Olimpo Informatico

[bastardinside]

In tutto questo Riverside se non c'è nient'altro che tu possa fare o comunque pensi, che io non voglia o non sappia darti una mano, e quindi, vuoi lasciar perdere, fammelo sapere...magari tento altre strade...aldilà di questo, anche se non sembra, ho apprezzato veramente l'aiuto datomi finora... di tutto...

[bastardinside]

C'è nessuno ...una risposta sarebbe ben accetta, anche negativa, almeno così mi metterei l'anima in pace e mi rassegnerei a questo virus ...fatemi sapere perfavore qualcosa ...

[Sante62]

Allora, intanto scusate se mi intrometto....

bastardinside, liberati degli antivirus superflui e decidi quale tenere, ovviamente uno solo, tranne Norton;

di antispyware ne puoi installare più di uno che non vanno in conflitto sia tra di loro che con l'antivirus, a patto che ne tieni solo uno con la protezione in tempo reale es Spybot Search & Destroy e/o AVG Antispyware;

non so se li hai già installati nel PC perchè non ho avuto la possibilità di leggere il log di HJT;

ti consigilerei di fare le scansioni con quelli, visto che il problema è ancora quell'adware che riscontri;

dopo scaricati Combofix seguendo le istruzioni di questa discussione postando il risultato come indicato;

di Spybot e AVG Antispyware non c'è bisogno di allegare log, basta che correggi i problemi che trovano....

[bastardinside]

Grazie Sante62 per l'aiuto...questo è il logo di Combofix:

ComboFix 08-03-10.1 - bastardinside 2008-03-13 13:39:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.531 [GMT 1:00]
Eseguito da: E:\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Desktop\webmediaplayer.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Condizioni generali.url
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Disinstalla.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Riservatezza.url
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.url
C:\Programmi\webmediaplayer
C:\Programmi\webmediaplayer\resources\languages_v2.xml
C:\Programmi\webmediaplayer\resources\webmedias
C:\Programmi\webmediaplayer\skins\classic.skn
C:\Programmi\webmediaplayer\sqlite3.dll
C:\Programmi\webmediaplayer\uninst.exe
C:\Programmi\webmediaplayer\WebMediaPlayer.exe
C:\WINDOWS\recover.reg

.
((((((((((((((((((((((((( Files Creati Da 2008-02-13 al 2008-03-13 )))))))))))))))))))))))))))))))))))
.

