problemi con il pc dopo varie infezioni

**clutch** · 24-05-2010, 13:46

un saluto a tutti.
settimana scorsa ho preso dei virus, mi appariva una schermata dove mi si diceva che ero infettato e di scaricare il programma che appariva sul desktop.
non l'ho fatto. avast era impazzito e aveva messo in quarantena decine di file.
poi ho fatto una scansione con malwarebytes che mi ha trovato altre infezioni.
poi ho fatto una scansione con spyware terminator che non ha trovato nulla.
ho fatto una scansione anche con virlt che non ha trovato nulla.
una volta riacceso avevo tutte le impostazioni cambiate, ho riscansionato con avast che mi ha trovato altre infezioni che ho messo in quarantena. dato un a pulitina con cccleaner, rifatto una scansione con malwarebytes che non ha trovato nulla e pensavo di aver risolto, ma mi accorgo che il pc non va come dovrebbe. programi che si bloccano, connessione che se ne va da sola.
posto di seguito log di hijack

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 13.10.58, on 24/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5 a.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmi\HighCriteria\TotalRecorder\TotRecSche d.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmi\DivX\DivX Update\DivXUpdate.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\NoAds\NoAds.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispat...=%s&tbid=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=60347
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301. 7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Schedulatore di FinePrint v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp 5a.exe" /source=HKLM
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Programmi\HighCriteria\TotalRecorder\TotRecSch ed.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NoAds] "C:\Programmi\NoAds\NoAds.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Programmi\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Programmi\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{900CD028-0B8D-4112-83E7-A86B5C591C0F}: NameServer = 85.37.17.15 85.38.28.74
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLite\viritsvc.exe

--
End of file - 10236 bytes

c'è qualcosa di anomalo che devo fixare ?
attendo fiducioso consigli sul da farsi.
riangraziando anticipatamente saluto

**menatwork** · 24-05-2010, 18:50

ciao

a prima vista non sembrerebbe un pc infetto, facciamo un controllo

disattiva l'antivirus

scarica combofix sul desktop ed eseguilo (non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!

**clutch** · 24-05-2010, 19:28

ciao menatwork
innanzitutto Grazie!!
il mouse l'ho dovuto muovere perchè mi ha chiesto di connettermi a microsoft perchè non trovava il punto di ripristino d'emergenza e poi mi ha chiesto di riavviare perchè c'era un rookit che andava, comunque adesso ha finito e di seguito posto il log.
2 post perchè mi dice che è troppo lungo.

grazie ancora.

ComboFix 10-05-23.08 - Roberto 24/05/2010 19.05.17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.958.556 [GMT 2:00]
Eseguito da: c:\documents and settings\Roberto\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100524-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\windows\system32\0f649281.dat
c:\windows\system32\1.tmp
c:\windows\system32\24f604c8.dll
c:\windows\system32\Cache
c:\windows\system32\Thumbs.db

La copia infetta di c:\windows\system32\drivers\atapi.sys è stata trovata e disinfettata
ipristinata copia da - Kitty had a snack

.
((((((((((((((((((((((((( Files Creati Da 2010-04-24 al 2010-05-24 )))))))))))))))))))))))))))))))))))
.

