Olimpo Informatico

[jepix]

Ciao a tutti, sono nuovo e vi espongo il mio grandissimo problema:
ieri ho beccato un virus che mi ha prodotto i seguenti guai:
- blocco totale di tutti gli antivirus;
- average: applicazione w32 non valida;
- nod32 antivirus: applicazione w32 non valida;
- non funzionano emule, msn, ecc;
- internet explorer molto lento...
leggendo i vari post ho lanciato il progr. elibagla ed ho eliminato tutti i file infetti che mi trovava in mod. provvisoria;
ho fatto l'antivirus on line kaspersky che mi ha trovato 5 files infetti;
il progr. panda on line mi dà errore;
AIUTATEMI PER FAVORE .....è il mio pc di lavoro

[bdoriano]

Ciao jepix,

• Scarica VundoFix e VirtumundoBegone e salvali sul desktop.
  
• Avvia VundoFix
  Seleziona Scan for Vundo e a scansione terminata scegli Remove Vundo.
  Clicca Yes e alla richiesta di riavviare il Pc rispondi Ok.
  Al riavvio dovrebbe comparire il blocco-note con dentro il log, copia e posta sul forum il contenuto.
  
• Ora avvia in modalità provvisoria
  Avvia VirtumundoBeGone e segui le indicazioni a video.
  riavvia il Pc in modalità normale e posta il log.
  
• Segui le istruzioni di questo topic per postare il log di combofix.
  
• Fai anche un nuovo log di HijackThis e mettilo qui.

PS: se vuoi, puoi presentarti qui

[jepix]

ciao bdoriano ti ringrazio dell'aiuto...ti posto il log vundo fix:
VundoFix V6.7.8

Checking Java version...

Sun Java not detected
Scan started at 5.53.07 09/02/08

Listing files found while scanning....

C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe

Beginning removal...

Attempting to delete C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe
C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe Has been deleted!

Performing Repairs to the registry.
Done!

adesso provvedo a fare la scansione di virtumundobegone...
a dopo.....
grazie

[jepix]

Ti posto il log. di virtumundobegone:

[02/09/2008, 18:39:53] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\gcocola\Desktop\VirtumundoBeGone.exe" )
[02/09/2008, 18:40:00] - Detected System Information:
[02/09/2008, 18:40:00] - Windows Version: 5.1.2600, Service Pack 2
[02/09/2008, 18:40:00] - Current Username: gcocola (Admin)
[02/09/2008, 18:40:00] - Windows is in SAFE mode with Networking.
[02/09/2008, 18:40:00] - Searching for Browser Helper Objects:
[02/09/2008, 18:40:00] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/09/2008, 18:40:00] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[02/09/2008, 18:40:00] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[02/09/2008, 18:40:00] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/09/2008, 18:40:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/09/2008, 18:40:01] - No filename found. Continuing.
[02/09/2008, 18:40:01] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/09/2008, 18:40:01] - BHO 6: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[02/09/2008, 18:40:01] - Finished Searching Browser Helper Objects
[02/09/2008, 18:40:01] - Finishing up...
[02/09/2008, 18:40:01] - Nothing found! Exiting...

...continuo il processo....

[jepix]

Questo è il log. combofix:

