combofix:

ComboFix 08-02.01.5 - ssulis 2008-02-01 11:14:08.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.665 [GMT 1:00]
Eseguito da: C:\Documents and Settings\ssulis\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Creati Da 2008-01-01 al 2008-02-01 )))))))))))))))))))))))))))))))))))
.

2008-01-31 13:24 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-31 13:22 . 2008-01-31 13:22 <DIR> d-------- C:\Programmi\SpywareBlaster
2008-01-30 17:41 . 2008-01-30 17:43 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-30 12:08 . 2008-01-30 12:08 <DIR> d-------- C:\Documents and Settings\ssulis\Dati applicazioni\Grisoft
2008-01-30 12:08 . 2008-01-30 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-01-30 12:07 . 2008-01-30 17:21 121 --a------ C:\WINDOWS\bdagent.INI
2008-01-30 12:02 . 2008-01-30 12:02 <DIR> d-------- C:\Programmi\File comuni\BitDefender
2008-01-30 12:02 . 2008-01-30 12:02 <DIR> d-------- C:\Programmi\BitDefender
2008-01-30 11:53 . 2008-01-30 17:34 <DIR> d-------- C:\Programmi\a-squared Anti-Malware
2008-01-30 11:49 . 2008-01-30 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-01-30 10:51 . 2008-01-30 10:51 <DIR> d-------- C:\Programmi\DivX
2008-01-29 15:30 . 2008-01-29 15:31 <DIR> d-------- C:\Documents and Settings\ssulis\Dati applicazioni\DameWare Development
2008-01-29 15:21 . 2008-01-29 15:21 <DIR> d-------- C:\Programmi\DameWare Development
2008-01-28 12:36 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-01-28 11:40 . 2008-01-28 11:40 <DIR> d-------- C:\VundoFix Backups
2008-01-25 12:27 . 2008-01-25 12:31 <DIR> d-------- C:\Programmi\Corel
2008-01-25 12:27 . 2008-01-25 12:27 <DIR> d-------- C:\Documents and Settings\ssulis\Dati applicazioni\Corel
2008-01-25 12:23 . 2008-01-25 12:38 <DIR> d-------- C:\WINDOWS\Corel
2008-01-25 12:12 . 2008-01-25 12:12 <DIR> d-------- C:\Programmi\File comuni\Adobe Systems Shared
2008-01-25 12:12 . 2008-01-25 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Macrovision
2008-01-24 14:05 . 2008-01-24 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Last.fm
2008-01-24 14:04 . 2008-01-29 17:32 <DIR> d-------- C:\Programmi\Last.fm
2008-01-21 13:24 . 2008-01-21 13:27 <DIR> d-------- C:\Documents and Settings\ssulis\Dati applicazioni\U3
2008-01-15 11:46 . 2008-01-15 11:46 <DIR> d-------- C:\Programmi\Innovative Solutions
2008-01-15 11:20 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-01-14 12:55 . 2008-01-30 10:52 1,394 --a------ C:\WINDOWS\mozver.dat
2008-01-14 11:23 . 2008-01-14 11:23 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-01-14 11:23 . 2008-01-14 11:23 <DIR> d-------- C:\Programmi\D-Tools
2008-01-14 11:23 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-01-14 11:23 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-01-14 09:56 . 2008-01-14 09:56 <DIR> d-------- C:\Programmi\sapinst_instdir
2008-01-14 09:56 . 2008-01-14 09:57 <DIR> d-------- C:\Documents and Settings\ssulis\.sdtgui
2008-01-10 17:00 . 2008-01-31 18:31 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-10 17:00 . 2008-01-10 17:10 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-10 16:59 . 2008-01-10 16:59 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-01-10 16:59 . 2008-02-01 11:12 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-10 16:59 . 2008-02-01 11:08 7,130,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-10 16:59 . 2008-02-01 11:06 354,336 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-10 16:59 . 2008-01-31 10:17 99,944 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-10 16:59 . 2008-01-31 10:17 37,364 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-10 15:44 . 2008-01-10 15:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-10 15:42 . 2008-01-10 15:42 <DIR> d-------- C:\Documents and Settings\ssulis\Dati applicazioni\Media Player Classic
