Da tre giorni tramite Google non riesco ad accedere ai siti che cerco (vengo reinviato su wide.fullpageads.info).
Per ora ho utilizzato la scansione del mio antivirus Norton, Ccleaner, TDSSKiller, Malwarebytes' anti-malware (ho anche provato ad usare GMER, ma senza risultati, poichè si bloccava nella scansione dell'hard disk D:) e infine vi riporto lo scan report di NoAntivirusThanks Anti-Rootkit, che non so decifrare.
Mi potete dire cosa fare (anche usando The Avenger)? Vi ringrazio in anticipo.
==========================================================================================================================
NoVirusThanks Anti-Rootkit v1.2 (FREE EDITION)
Microsoft Windows Version 5.1 Build: 2600 Service Pack: 2
Detected CPUs: (2)
Scanning Commenced... 15/03/2011 11.22.19
==========================================================================================================================
>>>SSDT<<<
==========================================================================================================================
#12 NtAlertResumeThread
Real Address: 0x805D33CE
Hook Address: 0x856E0AB8 [<empty>]
#13 NtAlertThread
Real Address: 0x805D337E
Hook Address: 0x85301550 [<empty>]
#17 NtAllocateVirtualMemory
Real Address: 0x805A758E
Hook Address: 0x84ABB080 [<empty>]
#19 NtAssignProcessToJobObject
Real Address: 0x805D4E92
Hook Address: 0x853254D0 [<empty>]
#31 NtConnectPort
Real Address: 0x805A30A4
Hook Address: 0x857AB158 [<empty>]
#41 NtCreateKey
Real Address: 0x8062212E
Hook Address: 0xF21B4210 [SYMEVENT.SYS]
#43 NtCreateMutant
Real Address: 0x80615572
Hook Address: 0x84AB3B40 [<empty>]
#52 NtCreateSymbolicLinkObject
Real Address: 0x805C36A4
Hook Address: 0x85118270 [<empty>]
#53 NtCreateThread
Real Address: 0x805CF8C8
Hook Address: 0x85710910 [<empty>]
#57 NtDebugActiveProcess
Real Address: 0x80641014
Hook Address: 0x856F9C98 [<empty>]
#63 NtDeleteKey
Real Address: 0x806225BE
Hook Address: 0xF21B4490 [SYMEVENT.SYS]
#65 NtDeleteValueKey
Real Address: 0x8062278E
Hook Address: 0xF21B49F0 [SYMEVENT.SYS]
#68 NtDuplicateObject
Real Address: 0x805BC94C
Hook Address: 0x84ABB318 [<empty>]
#83 NtFreeVirtualMemory
Real Address: 0x805B19F6
Hook Address: 0x851236A0 [<empty>]
#89 NtImpersonateAnonymousToken
Real Address: 0x805F7316
Hook Address: 0x85311BD0 [<empty>]
#91 NtImpersonateThread
Real Address: 0x805D6052
Hook Address: 0x8530D9B0 [<empty>]
#97 NtLoadDriver
Real Address: 0x80582EAE
Hook Address: 0x85877668 [<empty>]
#108 NtMapViewOfSection
Real Address: 0x805B0A7E
Hook Address: 0x85123500 [<empty>]
#114 NtOpenEvent
Real Address: 0x8060CF5C
Hook Address: 0x852E8520 [<empty>]
#122 NtOpenProcess
Real Address: 0x805C9D0A
Hook Address: 0x84ABB570 [<empty>]
#123 NtOpenProcessToken
Real Address: 0x805EBFD0
Hook Address: 0x85900CD0 [<empty>]
#125 NtOpenSection
Real Address: 0x805A8EC2
Hook Address: 0x85288CD0 [<empty>]
#128 NtOpenThread
Real Address: 0x805C9F96
Hook Address: 0x85123FC0 [<empty>]
#137 NtProtectVirtualMemory
Real Address: 0x805B6E5E
Hook Address: 0x85118AC0 [<empty>]
#206 NtResumeThread
Real Address: 0x805D320A
Hook Address: 0x8528D538 [<empty>]
#213 NtSetContextThread
Real Address: 0x805D0002
Hook Address: 0x858266A0 [<empty>]
#228 NtSetInformationProcess
Real Address: 0x805CC754
Hook Address: 0x85123228 [<empty>]
#240 NtSetSystemInformation
Real Address: 0x8060DC14
Hook Address: 0x8574FCD0 [<empty>]
#247 NtSetValueKey
Real Address: 0x806207EE
Hook Address: 0xF21B4C40 [SYMEVENT.SYS]
#253 NtSuspendProcess
Real Address: 0x805D32D2
Hook Address: 0x856D5500 [<empty>]
#254 NtSuspendThread
Real Address: 0x805D3144
Hook Address: 0x856E7358 [<empty>]
#257 NtTerminateProcess
Real Address: 0x805D1232
Hook Address: 0x8583ACD0 [<empty>]
#258 NtTerminateThread
Real Address: 0x805D142C
