Salve,

vi scrivo perchè non sono sicura che le cose nel mio pc funzioni normalmente, senza niente di anormale.
Quello che succede da pochi giorni è che quando avvio un file video con vlc o gomplayer o divx o altro, il file si apre ma compare una schermata nera con audio disturbato per due secondi e il pc si riavvia.
Poi una volta riavviato il pc riaprendo il file con lo stesso programma tutto funziona normalmente e mi posso guardare il filmato tranquillamente.
Ho controllato con spybot e avast non segnalano niente.
Ovviamente succede usando diversi programmi video e anche diversi filmati, anche se tutti avi effettivamente.

Oggi è successo però che quando apro vari programmi dopo due secondi che li ho aperti questi si chiudono da soli.
Per esempio ho aperto virtualdubmod e non ho fatto in tempo a cliccare su inserisci file che si è chiuso.
O aperto gomplayer e uguale dopo 4 secondi si è chiuso.
Aperto paint e stessa cosa.
Ammetto però che con firefox non mi è successo niente, nè con emule.

Come avete spiegato, sperando di aver capito bene, ho già fatto una scansione con il mio antivirus Avast e con Spybot e poi anche con CCleaner. Ma le insolite chiusure si ripropongono.

Di sicuro sarà a causa dei nuovi codec che ho installato oggi, ma può anche essere di no e io non me ne intendo. Spero tanto che non sia un virus.

Concludendo vi posto il log di hijacklist e Grazie.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.53.32, on 20/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programmi\Antivirus\Avast4\aswUpdSv.exe
C:\Programmi\Antivirus\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\windows\system32\spoolsv.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Programmi\ASUS\AI Direct Link\AsShare.exe
C:\Programmi\ASUS\Drive Xpert\SteelVine.exe
C:\Programmi\ASUS\Drive Xpert\DriveXpert.exe
C:\PROGRA~1\ANTIVI~1\Avast4\ashDisp.exe
C:\windows\system32\RUNDLL32.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Corel\Corel MediaOne\CorelIOMonitor.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\windows\system32\svchost.exe
C:\Programmi\Antivirus\Avast4\ashMaiSv.exe
C:\Programmi\Antivirus\Avast4\ashWebSv.exe
C:\windows\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programmi\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [Launch Direct Link] "C:\Programmi\ASUS\AI Direct Link\AsShare.exe"
O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Programmi\ASUS\AI Direct Link\AsCmd.exe" -reg
O4 - HKLM\..\Run: [Drive Xpert] C:\Programmi\ASUS\Drive Xpert\DriveXpert.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Programmi\Corel\Corel MediaOne\CorelIOMonitor.exe
O4 - HKLM\..\Run: [TrayServer] C:\Programmi\MAGIX\Film_su_CD_DVD_6_TerraTec_Edition\TrayServer.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B961D86-1DCB-4700-B5A3-C8313728EAF3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{56EB9442-B4D6-44A8-A53A-D222E7E3EBF6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA23CB97-42E0-40CA-A89C-8D431BA277A3}: NameServer = 85.37.17.47 85.38.28.82
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.215,85.255.112.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B961D86-1DCB-4700-B5A3-C8313728EAF3}: NameServer = 85.255.112.215,85.255.112.94
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{2B961D86-1DCB-4700-B5A3-C8313728EAF3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{2B961D86-1DCB-4700-B5A3-C8313728EAF3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Programmi\ASUS\Drive Xpert\SteelVine.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Antivirus\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Antivirus\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Antivirus\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Antivirus\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Servizio di Google Update (gupdate1c9da1b27d360ca) (gupdate1c9da1b27d360ca) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 7712 bytes

Ciao.
Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programmi\AskSearch\bin\DefaultSearch.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.215,85.255.112.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B961D86-1DCB-4700-B5A3-C8313728EAF3}: NameServer = 85.255.112.215,85.255.112.94

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.

Infine posta un nuovo log di HijackThis

Non ti ho indicato di eseguire le operazioni in Modalità Provvisoria.
Per il momento eseguile in Modalità normale.