2010-05-24 11:08 . 2010-05-24 11:08 388096 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-05-22 15:46 . 2010-05-22 15:46 -------- d-----w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Temp
2010-05-21 18:57 . 2010-05-21 18:58 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-05-20 22:05 . 2010-05-20 22:05 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-07 11:27 . 2010-05-07 11:27 57344 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-07 11:27 . 2010-05-07 11:23 754984 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Setup\Resource.dll
2010-05-07 11:27 . 2010-05-07 11:23 1180952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Setup\DivXSetup.exe
2010-05-07 11:27 . 2009-11-21 00:03 530625 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-05-07 11:27 . 2009-11-21 00:03 530625 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-05-07 11:27 . 2010-05-07 11:27 56766 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DivXPlusShortcuts\Uninstaller.ex e
2010-05-07 11:27 . 2010-05-07 11:27 56978 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\WebPlayer\Uninstaller.exe
2010-05-07 11:26 . 2010-05-07 11:26 53600 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Update\Uninstaller.exe
2010-05-07 11:26 . 2010-05-07 11:26 57679 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Player\Uninstaller.exe
2010-05-07 11:26 . 2010-05-07 11:26 84040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\TransferWizard\Uninstaller.exe
2010-05-07 11:26 . 2010-05-07 11:26 57054 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DSDesktopComponents\Uninstaller. exe
2010-05-07 11:26 . 2010-05-07 11:26 54166 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-07 11:26 . 2010-05-07 11:26 57532 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DSASPDecoder\Uninstaller.exe
2010-05-07 11:26 . 2010-05-07 11:26 56458 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DivXDecoderShortcut\Uninstaller. exe
2010-05-07 11:26 . 2010-05-07 11:26 54174 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DSAACDecoder\Uninstaller.exe
2010-05-07 11:25 . 2010-05-07 11:25 54153 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DFXPlugin\Uninstaller.exe
2010-05-07 11:25 . 2010-05-07 11:25 54128 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Converter\Uninstaller.exe
2010-05-07 11:25 . 2010-05-07 11:25 54629 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\TranscodeEngine\Uninstaller.exe
2010-05-07 11:25 . 2010-05-07 11:25 54101 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-07 11:25 . 2010-05-07 11:25 57409 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\ControlPanel\Uninstaller.exe
2010-05-07 11:25 . 2010-05-07 11:25 52963 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-07 11:25 . 2010-05-07 11:25 54073 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Qt4.5\Uninstaller.exe
2010-05-07 11:25 . 2010-05-07 11:25 56969 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\ASPEncoder\Uninstaller.exe
2010-05-07 11:23 . 2010-05-07 11:23 144696 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-07 11:23 . 2010-05-07 11:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-05-23 08:23 . 2007-11-17 09:20 -------- d-----w- c:\programmi\NoAds
2010-05-22 08:16 . 2007-04-28 10:32 -------- d-----w- c:\programmi\emule
2010-05-21 11:23 . 2010-02-03 21:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2010-05-21 11:21 . 2010-02-03 21:39 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Spyware Terminator
2010-05-21 11:21 . 2010-02-03 21:39 -------- d-----w- c:\programmi\Spyware Terminator
2010-05-20 22:04 . 2010-02-03 21:45 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-05-20 21:00 . 2010-05-20 21:00 32382 ----a-w- c:\windows\SCHEDLGU.TXT.TMP
2010-05-20 17:08 . 2010-05-20 17:08 16 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\qvjsge.dat
2010-05-12 06:12 . 2007-04-26 23:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-05-07 19:29 . 2007-04-28 12:34 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\DivX
2010-05-07 11:27 . 2007-04-28 12:33 -------- d-----w- c:\programmi\DivX
2010-05-07 11:25 . 2009-08-14 10:30 -------- d-----w- c:\programmi\File comuni\DivX Shared
2010-04-28 21:12 . 2007-04-28 12:43 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Skype
2010-04-28 20:23 . 2009-01-02 12:13 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\skypePM
2010-04-23 16:41 . 2007-04-27 18:11 -------- d-----w- c:\programmi\Lexmark X1100 Series
2010-04-07 11:54 . 2008-03-06 18:00 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\dvdcss
2010-04-03 19:31 . 2004-08-30 20:00 538666 ----a-w- c:\windows\system32\perfh010.dat
2010-04-03 19:31 . 2004-08-30 20:00 101030 ----a-w- c:\windows\system32\perfc010.dat
2010-03-31 01:58 . 2007-04-28 11:19 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2007-04-27 21:24 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2007-04-27 21:24 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2007-04-27 21:24 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-29 22:46 . 2010-02-03 21:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-02-03 21:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 12:30 . 2004-08-30 20:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:30 . 2004-08-30 20:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:30 . 2004-08-30 20:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-30 20:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-28 17:14 . 2010-02-28 17:14 4998707 ----a-w- c:\programmi\flvplayer_setup_2.0.25.exe
2010-02-24 12:31 . 2004-08-30 20:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-03 21:25 . 2010-02-03 21:25 646776 ----a-w- c:\programmi\SpywareTerminatorSetup.exe
2010-02-03 18:11 . 2010-02-03 18:11 6480280 ----a-w- c:\programmi\vnlt6565.exe
2010-02-03 18:10 . 2010-02-03 18:10 5115824 ----a-w- c:\programmi\mbam-setup.exe
2010-02-03 18:09 . 2010-02-03 18:09 9694356 ----a-w- c:\programmi\spybotsd152.zip
2010-01-30 10:59 . 2010-01-30 10:59 1401344 ----a-w- c:\programmi\HijackThis.msi
2010-01-27 18:13 . 2010-01-27 18:13 15582536 ----a-w- c:\programmi\sd_5.1.zip
2010-01-24 11:09 . 2010-01-24 11:08 32494896 ----a-w- c:\programmi\QuickTimeInstaller.exe
2009-12-20 17:20 . 2009-12-20 17:19 91338304 ----a-w- c:\programmi\Ad-AwareInstallation.exe
2009-05-03 18:58 . 2009-05-03 18:58 10894157 ----a-w- c:\programmi\Jasc Animation Shop 3.11 Full.zip
2009-02-15 09:56 . 2009-02-15 09:56 6948362 ----a-w- c:\programmi\PocketDivXEncoder_0.3.60_2.rar
2008-11-11 12:22 . 2008-11-11 12:22 2955128 ----a-w- c:\programmi\ccsetup213.exe
2008-10-11 12:08 . 2008-10-11 12:08 307811 ----a-w- c:\programmi\_Office.Genuine.Advantage.Validation. v1.7.102.0 Cracked-Squiccio(Chicchedicala).zip
2008-06-07 22:23 . 2008-06-07 22:24 399000 ----a-w- c:\programmi\switchsetup.exe
2008-05-19 04:11 . 2009-02-15 09:58 7101440 ----a-w- c:\programmi\PocketDivXEncoder_0.3.60_2.exe
2008-05-18 20:04 . 2008-05-18 20:04 3168382 ----a-w- c:\programmi\SopCast_3.0.3_by_Myp2p.eu_official.zi p
2008-04-05 15:48 . 2008-04-05 15:49 1491592 ----a-w- c:\programmi\install_flash_player.exe
2008-03-27 22:55 . 2008-03-27 22:54 376146 ----a-w- c:\programmi\AlbumWrap_Extractor.zip
2008-03-08 11:35 . 2008-03-08 11:35 1423640 ----a-w- c:\programmi\dopdf.exe
2008-01-04 20:50 . 2008-01-04 20:50 976836 ----a-w- c:\programmi\slsk157test12c.exe
2007-11-11 21:24 . 2007-11-11 21:24 15622673 ----a-w- c:\programmi\adaware2007l.zip
2007-09-16 08:23 . 2007-09-16 08:23 51418424 ----a-w- c:\programmi\iTunesSetup.exe
2007-05-03 20:14 . 2007-05-03 20:14 4297883 ----a-w- c:\programmi\BitComet_0.70.zip
2007-04-28 12:17 . 2007-04-28 12:17 98512 ----a-w- c:\programmi\RealPlayer10-5GOLD_it.exe
2003-11-20 12:54 . 2007-04-28 14:22 307723 ----a-w- c:\programmi\oggdropXPd.zip
.