ComboFix 08-02.05.3 - gcocola 2008-02-09 18.48.33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.192 [GMT 1:00]
Eseguito da: C:\Documents and Settings\gcocola\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Avvio\Programmi\DriveCleaner 2006
C:\Documents and Settings\All Users\Menu Avvio\Programmi\DriveCleaner 2006\DriveCleaner 2006 Manual.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\DriveCleaner 2006\DriveCleaner 2006 on the Web.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\DriveCleaner 2006\DriveCleaner 2006.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\DriveCleaner 2006\Feedback on Support Quality.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\DriveCleaner 2006\Report Software Defect.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\DriveCleaner 2006\Request for Instructions.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\DriveCleaner 2006\Share Your Suggestions.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\DriveCleaner 2006\Uninstall DriveCleaner 2006.lnk
C:\Documents and Settings\gcocola\Dati applicazioni\DriveCleaner 2006 Free
C:\Documents and Settings\gcocola\Dati applicazioni\DriveCleaner 2006 Free\Logs\update.log
C:\Documents and Settings\gcocola\Dati applicazioni\DriveCleaner 2006
C:\Documents and Settings\gcocola\Dati applicazioni\DriveCleaner 2006\Logs\Activate.log
C:\Programmi\File comuni\SystemDoctor
C:\Programmi\File comuni\SystemDoctor\err.log
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\14608325.exe
C:\WINDOWS\system32\drivers\down\14618229.exe
C:\WINDOWS\system32\drivers\down\14622335.exe
C:\WINDOWS\system32\drivers\down\14645238.exe
C:\WINDOWS\system32\drivers\down\14646059.exe
C:\WINDOWS\system32\drivers\down\14651768.exe
C:\WINDOWS\system32\drivers\down\14654131.exe
C:\WINDOWS\system32\drivers\down\14656004.exe
C:\WINDOWS\system32\drivers\down\14657886.exe
C:\WINDOWS\system32\drivers\down\14660991.exe
C:\WINDOWS\system32\drivers\down\14667470.exe
C:\WINDOWS\system32\drivers\down\14670905.exe
C:\WINDOWS\system32\drivers\down\14671516.exe
C:\WINDOWS\system32\drivers\down\14675542.exe
C:\WINDOWS\system32\drivers\down\14677555.exe
C:\WINDOWS\system32\drivers\down\14682161.exe
C:\WINDOWS\system32\drivers\down\14685596.exe
C:\WINDOWS\system32\drivers\down\14734667.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA


((((((((((((((((((((((((( Files Creati Da 2008-01-09 al 2008-02-09 )))))))))))))))))))))))))))))))))))
.