Il log di HJT è a posto.
Per sicurezza, esegui anche questa scansione:
Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di Combofix e (qoobox)

Lo hai scaricato sul Desktop?

Con questo secondo combofix sono andata benissimo.
Ti posto il log:

ComboFix 09-09-22.01 - Atene 22/09/2009 22.13.11.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2047.1626 [GMT 2:00]
Eseguito da: c:\documents and settings\Atene\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090921-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\AskSearch\bin\DefaultSearch.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-08-22 al 2009-09-22 )))))))))))))))))))))))))))))))))))
.

2009-09-20 21:44 . 2009-09-20 21:44 -------- d-----w- c:\documents and settings\Atene\Dati applicazioni\Malwarebytes
2009-09-20 21:44 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-20 21:44 . 2009-09-20 21:44 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-09-20 21:44 . 2009-09-20 21:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-09-20 21:44 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-20 20:50 . 2009-09-20 20:50 -------- d-----w- c:\programmi\Trend Micro
2009-09-20 19:15 . 2009-09-20 19:26 -------- d-----w- C:\divx
2009-09-20 15:47 . 2009-09-20 15:47 -------- d-----w- c:\programmi\VirtualdubMod
2009-09-20 15:29 . 2009-09-20 15:32 -------- d-----w- c:\programmi\Haali
2009-09-20 15:25 . 2009-09-20 15:25 49604 ----a-w- c:\windows\system32\RadLightOFRUninstall.exe
2009-09-20 15:25 . 2009-09-20 15:30 -------- d-----w- c:\programmi\AC3Filter
2009-09-20 15:25 . 2000-06-23 12:05 136704 ----a-w- c:\windows\system32\iacenc.dll
2009-09-20 15:25 . 2000-06-22 11:09 56320 ------w- c:\windows\system32\iyvu9_32.dll
2009-09-20 15:25 . 2009-09-20 15:25 -------- d-----w- c:\programmi\Ligos
2009-09-20 15:23 . 2009-09-20 15:23 51600 ----a-w- c:\windows\system32\RadLightMPCUninstall.exe
2009-09-20 15:23 . 2007-06-03 12:31 10752 ----a-w- c:\windows\system32\ff_vfw.dll
2009-09-20 15:23 . 2007-04-24 15:30 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-09-20 15:23 . 2009-09-20 15:31 -------- d-----w- c:\programmi\ffdshow
2009-09-20 15:21 . 2009-09-20 15:21 21764 ----a-w- c:\windows\system32\CoreAAC-uninstall.exe
2009-09-20 15:20 . 2009-09-20 15:21 33021 ----a-w- c:\windows\system32\CoreVorbis-uninstall.exe
2009-09-20 15:19 . 2009-09-20 15:19 147036 ----a-w- c:\programmi\RadLightOFR_1.0.0.1.exe
2009-09-20 15:18 . 2009-09-20 15:18 95698 ----a-w- c:\programmi\RadLightMPC_1.0.0.4.exe
2009-09-20 15:18 . 2009-09-20 15:18 172600 ----a-w- c:\programmi\CoreAAC-1.2.0.575-3.exe
2009-09-20 15:17 . 2009-09-20 15:17 180481 ----a-w- c:\programmi\CoreVorbis_1.1.0.79_20050813.exe
2009-09-20 15:17 . 2009-09-20 15:17 232592 ----a-w- c:\programmi\l3codecx.exe
2009-09-20 15:10 . 2009-09-20 15:10 -------- d-----w- c:\documents and settings\Atene\Impostazioni locali\Dati applicazioni\JockerSoft
2009-09-20 14:53 . 2009-09-20 14:57 23510720 ----a-w- c:\programmi\dotnetfx.exe
2009-09-20 14:49 . 2009-09-20 15:33 -------- d-----w- c:\programmi\JockerSoft
2009-09-09 18:33 . 2009-09-09 19:00 -------- d-----w- c:\documents and settings\Atene\Dati applicazioni\dvdcss
2009-09-04 08:33 . 2009-09-04 08:33 -------- d-----w- c:\documents and settings\Atene\Dati applicazioni\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 20:12 . 2001-08-31 15:00 91766 ----a-w- c:\windows\system32\perfc010.dat
