Olimpo Informatico

[bizietto]

ciao.. ho un portatile hp con windows vista (il portatile e' un dv6000),
quando mi collego ad internet uso una connessione wirless dell'H3g con la pennina HSDPA!!...
il mio problema e' nato da quando ho scaricato ares galaxy P2P dopo qualche giorno...facendo la scansione antivirus con AVG mi rilevava che il file che sta in SYSTEM32 ntoskrln.exe e' stato modificato (premetto che oltre ad AVG per proteggere il mio portatile uso ZONE ALARM e AD-AWARE...)
ecco alcuni tra i vari problemi che mi da quando va in circolo questo presunto virus:
1 clicco sul tasto destro del mouse e nn mi appare nulla sullo schermo
2 si impalla lo schermo e quando vado col puntatore del mouse per aprire le cartelle queste spariscono o si spostano
3 oppure se sulla barra delle applicazioni ho aperte due applicazioni tipo per esempio internet e documenti mi scambia i nomi e se clicchi su documenti apre internet o viceversa!!!
4 se clicco per riavviare il sistema o per arrestarlo...nn me lo fa fare almeno che nn lo spenga forzatamente da tasto!!
5 un'altra cosa importante e' che se ho aperto ARES e poi dopo un po' lo richiudo e faccio TASK MANAGER nei processi mi rimane ancora attivo ARES e nn mi fa terminare il processo!! bah...
sembra come se la ram(ho 1 giga) man mano che il virus e' in circolo sia sempre meno ...il pc va sempre piu' lento e alla fine si inchioda!
...ringraziandovi anticipatamente per la pazienza...vi allego il file LOG di HIJACKTHIS !!!!
grazie milleeeeeeeee!!!

ECCOLO:


Logfile of HijackThis v1.99.1
Scan saved at 10.33.49, on 16/01/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\conime.exe
C:\Users\bizietto\Desktop\SOFTWARE\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=71&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-2550XP OPTICAL MINI MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Center Agent] C:\Program Files\Empire\HyperMediaCenter\DTVR\Scheduled.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

[bdoriano]

Ciao bizietto,

il log di hijackthis evidenzia alcune voci strane... ma non so se considerarle pericolose o meno, dato che usi Windows Vista.

Segui le istruzioni di questo topic per postare il log di combofix.

Dopo, fai queste scansioni con GMER e posta i logs su FreeFileHosting come indicato qui.

PS: se vuoi, puoi presentarti qui

[bizietto]

questo è il file log di combofix:

ComboFix 08-01-09.2 - bizietto 2008-01-16 12.15.28.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1040.18.444 [GMT 1:00]
Eseguito da: C:\Users\bizietto\Desktop\ComboFix2.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2007-12-16 al 2008-01-16 )))))))))))))))))))))))))))))))))))
.