codice:

<pre>
c:\programmi\Alwil Software\Avast4\ashDisp .exe
c:\programmi\CyberLink\PowerDVD\PDVDServ .exe
c:\programmi\CyberLink\PowerDVD\Language\Language .exe
c:\programmi\File comuni\Ahead\Lib\NeroCheck .exe
c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\programmi\Sony\SonicStage\SsAAD .exe
c:\programmi\VIA\RAID\raid_tool .exe
c:\windows\system32\ctfmon .exe
</pre>

**clutch** · 24-05-2010, 19:29

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"NoAds"="c:\programmi\NoAds\NoAds.exe" [2007-11-17 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-11-24 81000]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Schedulatore di FinePrint v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fp disp5a.exe" [2006-01-12 491520]
"Lexmark X1100 Series"="c:\programmi\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"TotalRecorderScheduler"="c:\programmi\HighCriteri a\TotalRecorder\TotRecSched.exe" [2006-05-11 86016]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"DivXUpdate"="c:\programmi\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-30 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"IETI"="c:\programmi\Skype\Phone\IEPlugin\unins000 .exe" [N/A]

c:\documents and settings\Roberto\Menu Avvio\Programmi\Esecuzione automatica\
Webshots.lnk - c:\programmi\Webshots\Launcher.exe [2007-4-28 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR]
2010-04-12 20:32 278528 ----a-w- c:\vexplite\MONLITE.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\bitcomet\\BitComet.exe"=
"c:\\Programmi\\emule\\emule.exe"=
"c:\\Programmi\\utorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Hercules\\Hercules Blog Webcam\\Station2.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero WaveEditor\\DXEnum.exe"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"12756:TCP"= 12756:TCP:BitComet 12756 TCP
"12756:UDP"= 12756:UDP:BitComet 12756 UDP
"8692:TCP"= 8692:TCP:BitComet 8692 TCP
"8692:UDP"= 8692:UDP:BitComet 8692 UDP
"15953:TCP"= 15953:TCP:BitComet 15953 TCP
"15953:UDP"= 15953:UDP:BitComet 15953 UDP
"43640:TCP"= 43640:TCP:emule
"4662:TCP"= 4662:TCP:Emule TPC 4662
"4672:UDP"= 4672:UDP:Emule UDP 4672
"25:TCP"= 25:TCP:File and Printer Sharing