2008-03-13 01:14 . 2008-03-13 01:14 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-03-13 01:14 . 2008-03-13 01:18 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-03-12 16:16 . 2008-03-12 16:16 268 --ah----- C:\sqmdata14.sqm
2008-03-12 16:16 . 2008-03-12 16:16 244 --ah----- C:\sqmnoopt14.sqm
2008-03-11 14:01 . 2008-03-11 14:01 <DIR> d-------- C:\Programmi\PicLensIE
2008-03-11 13:55 . 2008-03-13 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WholeSecurity
2008-03-11 13:47 . 2008-03-11 13:49 <DIR> d-------- C:\WINDOWS\system32\it-it
2008-03-11 13:43 . 2008-03-11 13:49 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-03-11 13:41 . 2007-12-07 03:04 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-11 13:41 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-11 13:41 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-11 13:41 . 2007-12-07 03:04 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-11 13:41 . 2007-12-07 03:04 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-11 13:41 . 2007-12-07 03:04 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-11 13:41 . 2007-12-07 03:04 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-11 13:41 . 2007-12-07 03:04 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-11 13:41 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-11 13:37 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-03-10 23:59 . 2008-03-10 23:59 <DIR> d-------- C:\fsaua.data
2008-03-10 23:55 . 2008-03-10 23:55 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-10 23:55 . 2008-03-13 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-03-10 23:16 . 2008-03-13 00:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
2008-03-06 16:14 . 2008-03-07 15:40 <DIR> d-------- C:\Documents and Settings\bastardinside\Dati applicazioni\dvdcss
2008-03-05 12:39 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-05 12:39 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-05 12:39 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-05 12:39 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-05 12:39 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-05 12:39 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-05 12:38 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-05 12:38 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-05 12:27 . 2008-03-05 12:32 <DIR> d-------- C:\Documents and Settings\bastardinside\Dati applicazioni\CamTrack
2008-03-05 12:24 . 2007-02-28 13:00 108,752 --a------ C:\WINDOWS\system32\drivers\dptrackerd.sys
2008-03-04 23:24 . 2008-03-13 13:31 30,277,664 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-04 23:24 . 2008-03-13 01:24 307,292 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-04 14:06 . 2008-03-04 23:44 <DIR> d-------- C:\Programmi\LiveKillCleanMessenger
2008-03-04 14:06 . 2008-03-04 14:06 <DIR> d-------- C:\Documents and Settings\bastardinside\Dati applicazioni\Live-Prod
2008-03-04 13:42 . 2008-03-04 13:42 <DIR> d-------- C:\Programmi\DustBuster
2008-03-04 12:50 . 2008-03-04 12:50 <DIR> d-------- C:\Programmi\CCleaner
2008-03-03 23:55 . 2008-03-04 13:44 <DIR> d-------- C:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-03-03 11:15 . 2008-03-03 11:15 <DIR> d-------- C:\Programmi\Panda Security
2008-03-03 10:32 . 2008-03-03 10:32 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-03-03 10:31 . 2008-03-03 10:44 <DIR> d-------- C:\Documents and Settings\bastardinside\Dati applicazioni\Symantec
2008-02-29 15:41 . 2008-02-29 15:41 <DIR> d-------- C:\Documents and Settings\bastardinside\Dati applicazioni\Nero
2008-02-29 15:32 . 2008-02-29 15:38 <DIR> d-------- C:\Programmi\File comuni\Nero
2008-02-29 15:32 . 2008-02-29 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-02-26 19:15 . 2008-02-26 19:25 <DIR> d-------- C:\Programmi\P2P_Energy
2008-02-26 19:15 . 2008-02-26 19:15 <DIR> d-------- C:\Programmi\Conduit
2008-02-23 13:29 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-02-18 18:33 . 2008-02-29 08:55 <DIR> d-------- C:\Documents and Settings\bastardinside\Dati applicazioni\skypePM
2008-02-18 18:33 . 2008-02-18 18:33 32 --a------ C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-02-17 13:08 . 2008-03-08 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 12:33 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-03-13 06:56 --------- d-----w C:\Programmi\Spyware Doctor
2008-03-13 04:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-03-13 00:08 --------- d-----w C:\Programmi\Windows Live
2008-03-12 23:54 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-03-12 15:10 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-03-11 12:03 --------- d-----w C:\Documents and Settings\bastardinside\Dati applicazioni\WholeSecurity
2008-03-07 21:24 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-03-07 14:00 --------- d-----w C:\Programmi\Norton Security Scan
2008-03-04 12:44 --------- d-----w C:\Programmi\Winamp
2008-03-04 12:44 --------- d-----w C:\Programmi\QuickTime
2008-03-04 12:44 --------- d-----w C:\Programmi\Motorola Phone Tools
2008-03-04 12:44 --------- d-----w C:\Programmi\Microsoft ActiveSync
2008-03-04 12:44 --------- d-----w C:\Programmi\LimeWire
2008-03-04 12:44 --------- d-----w C:\Programmi\DVD Shrink
2008-03-04 12:44 --------- d-----w C:\Programmi\Avanquest update
2008-02-29 14:32 --------- d-----w C:\Programmi\Nero
2008-02-29 08:00 --------- d-----w C:\Documents and Settings\bastardinside\Dati applicazioni\Skype
2008-02-25 23:38 --------- d-----w C:\Documents and Settings\bastardinside\Dati applicazioni\U3
2008-02-17 08:39 --------- d-----w C:\Programmi\Live_TV
2008-02-16 23:41 --------- d-----w C:\Programmi\File comuni\Adobe
2008-02-02 08:27 --------- d-----w C:\Programmi\File comuni\Ahead
2008-02-02 08:24 --------- d-----w C:\Documents and Settings\bastardinside\Dati applicazioni\Ahead
2008-02-01 14:04 --------- d-----w C:\Documents and Settings\bastardinside\Dati applicazioni\Talkback
2008-02-01 11:55 42,376 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-01 10:17 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-31 10:38 --------- d-----w C:\Programmi\File comuni\Skype
2008-01-28 18:48 --------- d-----w C:\Programmi\Windows Media Connect 2
2008-01-22 00:01 --------- d-----w C:\Programmi\Macrogaming
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-13_13.12.39,42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-13 12:32:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5ac.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 63,712 2007-03-22 14:09:06 C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe

----a-w 39,792 2007-10-10 18:51:55 C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 39,792 2008-01-11 21:16:38 C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

----a-w 462,848 2003-10-29 14:11:30 C:\Programmi\digicomt\Michelangelo USB ADSL\bak\CnxDslTb.exe

----a-w 599,280 2007-10-31 09:51:38 C:\Programmi\eBay\eBay Toolbar2\bak\eBayTBDaemon.exe

----a-w 94,208 2005-10-28 14:25:44 C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe

----a-w 185,632 2007-12-05 14:31:32 C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe

----a-w 68,856 2007-11-07 11:40:32 C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

----a-w 1,289,000 2006-11-13 13:38:54 C:\Programmi\Microsoft ActiveSync\bak\wcescomm.exe

