Olimpo Informatico

bechecche · Mortale devoto Registrato: 25/05/08 18:32 Messaggi: 5

da qualche tempo ho problemi di pop up, blocchi del computer, memoria virtuale insufficiente e lentezza del Pc Sad

allego i due log di combofix e hjt

ciao a tutti e grazie in anticipo

ComboFix 08-05-24.1 - 2008-05-25 18.17.06.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.510 [GMT 2:00]

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\1.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2

((((((((((((((((((((((((( Files Creati Da 2008-04-25 al 2008-05-25 )))))))))))))))))))))))))))))))))))
.

2008-05-17 17:30 . 2008-05-17 17:30 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-17 17:30 . 2008-05-17 17:30 <DIR> d-------- C:\fsaua.data
2008-05-17 17:30 . 2008-05-17 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-05-17 15:21 . 2008-05-17 15:21 <DIR> d-------- C:\Programmi\Netlog Music Tool
2008-05-17 13:48 . 2008-05-17 15:50 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-17 13:40 . 2008-05-24 14:12 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-17 13:40 . 2008-05-17 13:40 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-17 13:40 . 2008-05-17 13:40 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-17 13:40 . 2008-05-17 13:40 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-17 13:40 . 2008-05-17 13:40 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-17 13:39 . 2008-05-17 13:39 <DIR> d-------- C:\Programmi\AVG
2008-05-17 13:39 . 2008-05-17 13:39 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-17 13:39 . 2008-05-17 13:39 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-10 00:30 . 2008-05-10 00:30 268 --ah----- C:\sqmdata00.sqm
2008-05-10 00:30 . 2008-05-10 00:30 244 --ah----- C:\sqmnoopt00.sqm
2008-05-06 19:27 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-05-06 19:27 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-05-06 18:34 . 2008-05-06 18:34 <DIR> d-------- C:\WINDOWS\naevius_yt_1
2008-05-06 18:34 . 2008-05-07 22:27 <DIR> d-------- C:\naevius_temp_folder
2008-05-04 15:50 . 2008-05-04 15:50 <DIR> d-------- C:\Documents and Settings\roberto\DoctorWeb
2008-05-03 23:42 . 2008-05-03 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\sentinel
2008-05-03 23:38 . 2008-05-17 13:26 <DIR> d-------- C:\Programmi\File comuni\Panda Software
2008-05-03 23:28 . 2008-05-03 23:28 <DIR> d-------- C:\Programmi\Sophos
2008-05-03 22:23 . 2001-08-31 13:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-05-03 22:22 . 2001-08-31 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-03 22:20 . 2008-05-03 22:20 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-03 22:20 . 2008-05-03 22:20 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-03 22:20 . 2008-05-03 22:20 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-03 22:20 . 2008-05-03 22:20 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-05-03 22:20 . 2008-05-03 22:20 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-03 22:20 . 2008-05-03 22:20 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-03 22:05 . 2001-08-31 13:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-05-03 22:05 . 2001-08-31 13:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-05-03 22:05 . 2001-08-31 13:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-05-03 22:05 . 2001-08-31 13:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-05-03 20:47 . 2008-05-03 21:49 16,843 --a------ C:\WINDOWS\setupapi.old
2008-04-30 20:54 . 2008-04-30 20:54 <DIR> d-------- C:\Programmi\iPod
2008-04-30 20:37 . 2008-04-30 20:38 <DIR> d-------- C:\Programmi\QuickTime
2008-04-30 19:58 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-04-30 19:58 . 2005-02-27 21:48 356,352 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2008-04-30 19:58 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-04-30 19:35 . 2008-05-25 18:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-30 19:35 . 2008-04-30 19:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-29 15:43 . 2008-04-29 15:43 <DIR> d-------- C:\divx
2008-04-29 15:34 . 2008-04-29 15:35 <DIR> d-------- C:\Documents and Settings\roberto\Dati applicazioni\DivX
2008-04-29 15:32 . 2008-03-21 22:30 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-04-27 13:29 . 2008-04-27 13:29 1,144 --a------ C:\WINDOWS\mozver.dat
2008-04-27 13:27 . 2008-04-27 13:27 <DIR> d-------- C:\Documents and Settings\roberto\Dati applicazioni\Talkback
2008-04-27 13:27 . 2008-04-27 13:27 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-26 15:17 . 2008-05-02 00:01 <DIR> d-------- C:\Documents and Settings\roberto\Dati applicazioni\AVGTOOLBAR
2008-04-26 15:17 . 2008-05-17 13:39 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 19:25 --------- d-----w C:\Documents and Settings\roberto\Dati applicazioni\LimeWire
2008-05-08 18:57 --------- d-----w C:\Documents and Settings\roberto\Dati applicazioni\Xfire
2008-05-03 21:39 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-03 21:39 --------- d-----w C:\Programmi\Panda Security
2008-05-03 16:27 --------- d-----w C:\Programmi\Google
2008-05-01 08:42 --------- d-----w C:\Programmi\Apple Software Update
2008-04-26 20:12 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-24 20:44 --------- d-----w C:\Programmi\Java
2008-04-24 17:27 --------- d-----w C:\Programmi\MSN Messenger
2008-04-24 17:27 --------- d-----w C:\Programmi\Bonjour
2008-04-22 22:29 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-04-12 11:17 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-04-03 19:56 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-04-03 19:51 --------- d-----w C:\Programmi\File comuni\SWF Studio
2008-04-01 14:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 16:54 --------- d-----w C:\Programmi\Steinberg
2008-03-27 16:54 --------- d-----w C:\Programmi\Bias
2008-03-26 19:21 --------- d-----w C:\Programmi\proDAD
2008-03-26 19:21 --------- d-----w C:\Documents and Settings\roberto\Dati applicazioni\proDAD
2008-03-26 19:20 --------- d-----w C:\Programmi\Pinnacle
2008-03-26 19:03 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
2008-03-26 18:56 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle Studio
2008-03-26 18:54 --------- d-----w C:\Documents and Settings\roberto\Dati applicazioni\InstallShield
2008-03-26 15:45 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-25 13:39 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-23 21:29 22,328 ----a-w C:\Documents and Settings\roberto\Dati applicazioni\PnkBstrK.sys
2008-03-23 21:07 674,600 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 120,056 ----a-w C:\WINDOWS\system32\PxCpyI64.exe
2008-03-21 20:30 118,520 ----a-w C:\WINDOWS\system32\PxInsI64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 12:45 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-09 18:54 4,988 ---ha-w C:\os136207.bin
2008-03-09 13:59 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-02-28 16:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 12:04 238,888 ----a-w C:\WINDOWS\NuNInst.exe
2008-02-26 15:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
.