2008-01-10 15:40 . 2008-01-10 15:40 <DIR> d-------- C:\Programmi\Lavasoft
2008-01-10 15:40 . 2008-01-10 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-01-10 15:39 . 2008-01-29 15:28 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-01-10 15:17 . 2008-01-10 15:17 <DIR> d-------- C:\Programmi\CHIP System Check Tool
2008-01-10 15:17 . 2007-05-12 09:24 77,824 --a------ C:\WINDOWS\system32\DriveInfo.dll
2008-01-10 15:17 . 2007-05-12 09:24 32,768 --a------ C:\WINDOWS\system32\chipxum.dll
2008-01-10 15:00 . 2008-01-15 10:48 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-01-10 15:00 . 2008-01-15 10:48 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-01-09 17:20 . 2008-01-09 17:20 <DIR> d-------- C:\Programmi\PrivacyEraser Computing
2008-01-08 16:46 . 2008-01-10 14:53 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-01-08 16:46 . 2004-08-19 14:39 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-08 16:45 . 2008-01-08 16:45 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-08 16:45 . 2008-01-15 10:46 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-08 11:26 . 2008-01-08 11:26 <DIR> d-------- C:\Programmi\Mediacenter 1.0a
2008-01-08 11:25 . 2008-01-08 11:25 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-01-08 11:25 . 2008-01-10 15:22 <DIR> d-------- C:\Programmi\Coolstreaming_Tool-Bar_v1.0
2008-01-08 11:23 . 2008-01-08 11:23 <DIR> d-------- C:\Programmi\Mediacenter
2008-01-07 17:34 . 2008-01-07 17:34 <DIR> d-------- C:\Programmi\File comuni\Adobe AIR
2008-01-07 17:23 . 2008-01-07 17:23 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-01-07 17:03 . 2008-01-07 17:03 <DIR> d-------- C:\Documents and Settings\ssulis\Dati applicazioni\ATI
2008-01-07 17:03 . 2001-08-17 22:07 56,960 --a------ C:\WINDOWS\system32\drivers\aic78xx.sys
2008-01-07 17:03 . 2001-08-17 22:07 56,960 --a--c--- C:\WINDOWS\system32\dllcache\aic78xx.sys
2008-01-07 15:08 . 2008-01-07 15:08 <DIR> d-------- C:\Programmi\Clever Age
2008-01-07 15:07 . 2008-01-07 15:07 <DIR> d-------- C:\Programmi\Microsoft.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 11:12 --------- d-----w C:\Programmi\File comuni\Adobe
2008-01-25 11:09 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-01-25 11:07 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-10 14:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-12-21 14:37 --------- d-----w C:\Programmi\Google
2007-12-21 08:44 --------- d-----w C:\Programmi\MSECache
2007-12-20 15:35 --------- d-----w C:\Programmi\Black Bean
2007-12-11 15:37 --------- d-----w C:\Programmi\Java
2007-12-11 15:36 --------- d-----w C:\Programmi\File comuni\Java
2007-12-11 14:30 --------- d-----w C:\Programmi\VideoLAN
2007-12-11 14:30 --------- d-----w C:\Documents and Settings\ssulis\Dati applicazioni\vlc
2007-12-10 10:48 --------- d-----w C:\Programmi\Ashampoo
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-07 09:27 727,552 ----a-w C:\WINDOWS\system32\lsasrv.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AAWTray"="C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53 88024]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
"DAEMON Tools-1033"="C:\Programmi\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"CorelCorelDRAW10 Reminder"="C:\Programmi\Corel\Graphics10\Register\NAVBrowser.exe" [2000-10-19 00:10 208896]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