----a-w 98,304 2007-10-13 21:19:27 C:\Programmi\QuickTime\bak\qttask.exe

----a-w 1,065,288 2007-10-02 15:27:04 C:\Programmi\Spyware Doctor\bak\SDTrayApp.exe

----a-w 15,360 2004-08-19 13:39:36 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 13:39:36 C:\WINDOWS\system32\ctfmon.exe

----a-w 159,744 2007-08-24 09:01:12 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 131,072 2007-08-24 09:00:46 C:\WINDOWS\system32\bak\igfxpers.exe

----a-w 135,168 2007-08-24 09:01:12 C:\WINDOWS\system32\bak\igfxtray.exe

----a-w 155,648 2001-07-09 08:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
2008-02-14 11:52 1236992 --a------ C:\Programmi\PicLensIE\PicLens.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"EPSON Stylus DX6000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.exe" [2006-09-22 05:01 139264]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [ ]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [ ]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
"eMuleAutoStart"="F:\Programmi\eMule\emule.exe" [2007-05-13 15:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-08 01:15 16844800 C:\WINDOWS\RTHDCPL.exe]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-05 14:49 1836544]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"AVP"="C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180.exe" [2007-10-12 15:29 212992]
"ISTray"="C:\Programmi\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2007-12-05 14:48:31 126136]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Programmi\\eMule\\emule.exe"=
"C:\Programmi\Microsoft ActiveSync\rapimgr.exe"= C:\Programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programmi\Microsoft ActiveSync\WCESMgr.exe"= C:\Programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18680:TCP"= 18680:TCP:NortonAV
"13946:TCP"= 13946:TCP:NortonAV
"16096:TCP"= 16096:TCP:NortonAV
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-09-12 10:26]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-09-12 10:26]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-10-29 15:02]
S0 qmcvtsht;qmcvtsht;C:\WINDOWS\system32\drivers\mwhulpuc.sys []
S2 setup_7.0.0.180;setup_7.0.0.180;"C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180.exe" -r []
S3 CAM1690;USB PC Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-11-21 17:37]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef50c3c6-8603-11dc-a3d3-001a92eb665c}]
\Shell\auto\command - M:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - M:\Knight.exe open
\Shell\find\command - M:\Knight.exe open
\Shell\install\command - M:\Knight.exe open
\Shell\open\command - M:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fff1a470-8487-11dc-a3ca-001a92eb665c}]
\Shell\auto\command - M:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - M:\Knight.exe open
\Shell\find\command - M:\Knight.exe open
\Shell\install\command - M:\Knight.exe open
\Shell\open\command - M:\Knight.exe open

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-07 18:31:28 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmi\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 13:42:28
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-03-13 13:43:56
ComboFix-quarantined-files.txt 2008-03-13 12:43:52
.
2008-03-13 00:23:32 --- E O F ---

[bastardinside]

E questo è il log aggiornato di Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.49.12, on 13/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
F:\Programmi\eMule\emule.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\internet explorer\iexplore.exe
E:\Documenti\bastardinside\File ricevuti\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Programmi\Live_TV\tbLiv0.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Programmi\Live_TV\tbLiv0.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programmi\PicLensIE\PicLens.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Programmi\Live_TV\tbLiv0.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SE2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [eMuleAutoStart] F:\Programmi\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Prince of Persia Spirito Guerriero.LNK = C:\Programmi\Ubisoft\Prince of Persia Spirito Guerriero\Support\Register\RegistrationReminder.exe
O4 - User Startup: Registration Prince of Persia Spirito Guerriero.LNK = C:\Programmi\Ubisoft\Prince of Persia Spirito Guerriero\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ricerca - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.alice.it
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.pvw.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C63E359-A5CF-4E59-86F9-10CC849F5F27}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: setup_7.0.0.180 - Kaspersky Lab - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10989 bytes

[Sante62]

Bene, adesso dimmi che problemi riscontri...

metti un firewall scegliendone uno mediante questa discussione

[bastardinside]

Scusami Sante62, ma quale mi consiglieresti personalmente come firewall da installare?...ce ne sono un bel pò ed io non è che ne capisca chissà quanto...fammi sapere...grazie...

[Sante62]

Zone Alarm è in italiano e più facile da configurare;

se hai dimestichezza con l'inglese puoi sceglierne qualche altro;

il principio però è sempre lo stesso; vanno configurati correttamente.

[bastardinside]

Ciao Sante62, scusami se ti rispondo solo adesso ma ho avuto problemi di linea cmq ho installato, come firewall, PC Tools Firewall Plus perchè Zone Alarm andava in conflitto con PC Tools Spyware Doctor...adesso che devo fare?...grazie...

[bastardinside]

A questo punto penso che lo disinstallerò anche perchè mi blocca e mi rallenta tutto...se c'è l'ho attivo emule non mi parte ed internet si blocca...ora provo ad installarle un altro e ti faccio sapere...

