Apparizione di Siti Indesiderati con Firefox e Explorer

[endragon]

Un Bacio alle Dame, e una Saluto ai Cavaglieri.

Ciao ragazzi, ho un Problema fastidioso, ultimamente quando navigo su Internet, digito una parola chiave su Google, andando a ciccare sui risultai della serp ( il link di un sito ), mi esce un altro sito, non desiderato, di solito siti pubblicitari.

Mi spiego meglio:

1 ) vado su Google ( cerco Repubblica.it )
2 ) digito su Repubblica.it
3 ) Non mi appare il sito della Repubblica.it, ma un sito spam ( se si po chiamare cosi, cioè sito non desiderato ).

Questo problema lo ho con Firefox .


Mentre con Internet Explorer 6

Ogni volta che apro una nova finestra, mi appare un pseudo-sito che tenta di istallarmi un Antivirus o Anti- Spyware, dicendo le solite cose che ho il computer infetto, per la pace della famiglia meglio fare la scansione e installare il pseudo Programma ecc.


Come Antivirus uso Avast ( edizione Home ) il quale non ha trovato nulla ( preferisco la Scansione in Bios ).

Per i Spayware ecc, utilizzo CCleaner ( Regolarmente ).
e firefox alla chisura eliminati tutti dati di navigazione


Come devo fare per risolvere il problema e mettere in Sicuro il mio Computer.

[Deifobe]

scarica SystemScan, disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus, carica il rapporto che trovi sul desktop su Sendmefile e posta il link ottenuto.

ciao..

[endragon]

http://www.sendmefile.com/00630022

Ti Ringrazio in Anticipo per l'attenzione che mi dedichi.

[Deifobe]

Scarica Avenger e CCleaner


Apri il blocco note e copiaci dentro:

Windows Registry Editor Version 5.00

HKCR\CLSID\{8EE505F4-F554-435E-9C10-466DBF537BF4}

salvalo così:
nome: fix.reg
tipo di file: tutti i file
salvalo in c:\


Esegui avenger e nella finestra copia/incolla:

files to delete:
C:\WINDOWS\system32\rpcc.exe
C:\WINDOWS\system32\sdbinsta.exe
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\apcupse.dll
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\rpcc.exe
c:/windows/system32/drivers/asc3550p.sys

regostry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | WindowsHive
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | advap32

registry keys to delete:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32
HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\enum\r oot\legacy_asc3550p
HKEY_LOCAL_MACHINE\SYSTEM\controlset001\enum\root\ legacy_asc3550p
HKEY_LOCAL_MACHINE\SYSTEM\controlset002\enum\root\ legacy_asc3550p
HKEY_LOCAL_MACHINE\SYSTEM\controlset002\services\a sc3550p
HKEY_LOCAL_MACHINE\SYSTEM\controlset001\services\a sc3550p

drivers to disable:
asc3550p

drivers to delete:
asc3550p

programs to launch on reboot:
c:\fix.reg

Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato

Esegui CCleaner e ripulisci i file temporanei e i cookie (eseguilo 2 volte).

Svuota C:\WINDOWS\Prefetch

vai in c:\windows\system32\drivers e trova tyD58.sys
cliccaci sopra con il tasto destro del mouse e seleziona "proprietà".

Conosci questo sito e questo Ip??
212.150.54.250 dv-networks.com
temo di no.. eventualmente oggi l'aggiustiamo.

Posta un nuovo systemscan e il rapporto di avenger (c:\avenger)

ciao

[endragon]

Originariamente inviato da Deifobe


Svuota C:\WINDOWS\Prefetch

[ Fatto ]


vai in c:\windows\system32\drivers e trova tyD58.sys
cliccaci sopra con il tasto destro del mouse e seleziona "proprietà".

[ il file non lo trovato ]

Conosci questo sito e questo Ip??
212.150.54.250 dv-networks.com
temo di no.. eventualmente oggi l'aggiustiamo.

