Olimpo Informatico

[fadu]

Salve a tutti.
Ho provato a leggere altri post ma ho la sensazione di essere talemto poco esperto da aver bisogno di una guida "passo passo"...
Io sono due giorni, essendo un totale niubbo, che in ditta combatto con
questo virus.
Abbiamo una lan con un server e quattro client.
La situazione sul mio pc, il sever, è questa:
da qualche giorno quando utilizzo google per ricerche varie mi si
aprono dei pop-up con delle ricerche alternative, ci sono dei
rallentamenti nell'utilizzo di IE(caricamento pagine più lento, pagine
che scorrono verso alto o basso lentamente o a scatti) e generale
rallentamento delle operazioni.
Siccome non avevamo aggiornato l'abbonamento di norton ho scaricato avg
che mi ha trovato dei trojan del tipo agent.rl e small.jm che, in
teoria ha eliminato, senza però che le cose migliorassero.
Tra l'altro, adesso, facendo scansioni con avg e bitdefender non rileva
più niente..
Andando su Installazione applicazioni ho visto che c'è l'icona di
LinkOptimizer e, come suggerito da alcuni, non l'ho toccata.
Ho provato a scaricare hijackThis seguendo i fix consigliati da
hijackThis.de/it ma non ho risolto niente.
Aiutatemi per favore, grazie.

Federico


Ecco il log di hijackThis:


ogfile of HijackThis v1.99.1
Scan saved at 10.34.17, on 31/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Iomega\AutoDisk\ADService.exe
C:\Programmi\Canon\DIAS\CnxDIAS.exe
c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programmi\Iomega\AutoDisk\ADUserMon.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Programmi\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\sysintc\UTENTE\conf_L\bin\swmenu.exe
C:\Programmi\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Documents and Settings\UTENTE\Desktop\HijackThis\HijackThis.exe
C:\WINDOWS\system32\HPBPRO.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
= Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
c:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {D4ED03F3-6672-F05B-77C2-859151625148} -
C:\WINDOWS\mdoom1.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
- c:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog
Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [ccApp] "c:\Programmi\File comuni\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By
IBM\ibmmessages.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SW_SUBST_L:]
"C:\Export\sysint\client\bin\sw_subst.exe" L:,C:\Export
O4 - HKLM\..\Run: [ADUserMon]
C:\Programmi\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons]
C:\Programmi\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programmi\Iomega\DriveIcons\deskup.exe
/IMGSTART
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PRONoMgr.exe]
C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [StatusClient 2.6]
C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
/auto
O4 - HKLM\..\Run: [TomcatStartup 2.5]
C:\Programmi\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP
Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP
O4 - HKCU\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By
IBM\ibmmessages.exe
O4 - Startup: conf_L.lnk = C:\sysintc\UTENTE\conf_L\bin\swmenu.exe
O4 - Global Startup: WinZip Quick Pick.lnk =
C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file
missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Programmi\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE
Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client...
O17 -
HKLM\System\CCS\Services\Tcpip\..\{0785DD61-1E4F-459A-8CDA-25A8C1428A69}:
NameServer = 192.168.1.1
O17 -
HKLM\System\CS1\Services\Tcpip\..\{0785DD61-1E4F-459A-8CDA-25A8C1428A69}:
NameServer = 192.168.1.1
O17 -
HKLM\System\CS2\Services\Tcpip\..\{0785DD61-1E4F-459A-8CDA-25A8C1428A69}:
NameServer = 192.168.1.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Driver Information Assist Service - CANON INC. -
C:\Programmi\Canon\DIAS\CnxDIAS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - c:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - c:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation -
C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) -
Symantec Corporation - c:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Programmi\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service
(default)) - Analog Devices, Inc. - C:\Programmi\Analog
Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) -
Iomega Corporation - C:\Programmi\Iomega\AutoDisk\ADService.exe

[Ph03N1x]

questa voce:

O4 - Global Startup: WinZip Quick Pick.lnk =


va eliminata


si tratta di un virus che non ha nulla a che fare col software di comrpessione.
Inoltre ti consiglio di fare una scansione anche con ad-aware, spybot e ewido.
fammi sapere