Hook Address: 0x852BA3A0 [<empty>]
#267 NtUnmapViewOfSection
Real Address: 0x805B188C
Hook Address: 0x8583BCD0 [<empty>]
#277 NtWriteVirtualMemory
Real Address: 0x805B2E0C
Hook Address: 0x85123B30 [<empty>]
==========================================================================================================================
>>>Shadow SDT<<<
==========================================================================================================================
#307 NtUserAttachThreadInput
Real Address: 0xBF8F7A01
Hook Address: 0x852BE150 [<empty>]
#383 NtUserGetAsyncKeyState
Real Address: 0xBF863EA2
Hook Address: 0x852CA150 [<empty>]
#414 NtUserGetKeyboardState
Real Address: 0xBF8BA069
Hook Address: 0x856D6110 [<empty>]
#416 NtUserGetKeyState
Real Address: 0xBF82887F
Hook Address: 0x852B0150 [<empty>]
#428 NtUserGetRawInputData
Real Address: 0xBF9156DC
Hook Address: 0x849E91A8 [<empty>]
#460 NtUserMessageCall
Real Address: 0xBF80EFF3
Hook Address: 0x85897F00 [<empty>]
#475 NtUserPostMessage
Real Address: 0xBF8084A3
Hook Address: 0x85871430 [<empty>]
#476 NtUserPostThreadMessage
Real Address: 0xBF8AD237
Hook Address: 0x85796138 [<empty>]
#549 NtUserSetWindowsHookEx
Real Address: 0xBF8BA129
Hook Address: 0x85754060 [<empty>]
#552 NtUserSetWinEventHook
Real Address: 0xBF8F0124
Hook Address: 0x858883D0 [<empty>]
==========================================================================================================================
>>>Kernel Notify Routines<<<
==========================================================================================================================
CreateProcess: Address 0xF21A90C0 [C:\WINDOWS\system32\Drivers\SYMEVENT.SYS]
Hidden Loaded Driver: False
CreateProcess: Address 0xF1DDFC20 [C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20110309.001\BHDrvx86.sys]
Hidden Loaded Driver: False
CreateProcess: Address 0xF6A50B60 [C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys]
Hidden Loaded Driver: False
CreateThread: Address 0xF21A9050 [C:\WINDOWS\system32\Drivers\SYMEVENT.SYS]
Hidden Loaded Driver: False
LoadImage: Address 0xF21A8E00 [C:\WINDOWS\system32\Drivers\SYMEVENT.SYS]
Hidden Loaded Driver: False
LoadImage: Address 0xF1DDFB30 [C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20110309.001\BHDrvx86.sys]
Hidden Loaded Driver: False
LoadImage: Address 0xF6A50820 [C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys]
Hidden Loaded Driver: False
==========================================================================================================================
>>>Processes<<<
==========================================================================================================================
0x859C4660 [4]SYSTEM
Suspicious: False
Hidden: False
0x848F31E0 [1044]C:\WINDOWS\system32\winlogon.exe
Suspicious: False
Hidden: False
0x858C5788 [856]C:\Programmi\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
Suspicious: False
Hidden: False
0x84920B98 [1512]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x8592F030 [364]C:\WINDOWS\system32\spoolsv.exe
Suspicious: False
Hidden: False
0x84810030 [588]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x8469E788 [2484]C:\Programmi\NoVirusThanks\Anti-Rootkit (Free Edition)\NVTArk.exe
Suspicious: False
Hidden: False
0x849429A0 [1916]C:\WINDOWS\explorer.exe
Suspicious: False
Hidden: False
0x84697520 [2560]C:\Programmi\HP\Digital Imaging\bin\hpqbam08.exe
Suspicious: False
Hidden: False
0x84830B18 [480]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x8581E370 [1368]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x85289DA0 [564]C:\Programmi\HP\HP Software Update\hpwuSchd2.exe
Suspicious: False
Hidden: False