[bastardinside]

Ho installato Online Armor per quanto riguarda il Firewall ed, almeno per adesso, va tutto bene...fammi sapere cosa devo fare adesso...

[Sante62]

Non conosco questo firewall;

l'hai preso dal link che ti ho indicato?

per quanto riguarda i firewall che hai installato prima, andavano in conflitto perchè ne avevi installati due: PC Tools e Zone Alarm;

come l'antivirus, il firewall deve essere uno solo;

Fai la scansione con GMER
Ricorda che i log di GMER sono due: Autostart e Rootkit. Postali su www.freefilehosting.net come indicato quì

[bastardinside]

No Sante62, avevo provato prima ad installare Zone Alarm che poi ho subito disinstallato perchè andava in conflitto con PC Tools Spyware Doctor, e poi ho installato PC Tools Firewall Plus che però mi bloccava internet e non mi faceva connettere emule (molto probabilmente perchè dovevo cambiare qualcosa nelle impostazioni), cmq ho installato questo Online Armor che ho preso dal link da te indicatomi perchè su vari forum dicono che tra i Firewall gratuiti è uno dei migliori...a parte questo scarico GMer, faccio la scansione, posto il log su freefilehosting e ti faccio avere il link...

[bastardinside]

Sante62, questi sono i due link dei due file caricati su FreeFileHosting:

Direct Link:
http://www.freefilehosting.net/download/3dh5a
HTML Code: <ahref="http://www.freefilehosting.net/files/3dh5a">GMER7.txt</a>
Forum Link:
[URL="http://www.freefilehosting.net/files/3dh5a"]GMER7.txt[/URL]

Direct Link:
http://www.freefilehosting.net/download/3dh5l
HTML Code:
<a href="http://www.freefilehosting.net/files/3dh5l">Log GMER2.txt</a>
Forum Link:
[URL="http://www.freefilehosting.net/files/3dh5l"]Log GMER2.txt[/URL]

E come sempre

[Sante62]

OK, i log di GMER non presentano nulla di strano...

adesso collegati a Kaspersky online scanner
Quando sta scaricando i file necessari, disattiva momentaneamente l'antivirus. Non appena inizia la scansione del PC disconnettiti da internet.
Alla fine carica il risultato su www.freefilehosting.net, riportando quì il link che ti viene assegnato come indicato quì

[bastardinside]

Ciao Sante62, ecco il link del risultato della scansione di Kaspersky Online Scanner su FreeFileHosting:

Direct Link:
http://www.freefilehosting.net/download/3dif4

HTML Code:
<ahref="http://www.freefilehosting.net/files/3dif4">kaspersky35.html</a>

Forum Link:
[URL="http://www.freefilehosting.net/files/3dif4"]kaspersky35.html[/URL]

[Sante62]

Scarica The Avenger (Nuova versione)
Scompattalo in una sua cartella in c:\
Avvialo e clicca su OK
all'interno del box bianco
Inserisci queste righe:

[bastardinside]

Per quanto riguarda Avenger non mi funziona perchè quando inserisco le citazioni che m'hai dato e clicco su execute, avenger mi dice "error: Invalid script. A valid script must begin with a command directive. Aborting Execution!"...non è la prima volta che accade e non sono riuscito a capire il problema, le citazioni le ho copiate e le ho anche scritte passo passo ma in entrambi i casi non va...cmq ho provveduto a cancellare di persona la cartella che conteneva quei file, ho utilizzato anche CCleaner ed ho deframmentato il disco...ora cosa devo fare?... ...

[Sante62]

Il problema di Avenger sono sicuramente le interlinee che ha lasciato, è già capitato cioè:

[bastardinside]

Hai ragione Sante62, ho reinserito gli script ed ecco il risultato:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "F:\Programmi\eMule\Incoming\File Nero\Ahead.Nero.v8.2.8.0.Multilanguage.Incl.Keymaker.rar"
Deletion of file "F:\Programmi\eMule\Incoming\File Nero\Ahead.Nero.v8.2.8.0.Multilanguage.Incl.Keymaker.rar" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "F:\Programmi\eMule\Incoming\File Nero\Nero 8 Ultra Edition 8.2.8.0-Multilanguaje-psicotropia.rar"
Deletion of file "F:\Programmi\eMule\Incoming\File Nero\Nero 8 Ultra Edition 8.2.8.0-Multilanguaje-psicotropia.rar" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.

Anche se credo che a questo punto sia inutile visto che ho cancellato direttamente la cartella che conteneva i file, infatti dice Error in entrambi i casi...ti faccio sapere se con la scansione di Norton Security Scan mi trova ancora questo virus...aldilà di questo, sarò ripetitivo lo so, ma grazie di tutto...