2009-09-22 20:12 . 2001-08-31 15:00 529906 ----a-w- c:\windows\system32\perfh010.dat
2009-09-21 15:07 . 2009-04-17 07:52 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2009-09-21 09:37 . 2009-04-17 11:06 -------- d-----w- c:\programmi\Vuze
2009-09-21 09:37 . 2009-04-17 11:05 -------- d-----w- c:\documents and settings\Atene\Dati applicazioni\Azureus
2009-09-20 17:06 . 2009-06-30 13:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-09-20 16:31 . 2009-06-30 13:41 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-09-20 15:38 . 2009-06-09 06:02 -------- d-----w- c:\programmi\Xvid
2009-09-20 15:35 . 2009-04-25 08:17 -------- d-----w- c:\programmi\Nero
2009-09-20 15:32 . 2009-04-15 17:19 -------- d-----w- c:\programmi\Intel
2009-09-20 15:31 . 2009-06-09 06:03 -------- d-----w- c:\programmi\DivX
2009-09-20 15:30 . 2009-07-30 06:36 -------- d-----w- c:\programmi\Avidemux 2.5
2009-09-20 15:27 . 2009-06-09 06:03 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-09-11 21:08 . 2009-06-09 11:58 -------- d-----w- c:\documents and settings\Atene\Dati applicazioni\DivX
2009-09-04 08:33 . 2009-04-15 17:15 -------- d-----w- c:\programmi\Alice ti aiuta
2009-08-17 16:10 . 2009-04-16 13:51 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-04-16 13:51 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-04-16 13:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-04-16 13:51 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-04-16 13:51 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-04-16 13:51 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-04-16 13:51 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-04-16 13:51 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-04-16 13:51 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-09 10:29 . 2009-05-30 12:58 -------- d-----w- c:\programmi\WinAVIVideoConverter
2009-07-30 13:19 . 2009-07-30 13:19 0 ----a-w- c:\programmi\Agg. DirectVobSub DVD con sottotitoli.txt
2009-07-30 13:18 . 2009-07-30 06:37 -------- d-----w- c:\programmi\DirectVobSub
2009-07-15 20:20 . 2009-04-16 14:23 45680 ----a-w- c:\documents and settings\Atene\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-30 10:53 . 2009-05-30 10:52 5254656 ----a-w- c:\programmi\converter.exe
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
2009-04-16 14:47 . 2009-04-16 14:47 8 --sh--r- c:\windows\system32\EDE186907B.sys
2004-08-19 13:39 . 2004-08-19 13:39 162941 --sha-r- c:\windows\system32\indkwxav.dll
2009-06-08 20:06 . 2009-04-16 14:47 2984 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-02 5964800]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-05-21 1423360]
"QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"Launch Direct Link"="c:\programmi\ASUS\AI Direct Link\AsShare.exe" [2007-11-16 1209856]
"Launch As Cmd Runner"="c:\programmi\ASUS\AI Direct Link\AsCmd.exe" [2007-04-11 376832]
"Drive Xpert"="c:\programmi\ASUS\Drive Xpert\DriveXpert.exe" [2008-05-30 10235904]
"avast!"="c:\progra~1\ANTIVI~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-05-13 148888]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"Corel File Shell Monitor"="c:\programmi\Corel\Corel MediaOne\CorelIOMonitor.exe" [2007-12-01 38400]
"TrayServer"="c:\programmi\MAGIX\Film_su_CD_DVD_6_TerraTec_Edition\TrayServer.exe" [2007-02-28 86016]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2151:TCP"= 2151:TCP:czmxvro