0x848E6600 [1320]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x8481C030 [1848]C:\Programmi\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe
Suspicious: False
Hidden: False
0x84931598 [1112]C:\WINDOWS\system32\lsass.exe
Suspicious: False
Hidden: False
0x849BF8A0 [464]C:\Programmi\QuickTime\qttask.exe
Suspicious: False
Hidden: False
0x8491B238 [660]C:\Programmi\File comuni\Java\Java Update\jusched.exe
Suspicious: False
Hidden: False
0x85451030 [680]C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
Suspicious: False
Hidden: False
0x8485DDA0 [732]C:\WINDOWS\system32\ctfmon.exe
Suspicious: False
Hidden: False
0x85861990 [752]C:\Programmi\Norton Utilities 14\nu.exe
Suspicious: False
Hidden: False
0x849214C0 [1100]C:\WINDOWS\system32\services.exe
Suspicious: False
Hidden: False
0x85453DA0 [836]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x84A30B98 [948]C:\WINDOWS\system32\smss.exe
Suspicious: False
Hidden: False
0x84862798 [960]C:\Programmi\HP\Button Manager\BM.exe
Suspicious: True
Hidden: False
0x849C4DA0 [1956]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x852C2030 [1008]C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
Suspicious: False
Hidden: False
0x84934158 [1020]C:\WINDOWS\system32\csrss.exe
Suspicious: False
Hidden: False
0x8491F580 [1712]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x849419A0 [1284]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x849A82F0 [1548]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x84850B18 [1544]C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
Suspicious: False
Hidden: False
0x8489EB98 [1688]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False
0x858EBDA0 [1748]C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
Suspicious: False
Hidden: False
0x858D8DA0 [388]C:\WINDOWS\system32\wuauclt.exe
Suspicious: False
Hidden: False
0x858DADA0 [2516]C:\Programmi\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe
Suspicious: False
Hidden: False
0x846A2990 [1684]C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe
Suspicious: False
Hidden: False
0x84746030 [2968]C:\WINDOWS\system32\wbem\wmiprvse.exe
Suspicious: False
Hidden: False
0x84726580 [3508]C:\WINDOWS\system32\wbem\wmiapsrv.exe
Suspicious: False
Hidden: False
0x846FA030 [3756]C:\WINDOWS\system32\wbem\wmiprvse.exe
Suspicious: False
Hidden: False
0x847007A8 [3924]C:\WINDOWS\system32\alg.exe
Suspicious: False
Hidden: False
==========================================================================================================================
>>>SYSENTER<<<
==========================================================================================================================
CPU #0 Hook Address: 0x80540790[C:\WINDOWS\system32\ntkrnlpa.exe]
Hooked: False
CPU #1 Hook Address: 0x80540790[C:\WINDOWS\system32\ntkrnlpa.exe]
Hooked: False
==========================================================================================================================
>>>Drivers<<<
==========================================================================================================================
==========================================================================================================================
>>>IDT<<<
==========================================================================================================================
==========================================================================================================================
>>>Windows Message Hooks<<<
==========================================================================================================================
Process: [1916]explorer.exe
Type: WH_KEYBOARD
Address: 0x746C024B
TID: 1920
Hook Module: MSCTF.dll
Process: [1916]explorer.exe
Type: WH_MOUSE
Address: 0x746BFF89
