Problema con Norton Antivirus 2006, virus trojan ???

[elisabetta62]

All'avvio del sistema mi appare questo messaggio di errore:
"Si è verificato un errore in symlcsvc.exe. L'applicazione verrà chiusa."
Allego il log dello scan del Roottkit e dell'Autostart effettuati con gmer.

---
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-15 12:04:05
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT 86DEC948 ZwAlertResumeThread
SSDT 86DEEC28 ZwAlertThread
SSDT 86E0D110 ZwAllocateVirtualMemory
SSDT 86BDFBC0 ZwConnectPort
SSDT \??\C:\Programmi\Symantec\SYMEVENT.SYS ZwCreateKey
SSDT 86CB9D38 ZwCreateMutant
SSDT 86EE3138 ZwCreateThread
SSDT \??\C:\Programmi\Symantec\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\Programmi\Symantec\SYMEVENT.SYS ZwDeleteValueKey
SSDT 86E8B2C0 ZwFreeVirtualMemory
SSDT 86CB9D70 ZwImpersonateAnonymousToken
SSDT 86DED688 ZwImpersonateThread
SSDT 86DEE8E0 ZwMapViewOfSection
SSDT 86D65240 ZwOpenEvent
SSDT 86DB3F40 ZwOpenProcessToken
SSDT 86EE4748 ZwOpenThreadToken
SSDT 86ED2608 ZwQueryValueKey
SSDT 86DB6BF0 ZwResumeThread
SSDT 86F23560 ZwSetContextThread
SSDT 86F62CC8 ZwSetInformationProcess
SSDT 86C4E498 ZwSetInformationThread
SSDT \??\C:\Programmi\Symantec\SYMEVENT.SYS ZwSetValueKey
SSDT 86D65208 ZwSuspendProcess
SSDT 86DF8E70 ZwSuspendThread
SSDT 86EA9548 ZwTerminateProcess
SSDT 86C5C560 ZwTerminateThread
SSDT 86F629C8 ZwUnmapViewOfSection
SSDT 86CC4780 ZwWriteVirtualMemory
---- Processes - GMER 1.0.10 ----

Library C:\WINDOWS\ohljx1.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [880] 0x04DB0000 <-- ROOTKIT !!!

---- Files - GMER 1.0.10 ----

File C:\MIGRA\adaware\aaw6181.exe
File C:\MIGRA\adaware\reflist.ref
File C:\MIGRA\adaware\reflist.zip
File C:\MIGRA\palladio\DISK1
File C:\MIGRA\palladio\HSFINST.DLL
File C:\MIGRA\palladio\HXFsetup.exe
File C:\MIGRA\palladio\InstPalUsbV92.txt
File C:\MIGRA\palladio\MdmXSdk.dll
File C:\MIGRA\palladio\MDMXSDK.SYS
File C:\MIGRA\palladio\PallUsbV92301.zip
File C:\MIGRA\palladio\UXpPal92.cat
File C:\MIGRA\palladio\UXpPal92.CTY
File C:\MIGRA\palladio\UXpPal92.inf
File C:\MIGRA\palladio\WINACUSB.SYS
File C:\MIGRA\ue10_20\dictam.gip
File C:\MIGRA\ue10_20\uesetup.exe
File C:\MIGRA\ue10_20\ue_english.gip
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{AB2E20B0-3BC2-46C8-8A1F-D8891E10C9FD}
File C:\WINDOWS\ohljx1.dll
File C:\WINDOWS\system32\lpt2.ibt

---- EOF - GMER 1.0.10 ----


GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-09-15 12:05:53
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
igfxcui@DLLName = igfxsrvc.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = \\?\C:\WINDOWS\System32\lpt2.ibt