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [24/06/2008 0.21.48 150568]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16/04/2009 15.51.25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/04/2009 15.51.25 20560]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [15/04/2009 19.34.46 36864]
S2 57xx SteelVine Manager;57xx SteelVine;c:\programmi\ASUS\Drive Xpert\SteelVine.exe [29/05/2008 15.55.24 1286144]
S2 gupdate1c9da1b27d360ca;Servizio di Google Update (gupdate1c9da1b27d360ca);c:\programmi\Google\Update\GoogleUpdate.exe [21/05/2009 15.50.51 133104]
S2 vnoxnxy;Microsoft Universal;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 15.39.46 14336]
S3 CrystalSysInfo;CrystalSysInfo;c:\programmi\MediaCoder\SysInfo.sys [25/09/2007 16.59.46 15152]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [17/04/2009 10.12.25 1527900]
S3 GRABSTER150.X86;Grabster AV 150, Service X86;c:\windows\system32\drivers\GRABSTER150.X86.SYS [08/06/2009 8.02.38 259360]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vnoxnxy

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-21 13:50]

2009-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-21 13:50]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = 127.0.0.1
TCP: {2B961D86-1DCB-4700-B5A3-C8313728EAF3} = 208.67.220.220,208.67.222.222
TCP: {56EB9442-B4D6-44A8-A53A-D222E7E3EBF6} = 208.67.220.220,208.67.222.222
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Atene\Dati applicazioni\Mozilla\Firefox\Profiles\83m6hfy0.default\
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 22:15
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vnoxnxy]
"ServiceDll"="c:\windows\system32\indkwxav.dll"
.
Ora fine scansione: 2009-09-22 22.16.45
ComboFix-quarantined-files.txt 2009-09-22 20:16

Pre-Run: 133.412.700.160 byte disponibili
Post-Run: 133.380.665.344 byte disponibili

171

Una curiosità, dovevo farlo come il primo disabilitando l'antivirus, il firewall e la connessione?
Perchè ho fatto così prima di portare il file sull'icona combofix ho disabilitato tutto.
E fatto partire.

Ma mi è venuto il dubbio perchè alla fine del file log mi è comparso l'avviso che non so chi (non me lo sono segnata) non è riuscito a connettersi alla porta X (che anche questa non l'ho segnata)

E l'altra cosa curiosa è che l'antivirus si è abiliato da solo, ma forse è più probabile che non l'avessi disabilitato bene prima.

Se c'è bisogno di rifare dimmi pure.

Il file log che ne risulta è questo:


ComboFix 09-09-22.01 - Atene 23/09/2009 8.02.27.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2047.1634 [GMT 2:00]
Eseguito da: c:\documents and settings\Atene\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Atene\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090922-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\indkwxav.dll"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\indkwxav.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VNOXNXY
-------\Service_vnoxnxy


((((((((((((((((((((((((( Files Creati Da 2009-08-23 al 2009-09-23 )))))))))))))))))))))))))))))))))))
.