2008-01-16 12:14 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-16 09:35 . 2007-12-27 18:10 3,470,520 --a------ C:\ntoskrnl.exe
2008-01-12 15:01 . 2007-01-12 09:55 380,416 --a------ C:\Windows\System32\drivers\emBDA.sys
2008-01-12 15:01 . 2007-01-12 09:53 106,496 --a------ C:\Windows\System32\emPRP.ax
2008-01-12 15:01 . 2006-12-15 08:54 61,440 --a------ C:\Windows\emMON.exe
2008-01-12 15:01 . 2006-12-21 05:12 30,208 --a------ C:\Windows\System32\drivers\emOEM.sys
2008-01-12 15:01 . 2006-11-09 05:50 16,382 --a------ C:\Windows\System32\drivers\merlinC.rom
2008-01-12 14:58 . 2008-01-12 14:58 <DIR> d-------- C:\Program Files\Empire Multimedia
2008-01-12 14:58 . 2006-09-22 20:37 327,168 --a------ C:\Windows\IsUninst.exe
2008-01-11 13:15 . 2007-06-28 05:18 54,672 --a------ C:\Windows\System32\vsutil_loc0410.dll
2008-01-11 13:15 . 2008-01-11 13:15 5,571 --a------ C:\Windows\System32\vsconfig.xml
2008-01-11 13:05 . 2008-01-11 13:07 187,885,421 --a------ C:\Windows\MEMORY.DMP
2008-01-11 13:03 . 2008-01-11 13:15 <DIR> d-------- C:\Windows\System32\ZoneLabs
2008-01-11 13:03 . 2008-01-11 13:03 <DIR> d-------- C:\Users\All Users\CheckPoint
2008-01-11 13:03 . 2008-01-11 13:03 <DIR> d-------- C:\ProgramData\CheckPoint
2008-01-11 13:03 . 2007-06-28 05:17 1,086,952 --a------ C:\Windows\System32\zpeng24.dll
2008-01-11 13:02 . 2008-01-11 13:03 350,317 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-01-11 13:02 . 2007-06-28 05:18 270,224 --a------ C:\Windows\System32\drivers\vsdatant.sys
2008-01-11 12:47 . 2008-01-16 09:47 <DIR> d-------- C:\Windows\Internet Logs
2008-01-11 09:21 . 2008-01-11 09:21 804,352 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-11 09:21 . 2008-01-11 09:21 217,272 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-11 09:21 . 2008-01-11 09:21 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-11 09:21 . 2008-01-11 09:21 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-11 09:21 . 2008-01-11 09:21 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-11 09:18 . 2008-01-11 09:18 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-11 09:18 . 2008-01-11 09:18 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-11 09:17 . 2008-01-11 09:17 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-11 09:17 . 2008-01-11 09:17 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-11 09:17 . 2008-01-11 09:17 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-11 09:17 . 2008-01-11 09:17 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-11 09:17 . 2008-01-11 09:17 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-11 09:17 . 2008-01-11 09:17 25,656 --a------ C:\Windows\System32\drivers\msahci.sys
2008-01-11 09:17 . 2008-01-11 09:17 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-11 09:17 . 2008-01-11 09:17 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-01-11 09:15 . 2008-01-11 09:15 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-06 12:57 . 2008-01-06 12:57 <DIR> d-------- C:\Users\bizietto\AppData\Roaming\PeerNetworking
2008-01-02 09:53 . 2008-01-02 09:53 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2007-12-27 20:18 . 2007-12-27 20:18 <DIR> d-------- C:\Windows\MVUNINST
2007-12-27 20:18 . 2007-12-27 20:19 <DIR> d-------- C:\Program Files\SureThing
2007-12-27 20:18 . 1996-08-24 11:11 289,552 --a------ C:\Windows\System32\temp.001
2007-12-27 20:18 . 1993-10-14 17:51 28,672 --a------ C:\Windows\System32\temp.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 07:48 42,770 ----a-w C:\Users\bizietto\AppData\Roaming\nvModes.dat
2008-01-16 07:48 --------- d-----w C:\Users\bizietto\AppData\Roaming\AVG7
2008-01-12 14:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 14:02 --------- d-----w C:\ProgramData\CyberLink
2008-01-11 08:18 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-11 08:18 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-11 08:18 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-11 08:18 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-11 08:15 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-11 07:56 --------- d-----w C:\Program Files\Windows Mail
2008-01-11 07:46 --------- d-----w C:\ProgramData\avg7
2008-01-01 12:22 --------- d-----w C:\Users\bizietto\AppData\Roaming\Roxio
2007-12-27 19:18 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-12-24 19:12 2,596 ----a-w C:\Users\bizietto\AppData\Roaming\wklnhst.dat
2007-12-21 16:20 55,304 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2007-12-12 16:30 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 16:29 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 16:29 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 16:29 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 16:28 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 16:28 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 16:27 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 16:27 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 16:27 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 16:27 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 16:26 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 16:26 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-01 21:26 --------- d-----w C:\Users\bizietto\AppData\Roaming\eMule
2007-12-01 21:26 --------- d-----w C:\Program Files\eMule
2007-11-30 17:41 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-18 08:55 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-16 17:10 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-16 17:10 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-16 17:10 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-16 17:10 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-16 17:10 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-16 17:10 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-16 17:10 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-16 17:10 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-16 17:10 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-16 17:10 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-16 17:10 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-16 17:10 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-16 17:10 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-16 17:10 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-16 17:10 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-11-16 17:08 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-16 17:08 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-16 17:08 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-16 17:08 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-16 17:08 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-16 17:08 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2007-11-16 17:08 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-16 17:08 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-10-17 07:31 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
2007-09-11 07:44 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 09:15 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 16:15 221184]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"ares"="C:\Program Files\Ares\Ares.exe" [ ]
"Center Agent"="C:\Program Files\Empire\HyperMediaCenter\DTVR\Scheduled.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-31 13:04 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 01:50 1021224]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 16:32 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 12:39 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-25 01:13 77824]
"FLMOFFICE4DMOUSE"="C:\Program Files\Trust\MI-2550XP OPTICAL MINI MOUSE\Mouse32a.exe" [2007-07-28 15:57 370176]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-27 10:26 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-27 10:26 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-27 10:26 81920]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 17:20 579072]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 01:29 102400]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-28 05:17 959976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-27 10:22 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-10-17 08:31 9216 C:\Windows\System32\avgwlntf.dll