TID: 1920
Hook Module: MSCTF.dll
Process: [732]ctfmon.exe
Type: WH_SHELL
Address: 0x746C0D4E
TID: 744
Hook Module: MSCTF.dll
Process: [732]ctfmon.exe
Type: WH_GETMESSAGE
Address: 0x746C0DE9
TID: 744
Hook Module: MSCTF.dll
Process: [732]ctfmon.exe
Type: WH_CBT
Address: 0x746C08B6
TID: 744
Hook Module: MSCTF.dll
Process: [732]ctfmon.exe
Type: WH_KEYBOARD
Address: 0x746C024B
TID: 744
Hook Module: MSCTF.dll
Process: [732]ctfmon.exe
Type: WH_MOUSE
Address: 0x746BFF89
TID: 744
Hook Module: MSCTF.dll
Process: [1916]explorer.exe
Type: WH_KEYBOARD
Address: 0x746C024B
TID: 448
Hook Module: MSCTF.dll
Process: [1916]explorer.exe
Type: WH_MOUSE
Address: 0x746BFF89
TID: 448
Hook Module: MSCTF.dll
Process: [960]BM.exe
Type: WH_MSGFILTER
Address: 0x00405F27
TID: 968
Hook Module: BM.exe
Process: [960]BM.exe
Type: WH_CBT
Address: 0x0040CBFE
TID: 968
Hook Module: BM.exe
Process: [752]nu.exe
Type: WH_KEYBOARD
Address: 0x746C024B
TID: 776
Hook Module: MSCTF.dll
Process: [960]BM.exe
Type: WH_KEYBOARD
Address: 0x746C024B
TID: 968
Hook Module: MSCTF.dll
Process: [752]nu.exe
Type: WH_MOUSE
Address: 0x746BFF89
TID: 776
Hook Module: MSCTF.dll
Process: [960]BM.exe
Type: WH_MOUSE
Address: 0x746BFF89
TID: 968
Hook Module: MSCTF.dll
Process: [1008]hpqtra08.exe
Type: WH_KEYBOARD
Address: 0x746C024B
TID: 1024
Hook Module: MSCTF.dll
Process: [752]nu.exe
Type: WH_MSGFILTER
Address: 0x66061D17
TID: 776
Hook Module: msvbvm60.dll
Process: [1008]hpqtra08.exe
Type: WH_MOUSE
Address: 0x746BFF89
TID: 1024
Hook Module: MSCTF.dll
Process: [960]BM.exe
Type: WH_MSGFILTER
Address: 0x00405F27
TID: 1444
Hook Module: BM.exe
Process: [2516]ccsvchst.exe
Type: WH_KEYBOARD
Address: 0x746C024B
TID: 2580
Hook Module: MSCTF.dll
Process: [2516]ccsvchst.exe
Type: WH_MOUSE
Address: 0x746BFF89
TID: 2580
Hook Module: MSCTF.dll
Process: [2516]ccsvchst.exe
Type: WH_KEYBOARD
Address: 0x746C024B
TID: 2608
Hook Module: MSCTF.dll
Process: [2516]ccsvchst.exe
Type: WH_MOUSE
Address: 0x746BFF89
TID: 2608
Hook Module: MSCTF.dll
Process: [2516]ccsvchst.exe
Type: WH_KEYBOARD
Address: 0x746C024B
TID: 2828
Hook Module: MSCTF.dll
Process: [2516]ccsvchst.exe
Type: WH_KEYBOARD
Address: 0x746C024B
TID: 2636
Hook Module: MSCTF.dll
Process: [2516]ccsvchst.exe
Type: WH_MOUSE
Address: 0x746BFF89
TID: 2636
Hook Module: MSCTF.dll
Process: [2516]ccsvchst.exe
Type: WH_KEYBOARD
Address: 0x746C024B
TID: 2640
Hook Module: MSCTF.dll
Process: [2516]ccsvchst.exe
Type: WH_MOUSE
Address: 0x746BFF89
TID: 2640
Hook Module: MSCTF.dll
Process: [2516]ccsvchst.exe
Type: WH_KEYBOARD
Address: 0x746C024B
TID: 2664
Hook Module: MSCTF.dll
Process: [2516]ccsvchst.exe
Type: WH_MOUSE
Address: 0x746BFF89
TID: 2664
Hook Module: MSCTF.dll
Process: [2516]ccsvchst.exe
Type: WH_MOUSE
Address: 0x746BFF89
TID: 2828
Hook Module: MSCTF.dll
Process: [752]nu.exe
Type: WH_MOUSE
Address: 0x00031BF7
TID: 776
Hook Module: nu.exe
Process: [752]nu.exe
Type: WH_KEYBOARD
Address: 0x00003A04
TID: 776
Hook Module: nu.exe
Process: [752]nu.exe
Type: WH_KEYBOARD
Address: 0x00003A04
TID: 776
Hook Module: nu.exe
Process: [1008]hpqtra08.exe
Type: WH_KEYBOARD
Address: 0x746C024B
TID: 2512
Hook Module: MSCTF.dll
Process: [1916]explorer.exe
Type: WH_KEYBOARD
Address: 0x746C024B
TID: 3224
Hook Module: MSCTF.dll
Process: [1916]explorer.exe
Type: WH_MOUSE
Address: 0x746BFF89
TID: 3224
Hook Module: MSCTF.dll
Process: [1008]hpqtra08.exe
Type: WH_MOUSE
Address: 0x746BFF89
TID: 2512
Hook Module: MSCTF.dll
Process: [2484]NVTArk.exe
Type: WH_KEYBOARD
Address: 0x746C024B
TID: 2488
Hook Module: MSCTF.dll
Process: [2484]NVTArk.exe
Type: WH_MOUSE
Address: 0x746BFF89
TID: 2488
Hook Module: MSCTF.dll
Process: [1684]hpqste08.exe
Type: WH_KEYBOARD
Address: 0x746C024B
TID: 2572
Hook Module: MSCTF.dll
Process: [1684]hpqste08.exe