2009-09-20 21:44 . 2009-09-20 21:44 -------- d-----w- c:\documents and settings\Atene\Dati applicazioni\Malwarebytes
2009-09-20 21:44 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-20 21:44 . 2009-09-20 21:44 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-09-20 21:44 . 2009-09-20 21:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-09-20 21:44 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-20 20:50 . 2009-09-20 20:50 -------- d-----w- c:\programmi\Trend Micro
2009-09-20 19:15 . 2009-09-20 19:26 -------- d-----w- C:\divx
2009-09-20 15:47 . 2009-09-20 15:47 -------- d-----w- c:\programmi\VirtualdubMod
2009-09-20 15:29 . 2009-09-20 15:32 -------- d-----w- c:\programmi\Haali
2009-09-20 15:25 . 2009-09-20 15:25 49604 ----a-w- c:\windows\system32\RadLightOFRUninstall.exe
2009-09-20 15:25 . 2009-09-20 15:30 -------- d-----w- c:\programmi\AC3Filter
2009-09-20 15:25 . 2000-06-23 12:05 136704 ----a-w- c:\windows\system32\iacenc.dll
2009-09-20 15:25 . 2000-06-22 11:09 56320 ------w- c:\windows\system32\iyvu9_32.dll
2009-09-20 15:25 . 2009-09-20 15:25 -------- d-----w- c:\programmi\Ligos
2009-09-20 15:23 . 2009-09-20 15:23 51600 ----a-w- c:\windows\system32\RadLightMPCUninstall.exe
2009-09-20 15:23 . 2007-06-03 12:31 10752 ----a-w- c:\windows\system32\ff_vfw.dll
2009-09-20 15:23 . 2007-04-24 15:30 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-09-20 15:23 . 2009-09-20 15:31 -------- d-----w- c:\programmi\ffdshow
2009-09-20 15:21 . 2009-09-20 15:21 21764 ----a-w- c:\windows\system32\CoreAAC-uninstall.exe
2009-09-20 15:20 . 2009-09-20 15:21 33021 ----a-w- c:\windows\system32\CoreVorbis-uninstall.exe
2009-09-20 15:19 . 2009-09-20 15:19 147036 ----a-w- c:\programmi\RadLightOFR_1.0.0.1.exe
2009-09-20 15:18 . 2009-09-20 15:18 95698 ----a-w- c:\programmi\RadLightMPC_1.0.0.4.exe
2009-09-20 15:18 . 2009-09-20 15:18 172600 ----a-w- c:\programmi\CoreAAC-1.2.0.575-3.exe
2009-09-20 15:17 . 2009-09-20 15:17 180481 ----a-w- c:\programmi\CoreVorbis_1.1.0.79_20050813.exe
2009-09-20 15:17 . 2009-09-20 15:17 232592 ----a-w- c:\programmi\l3codecx.exe
2009-09-20 15:10 . 2009-09-20 15:10 -------- d-----w- c:\documents and settings\Atene\Impostazioni locali\Dati applicazioni\JockerSoft
2009-09-20 14:53 . 2009-09-20 14:57 23510720 ----a-w- c:\programmi\dotnetfx.exe
2009-09-20 14:49 . 2009-09-20 15:33 -------- d-----w- c:\programmi\JockerSoft
2009-09-09 18:33 . 2009-09-09 19:00 -------- d-----w- c:\documents and settings\Atene\Dati applicazioni\dvdcss
2009-09-04 08:33 . 2009-09-04 08:33 -------- d-----w- c:\documents and settings\Atene\Dati applicazioni\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 06:01 . 2001-08-31 15:00 91766 ----a-w- c:\windows\system32\perfc010.dat
2009-09-23 06:01 . 2001-08-31 15:00 529906 ----a-w- c:\windows\system32\perfh010.dat
2009-09-21 15:07 . 2009-04-17 07:52 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2009-09-21 09:37 . 2009-04-17 11:06 -------- d-----w- c:\programmi\Vuze
2009-09-21 09:37 . 2009-04-17 11:05 -------- d-----w- c:\documents and settings\Atene\Dati applicazioni\Azureus
2009-09-20 17:06 . 2009-06-30 13:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-09-20 16:31 . 2009-06-30 13:41 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-09-20 15:38 . 2009-06-09 06:02 -------- d-----w- c:\programmi\Xvid