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler /*AntiVir PersonalEdition Classic Scheduler*/@ = C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Guard*/@ = C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
btwdins /*Bluetooth Service*/@ = C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
ccEvtMgr /*Symantec Event Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
ccSetMgr /*Symantec Settings Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
LogVof /*LogVof*/@ = "C:\Programmi\File comuni\System\wAg.exe"
navapsvc /*Servizio Auto-Protect di Norton AntiVirus*/@ = "C:\Programmi\Norton AntiVirus\navapsvc.exe"
NPFMntor /*Norton AntiVirus Firewall Monitor Service*/@ = "C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe"
OracleMTSRecoveryService /*OracleMTSRecoveryService*/@ = C:\oraclexe\app\oracle\product\10.2.0\server\bin\omtsreco.exe OracleMTSRecoveryService /*file not found*/
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SNDSrvc /*Symantec Network Drivers Service*/@ = "C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe"
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
SPBBCSvc /*SPBBCSvc*/@ = "C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
Symantec Core LC /*Symantec Core LC*/@ = C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
Utilità di pianificazione di LiveUpdate automatico /*Utilità di pianificazione di LiveUpdate automatico*/@ = "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
WinDefend /*Windows Defender Service*/@ = "C:\Programmi\Windows Defender\MsMpEng.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@IgfxTrayC:\WINDOWS\System32\igfxtray.exe = C:\WINDOWS\System32\igfxtray.exe
@HotKeysCmdsC:\WINDOWS\System32\hkcmd.exe = C:\WINDOWS\System32\hkcmd.exe
@SmappC:\Programmi\Analog Devices\SoundMAX\SMTray.exe = C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
@DrvLsnrC:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe = C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
@srmcleanC:\Cpqs\Scom\srmclean.exe = C:\Cpqs\Scom\srmclean.exe
@SetRefreshC:\Programmi\Compaq\SetRefresh\SetRefresh.exe = C:\Programmi\Compaq\SetRefresh\SetRefresh.exe
@CPQEASYACCC:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe = C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@HP Network Registry AgentC:\WINDOWS\System32\hpnra.exe = C:\WINDOWS\System32\hpnra.exe
@helpw"helpw.exe" /*file not found*/ = "helpw.exe" /*file not found*/
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe"
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@ccApp"C:\Programmi\File comuni\Symantec Shared\ccApp.exe" = "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
@NAV CfgWiz"C:\Programmi\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" = "C:\Programmi\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
@avgnt"C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
@Windows Defender"C:\Programmi\Windows Defender\MSASCui.exe" -hide = "C:\Programmi\Windows Defender\MSASCui.exe" -hide

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background /*file not found*/ = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background /*file not found*/
@Skype"C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized

HKLM\Software\Classes\.hta@ =

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} = C:\PROGRA~1\WIFD1F~1\MpShHook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1 \MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programmi\Norton AntiVirus\NavShExt.dll
UltraEdit-32@{b5eedee0-c06e-11cf-8c56-444553540000} = C:\Programmi\UltraEdit\ue32ctmn.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
WS_FTP@{797F3885-5429-11D4-8823-0050DA59922B} = C:\Programmi\WS_FTP Pro\wsftpsi.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programmi\Norton AntiVirus\NavShExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
WS_FTP@{797F3885-5429-11D4-8823-0050DA59922B} = C:\Programmi\WS_FTP Pro\wsftpsi.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{66E85853-A84A-96A9-4209-8BCAF3D52618}C:\WINDOWS\ohljx1.dll = C:\WINDOWS\ohljx1.dll
@{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}C:\Programmi\Norton AntiVirus\NavShExt.dll = C:\Programmi\Norton AntiVirus\NavShExt.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar1.dll = c:\programmi\google\googletoolbar1.dll
@{FCFB6CE7-DEFC-BD8C-FDAD-455869D77138}C:\WINDOWS\ohljx1.dll = C:\WINDOWS\ohljx1.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\ssflwbox.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.msn.com/ = http://www.msn.com/
@Start Pagehttp://www.microsoft.com/isapi/redi ... ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.libero.it/ = http://www.libero.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
qrev@CLSID = C:\PROGRA~1\QUESTS~1\TOAD\RNetPin.dll /*file not found*/
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll
widimg@CLSID = C:\WINDOWS\System32\btxppanel.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain = spes2000