2008-02-09 18:54 . 2008-02-09 18:54 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-02-09 17:53 . 2008-02-09 18:29 <DIR> d-------- C:\VundoFix Backups
2008-02-09 16:13 . 2008-02-09 16:13 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-09 10:07 . 2008-02-09 16:39 250 --a------ C:\WINDOWS\gmer.ini
2008-02-08 20:26 . 2008-02-09 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-08 17:42 . 2008-02-09 13:11 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-08 16:59 . 2008-02-08 16:59 38 --a------ C:\Documents and Settings\gcocola\dell.bat
2008-02-08 13:13 . 2008-02-08 13:13 <DIR> d-------- C:\Programmi\EsetOnlineScanner
2008-02-08 11:15 . 2008-02-08 11:16 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-07 12:14 . 2006-05-19 10:20 27,648 --a------ C:\WINDOWS\system32\drivers\mcdevice.sys
2008-02-07 12:14 . 2006-05-14 23:18 17,024 --a------ C:\WINDOWS\system32\drivers\mcclib.sys
2008-02-07 12:14 . 2006-05-14 23:19 4,864 --a------ C:\WINDOWS\system32\drivers\mcctl.sys
2008-02-06 18:22 . 2008-02-06 18:22 349,964 --a----t- C:\WINDOWS\system32\drivers\JiaoCap.sys
2008-02-06 18:22 . 2008-02-06 18:22 7,416 --a----t- C:\WINDOWS\system32\drivers\JiaoIO.sys
2008-02-06 18:18 . 2008-02-06 18:18 <DIR> d-------- C:\WINDOWS\Ñ­æ?
2008-01-31 12:51 . 2008-01-31 12:58 <DIR> d-------- C:\Documents and Settings\gcocola\Dati applicazioni\DivX
2008-01-31 12:49 . 2008-01-31 12:49 <DIR> d-------- C:\Programmi\DivX
2008-01-31 12:49 . 2008-01-04 22:58 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-01-31 12:49 . 2008-01-04 22:58 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-31 12:49 . 2008-01-04 22:58 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-26 11:55 . 2008-01-26 11:55 268 --ah----- C:\sqmdata02.sqm
2008-01-26 11:55 . 2008-01-26 11:55 244 --ah----- C:\sqmnoopt02.sqm
2008-01-15 20:48 . 2008-01-15 20:48 <DIR> d-------- C:\Programmi\MSBuild
2008-01-15 20:48 . 2008-01-15 20:48 <DIR> d-------- C:\Programmi\Microsoft Works
2008-01-15 20:45 . 2008-01-15 20:45 <DIR> d-------- C:\Programmi\Microsoft.NET
2008-01-15 20:42 . 2008-01-15 20:42 <DIR> d-------- C:\Programmi\Microsoft Visual Studio 8
2008-01-15 20:38 . 2008-01-23 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-01-11 17:48 . 1998-10-07 09:21 29,184 --a------ C:\WINDOWS\system32\Popup.ocx
2008-01-11 17:46 . 1998-07-30 06:24 192,784 --------- C:\WINDOWS\system32\Tabctl32.ocx
2008-01-11 16:22 . 2008-01-11 16:29 168 --a------ C:\WINDOWS\CDPLAYER.UNI
2008-01-11 16:21 . 2008-01-11 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-01-11 16:20 . 2008-02-09 18:24 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor
2008-01-09 12:33 . 2008-02-06 16:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-09 12:33 . 2008-01-09 12:33 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 19:41 --------- d-----w C:\Programmi\ESET
2008-02-08 19:31 218,112 -c--a-w C:\Programmi\HijackThis.exe
2008-02-08 09:34 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2008-02-08 09:06 2,698,752 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-02-08 09:05 2,698,752 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-08 09:05 2,698,752 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-08 09:05 2,698,752 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-06 12:03 2,689,024 ----a-w C:\WINDOWS\Internet Logs\xDB1624.tmp
2008-02-06 12:03 16,384 ----a-w C:\WINDOWS\Internet Logs\xDB1625.tmp
2008-02-06 12:02 626,688 ----a-w C:\WINDOWS\Internet Logs\xDB15FF.tmp
2008-02-06 12:02 2,689,024 ----a-w C:\WINDOWS\Internet Logs\xDB15FE.tmp
2008-02-06 10:51 2,689,024 ----a-w C:\WINDOWS\Internet Logs\xDB13D6.tmp
2008-02-06 10:51 102,912 ----a-w C:\WINDOWS\Internet Logs\xDB13D7.tmp
2008-02-06 10:46 398,848 ----a-w C:\WINDOWS\Internet Logs\xDB13D2.tmp
2008-02-06 10:46 2,692,608 ----a-w C:\WINDOWS\Internet Logs\xDB13D1.tmp
2008-02-06 10:30 67,072 ----a-w C:\WINDOWS\Internet Logs\xDB1385.tmp
2008-02-06 10:30 2,689,024 ----a-w C:\WINDOWS\Internet Logs\xDB1384.tmp
2008-02-06 10:27 2,996,736 ----a-w C:\WINDOWS\Internet Logs\xDB1371.tmp
2008-02-06 10:27 2,697,728 ----a-w C:\WINDOWS\Internet Logs\xDB1370.tmp
2008-02-05 18:49 21,840 -c--atw C:\WINDOWS\system32\SIntfNT.dll
2008-02-05 18:49 17,212 -c--atw C:\WINDOWS\system32\SIntf32.dll
2008-02-05 18:49 12,067 -c--atw C:\WINDOWS\system32\SIntf16.dll
2008-02-02 19:18 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-02-02 18:04 --------- d-----w C:\Programmi\VirtualDub-1.6.14
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-17 19:15 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-17 19:15 --------- d-----w C:\Programmi\Epheso I.A
2007-12-14 11:30 --------- d-----w C:\Programmi\Codice Fiscale
2007-11-30 16:58 2,944,000 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2007-11-30 16:57 2,495,488 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-10-18 13:45 14,041 -c--a-w C:\Programmi\hijackthis.log
2006-08-28 16:12 457 -c--a-w C:\Programmi\INSTALL.LOG
2003-04-22 19:02 135,168 ----a-w C:\Programmi\AVIPreview.exe
1999-07-11 18:28 276,992 -c--a-w C:\Programmi\MpgJoin.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-08 11:06 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"Uniblue RegistryBooster 2"="D:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-05-16 09:18 1856544]
"Uniblue RegistryBooster2"="D:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-05-16 09:18 1856544]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2005-05-09 10:05 717037]
"SpybotSD TeaTimer"="D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-02-08 17:45 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-06-16 19:53 110592]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-06-16 19:53 512000]
"QCWLICON"="C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 03:30 81920]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 11:04 208896]
"TPKMAPHELPER"="C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 18:39 897024]
"TP4EX"="tp4ex.exe" [2002-09-04 01:05 53248 C:\WINDOWS\system32\TP4EX.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-02 01:05 127035]
"AdslTaskBar"="stmctrl.dll" [2006-05-10 04:17 155648 C:\WINDOWS\system32\stmctrl.dll]
"Acrobat Assistant 7.0"="D:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 19:52 483328]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-10-09 18:46:45 25214]
BlueSoleil.lnk - C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-06-13 17:54:09 1179648]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 11:43:54 11000]
ZoneAlarm Pro.lnk - C:\Programmi\Zone Labs\ZoneAlarm\zapro.exe [2005-12-16 16:00:59 422984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2004-08-18 03:30 258048 C:\WINDOWS\system32\QConGina.dll