[ non lo conosco ci sono andato, ma ha una sola pagina]

Posta un nuovo systemscan e il rapporto di avenger (c:\avenger)

ciao

[endragon]

http://www.sendmefile.com/00630072


[ QUOTE ]
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\rpcc.exe" deleted successfully.
File "C:\WINDOWS\system32\sdbinsta.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\WinCtrl32.dll" not found!
Deletion of file "C:\WINDOWS\system32\WinCtrl32.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\apcupse.dll" deleted successfully.
File "C:\WINDOWS\system32\~.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\rpcc.exe" not found!
Deletion of file "C:\WINDOWS\system32\rpcc.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:/windows/system32/drivers/asc3550p.sys" not found!
Deletion of file "c:/windows/system32/drivers/asc3550p.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "regostry values to delete:" not found!
Deletion of file "regostry values to delete:" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n | WindowsHive"
Deletion of file "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n | WindowsHive" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n | advap32"
Deletion of file "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n | advap32" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\enum\ root\legacy_asc3550p" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\enum\ root\legacy_asc3550p" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\controlset001\enum\root \legacy_asc3550p" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\controlset001\enum\root \legacy_asc3550p" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\controlset002\enum\root \legacy_asc3550p" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\controlset002\enum\root \legacy_asc3550p" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\controlset002\services\ asc3550p" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\controlset001\services\ asc3550p" deleted successfully.

Error: could not open driver "asc3550p"
Disablement of driver "asc3550p" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\asc3550p" not found!
Deletion of driver "asc3550p" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32" deleted successfully.
Program "c:\fix.reg" successfully queued to run on reboot.

Completed script processing.

*******************

Finished! Terminate.

[ /QUOTE ]

[Deifobe]

ok.

fai anche questo: scarica Hijackthis e mettilo in un cartella dedicata (tipo: c:\programmi\Hijackthis).
Eseguilo e clicca sul tasto "Do a system scan and save a log file". Posta il file di testo ottenuto (puoi postarlo direttamente sul forum)

Poi, per due valori ho fatto un errore di battitura.. riesegui avenger:

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | WindowsHive
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | advap32

il pc da ancora problemi?

[endragon]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.14.06, on 24/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbSha0.dll
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 212.150.54.250 dv-networks.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbSha0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8EE505F4-F554-435E-9C10-466DBF537BF4} - C:\WINDOWS\system32\apcupse.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119 .1736\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Programmi\Share_Accelerator_MM\tbSha0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RaidTool] C:\Programmi\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [EEventManager] C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Programmi\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cordless DUALphone Avvio.lnk = C:\Programmi\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4935BF34-5007-462E-85DE-193D2025CAA5}: NameServer = 151.99.0.100,151.99.125.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10583 bytes


---------------------------------------------------------------------------------

Avenger:


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n|WindowsHive" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n|advap32" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


---------------------------------------------------------------------

[endragon]

Ciao, innanzitutto grazie per la tua Gentilezza nonché Disponibilità,

Purtroppo il problema esiste ancora.

Se ti può essere d’Aiuto il sito in questione che ogni volta mi fa il redict dal motore di ricerca è:

w w w . a u u t . c o m

[Deifobe]

fixa da hjt:

O1 - Hosts: 212.150.54.250 dv-networks.com
O2 - BHO: (no name) - {8EE505F4-F554-435E-9C10-466DBF537BF4} - C:\WINDOWS\system32\apcupse.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe "

NB: quelli in verde sono voci legittime ma non indispensabili, puoi tenerle o spuntarle. Preferirirei che le spuntassi, però.

Vedi come va dopo l'eliminazione della O1.

x quanto riguarda asc3550p.sys (che non è stato trovato) usiamo gmer: scarica gmer e scompattalo sul desktop.
Eseguilo, clicca su >>> e poi su "autostart" - "scan" - [attendi che si completi la scansione] - "copy" - apri un nuovo file di testo - incolla e salva il file.
Poi,clicca su "rootkit" - "scan" - [attendi che si completi la scansione] - "copy" - apri un nuovo file di testo - incolla e salva il file.

Posta i due rapporti (puoi anche copiarli in un unico file di testo)
===> se rileva files in rosso eliminali ( => se presente, troverà asc3550p.sys).

Poi riesegui systemscan e posta il rapporto (usa sempre Sendmefile, cortesemente)