Virus? Trojan? Emule e CPU al 100% più altri problemi

[Ghost Rider]

Riposto qui dietro indicazione di un altro membro del forum, dopo aver sbagliato due volte di fila... ho vinto qualche cosa?

Un saluto a tutto il forum, vi ho trovati facendo delle gran googlate quando ho iniziato ad avere il problema indicato nel titolo.
Ho già provato a seguire i consigli letti qui e sul forum di Emule, ma non ho risolto nulla e il problema, purtroppo non si limita al mulo.
Il PC ha funzionato benissimo fino a qualche giorno fa (Athlon 64 3200+, 1gb RAM, Asus M2V, GeForce 7300GT, masterizzatore DVD, 2HDD (80gb con solo il sistema operativo XP SP2, uno da 160gb per i download), improvvisamente l'antivirus (F-Secure) mi segnala un Tenga.a nella directory dove ci sono i programmi scaricati. Mai avuto segnalazioni precedenti dall'AV e non è stato scaricato alcun programma di recente. Ho fatto un paio di scansione online (anche con BitDefender), negative. I log di Hijackthis mi sembrano normali (analizzati sul sito) e su CurrentPorts non risulta nulla di anomalo.
Spybot, Adaware e Spyware Blaster non rilevano nulla di strano.
Quando lancio Emule, la CPU va quasi subito al 100% e ci resta. Nero non funzionava più (file exe corrotto) e ho dovuto reinstallarlo.
Altra cosa, ho impostato il router (NetGear DG834GT) in modo che mi mandi un messaggio in caso di attacco DOS, portscan e cavoli vari, ho ricevuto tonnellate di questi:
Thu, 2007-06-28 04:01:08 - TCP Packet - Source:151.20.157.7,19956 Destination:192.168.0.4,4662 - [DOS]
La 4662 è la porta usata dal muletto, ma quando sono arrivati questi 'warning' il mulo era chiuso.
Inoltre, e questa è di oggi, adesso ho questo:
TCP Packet - Source:192.168.0.4,3139 Destination:members.tmm.lyceu.net,80 - [BLOCK]

Consigli prima di un format C: ?

[wizard1993]

posta un log di gmer; e dimmi che firewall hai

[Ghost Rider]

Come firewall uso quello di F-Secure. Seguono log di Gmer e di Hijackthis.

Gmer:

GMER 1.0.13.12540 - http://www.gmer.net
Rootkit scan 2007-06-28 14:39:27
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Impossibile trovare il file specificato.

---- User code sections - GMER 1.0.13 ----

.text D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe[2084] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 87, E7, C3, 83 ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3192] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004DE392 C:\Programmi\MSN Messenger\msnmsgr.exe
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3192] WS2_32.dll!send 71A3428A 5 Bytes JMP 02B748E8 D:\Programmi\MessengerPlus! 3\MsgPlusH.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3192] WS2_32.dll!recv 71A3615A 5 Bytes JMP 02B748A6 D:\Programmi\MessengerPlus! 3\MsgPlusH.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3192] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 02B74408 D:\Programmi\MessengerPlus! 3\MsgPlusH.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3192] SHELL32.dll!Shell_NotifyIcon 7CA30C79 5 Bytes JMP 02B71163 D:\Programmi\MessengerPlus! 3\MsgPlusH.dll

---- User IAT/EAT - GMER 1.0.13 ----

IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018773CC] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01877376] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01877376] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018773CC] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01877376] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018773CC] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018773CC] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01877376] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01877376] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018773CC] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018773CC] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01877376] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018773CC] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01877376] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018773CC] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01877376] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01877376] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018773CC] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [01877376] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [018773CC] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018773CC] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [018773CC] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT D:\Programmi\Firefox\firefox.exe[2320] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01877376] D:\Programmi\Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F797CED0] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F797D0B0] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F797D2C0] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F797D020] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F797CFE0] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B9ED21C0] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B9ED2670] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B9ED2B10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B9ED1A80] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B9ED2C40] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B9ED3230] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B9ED1D10] FSfilter.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F797CED0] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F797D0B0] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F797D2C0] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F797D020] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F797CFE0] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F797CED0] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F797D0B0] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F797D2C0] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F797D020] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F797CFE0] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F797CE60] FSrec.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F797CE60] FSrec.sys

