Navigazione Lenta, Intoppi E Forse Qualche Virus

[MarcoAL]

Ciao ragazzi!

E' da qualche giorno chi riscontrato un paio di problemi col Pc.

Praticamente capita che dopo un po che sono in internet la navigazione diventa lenta e mi si blocca la chiusura delle finestre come se si fosse impallato il pc; come se nn bastasse si aprono automaticamente finestre pubblicitarie (sempre le stesse).

Inoltre sono in possesso di kaspersky 2007 antivirus e sono un paio di giorni che compare l'avviso di fine infetti anche all'avvio del pc, spyware e trojan che purtroppo non riesco ad eliminare.

Premetto che la versione è originale ed aggiornata, ho fatto un paio di scansioni ma nn trova niente..

Non saprei proprio come fare... immagino ci sia "qualche" schifezza infiltrata da qualche parte...

Vi ho scritto anche tempo fa per altri problemi e mi avete sempre aiutato alla grande! Sono nelle vostre mani..!

Vi ringrazio anticipatamente !!

hijackthis.log

[thesorrow83]

Scarica Combofix, disconnettiti da internet e chiudi tutti i programmi compresi antivirus, antispyware e firewall. Avvia Combofix, digita 1 e premi invio, attendi ora la fine delle operazioni senza fare niente, poi posta qui il log C:\combofix.txt.

**************

Scarica Ccleaner dalla mia firma (attenzione durante l'installazione togli la spunta da Yahoo Toolbar) poi avvialo, clicca su Opzioni - Avanzate - togli spunta da "cancella file in windows temp solo se più vecchi di 48 ore", chiudi internet explorer e/o firefox e "Avvia pulizia".

**************

Scarica MalwareBytes, aggiornalo e fai una scansione completa del tuo sistema poi posta il report.

[MarcoAL]

Fatto tutto!

A quanto pare c'è qualcosa adesso uppo i results.

log.txt

mbam_log_08_23_2008__18_37_38_.txt

[thesorrow83]

Bene, ora apri Malwarebytes - Quarantena - Cancella Tutti.

Riavvia e posta un nuovo log di HijackThis e facci sapere se i problemi sono scomparsi.

[$angelique!?]

Ciao MarcoAL,

esegui anche questa operazione:

Scarica the Avenger

http://swandog46.geekstogo.com/avenger.zip

lo salvi in una cartella, scompatti il file .zip.

individua avenger.exe, lo avvii.

inserisci questo script nel box bianco

Registry values to replace with dummy:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:

C:\Documents and Settings\Marco\Dati applicazioni\wklnhst.dat

C:\WINDOWS\system32\__c00F7568.dat

folders to delete:

C:\WINDOWS\temp

C:\WINDOWS\Tasks

C:\Programmi\Trojan Remover

Clicca su Execute

Il pc dovrebbe riavviarsi ( se così non fosse, fallo tu)

Posta il log che verrà creato in C:\Avenger

allega un nuovo log di hijackthis

Prova con questa utility, se migliora il problema della navigazione:

scarica il programma, clicca su entrambi i pulsanti e poi riavvia

http://www.xp-smoker.com/freeware.html

[MarcoAL]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20.57.45, on 23/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Intel\Wireless\Bin\EvtEng.exe

C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\stsystra.exe

C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\GSICON.EXE

C:\WINDOWS\system32\dslagent.exe

C:\Programmi\Unlocker\UnlockerAssistant.exe

C:\Programmi\Broadcom\BACS\BacsTray.exe

C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Programmi\WinZip\WZQKPICK.EXE

C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\internet explorer\iexplore.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.it/ig/dell?hl=it&client=dell-row&channel=it&ibd=0061103

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\programmi\mcafee\spamkiller\mcapfbho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [bacstray] C:\Programmi\Broadcom\BACS\BacsTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programmi\mcafee\spamkiller\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programmi\mcafee\spamkiller\mcapfbho.dll

O9 - Extra button: Alice - {CDBB7312-3603-42B3-8816-A6F4F03BB525} - http://gw.aliceadsl.it/alice (file missing) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home

O15 - Trusted Zone: http://*.download.microsoft.com

O15 - Trusted Zone: http://*.update.microsoft.com

O15 - Trusted Zone: http://*.windowsupdate.com

O15 - Trusted Zone: http://*.windowsupdate.microsoft.com

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://mappe.comune.verona.it/MapGuide_plugin/mgaxctrl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EDB270AD-6BAE-48DF-B672-A3DAE59F816E}: NameServer = 85.37.17.44 85.38.28.90

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 7750 bytes

---------------------------------------------------------------------------------------------------------------------------------

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\pihnlnwd

*******************

Script file located at: \??\C:\qduwhu^a.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\ddabc.dll not found!