2009-09-20 15:35 . 2009-04-25 08:17 -------- d-----w- c:\programmi\Nero
2009-09-20 15:32 . 2009-04-15 17:19 -------- d-----w- c:\programmi\Intel
2009-09-20 15:31 . 2009-06-09 06:03 -------- d-----w- c:\programmi\DivX
2009-09-20 15:30 . 2009-07-30 06:36 -------- d-----w- c:\programmi\Avidemux 2.5
2009-09-20 15:27 . 2009-06-09 06:03 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-09-11 21:08 . 2009-06-09 11:58 -------- d-----w- c:\documents and settings\Atene\Dati applicazioni\DivX
2009-09-04 08:33 . 2009-04-15 17:15 -------- d-----w- c:\programmi\Alice ti aiuta
2009-08-17 16:10 . 2009-04-16 13:51 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-04-16 13:51 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-04-16 13:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-04-16 13:51 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-04-16 13:51 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-04-16 13:51 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-04-16 13:51 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-04-16 13:51 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-04-16 13:51 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-09 10:29 . 2009-05-30 12:58 -------- d-----w- c:\programmi\WinAVIVideoConverter
2009-07-30 13:19 . 2009-07-30 13:19 0 ----a-w- c:\programmi\Agg. DirectVobSub DVD con sottotitoli.txt
2009-07-30 13:18 . 2009-07-30 06:37 -------- d-----w- c:\programmi\DirectVobSub
2009-07-15 20:20 . 2009-04-16 14:23 45680 ----a-w- c:\documents and settings\Atene\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-30 10:53 . 2009-05-30 10:52 5254656 ----a-w- c:\programmi\converter.exe
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
2009-04-16 14:47 . 2009-04-16 14:47 8 --sh--r- c:\windows\system32\EDE186907B.sys
2009-06-08 20:06 . 2009-04-16 14:47 2984 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-22_20.15.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-23 06:07 . 2009-09-23 06:07 16384 c:\windows\Temp\Perflib_Perfdata_684.dat
+ 2009-09-23 06:07 . 2009-09-23 06:07 16384 c:\windows\Temp\Perflib_Perfdata_568.dat
+ 2001-08-31 15:00 . 2009-09-23 06:01 77336 c:\windows\system32\perfc009.dat
- 2001-08-31 15:00 . 2009-09-22 20:12 77336 c:\windows\system32\perfc009.dat
+ 2001-08-31 15:00 . 2009-09-23 06:01 473124 c:\windows\system32\perfh009.dat
- 2001-08-31 15:00 . 2009-09-22 20:12 473124 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-02 5964800]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-05-21 1423360]
"QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"Launch Direct Link"="c:\programmi\ASUS\AI Direct Link\AsShare.exe" [2007-11-16 1209856]
"Launch As Cmd Runner"="c:\programmi\ASUS\AI Direct Link\AsCmd.exe" [2007-04-11 376832]
"Drive Xpert"="c:\programmi\ASUS\Drive Xpert\DriveXpert.exe" [2008-05-30 10235904]
"avast!"="c:\progra~1\ANTIVI~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-05-13 148888]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"Corel File Shell Monitor"="c:\programmi\Corel\Corel MediaOne\CorelIOMonitor.exe" [2007-12-01 38400]
"TrayServer"="c:\programmi\MAGIX\Film_su_CD_DVD_6_TerraTec_Edition\TrayServer.exe" [2007-02-28 86016]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\eMule\\emule.exe"=