---- EOF - GMER 1.0.13 ----

****

Logfile of HijackThis v1.99.1
Scan saved at 14.19.46, on 28/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Programmi\APC\APC PowerChute Personal Edition\mainserv.exe
D:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
D:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
D:\Programmi\F-Secure\Anti-Virus\FSGK32.EXE
D:\Programmi\F-Secure\BackWeb\7681197\program\fsbwsys.exe
D:\Programmi\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\System32\svchost.exe
D:\Programmi\F-Secure\Common\FSMB32.EXE
C:\Programmi\MagicTune Premium\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\UPHClean\uphclean.exe
D:\Programmi\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\ups.exe
D:\Programmi\F-Secure\Common\FCH32.EXE
D:\Programmi\F-Secure\Common\FAMEH32.EXE
D:\Programmi\F-Secure\Anti-Virus\fsqh.exe
D:\Programmi\F-Secure\Anti-Virus\fsrw.exe
D:\Programmi\F-Secure\Common\FNRB32.EXE
D:\Programmi\F-Secure\Common\FIH32.EXE
D:\Programmi\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
D:\Programmi\F-Secure\Common\FSM32.EXE
D:\programmi\logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\rundll32.exe
D:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Programmi\MagicTune Premium\MagicTune Premium\MagicTune.exe
D:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Programmi\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Programmi\GlobalSCAPE\Foxmail\Foxmail.exe
D:\Programmi\XemiComputers\Active Desktop Calendar\ADC.exe
D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Roper\AirBlue Bluetooth Software\BTTray.exe
D:\Programmi\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Programmi\MagicTune Premium\MagicTune Premium\GammaTray.exe
D:\Programmi\LightSurf\Common\IconMgr.exe
D:\Programmi\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\SEC\Natural Color Pro\NCProTray.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
d:\Programmi\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
D:\Programmi\Firefox\firefox.exe
C:\Programmi\MSN Messenger\usnsvc.exe
D:\CurrentPorts\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - d:\Programmi\Dragon Systems\NaturallySpeaking2\Program\web_ie.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Programmi\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Programmi\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KlipFolio] "d:\Programmi\KlipFolio\KlipFolio.exe" /BOOT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "D:\Programmi\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Foxmail] D:\Programmi\GlobalSCAPE\Foxmail\Foxmail.exe -min
O4 - HKCU\..\Run: [Active Desktop Calendar] D:\Programmi\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] D:\programmi\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: APC UPS Status.lnk = D:\Programmi\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: F-Secure Automatic Update.lnk = D:\Programmi\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: LightSurf.lnk = D:\Programmi\LightSurf\Common\IconMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Programmi\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &Block this popup - D:\Programmi\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Programmi\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Programmi\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Roper\AirBlue Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120145278983
O16 - DPF: {7F8B2500-3B5D-474C-B828-C766ECE3AB3C} (ATLmosquito1 Class) - http://netphone.tiscali.it/netphone/ocx/mosquito.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A360B21F-41ED-4B17-8A20-17DC0EA7F2A6}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3796032-5C84-4ABB-83E7-66599CD93DF5}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\programmi\logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - d:\Programmi\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - D:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\Roper\AirBlue Bluetooth Software\bin\btwdins.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - D:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - D:\Programmi\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - D:\Programmi\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Programmi\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Programmi\MagicTune Premium\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[ste_95]

per conto mio, il log di hijackthis è pulito...quello di gmer non li so leggere...

[Ghost Rider]

Quote:

Originariamente inviato da ste_95

per conto mio, il log di hijackthis è pulito...quello di gmer non li so leggere...

Infatti, ho anche provato a rifarlo in momenti diversi della giornata, con programmi differenti aperti, ma alla fine (per quanto ne so) risulta sempre pulito.
Gmer non lo so leggere (e fino ad oggi nemmeno lo conoscevo).
Il PC è sempre andato bene, fino all'altro giorno, quando F-Secure mi ha segnalato un Tenga.a (non trovato dallo scan online di BitDefender).
Stasera prima di uscire ho lanciato uno scan online di Kaspersky che si è piantato al 26%.
Ora sta succedendo un preoccupante effetto domino. I programmi si piantano, non è possibile lanciare il mulo, non si logga su gmail.
Aiutatemi perché io ho già provato a fare quel poco che so fare ed è il PC di mia moglie... inizia a diventare nervosa

[Ghost Rider]

Ho riprovato a fare lo scan online con Kasperky, stavolta l'ha terminato.
Non ha trovato niente di niente. Che faccio?

[Ghost Rider]

Nessun consiglio?

[Bugs Bunny]

scansione con la trial di kaspersky in mod provvisoria
stando a quanto trovato tenga infetta tutti i file exe e talvolta li danneggia

[Ghost Rider]

Quote:

Originariamente inviato da Bugs Bunny

scansione con la trial di kaspersky in mod provvisoria
stando a quanto trovato tenga infetta tutti i file exe e talvolta li danneggia

La scansione online di Kaspersky, BItdefender e Panda non ha trovato nulla. DrWeb CureIt non ha trovato nulla. Hijackthis non vede nulla di strano, su Gmer non ci capisco nulla
Un falso positivo di F-Secure? È anche vero che un paio di file danneggiati li ho trovati, ma non c'è traccia di virus.
SpywareBlaster, Adaware, A2Free, Spyware Terminator e Spybot non trovano nulla.
Tuttavia, la CPU va spesso al 100% (in particolare con Emule). Fino a qualche giorno fa era tutto regolare e non so dove sbattere la testa.

[Bugs Bunny]

provare a reinstallare emule o ripristinare la conf di sys?

[Ghost Rider]

Quote:

Originariamente inviato da Bugs Bunny

provare a reinstallare emule o ripristinare la conf di sys?

Provato, prima di arrivare qui sono approdato nel forum di Emule dove ho trovato dei thread legati al problema della CPU al 100% e ho provato le soluzioni proposte, ma senza risultato.