Deletion of file C:\WINDOWS\system32\ddabc.dll failed!

Could not process line:

C:\WINDOWS\system32\ddabc.dll

Status: 0xc0000034

File C:\WINDOWS\system32\mcrh.tmp not found!

Deletion of file C:\WINDOWS\system32\mcrh.tmp failed!

Could not process line:

C:\WINDOWS\system32\mcrh.tmp

Status: 0xc0000034

File C:\WINDOWS\system32\msvcrt23.dll not found!

Deletion of file C:\WINDOWS\system32\msvcrt23.dll failed!

Could not process line:

C:\WINDOWS\system32\msvcrt23.dll

Status: 0xc0000034

File C:\WINDOWS\system32\orutv.ini not found!

Deletion of file C:\WINDOWS\system32\orutv.ini failed!

Could not process line:

C:\WINDOWS\system32\orutv.ini

Status: 0xc0000034

File C:\WINDOWS\system32\orutv.ini2 not found!

Deletion of file C:\WINDOWS\system32\orutv.ini2 failed!

Could not process line:

C:\WINDOWS\system32\orutv.ini2

Status: 0xc0000034

File C:\WINDOWS\system32\cbadd.ini not found!

Deletion of file C:\WINDOWS\system32\cbadd.ini failed!

Could not process line:

C:\WINDOWS\system32\cbadd.ini

Status: 0xc0000034

File C:\WINDOWS\system32\cbadd.ini2 not found!

Deletion of file C:\WINDOWS\system32\cbadd.ini2 failed!

Could not process line:

C:\WINDOWS\system32\cbadd.ini2

Status: 0xc0000034

File C:\WINDOWS\system32\wingsa32.dll not found!

Deletion of file C:\WINDOWS\system32\wingsa32.dll failed!

Could not process line:

C:\WINDOWS\system32\wingsa32.dll

Status: 0xc0000034

File C:\Documents and Settings\Marco\Dati applicazioni\wklnhst.dat deleted successfully.

File move operation C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe completed successfully.

File move operation C:\Programmi\McAfee\SpamKiller\bak\MSKDetct.exe|C:\Programmi\McAfee\SpamKiller\MSKDetct.exe completed successfully.

File move operation C:\Programmi\Intel\Wireless\Bin\bak\ZCfgSvc.exe|C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe completed successfully.

File move operation C:\Programmi\Intel\Wireless\Bin\bak\ifrmewrk.exe|C:\Programmi\Intel\Wireless\Bin\iFrmewrk.exe completed successfully.

File move operation C:\Programmi\DAEMON Tools\bak\daemon.exe|C:\Programmi\DAEMON Tools\daemon.exe completed successfully.

File move operation C:\Programmi\D-Tools\bak\daemon.exe|C:\Programmi\D-Tools\daemon.exe completed successfully.

Folder C:\Windows\Tasks deleted successfully.

Folder C:\Windows\Temp deleted successfully.

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File "C:\Documents and Settings\Marco\Dati applicazioni\wklnhst.dat" deleted successfully.

Error: file "C:\WINDOWS\system32\__c00F7568.dat" not found!

Deletion of file "C:\WINDOWS\system32\__c00F7568.dat" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Folder "C:\WINDOWS\temp" deleted successfully.

Folder "C:\WINDOWS\Tasks" deleted successfully.

Folder "C:\Programmi\Trojan Remover" deleted successfully.

Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

[MarcoAL]

Provate a dare un'occhiata voi ai log magari c'è qualcosa ma immagino che ormai abbiamo fatto tutto perchè i problemi mi sembrano risolti!!

Grazie mille ancora per le dritte!!

[thesorrow83]

Ok per me il log di HijackThis sembra apposto.