Type: WH_MOUSE
Address: 0x746BFF89
TID: 2572
Hook Module: MSCTF.dll
Process: [2560]hpqbam08.exe
Type: WH_KEYBOARD
Address: 0x746C024B
TID: 1500
Hook Module: MSCTF.dll
Process: [2560]hpqbam08.exe
Type: WH_MOUSE
Address: 0x746BFF89
TID: 1500
Hook Module: MSCTF.dll
==========================================================================================================================
>>>BHOs<<<
==========================================================================================================================
Key Name: {0347C33E-8762-4905-BF09-768834316C61}
Module: C:\Programmi\HP\Smart Web Printing\hpswp_printenhancer.dll (hpswp_printenhancer dll)
Key Name: {053F9267-DC04-4294-A72C-58F732D338C0}
Module: C:\Programmi\HP\Smart Web Printing\hpswp_framework.dll (Leo (Framework) - add-on for Internet Explorer)
Key Name: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Module: C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe PDF Helper for Internet Explorer)
Key Name: {6D53EC84-6AAE-4787-AEEE-F4628F01010C}
Module: C:\Programmi\Norton AntiVirus\Engine\17.8.0.5\IPSBHO.DLL (IPS Browser Helper DLL)
Key Name: {9030D464-4C02-4ABF-8ECC-5164760863C6}
Module: C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (WindowsLiveLogin.dll)
Key Name: {DBC80044-A445-435b-BC74-9C25C1C588A9}
Module: C:\Programmi\Java\jre6\bin\jp2ssv.dll (Java(TM) Platform SE binary)
==========================================================================================================================
>>>AppInit_DLLs<<<
==========================================================================================================================
==========================================================================================================================
>>>IRP Hooks<<<
==========================================================================================================================
==========================================================================================================================
>>>Ring0 Export Hooks<<<
==========================================================================================================================
==========================================================================================================================
>>>Ring3 Export Hooks<<<
==========================================================================================================================
[1916]explorer.exe->kernel32.dll->CreateProcessInternalW
Real Address: 0x7C819527
Hook Address: 0x00B287C8
Hook Module: <empty>
Hidden Hook Module: False
==========================================================================================================================
>>>Locked System Files<<<
==========================================================================================================================
==========================================================================================================================
>>>Locked Generic Files<<<
==========================================================================================================================
==========================================================================================================================
>>>Master Boot Record (MBR)<<<
==========================================================================================================================
Master Boot Record (MBR) appears to be Ok...
==========================================================================================================================
Scan Complete... 15/03/2011 11.23.58
==========================================================================================================================