Da qualche giorno non riesco piu' ad aggiornare avast,ne spybot,ne qualsiasi programma di rimozione virus,maleware,ecc.
Inoltre per connettermi a internet devo disattivare l'antivirus altrimenti compare la schermata che mi dice che il collegamento non è possibile.
Ho provato a far girare avast non aggiornato e altri antivirus online ma non segnalano nulla di rilevante,cosi' come spybot e malwarebyte.
Ho provato anche a lanciare hijackThis e controllare il log in automatico ma non sembrerebbe esserci nulla di particolare.
Le mie conoscenze informatiche sono decisamente scarse,ho seguito i suggerimenti che avete postato a chi aveva dei problemi simili ai miei,ma non sono riuscito a venirne a capo.
Se qualcuno avesse voglia di darmi una mano vi allego il log di combofix.
- Codice: Seleziona tutto
ComboFix 09-09-05.02 - aginformpc.com 07/09/2009 15.14.20.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.264 [GMT 2:00]
Eseguito da: c:\documents and settings\aginformpc.com\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090817-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programmi\Microsoft Common
c:\programmi\Microsoft Common\svchost.exe
c:\windows\atualmenteo.dll
c:\windows\Downloaded Program Files\wetf
c:\windows\Installer\1a5a4cb.msi
c:\windows\Installer\1a5a4e3.msi
c:\windows\Installer\5ad0e6.msi
c:\windows\msmmesagem.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe
.
((((((((((((((((((((((((( Files Creati Da 2009-08-07 al 2009-09-07 )))))))))))))))))))))))))))))))))))
.
2009-08-27 00:51 . 2009-08-27 00:51 -------- d-----w- c:\documents and settings\aginformpc.com\Dati applicazioni\Malwarebytes
2009-08-27 00:51 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-27 00:51 . 2009-08-27 00:51 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-08-27 00:51 . 2009-08-27 00:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-08-27 00:51 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-26 23:42 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-26 23:42 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-26 23:42 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-26 23:42 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-26 23:42 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-26 23:42 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-26 23:42 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-26 23:42 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-26 23:42 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-26 22:23 . 2009-08-26 22:23 -------- d-----w- c:\programmi\Trend Micro
2009-08-26 12:55 . 2009-08-26 13:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2009-08-26 12:54 . 2009-08-26 12:55 -------- d-----w- c:\programmi\CCleaner
2009-08-26 11:18 . 2009-08-26 11:22 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-26 01:48 . 2009-08-26 12:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-08-13 10:19 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 02:11 . 2009-08-12 09:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-08-12 02:11 . 2009-08-12 09:01 -------- d-----w- c:\programmi\NOS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 23:31 . 2007-12-29 23:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-26 22:04 . 2007-12-06 17:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-08-26 12:55 . 2006-06-07 23:13 -------- d--h--r- c:\documents and settings\aginformpc.com\Dati applicazioni\yahoo!
2009-08-26 12:55 . 2006-05-19 23:19 -------- d-----w- c:\programmi\Yahoo!
2009-08-26 01:44 . 2003-10-03 14:53 -------- d-----w- c:\programmi\Symantec
2009-08-18 00:46 . 2007-10-09 10:07 4018 ----a-w- c:\windows\mozver.dat
2009-08-05 08:59 . 2003-09-28 23:42 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 13:34 . 2007-12-29 23:11 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-08-02 12:21 . 2003-10-03 14:53 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-08-02 12:17 . 2003-10-03 14:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-07-17 19:01 . 2002-09-10 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2003-09-28 22:54 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 15:55 . 2004-02-06 16:08 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:55 . 2004-08-19 22:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:54 . 2002-09-10 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2002-09-10 12:00 735744 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2002-09-10 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2002-09-10 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2002-09-10 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2002-09-10 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2002-09-10 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2002-09-10 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2002-09-10 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-09-10 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:43 . 2002-09-10 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2002-09-10 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2003-06-27 16:15 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2002-09-10 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2007-12-30 02:23 . 2007-12-30 02:23 730180 ----a-w- c:\programmi\Manuale%20EasyCleaner%20italiano.pdf
2009-09-04 00:37 . 2007-12-30 16:07 67688 ----a-w- c:\programmi\mozilla firefox\components\jar50.dll
2009-09-04 00:37 . 2007-12-30 16:07 54368 ----a-w- c:\programmi\mozilla firefox\components\jsd3250.dll
2009-09-04 00:37 . 2007-12-30 16:07 34944 ----a-w- c:\programmi\mozilla firefox\components\myspell.dll
2009-09-04 00:37 . 2007-12-30 16:07 46712 ----a-w- c:\programmi\mozilla firefox\components\spellchk.dll
2009-09-04 00:37 . 2007-12-30 16:07 172136 ----a-w- c:\programmi\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="c:\programmi\ATI Technologies\main\launchPd.EXE" [2002-05-02 98304]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-10 68856]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\programmi\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-24 315392]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2004-02-01 98304]
"REGSHAVE"="c:\programmi\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
"DSLSTATEXE"="c:\program files\Conexant\Adsl\dslstat.exe" [2005-02-28 376832]
"DSLAGENTEXE"="c:\program files\Conexant\Adsl\dslagent.exe" [2005-02-28 90112]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2007-10-17 185632]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="c:\windows\System32\msiexec.exe" [2008-04-14 78848]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2006-5-13 282624]
InterVideo WinCinema Manager.lnk - c:\programmi\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-9-14 278528]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2003-10-3 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\Alwil Software\\Avast4\\ashAvast.exe"=
"c:\\Programmi\\K-Lite Codec Pack\\Filters\\ac3config.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/08/2009 1.42.52 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/08/2009 1.42.52 20560]
R3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [30/03/2008 4.04.10 161792]
.
Contenuto della cartella 'Scheduled Tasks'
2009-09-07 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-MsnMsgr - c:\programmi\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-Uniblue RegistryBooster 2 - c:\programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 127.0.0.1:9666
uSearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Download with Go!Zilla - file://c:\programmi\Go!Zilla\download-with-gozilla.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
FF - ProfilePath - c:\documents and settings\aginformpc.com\Dati applicazioni\Mozilla\Firefox\Profiles\4s5j1kre.default\
FF - component: c:\programmi\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 15:27
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(3044)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Hercules\WebCam Station\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-09-07 15.33.50 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-09-07 13:33
Pre-Run: 9.156.698.112 byte disponibili
Post-Run: 9.234.161.664 byte disponibili
196 --- E O F --- 2009-08-27 01:44
Grazie mille