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0836D02E-AA9E-4E6F-BFA8-719AAC95FDD3} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.10.157 = 192.168.10.157
@NameServer192.168.10.100,213.174.160.2 = 192.168.10.100,213.174.160.2
@DefaultGateway192.168.10.254 = 192.168.10.254
@Domain =

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
BTTray.lnk = BTTray.lnk
Microsoft Office.lnk = Microsoft Office.lnk
WinZip Quick Pick.lnk = WinZip Quick Pick.lnk

---- EOF - GMER 1.0.10 ----

[andorra24]

elisabetta62 per scrivere un messaggio devi cliccare su ''rispondi'' e NON su ''nuovo topic''.

[andorra24]

All'avvio del sistem appare il seguente errore:
"Si è verificato un errore in symlcsvc.exe. L'applicazione verrà chiusa."
Allego il log del file creato con HijackThis:


Logfile of HijackThis v1.99.1
Scan saved at 12.29.01, on 15/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\hpnra.exe
C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\AntiVir PersonalEdition Classic\avcenter.exe
C:\Programmi\AntiVir PersonalEdition Classic\avscan.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\MIGRA\Antispyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0410/bl7.asp
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {66E85853-A84A-96A9-4209-8BCAF3D52618} - C:\WINDOWS\ohljx1.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Class - {FCFB6CE7-DEFC-BD8C-FDAD-455869D77138} - C:\WINDOWS\ohljx1.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programmi\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\System32\hpnra.exe
O4 - HKLM\..\Run: [helpw] "helpw.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Programmi\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1A7AEDAF-81DC-47A1-AAED-CBC0E9DEB274} (Oraster) - http://www.oracle.com/broadband/3winviewer/oraster.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6491708640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6839631701
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8634A6E-38D5-4AAE-8708-3F3DB92FF9D0} (NTR Activex 1.0. - http://www.inquiero.com/inquiero/mod/se ... vex108.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spes2000
O17 - HKLM\Software\..\Telephony: DomainName = spes2000
O17 - HKLM\System\CCS\Services\Tcpip\..\{0836D02E-AA9E-4E6F-BFA8-719AAC95FDD3}: NameServer = 192.168.10.100,213.174.160.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spes2000
O17 - HKLM\System\CS1\Services\Tcpip\..\{0836D02E-AA9E-4E6F-BFA8-719AAC95FDD3}: NameServer = 192.168.10.100,213.174.160.2
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = spes2000
O17 - HKLM\System\CS2\Services\Tcpip\..\{0836D02E-AA9E-4E6F-BFA8-719AAC95FDD3}: NameServer = 192.168.10.100,213.174.160.2
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = spes2000
O17 - HKLM\System\CS3\Services\Tcpip\..\{0836D02E-AA9E-4E6F-BFA8-719AAC95FDD3}: NameServer = 192.168.10.100,213.174.160.2
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOAD\RNetPin.dll (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: OracleMTSRecoveryService - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\omtsreco.exe (file missing)
O23 - Service: Oracleora92CLClientCache - Unknown owner - C:\oracle\ora92CLT\BIN\ONRSD.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

[Luke57]

Ciao, Elisabetta62,
scarica questo tool:
http://www.prevx.com/gromozon.asp
disattiva momentaneamente l'antivirus, con i programmi e applicazioni chiusi, esegui il tool.
Al riavvio del computer, il programma terminerà la scansone nelle restanti cartelle di windows. Al termine della scansione sarà rilasciato un report in C:\Gromzon_Removal.log.
Copia e incolla il report in un post.

[elisabetta62]

Ho eseguito il tool come da tuo consiglio e ti allego il file Gromzon_Removal.log:
--
Removal tool loaded into memory
------------------------------------
Executing rootkit removal engine....
------------------------------------
Disabling rootkit file: \\?\C:\WINDOWS\System32\lpt2.ibt
\\?\C:\WINDOWS\System32\lpt2.ibt
Resetting file permissions...
Clearing attributes...
Accesso negato - C:\_cleaned.tmp
Removing file...
C:\_cleaned.tmp
Rootkit removed! Cleaning up...

Removing temp files...
Scanning: C:\WINDOWS
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\12.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\1202.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\20.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\3B.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\4.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\5B.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\6.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\7.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\97.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\A.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\C.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\E.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\F.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\ohljx1.dll
Removed!
Scanning: C:\Programmi\File comuni
Removing protected file: C:\Programmi\File comuni\System\BPz.exe
Removing protected file: C:\Programmi\File comuni\System\BQp.exe
Removing directory: C:\Documents and Settings\\xMkTw
Removing protected file: C:\Programmi\File comuni\System\cDn.exe
Removing protected file: C:\Programmi\File comuni\System\DfHY.exe
Removing protected file: C:\Programmi\File comuni\System\DHC.exe
Removing protected file: C:\Programmi\File comuni\System\DoBG.exe
Removing protected file: C:\Programmi\File comuni\System\Dty.exe
Removing protected file: C:\Programmi\File comuni\System\EJl.exe
Removing protected file: C:\Programmi\File comuni\System\ellhnx.exe
Removing protected file: C:\Programmi\File comuni\System\EMaUX.exe
Removing protected file: C:\Programmi\File comuni\System\epLPL.exe
Removing protected file: C:\Programmi\File comuni\System\EVFk.exe
Removing protected file: C:\Programmi\File comuni\System\FmbU.exe
Removing protected file: C:\Programmi\File comuni\System\fUA.exe
Removing protected file: C:\Programmi\File comuni\System\hmF.exe
Removing protected file: C:\Programmi\File comuni\System\hWPAx.exe
Removing protected file: C:\Programmi\File comuni\System\IKS.exe
Removing protected file: C:\Programmi\File comuni\System\iwS.exe
Removing protected file: C:\Programmi\File comuni\System\jlCOnX.exe
Removing protected file: C:\Programmi\File comuni\System\jUN.exe
Removing protected file: C:\Programmi\File comuni\System\jZs.exe
Removing protected file: C:\Programmi\File comuni\System\KHR.exe
Removing protected file: C:\Programmi\File comuni\System\Lal.exe
Removing protected file: C:\Programmi\File comuni\System\lPsr.exe
Removing protected file: C:\Programmi\File comuni\System\LyjVCC.exe
Removing protected file: C:\Programmi\File comuni\System\LZTIg.exe
Removing protected file: C:\Programmi\File comuni\System\mbs.exe
Removing protected file: C:\Programmi\File comuni\System\mcGZgW.exe
Removing protected file: C:\Programmi\File comuni\System\mjd.exe
Removing protected file: C:\Programmi\File comuni\System\MOw.exe
Removing protected file: C:\Programmi\File comuni\System\ndx.exe
Removing protected file: C:\Programmi\File comuni\System\OiK.exe
Removing protected file: C:\Programmi\File comuni\System\oJp.exe
Removing protected file: C:\Programmi\File comuni\System\OOmu.exe
Removing protected file: C:\Programmi\File comuni\System\OYA.exe
Removing protected file: C:\Programmi\File comuni\System\PAG.exe
Removing protected file: C:\Programmi\File comuni\System\qbK.exe
Removing protected file: C:\Programmi\File comuni\System\qCR.exe
Removing protected file: C:\Programmi\File comuni\System\qIOhVs.exe
Removing protected file: C:\Programmi\File comuni\System\qOJ.exe
Removing protected file: C:\Programmi\File comuni\System\RciG.exe
Removing protected file: C:\Programmi\File comuni\System\rEX.exe
Removing protected file: C:\Programmi\File comuni\System\rTegC.exe
Removing protected file: C:\Programmi\File comuni\System\rwM.exe
Removing protected file: C:\Programmi\File comuni\System\RXMnI.exe
Removing protected file: C:\Programmi\File comuni\System\tczQAt.exe
Removing protected file: C:\Programmi\File comuni\System\tsG.exe
Removing protected file: C:\Programmi\File comuni\System\tyP.exe
Removing protected file: C:\Programmi\File comuni\System\VfW.exe
Removing protected file: C:\Programmi\File comuni\System\vMr.exe
Removing protected file: C:\Programmi\File comuni\System\vTv.exe
Removing protected file: C:\Programmi\File comuni\System\wAg.exe
Removing protected file: C:\Programmi\File comuni\System\wKjfan.exe
Removing protected file: C:\Programmi\File comuni\System\xjP.exe
Removing protected file: C:\Programmi\File comuni\System\YRzL.exe
Removing protected file: C:\Programmi\File comuni\System\YyxC.exe
Removing protected file: C:\Programmi\File comuni\System\ZDEmH.exe


Trojan.Gromozon Removed!