C:\Documents and Settings\ssulis\Menu Avvio\Programmi\Esecuzione automatica\
Last.fm Helper.lnk - C:\Programmi\Last.fm\LastFMHelper.exe [2008-01-24 14:04:47 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DAEMON Tools-1033"="C:\Programmi\D-Tools\daemon.exe" -lang 1033
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ATICCC"="c:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"AAWTray"=C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04ebea51-a189-11dc-98f3-0015609f4899}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1326dd8d-c667-11dc-b9af-0015609f4899}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 11:16:24
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-01 11:17:49
ComboFix-quarantined-files.txt 2008-02-01 10:17:46
.
2008-01-09 11:02:20 --- E O F ---
[/color]


Invece RogueRemover non mi fa il Log perciò ho fatto un nuovo L.. con HijackThis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:26, on 2008-02-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Last.fm\LastFMHelper.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\software\Virus\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CorelCorelDRAW10 Reminder] "C:\Programmi\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "C:\Programmi\Corel\Graphics10\Register\NavLoad.ini"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Programmi\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195748195282
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

--
End of file - 5857 bytes


Fammi sapere che ne pensi.

Ciao

[Sante62]

Si, avevo dimenticato che RogueRemover non rilasca log. Ma hai visto se ha eliminato qualcosa?.
Adesso fai una scansione con Norman Malware Cleaner
disattiva il ripristino di sistema e avvia il PC in modalità provvisoria
Avvia Norman Malware Cleaner.
Viene generato un log sul desktop chiamandolo NFix_2008-01-gg_hh-mm-ss.log, alla fine della scansione postalo qui.

[Trinidad]

Norman_Malware_Cleaner Log.
Eccolo...

Norman Malware Cleaner
Copyright © 1990 - 2007, Norman ASA. Built 2008/01/21 17:03:23

Norman Scanner Engine Version: 5.91.08
Nvcbin.def Version: 5.90.00, Date: 2008/01/21 17:03:23, Variants: 1190495

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2
Logged on user: PCBEST\Administrator

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Scan started: 01/02/2008 14:47:33


Scanning running processes and process memory...

Number of processes/threads found: 543
Number of processes/threads scanned: 543
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 11s


Scanning file system...

Scanning: C:\*.*

C:\Programmi\Mediacenter\Mediacenter0.4-by Coolstreaming.exe (Infected with W32/Smalltroj.BMBV)
Deleted file

Scanning: D:\*.*

D:\maserizzati\Software\emule\Incoming\Ennio Morricone - (Dir-John Carpenter) (1981) - The Thing Ost(192K).rar/CMT (Error whilst scanning file: I/O Error)

D:\maserizzati\Software\game\[Program] Daemon-Tools.3.41.multilanguage+Plugins.zip/CMT (Error whilst scanning file: I/O Error)

D:\maserizzati\Software\game\[Program] Daemon-Tools.3.41.multilanguage+Plugins.zip/RR (Error whilst scanning file: I/O Error)

D:\software\per usare piu so\Parallels Workstation v2.2 chip 1 pg80 .rar/keygen.exe (Infected with Suspicious_F.gen)
Deleted file

Scanning: E:\*.*

Scanning: c:\System Volume Information\*.*


Running post-scan cleanup routine:

Number of files found: 90599
Number of archives unpacked: 544
Number of files scanned: 90576
Number of files not scanned: 23
Number of files skipped due to exclude list: 0
Number of infected files found: 2
Number of infected files repaired/deleted: 2
Number of infections removed: 2
Total scanning time: 44m 53s

[Sante62]

Se non sbaglio possiedi Kaspersky antivirus; procedi con la scansione del PC, postando quì il risultato....

[Trinidad]

Log Kaspersky

Ciao


edit by bdoriano: log eliminato perché incompleto. I logs lunghi vanno caricati su FreeFileHosting come indicato qui.

[Trinidad]

Ok... ricevuto...

ecco il link

[URL="http://www.freefilehosting.net/files/3be1b"]1 febbraio.txt[/URL]

ciao

[Trinidad]

scusate...

http://www.freefilehosting.net/download/3be1b

[Sante62]

Gli unici file infetti si trovano nei messaggi in arrivo o eliminati di Outlook Express, quindi eliminali; elimina anche i residui dell'installazione di Bitdefender...Utilizza CCleaner; Avvialo e clicca su opzioni->Avanzate, e togli la spunta da "elimina file solo se più vecchi di 48 ore"
Utilizza l'opzione Pulizia e poi clicca su Analizza; alla fine clicca su Avvia Pulizia. Fai la stessa cosa con l'opzione Trova problemi; eliminerà una serie di chiavi di registro inutili. Dimmi se riscontri ancora problemi..

[Trinidad]

Ok, il pc risulta pulito, veloce e affidabile.
Grazie mille di tutto il supporto, sei stato Grande


Ciao
Trinidad

[Sante62]