R0 mcctl;mcctl;C:\WINDOWS\system32\drivers\mcctl.sys [2006-05-14 23:19]
R0 St323dk;St323dk;C:\WINDOWS\system32\drivers\St323dk.sys [2002-10-13 19:24]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2004-08-18 03:30]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2004-08-18 03:30]
R3 mcdevice;mcdevice;C:\WINDOWS\system32\DRIVERS\mcdevice.sys [2006-05-19 10:20]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 05:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-04-13 07:55]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S2 Ca504bv;Icatch(VII) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca504bv.sys [2002-10-21 11:37]
S2 gafwload;GlobeSpan USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys []
S2 ipx;TCP-IP Service;C:\WINDOWS\system32\wbem\ipxserv.exe []
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 15:32]
S3 NwlnkFlt;Driver filtro traffico IPX;C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [2002-09-10 13:00]
S3 NwlnkFwd;Driver inoltratore traffico IPX;C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [2002-09-10 13:00]
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2004-08-18 03:30]
S3 USBCamera;Icatch(VII) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk504B.sys [2002-07-25 11:19]
S4 Boonty Games;Boonty Games;"C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe" [2006-09-14 15:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bdda14d-3130-11dc-aba5-0020e07d8962}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-08 08:00:00 C:\WINDOWS\Tasks\LTKRN80N.job"
- C:\Scaricamenti\ltkrn80n\LTKRN80N.DLL
"2008-02-08 09:44:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- D:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-01 08:44:57 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- D:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 18:56:08
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
.
**************************************************************************
.
Ora fine scansione: 2008-02-09 18:57:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-09 17:57:26
.
2008-01-17 15:17:19 --- E O F ---


Questo è il log. hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06, on 09/02/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Programmi\Zone Labs\ZoneAlarm\zapro.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Documents and Settings\gcocola\Impostazioni locali\Temporary Internet Files\Content.IE5\W3DYZVM2\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finanzaefuturo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.alicebusiness.it/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] D:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\JavaSoft\JRE\1.3.1_13\bin\npjava131_13.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\JavaSoft\JRE\1.3.1_13\bin\npjava131_13.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - D:\Programmi\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - D:\Programmi\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08021F56-D061-4E42-A2DF-1BA7123FD511}: NameServer = 212.216.172.62,212.216.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE0CDA28-7113-4D31-A8E4-D7321C173D9E}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{08021F56-D061-4E42-A2DF-1BA7123FD511}: NameServer = 212.216.172.62,212.216.112.112
O17 - HKLM\System\CS2\Services\Tcpip\..\{08021F56-D061-4E42-A2DF-1BA7123FD511}: NameServer = 212.216.172.62,212.216.112.112
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: TCP-IP Service (ipx) - Unknown owner - C:\WINDOWS\system32\wbem\ipxserv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 9249 bytes


...Aspetto tue indicazioni!!!!!

GRAZIE.

[bdoriano]

Fai queste scansioni con GMER (sono 2: autostart e rootkit) e posta i logs su FreeFileHosting come indicato qui.

[jepix]

buongiorno....

scusami bdoriano non ho capito cosa bisogna fare dopo aver selezionato il link "forum link"

[jepix]

non so se li ho postati bene in freefilehosting comunque li posto anche qui per sicurezza:

edit by bdoriano: log eliminato perché incompleto. I logs vanno caricati su FreeFileHosting come indicato qui.
Una volta postati su freefilehosting, devi copiare il link che ti viene assegnato e incollarlo nel messaggio di risposta.
NON devi copiare qui il log, ma solo il link che ti viene assegnato.

Per cortesia fatemi sapere qualcosa!!!!...Non vorrei formattare il pc!!!!

Grazie.

[bdoriano]

Combofix ha fatto un bel repulisti.
Il log di gmer, da quello che ho potuto vedere, sembra pulito.

Però, dovresti postare (incollare) qui i links dei logs che hai caricato su freefilehosting.

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

[jepix]

Buongiorno a tutti....

ecco il link del log gmer-rootkit:

gmer-rootkit2.txt

gmer-autostart:

gmer-autostart3.txt

Provvedo a fare lo scan on-line di kaspersky...

grazie

[jepix]

questo è il link dello scan kaspersky on line:

kaspersky on line.html



Aspetto indicazioni...