A presto e grazie per ora!

[Luke57]

Ciao, fai questa ultima verifica:
apri hijackthis, premi "open the misc tools section", "open unistall manager", cerche tra le applicazione linkoptimizer e Connection services, in caso affermativo li evidenzi e premi "delete this entry".

[elisabetta62]

Ciao, ho cercato e cancellato le applicazioni linkoptimizer e Connection services.
Il problema c'è ancora. Quando lancio Live update sembra che tutto vada a buon fine, ma la definizione dei virus non è aggiornata.
Cosa posso fare?

[Luke57]

Ciao, mi pare che hai due antivirus in realtime (Norton e Antivir), creano solo conflitti, tienilo solo uno.
Se vuoi, posta un ultimo log di hiajckthis.

[elisabetta62]

Ciao,
Antivir l'ho disinstallato. Ti mando il log:
--
Logfile of HijackThis v1.99.1
Scan saved at 11.50.46, on 18/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\hpnra.exe
C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\MIGRA\Antispyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0410/bl7.asp
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {66E85853-A84A-96A9-4209-8BCAF3D52618} - C:\WINDOWS\ohljx1.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Class - {FCFB6CE7-DEFC-BD8C-FDAD-455869D77138} - C:\WINDOWS\ohljx1.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programmi\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\System32\hpnra.exe
O4 - HKLM\..\Run: [helpw] "helpw.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Programmi\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1A7AEDAF-81DC-47A1-AAED-CBC0E9DEB274} (Oraster) - http://www.oracle.com/broadband/3winviewer/oraster.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6491708640
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6839631701
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8634A6E-38D5-4AAE-8708-3F3DB92FF9D0} (NTR Activex 1.0. - http://www.inquiero.com/inquiero/mod/se ... vex108.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spes2000
O17 - HKLM\Software\..\Telephony: DomainName = spes2000
O17 - HKLM\System\CCS\Services\Tcpip\..\{0836D02E-AA9E-4E6F-BFA8-719AAC95FDD3}: NameServer = 192.168.10.100,213.174.160.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spes2000
O17 - HKLM\System\CS1\Services\Tcpip\..\{0836D02E-AA9E-4E6F-BFA8-719AAC95FDD3}: NameServer = 192.168.10.100,213.174.160.2
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = spes2000
O17 - HKLM\System\CS2\Services\Tcpip\..\{0836D02E-AA9E-4E6F-BFA8-719AAC95FDD3}: NameServer = 192.168.10.100,213.174.160.2
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = spes2000
O17 - HKLM\System\CS3\Services\Tcpip\..\{0836D02E-AA9E-4E6F-BFA8-719AAC95FDD3}: NameServer = 192.168.10.100,213.174.160.2
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOAD\RNetPin.dll (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: OracleMTSRecoveryService - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\omtsreco.exe (file missing)
O23 - Service: Oracleora92CLClientCache - Unknown owner - C:\oracle\ora92CLT\BIN\ONRSD.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

Grazie per ora

[Luke57]

Ciao, con hijackthis premi "do a system scan only", cerca e spunta:
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {66E85853-A84A-96A9-4209-8BCAF3D52618} - C:\WINDOWS\ohljx1.dll (file missing)
O2 - BHO: Class - {FCFB6CE7-DEFC-BD8C-FDAD-455869D77138} - C:\WINDOWS\ohljx1.dll (file missing)
O4 - HKLM\..\Run: [helpw] "helpw.exe"

premi fix checked