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 21:40]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 05:27]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2007-12-21 17:20]
R3 NETw4v32;Driver scheda Intel(R) Wireless WiFi Link per Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-21 10:51]
S3 BCM43XV;Driver della scheda di rete Broadcom Extensible 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
S3 bsusbser;H3G USB Device for Legacy Serial Communication;C:\Windows\system32\DRIVERS\bsusbser.sys [2006-12-20 10:01]
S3 NETw3v32;Driver per scheda di rete Intel(R) PRO/Wireless 3945ABG per Windows Vista a 32 bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 10:02]
S3 USB28xxBGA;USB 2870 Device;C:\Windows\system32\DRIVERS\emBDA.sys [2007-01-12 09:55]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2006-12-21 05:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c521c535-c406-11dc-ae4c-001b240954b2}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e273a02e-667d-11dc-b665-001b240954b2}]
\shell\AutoRun\command - F:\setup.exe

*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-16 10:34:00 C:\Windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 12:17:48
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-01-16 12.18.32
.
2008-01-11 08:50:19 --- E O F ---


questo è il link per la scansione gmer autostart:

http://www.freefilehosting.net/download/3ae4e

questo è il link per la scansione gmer rootkit:

http://www.freefilehosting.net/download/3ae4f

Ringrazio ed aspetto una tua risposta

[bdoriano]

Apparentemente i logs che hai inviato non presentano anomalie.

Scarica VirIt, installalo, aggiornalo (importante) e fai lo scan completo.

Dopo collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

[bizietto]

Questo e' il file della scansione di VIRLT :

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
17/01/2008 - 12:38:33

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: Non analizzato, mancano i privilegi di amministratore
BOOT SECTOR: Non analizzato, mancano i privilegi di amministratore


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 85430.
Files Totali: 85430.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.



Questo invece e' il link con la scansione di KARSPESKY :

http://www.freefilehosting.net/download/3af86

p.s. (non sono sicuro al 100% di averti inviato il corretto file della scansione di VIRLT...mi sono un po' impicciato.....speriamo bene!!!!)

Come al solito sicuro di una tua risposta ti ringrazio INFINITAMENTE !!

GRAZIEEEEEE!!!!!!

[Orange]

ciao.
Direi proprio che non si tratta di malware; forse il problema potrebbe dipendere da qualche incompatibilità...
Che versione hai di Ares? Hai provato a reinstallarlo?

[bizietto]

Guarda, la versione di ares che avevo installato.. nn la ricordo perche'ho cancellato tutto ...anche il setup!!

Tu avresti un free software da consigliarmi per i scambi di file P2P (tipo ares) magari con un basso rischio di infettare il PC....so' gia' che e' quasi impossibile!!...

E poi..un ultimo favore potresti anche consigliarmi qualche free software
per la protezione del mio notebook hp ?? !! anche piu' di uno basta che nn vadino in conflitto!!!!! ahahah!!!...tanto per scongiurare futuri problemi e quindi di riromperti le scatole!!!...

IL TUTTO CHE NON VADA IN CONFLITTO CON IL MIO VISTA DEL CAVOLO !!!

O', GRAZIE MILLE ...SE TI CONOSCESSI DI PERSONA MERITERESTI PIU' DI UN PRANZO O DI UNA CENA PAGATA PER LA PAZIENZA CHE HAI DIMOSTRATO !!

p.s. quando faccio la scansione con AVG (tanto per la cronaca ), a fine scansione mi continua a dire c:\windows\system32\ntoskrnl.exe

RESULT :CHANGED STATUS :CHANGED ...BA'...TU CHE DICI E' NORMALE!!??
GRAZIE ANCORA!

BIZIETTO

[Orange]