Olimpo Informatico

[Francesco1908]

Salve a tutti, sono nuovo in questo forum e vi scrivo perchè ho un problema.
Già qualche mese fa ho avuto un problema con il dialer Internet Connection, e, seguendo dei consigli trovati in rete attraverso avenger e findAWF sono riuscito a risolvere il problema.
Ieri però si è ripresentato, ma con gli stessi mezzi non riesco a risolverlo, in quanto con findAWF non trovo file duplicati.
Qualcno mi può aiutare?
Grazie!
Francesco1908

[bdoriano]

Ciao Francesco1908,

1. Disabilita il ripristino di sistema.
   
2. Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
   
3. Scarica Norman Malware Cleaner e NOD32 Scanner.
   
4. Avvia il pc in modalità provvisoria.
   
5. Avvia NOD32 e fagli fare la scansione completa.
   
6. Avvia Norman Malware Cleaner e fagli fare la scansione completa.
   Viene generato un log sul desktop chiamandolo NFix_2008-03-gg_hh-mm-ss.log, alla fine della scansione caricalo su FreeFileHosting come indicato qui e posta il link che ti viene assegnato.
   
7. Segui le istruzioni di questo topic per postare il log di combofix.
   
8. Segui le istruzioni di questo topic per postare il log di hijackthis.

PS: se vuoi, puoi presentarti qui

[Francesco1908]

Grazie mille bdoriano!!
Questo è il link che mi è stato assegnato:

NFix_2008-03-20_17-15-15.log

Ora posto anche gli altri log...

[Francesco1908]

Ecco il log di Combofix:

ComboFix 08-03-18.1 - SCG_4 2008-03-20 18.33.29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.185 [GMT 1:00]
Eseguito da: C:\Documents and Settings\SCG_4\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-02-20 al 2008-03-20 )))))))))))))))))))))))))))))))))))
.

2008-03-20 16:24 . 2008-03-20 16:22 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-20 16:24 . 2008-03-20 16:22 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-20 16:24 . 2008-03-20 16:22 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-20 16:24 . 2008-03-20 16:24 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-03-20 16:16 . 2008-03-20 16:39 <DIR> d-------- C:\Programmi\ESET
2008-03-19 20:15 . 2008-03-19 20:14 14,348 --a------ C:\WINDOWS\system32\hkcmd.exe1199930680
2008-03-18 21:06 . 2008-03-18 21:06 <DIR> d-------- C:\Programmi\Safari
2008-03-13 21:45 . 2008-03-13 21:45 <DIR> d-------- C:\Programmi\Trend Micro
2008-03-13 21:15 . 2008-03-13 19:55 14,348 --a------ C:\Documents and Settings\SCG_4\AGRSMMSG .exe
2008-03-06 23:57 . 2008-03-06 23:57 <DIR> d-------- C:\Programmi\TVUPlayer
2008-03-06 23:57 . 2008-03-06 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TVU networks
2008-03-04 22:23 . 2008-03-20 18:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 22:23 . 2008-03-04 22:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-04 22:22 . 2008-03-04 22:22 <DIR> d-------- C:\Programmi\iPod
2008-03-02 15:13 . 2008-03-09 14:24 <DIR> d-------- C:\Programmi\SopCast
2008-03-02 15:07 . 2008-03-02 15:07 <DIR> d-------- C:\Documents and Settings\SCG_4\Dati applicazioni\TVU Networks
2008-03-01 18:23 . 2008-03-01 18:23 <DIR> d-------- C:\Programmi\TVAnts
2008-02-28 11:09 . 2008-02-28 11:09 <DIR> d-------- C:\Documents and Settings\SCG_4\Dati applicazioni\Leadertech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 19:36 --------- d-----w C:\Programmi\ltmoh
2008-03-19 19:36 --------- d-----w C:\Programmi\Apoint2K
2008-03-19 14:16 --------- d-----w C:\Documents and Settings\SCG_4\Dati applicazioni\MSN6
2008-03-17 19:53 --------- d-----w C:\Programmi\eMule
2008-03-11 10:57 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-03-04 21:22 --------- d-----w C:\Programmi\iTunes
2008-02-28 11:36 --------- d-----w C:\Programmi\Windows Live
2008-02-12 22:55 --------- d-----w C:\Programmi\QuickTime
2008-02-01 10:17 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-15 18:50 2,742 ---ha-w C:\hpothb07.dat
2008-01-15 18:25 515 ---ha-w C:\Programmi\hpothb07.tif
2008-01-15 18:25 296 ---ha-w C:\Programmi\hpothb07.dat
2008-01-15 18:24 324 ---ha-w C:\Documents and Settings\SCG_4\hpothb07.dat
2008-01-15 18:24 0 ---ha-w C:\Documents and Settings\SCG_4\Dati applicazioni\hpothb07.dat
2007-01-09 17:13 544 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2007-01-09 17:13 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
2007-01-09 17:13 0 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2007-01-09 17:13 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2007-01-09 17:13 0 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
2006-12-07 22:35 8,282,187 ----a-w C:\Programmi\vlc-0.8.5-win32.exe
2006-12-06 18:41 359,112 ----a-w C:\Programmi\LimeWireWin.exe
.

[Francesco1908]

Ed ecco l'ultimo log...spero di aver fatto tutto bene....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.39.32, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Libero\Adsl\dslstat.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programmi\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Programmi\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\AddOn\Fujitsu\Hotkey\IndicatorUty.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Libero\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Libero\Adsl\dslagent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://intranet.sogei.it/sogeionline/Portal/resources/msddsc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197201301891
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197201114151
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://tiscaliit.oberon-media.com/online2/bejeweled2/Oberongamesloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D14C9BB5-F6ED-4EC2-8DC3-41AA8040D8C4}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8798 bytes

[Francesco1908]

Hijackthis:

hijackthis368.log

Combofix:

log40.txt

Norman Malware Cleaner:


NFix_2008-03-20_17-15-15.log

[bdoriano]

Ri-ciao Francesco1908,

vedo che combofix ha identificato qualcosa...
Crea un file di testo con le seguenti istruzioni:

[Francesco1908]

Ecco fatto!!

Combofix:

log41.txt

Hajackthis:

hijackthis371.log

[bdoriano]

Dobbiamo ripetere l'operazione...

Crea un file di testo con le seguenti istruzioni:

[Francesco1908]

Ciao bdoriano, come richiesto ecco il log di combofix:

log42.txt

[bdoriano]

Ok!
Stavolta ha funzionato.

Facciamo gli ultimi controlli:

• Disabilita il tuo antivirus
  
• Collegati a BitDefender (con IE) e fai la scansione completa.
  
• Dopo, collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
  Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.