Grazie

[bdoriano]

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[jepix]

Invio il log hijackthis dopo cancellazione con averange:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:14, on 11/02/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Programmi\Zone Labs\ZoneAlarm\zapro.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\gcocola\Impostazioni locali\Temporary Internet Files\Content.IE5\NSH20LCD\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finanzaefuturo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.alicebusiness.it/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] D:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\JavaSoft\JRE\1.3.1_13\bin\npjava131_13.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\JavaSoft\JRE\1.3.1_13\bin\npjava131_13.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - D:\Programmi\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - D:\Programmi\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5226/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08021F56-D061-4E42-A2DF-1BA7123FD511}: NameServer = 212.216.172.62,212.216.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE0CDA28-7113-4D31-A8E4-D7321C173D9E}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{08021F56-D061-4E42-A2DF-1BA7123FD511}: NameServer = 212.216.172.62,212.216.112.112
O17 - HKLM\System\CS2\Services\Tcpip\..\{08021F56-D061-4E42-A2DF-1BA7123FD511}: NameServer = 212.216.172.62,212.216.112.112
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: TCP-IP Service (ipx) - Unknown owner - C:\WINDOWS\system32\wbem\ipxserv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 9665 bytes


Ti premetto che ho risolto i seguenti problemi:

- firewall windows (che funziona);
- apertura emule, msn, ares;

ma ho i seguenti problemi:

- barra applicazione attiva dopo 3 minuti dall'apertura;
- aperture pagine internet explorer dopo 3 minuti;
- antivirus (nod32, kaspersky): applicazione w32 non valida;
- hijackthis : applicazione w32 non valida (funziona solo facendo l'eseguibile direttamente dal sito senza installarlo;
- ad-aware non fa l'aggiornamento;
- zonealarm non funziona;
- spy-bot: applicazione w32 non valida.


Grazie

[bdoriano]

Probabilmente c'è qualcos'altro.

Fai questa scansione con SystemScan e posta il log su FreeFileHosting come indicato qui.

[jepix]

Buongiorno a tutti...

allego il il link del report di systemscan:

report53.txt

Aspetto notizie

Grazie di Cuore

[jepix]

Buongiorno a tutti...

ieri sono riuscito ad installare kaspersky ed a fare la scansione che non ha rilevato alcun virus però ho sempre il grave problema che all'accensione la barra delle applicazioni per attivarsi ci vogliono oltre 2 minuti e soprattutto che per aprire le pagine di internet explorer ci vogliono ogni volta oltre 3 minuti....

Vi prego datemi indicazioni su come risolvere il problema

grazie

[bdoriano]

Puoi postare un log aggiornato di hijackthis?

[jepix]

Buongiorno a tutti...

Invio il log aggiornato di hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06, on 2008-02-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Zone Labs\ZoneAlarm\zapro.exe
D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmi\internet explorer\iexplore.exe
D:\Programmi\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
D:\Programmi per virus\HiJackThis2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finanzaefuturo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [kis] "D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] D:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Aggiungi a Kaspersky Anti-Banner - D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\JavaSoft\JRE\1.3.1_13\bin\npjava131_13.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\JavaSoft\JRE\1.3.1_13\bin\npjava131_13.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5226/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08021F56-D061-4E42-A2DF-1BA7123FD511}: NameServer = 212.216.172.62,212.216.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE0CDA28-7113-4D31-A8E4-D7321C173D9E}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{08021F56-D061-4E42-A2DF-1BA7123FD511}: NameServer = 212.216.172.62,212.216.112.112
O17 - HKLM\System\CS2\Services\Tcpip\..\{08021F56-D061-4E42-A2DF-1BA7123FD511}: NameServer = 212.216.172.62,212.216.112.112
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: TCP-IP Service (ipx) - Unknown owner - C:\WINDOWS\system32\wbem\ipxserv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 9598 bytes


Grazie davvero tanto.

[jepix]

....a proposito ieri kaspersky mi ha fatto cancellare una toolbar di google ed mi ha risolto il problema dell'apertura a "rilento" delle pagine di internet explorer....

però ho sempre il problema all'accensione che la barra delle applicazioni si blocca per oltre 3 minuti prima che ritorni a funzionare...

Grazie ancora.

[bdoriano]

L'unica voce probabilmente da eliminare: