www.MegaLab.it

[zenith]

Cari amici,
grazie all'aiuto del forum in un altro post sono riuscito a risolvere i problemi causati da Vundo, attraverso ComboFix.
Ora però si è presentato un nuovo problema: riavviato il pc, la connessione wireless era praticamente morta. La mia scheda wireless Linksys ha trovato l'access point, ma a quanto pare "Internet cannot be found". Ho provato a cercare in rete possibili soluzioni ma nulla di utile. Ora sto usando un live di Ubuntu.
Insomma si tratterebbe, per quanto capisco, di fare in modo che il mio pc si colleghi alla lan e quindi ad internet. Potreste darmi una dritta circa come procedere? Non so davvero da dove iniziare!

[ste_95]

Prova a reinstallare i driver, magari sono stati corrotti...

[Amantide]

Ti avevo già chiesto nell'atra discussione di postare sia il log di Combofix, quello generato durante la prima scansione, che quello di Hijackthis.
Dobbiamo anche vedere se per sbaglio Combofix non ha rimosso qualcosa che non doveva.

[Mandrake]

esatto, servono i log...
comunque, hai la possibilità di testare se tramite ethernet funziona?

[zenith]

Prova a reinstallare i driver, magari sono stati corrotti...

Provato con WinDriver. Tutto uguale.

Ti avevo già chiesto nell'atra discussione di postare sia il log di Combofix, quello generato durante la prima scansione, che quello di Hijackthis.

Log ComboFix

ComboFix 09-03-19.02 - HP_Proprietario 2009-03-21 14:46:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.2047.1470 [GMT 1:00]
Eseguito da: c:\documents and settings\HP_Proprietario\Desktop\ggg.exe
AV: avast! antivirus 4.8.1335 [VPS 090320-0] *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_PRO~1\IMPOST~1\Temp\tmp1.tmp
c:\docume~1\HP_PRO~1\IMPOST~1\Temp\tmp2.tmp
c:\windows\system32\drivers\ss.sys
c:\windows\system32\ikojekaj.ini
c:\windows\system32\jakejoki.dll
c:\windows\system32\juvilisi.dll
c:\windows\system32\ofwimq.dll
c:\windows\system32\pigatedu.dll
c:\windows\system32\pusogumu.dll
c:\windows\system32\ss.exe
c:\windows\system32\subapade.dll
c:\windows\system32\wihedilu.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-02-21 al 2009-03-21 )))))))))))))))))))))))))))))))))))
.

2009-03-21 14:43 . 2009-03-21 14:46 <DIR> d-------- C:\ComboFix
2009-03-21 11:04 . 2009-03-21 13:34 110,592 --a------ C:\bla.exe
2009-03-21 10:54 . 2009-03-20 10:44 48,690 -r-hs---- c:\windows\fxsteller.exe
2009-03-21 10:39 . 2009-03-21 10:39 <DIR> d-------- c:\documents and settings\Maurizio\Dati applicazioni\DivX
2009-03-07 12:27 . 2009-03-07 12:29 <DIR> d-------- C:\My Drivers
2009-03-05 21:43 . 2009-03-05 21:43 <DIR> d-------- c:\windows\Vbox
2009-03-05 21:43 . 2009-03-05 21:43 <DIR> d-------- c:\programmi\TI Education
2009-03-04 14:43 . 2009-03-04 14:43 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2009-03-02 14:37 . 2009-03-02 14:43 <DIR> d-------- c:\programmi\uTorrent
2009-03-02 14:37 . 2009-03-20 19:37 <DIR> d-------- c:\documents and settings\HP_Proprietario\Dati applicazioni\uTorrent
2009-02-28 15:06 . 2009-02-28 15:06 <DIR> d-------- c:\programmi\Pivot Stickfigure Animator
2009-02-26 19:26 . 2009-02-26 19:26 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\RoboForm
2009-02-26 19:25 . 2009-02-26 19:25 <DIR> d-------- c:\programmi\Siber Systems
2009-02-24 20:09 . 2009-02-24 20:09 <DIR> d-------- c:\programmi\VS Revo Group
2009-02-22 11:29 . 2004-08-18 13:00 219,648 --a------ c:\windows\system32\uxtheme.backup
2009-02-21 13:36 . 1996-11-08 00:48 368,912 --a------ c:\windows\system32\vbar332.dll
2009-02-21 13:36 . 2004-07-14 15:26 152,848 --a------ c:\windows\system32\COMDLG32.OCX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 20:02 --------- d-----w c:\documents and settings\HP_Proprietario\Dati applicazioni\FileZilla
2009-03-14 14:23 --------- d-----w c:\programmi\File comuni\Adobe
2009-03-14 12:39 --------- d-----w c:\programmi\eMule
2009-03-11 14:58 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-03-09 19:52 --------- d-----w c:\documents and settings\HP_Proprietario\Dati applicazioni\Vidalia
2009-03-09 19:51 --------- d-----w c:\documents and settings\HP_Proprietario\Dati applicazioni\tor
2009-02-24 19:24 --------- d-----w c:\documents and settings\HP_Proprietario\Dati applicazioni\Nvu
2009-02-24 19:23 --------- d-----w c:\programmi\Lunascape
2009-02-24 19:20 --------- d-----w c:\documents and settings\HP_Proprietario\Dati applicazioni\Lunascape
2009-02-24 19:15 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-24 19:15 --------- d-----w c:\programmi\File comuni\ArcSoft
2009-02-24 19:15 --------- d-----w c:\programmi\ArcSoft
2009-02-24 10:29 --------- d-----w c:\documents and settings\HP_Proprietario\Dati applicazioni\dvdcss
2009-02-21 10:51 --------- d-----w c:\programmi\Windows Live
2009-02-20 10:51 --------- d-----w c:\programmi\Microsoft Silverlight
2009-02-18 20:04 --------- d-----w c:\programmi\Auslogics
2009-02-18 20:04 --------- d-----w c:\documents and settings\HP_Proprietario\Dati applicazioni\Auslogics
2009-02-16 19:00 --------- d-----w c:\documents and settings\HP_Proprietario\Dati applicazioni\ImgBurn
2009-02-14 15:31 --------- d-----w c:\documents and settings\Maurizio\Dati applicazioni\Sonic
2009-02-14 15:31 --------- d-----w c:\documents and settings\Maurizio\Dati applicazioni\Leadertech
2009-02-10 19:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ALM
2009-02-10 18:52 --------- d-----w c:\programmi\File comuni\Macrovision Shared
2009-02-10 14:43 --------- d-----w c:\documents and settings\HP_Proprietario\Dati applicazioni\Download Manager
2009-02-01 20:21 --------- d-----w c:\programmi\iTunes
2009-02-01 20:21 --------- d-----w c:\programmi\iPod
2009-02-01 20:21 --------- d-----w c:\programmi\File comuni\Apple
2009-02-01 20:21 --------- d-----w c:\documents and settings\HP_Proprietario\Dati applicazioni\Apple Computer
2009-02-01 20:21 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-02-01 20:21 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-01 20:20 --------- d-----w c:\programmi\QuickTime
2009-02-01 20:20 --------- d-----w c:\programmi\Bonjour
2009-02-01 20:18 --------- d-----w c:\programmi\Apple Software Update
2009-02-01 20:17 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple
2009-02-01 10:43 --------- d-----w c:\programmi\Java
2009-01-31 12:44 --------- d-----w c:\programmi\Windows Live SkyDrive
2009-01-31 12:44 --------- d-----w c:\programmi\Microsoft
2009-01-31 12:41 --------- d-----w c:\programmi\File comuni\Windows Live
2009-01-28 13:52 --------- d-----w c:\programmi\RhinoSoft.com
2009-01-24 15:02 --------- d-----w c:\documents and settings\Maurizio\Dati applicazioni\HPQ
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-14 7557120]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\programmi\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-01-16 185872]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" [2006-02-14 c:\windows\system32\nwiz.exe]

c:\documents and settings\Default User\Menu Avvio\Programmi\Esecuzione automatica\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-07-08 27136]

c:\documents and settings\Maurizio\Menu Avvio\Programmi\Esecuzione automatica\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-07-08 27136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2009-02-27 17:10 35696 c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 07:58 611712 c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASuite]
--a------ 2008-05-24 21:26 457728 c:\documents and settings\HP_Proprietario\Documenti\Lupo PenSuite v6.70 Full\Launcher\ASuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-02 14:35 49152 c:\programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-06-19 09:53 570664 c:\programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2009-02-26 19:25 160592 c:\programmi\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServUTrayIcon]
--a------ 2009-01-06 09:54 412672 c:\programmi\RhinoSoft.com\Serv-U\Serv-U-Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-01 11:43 136600 c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2009-01-16 17:06 185872 c:\programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 19:54 16010240 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\xampp\\apache\\bin\\apache.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\RhinoSoft.com\\Serv-U\\Serv-U.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\xampp\\MercuryMail\\mercury.exe"=
"c:\\Programmi\\File comuni\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22758:TCP"= 22758:TCP:emule
"54604:UDP"= 54604:UDP:emule 2
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-18 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-18 20560]
R2 WUSB54GR;WUSB54GR;c:\programmi\Wireless-G USB Network Adapter with RangeBooster\WLService.exe [2008-11-22 53307]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys c:\windows\system32\DRIVERS\wg111v2.sys
S3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\DRIVERS\ss.sys c:\windows\system32\DRIVERS\ss.sys
.
Contenuto della cartella 'Scheduled Tasks'

2009-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-18 c:\windows\Tasks\EasyShare Registration RunOnce Task.job
- c:\docume~1\ALLUSE~1\DATIAP~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.9.20.1.sxt _RegistrationOfferSilence@16 []

2009-02-18 c:\windows\Tasks\EasyShare Registration Task.job
- c:\docume~1\ALLUSE~1\DATIAP~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.9.20.1.sxt _RegistrationOffer@16 []

2009-01-17 c:\windows\Tasks\Servizi Internet.job
- c:\programmi\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 18:23]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{52fe8ad8-243f-4684-b278-0dc7d2d5d588} - c:\windows\system32\ofwimq.dll
BHO-{71186bbf-1341-4cdf-99cb-bb09665bffa3} - c:\windows\system32\juvilisi.dll
MSConfigStartUp-ArcSoft Connection Service - c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSConfigStartUp-PCDrProfiler - c:\programmi\PC-Doctor 5 for Windows\RunProfiler.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.MegaLab.it/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Compila Modulo - file://c:\programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Personalizza - file://c:\programmi\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Barra strumenti - file://c:\programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Salva Moduli - file://c:\programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\HP_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\79xo5gw4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.repubblica.it/
FF - component: c:\documents and settings\HP_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\79xo5gw4.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\HP_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\79xo5gw4.default\extensions\{98549af2-3c18-4ad6-bd40-78241a4b15ea}\components\FFAlert.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 14:55:13
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\xampp\apache\bin\apache.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\programmi\xampp\mysql\bin\mysqld-nt.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\programmi\Wireless-G USB Network Adapter with RangeBooster\WUSB54GR.exe
c:\programmi\xampp\apache\bin\apache.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-21 14:59:15 - Il pc � stato riavviato [HP_Proprietario]
ComboFix-quarantined-files.txt 2009-03-21 13:59:12

Pre-Run: 98,403,213,312 byte disponibili
Post-Run: 98,693,156,864 byte disponibili

248 --- E O F --- 2009-03-14 13:04:07

Log HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.57.34, on 21/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\xampp\apache\bin\apache.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Wireless-G USB Network Adapter with RangeBooster\WLService.exe
C:\Programmi\Wireless-G USB Network Adapter with RangeBooster\WUSB54GR.exe
C:\Programmi\xampp\apache\bin\apache.exe
C:\Programmi\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Proprietario\Documenti\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.MegaLab.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmi\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Programmi\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: Compila Modulo - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Personalizza - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Barra strumenti - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Salva Moduli - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Compila - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Compila Modulo - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Salva - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Salva Moduli - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Barra strumenti - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmi\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\con=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\con=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Programmi\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - C:\Programmi\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: WUSB54GR - GEMTEKS - C:\Programmi\Wireless-G USB Network Adapter with RangeBooster\WLService.exe

--
End of file - 9869 bytes

comunque, hai la possibilità di testare se tramite ethernet funziona?

Questo lo rimando a domani, dato che devo spostare il pc nell'altra stanza.

[Amantide]

Come avevo immaginato, Combofix ha rimosso alcuni file che erroneamente ha ritenuto pericolosi.

Vai nella cartella C:\Qoobox, trova i seguenti file che sono stati rinominati, rimettili la loro estensione originale (.sys ed .exe), fai attenzione ad abilitare la visualizzazione delle estensioni per i tipi di file conosciuti per non lasciare la doppia estensione, e rimettili nella posizione originale.

Codice: Seleziona tutto

c:\windows\system32\drivers\ss.sys
c:\windows\system32\ss.exe

Questo invece devi rimuovere:

Codice: Seleziona tutto

C:\bla.exe

Riavvia il pc per vedere se hai risolto.

[zenith]

Grazie mille, ora va tutto perfettamente.
Ho avuto problemi a postare i log dato che ero sotto Ubuntu... Vi ringrazio moltissimo, internet mi serviva molto in questo periodo!

[Amantide]

Grazie mille, ora va tutto perfettamente.

E' proprio per questa ragione che insisto sempre a farmi vedere il report della scansione con il mio amatissimo Combofix prima di dichiarare il caso chiuso, a volte prende degli abbagli con i driver ed eseguibili dei programmi poco conosciuti.