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [24/06/2008 0.21.48 150568]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16/04/2009 15.51.25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/04/2009 15.51.25 20560]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [15/04/2009 19.34.46 36864]
S2 57xx SteelVine Manager;57xx SteelVine;c:\programmi\ASUS\Drive Xpert\SteelVine.exe [29/05/2008 15.55.24 1286144]
S2 gupdate1c9da1b27d360ca;Servizio di Google Update (gupdate1c9da1b27d360ca);c:\programmi\Google\Update\GoogleUpdate.exe [21/05/2009 15.50.51 133104]
S3 CrystalSysInfo;CrystalSysInfo;c:\programmi\MediaCoder\SysInfo.sys [25/09/2007 16.59.46 15152]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [17/04/2009 10.12.25 1527900]
S3 GRABSTER150.X86;Grabster AV 150, Service X86;c:\windows\system32\drivers\GRABSTER150.X86.SYS [08/06/2009 8.02.38 259360]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-21 13:50]

2009-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-21 13:50]
.
.
------- Scansione supplementare -------
.
TCP: {2B961D86-1DCB-4700-B5A3-C8313728EAF3} = 208.67.220.220,208.67.222.222
TCP: {56EB9442-B4D6-44A8-A53A-D222E7E3EBF6} = 208.67.220.220,208.67.222.222
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Atene\Dati applicazioni\Mozilla\Firefox\Profiles\83m6hfy0.default\
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-23 08:07
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3356)
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Antivirus\Avast4\aswUpdSv.exe
c:\programmi\Antivirus\Avast4\ashServ.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\programmi\Antivirus\Avast4\ashMaiSv.exe
c:\programmi\Antivirus\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-09-23 8.11.11 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-09-23 06:11
ComboFix2.txt 2009-09-22 20:16

Pre-Run: 133.080.535.040 byte disponibili
Post-Run: 132.984.201.216 byte disponibili

200

Sei stata bravissima.

Scarica Windows Worms Doors Cleaner
http://static.commentcamarche.net/en.kioskea.net/download/files/wwdc.exe

Avvia WWDC, e se compaiono delle voci rosse, cliccaci sopra su tutte per correggerle e poi riavvia il PC.
Avvia nuovamente WWDC e le voci dovrebbero essere tutte verdi.

Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di Combofix e (qoobox)

Disattiva il ripristino configurazione di sistema, http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121


Installa il service pack3 di Windows XP :

http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&DisplayLang=it


Installa Internet Explorer 7 :

http://www.microsoft.com/downloads/details.aspx?FamilyID=9ae91ebe-3385-447c-8a30-081805b2f90b&DisplayLang=it

Scarica e installa tutti gli altri aggiornamenti ad "Alta Priorità" di Windows , da Windows Update.

Poi postami un log di HijackThis

Male.
Questo vuol dire, che sarai sempre ad alto rischio di infezioni. ( anche gravi)
Senza contare, che con il solo Avast! è come andare, contro un carro armato, armati di una fionda.

Io posso darti una serie di consigli, poi vedi tu se seguirli oppure no.

Disistalla Avast! (prima cessane l'esecuzione sulla tray bar)
Per la disistallazione, vai in "installazione Applicazioni" e rimuovilo.
Poi usa questo tooll per eliminare eventuali "residui":
http://files.avast.com/files/eng/aswclear.exe
Pagina delle istruzioni:
http://www.avast.com/eng/avast-uninstall-utility.html
Fai una pulizia (registro compreso) con CCleaner.
Riavvia il pc.


Scarica Avira:
http://www.aiutamici.com/software?ID=10908

Lo configuri esattamente come in questa guida, in formato PDF: (parti direttamente dal punto 3)

http://www.zeusnews.it/zz_upload/PSV/Guida%20completa%20di%20%20AVIRA%20Antivir%209.pdf

Le voci indicate nella prima immagine a pagina 11 della Guida, spuntale tutte (nell'immagine non lo sono).

Tieni installato Malwarebytes, ricorda solo di aggiornarlo prima di ogni scansione.

Installa un Antispyware.

Installa questo Firewall:
http://www.aiutamici.com/software?ID=80361

Questi sono i requisiti minimi, per avere una protezione decente in un pc.

Ci sarebbe anche da aggiornare dei software di terze parti.

Al riavvio le schermate si susseguono in questo modo:

1. Schermata azzurra indicante la scheda madre ASUS
2. Schermata nera indicante l'inizializzazione del Bios Marvell etc...
3. Schermata nera con le seguenti scritte: F5: HPFS
F1: disk 2
Default: F5

4. Schermata nera con la scritta: File Boot.INI non valido
Avvio in corso da C:\windows\

5. Schermata nera con logo a bandiera di Windows e barra di progressione

6. Schermata azzurra con scritta Windows

AVvio

Il punto 3. e 4. ce li ho appunto da quando ho fatto togliere il virus e linux.

Io ho provato a premere F8 in ognuno di questi punti ma non mi entra mai in safe mode.
E' come se non premessi niente.

L'unico punto in cui succede qualcosa è se lo premo nella schermata di inizializzazione del bios, che allora mi entra nel bios, ma poi io dal bios non so entrare in safe mode. Dal bios so giusto dirgli se avviarsi da HD o Cd rom etc..