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20/12/2009 19.25.17 64288]
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRA GTLT.sys [11/11/2009 9.53.20 45312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/04/2008 2.19.56 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [03/02/2010 23.40.00 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [05/04/2008 2.19.56 20560]
R3 APL531;Hercules Blog Webcam;c:\windows\system32\drivers\BLvid.sys [05/01/2009 20.47.36 274816]
R3 camfilt;camfilt;c:\windows\system32\drivers\camfil t.sys [05/01/2009 20.47.36 22656]
S2 gafwload;Modem ADSL B-QUICK Loader;c:\windows\system32\drivers\gafwload.sys [27/04/2007 23.33.55 26859]
S2 mprddm32;Demand Dial Manager Supervisor;c:\windows\system32\rundll32.exe mprddm32.dll,ajys --> c:\windows\system32\rundll32.exe mprddm32.dll,ajys [?]
S2 sbbotdi;sbbotdi;\??\c:\progra~1\SPEEDB~1\sbbotdi.s ys --> c:\progra~1\SPEEDB~1\sbbotdi.sys [?]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [02/12/2009 15.19.01 1181328]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamoto u.sys [27/04/2007 23.03.33 49399]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regg uard.sys [18/11/2007 23.43.33 25837]
S3 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [27/11/2009 16.10.32 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-23 c:\windows\Tasks\{F87E725F-F23A-46AE-9F57-7CEB232DA0CD}_DANYBOR_Roberto.job
- c:\windows\system32\mobsync.exe [2004-08-30 20:00]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/webhp?hl=it
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\otylsolg.def ault\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)
FF - prefs.js: browser.startup.homepage - hxxp://www.nba.com/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60347&qkw=
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 19:13
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M EMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{ 95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD\0 00.fcl"
.
Ora fine scansione: 2010-05-24 19:16:27
ComboFix-quarantined-files.txt 2010-05-24 17:16

Pre-Run: 42.052.239.360 byte disponibili
Post-Run: 42.107.039.744 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B3CE6F6C3EB25404EB9D0E48D504156F

**menatwork** · 24-05-2010, 20:09

usi Sophos AntiRootkit? se lo hai ancora installato fai una scansione e controlla cosa rileva

esegui anche una scansione con questot tool

**clutch** · 24-05-2010, 20:36

sophos non ha trovato nulla
scanspyware si, però non mi ha eliminato niente.
questo è il log

http://wikisend.com/download/496420/...8-26-23-PM.txt

ho lanciato anche diagnose & fix, sotto il log

http://wikisend.com/download/455438/Diagnose and Fix.txt

ancora grazie.

**menatwork** · 24-05-2010, 21:23

probabilmente e' la versione a pagamento che procede con le eliminazioni...

scarica e installa malwarebytes

Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.

**clutch** · 24-05-2010, 22:43

non ha trovato nulla, di seguito il log
http://wikisend.com/download/458884/mbam-log-2010-05-24 (22-38-59).txt

che fare con i file e le registry key della lista di scanspyware ?

**R16** · 24-05-2010, 23:40

Se può essere d'aiuto:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
La versione non è aggiornata.

avast! antivirus 4.8.1368
L'antivirus è obsoleto.

Windows 5.1.2600 Service Pack 2
Il S.O è da aggiornare.

Non è difficile immaginare che il pc,sia pieno come un uovo.

Suggerisco una scansione con Systemscan .

**clutch** · 24-05-2010, 23:50

Malwarebytes l'avevo già nel pc, prima di farlo partire l'ho aggiornato
non è sufficente ?

riguardo all'antivirus, avast ce l'ho da anni e a quel prezzo ha sempre
fatto il suo dovere (più o meno...non avrei aperto questa discussione..)

sul service pack2 mi avevano detto di lasciar predere il pack3 perchè dava problemi

systemscan è online ?

consigli sul da farsi

Discussione: problemi con il pc dopo varie infezioni

Strumenti discussione

Ricerca discussione

Visualizza

problemi con il pc - help me

Permessi di invio