bdoriano

Fai questi controlli:

Controllo MBR Rootkit
1. Scarica questo programma e salvalo in C:\
2. Clicca Start
3. Clicca Esegui...
4. Digita:
  Codice:
  
  cmd
5. Clicca su ok
6. si apre la finestra DOS, digita:
  
  Codice:
  
  CD \
  
  premi invio
7. digita:
  
  Codice:
  
  mbr -f
  
  premi invio
8. digita:
  
  Codice:
  
  exit
  
  premi invio
9. Riavvia il pc
10. Posta qui il contenuto del log C:\mbr.log

Fai questa scansione con Kaspersky e poi disinstallalo.

Fai questa scansione con VirIT

bechecche · Mortale devoto Registrato: 25/05/08 18:32 Messaggi: 5

Ecco il log di mbr.exe
sto scaricando il programma di Kasperski

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

bechecche · Mortale devoto Registrato: 25/05/08 18:32 Messaggi: 5

ecco il log di kaspersky
Scan
----
Scanned: 408804
Detected: 0
Untreated: 0
Start time: 28/05/2008 19.57.19
Duration: 02.05.23
Finish time: 28/05/2008 22.02.42

Detected
--------
Status Object
------ ------

Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
All objects 408804 0 0 0 0 4449 655 26 20
System memory 753 0 0 0 0 1 0 0 0
Startup objects 1326 0 0 0 0 3 40 0 0
Disk boot sectors 6 0 0 0 0 0 0 0 0
Disco locale (C Smile

241807 0 0 0 0 3187 503 25 11
Disco locale (D Smile

164912 0 0 0 0 1258 112 1 9

Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes

Quarantine
----------
Status Object Size Added
------ ------ ---- -----

Backup
------
Status Object Size
------ ------ ----

bechecche · Mortale devoto Registrato: 25/05/08 18:32 Messaggi: 5

Nessuna novità?

c'è qualcuno che sa dirmi qualcosa?

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Crea un file di testo con le seguenti istruzioni: