Non riesco ad accedere ai siti degli antivirus

di **mavck** » 07/06/10 09:11

allora grazie della risposta, dopo eseguirò i tuoi passaggi sul primo pc, ma adesso ti posto anche il LOF COMBOFIX che ho fatto sul Portatile..anche qui è emerso il solito problema... :mmmh:

...attendo che mi dici se lo script postato sopra da te va bene anche per il portatile o ce bisogno di un altro

scusami...

Codice: Seleziona tutto: ComboFix 10-06-06.03 - marti 07/06/2010 9.57.35.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.704 [GMT 2:00] Eseguito da: c:\documents and settings\marti\Documenti\Download\ComboFix.exe . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programmi\File comuni\Real\Update_OB\lang\faust_it.dll c:\programmi\File comuni\Real\Update_OB\lang\rpsearch_it.dll c:\programmi\Real\RealPlayer\converter\rnuninst_it.dll c:\programmi\Real\RealPlayer\lang\cdplay_it.dll c:\programmi\Real\RealPlayer\lang\dbcomp_it.dll c:\programmi\Real\RealPlayer\lang\embed_it.dll c:\programmi\Real\RealPlayer\lang\gemctl_it.dll c:\programmi\Real\RealPlayer\lang\mydevices_it.dll c:\programmi\Real\RealPlayer\lang\pngui_it.dll c:\programmi\Real\RealPlayer\lang\rjctl_it.dll c:\programmi\Real\RealPlayer\lang\rjdlg_it.dll c:\programmi\Real\RealPlayer\lang\rjeq_it.dll c:\programmi\Real\RealPlayer\lang\rjfade_it.dll c:\programmi\Real\RealPlayer\lang\rjmisc_it.dll c:\programmi\Real\RealPlayer\lang\rjprog_it.dll c:\programmi\Real\RealPlayer\lang\rjres_it.dll c:\programmi\Real\RealPlayer\lang\rjskin_it.dll c:\programmi\Real\RealPlayer\lang\rjviz_it.dll c:\programmi\Real\RealPlayer\lang\rjwma_it.dll c:\programmi\Real\RealPlayer\lang\rnuninst_it.dll c:\programmi\Real\RealPlayer\lang\rpapp_it.dll c:\programmi\Real\RealPlayer\lang\rpbgr_it.dll c:\programmi\Real\RealPlayer\lang\rpbrp_it.dll c:\programmi\Real\RealPlayer\lang\rpclsvc_it.dll c:\programmi\Real\RealPlayer\lang\rpclutil_it.dll c:\programmi\Real\RealPlayer\lang\rpdemand_it.dll c:\programmi\Real\RealPlayer\lang\rpdsplyr_it.dll c:\programmi\Real\RealPlayer\lang\rpext_it.dll c:\programmi\Real\RealPlayer\lang\rpgutil_it.dll c:\programmi\Real\RealPlayer\lang\rpmnpane_it.dll c:\programmi\Real\RealPlayer\lang\rpplylst_it.dll c:\programmi\Real\RealPlayer\lang\rpsearch_it.dll c:\programmi\Real\RealPlayer\lang\rpwebctl_it.dll c:\programmi\Real\RealPlayer\lang\systray_it.dll c:\programmi\Real\RealPlayer\lang\tcdinfo_it.dll c:\programmi\Real\RealPlayer\lang\tclsvc_it.dll c:\programmi\Real\RealPlayer\lang\tdwnmgr_it.dll c:\programmi\Real\RealPlayer\lang\tearm_it.dll c:\programmi\Real\RealPlayer\lang\teasdk_it.dll c:\programmi\Real\RealPlayer\lang\tmdedit_it.dll c:\programmi\Real\RealPlayer\lang\tmp3_it.dll c:\programmi\Real\RealPlayer\lang\twave_it.dll c:\programmi\Real\RealPlayer\lang\upgrdhlp_it.dll c:\programmi\Real\RealPlayer\lang\upgrdlib_it.dll c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((( Files Creati Da 2010-05-07 al 2010-06-07 ))))))))))))))))))))))))))))))))))) . 2010-06-02 21:08 . 2008-04-13 09:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2010-06-02 21:08 . 2008-04-13 09:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2010-05-26 12:35 . 2010-05-26 12:35 49152 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-05-26 12:35 . 2010-05-26 12:35 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-05-26 12:35 . 2010-05-26 12:35 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-05-26 12:35 . 2010-05-26 12:35 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-05-26 12:35 . 2010-05-26 12:35 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-07 07:58 . 2009-08-25 11:24 70336 ----a-w- c:\windows\system32\perfc010.dat 2010-06-07 07:58 . 2009-08-25 11:24 438214 ----a-w- c:\windows\system32\perfh010.dat 2010-06-07 07:53 . 2009-08-25 11:52 -------- d-----w- c:\programmi\Norton Internet Security 2010-06-07 07:52 . 2010-04-11 23:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton 2010-05-28 20:20 . 2010-04-11 01:14 148 ----a-w- c:\documents and settings\marti\Dati applicazioni\wklnhst.dat 2010-05-26 12:35 . 2010-05-26 12:35 40960 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-05-26 12:35 . 2010-05-26 12:35 308808 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-05-26 12:35 . 2010-05-26 12:35 14848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll 2010-05-26 12:35 . 2010-05-26 12:35 341600 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-05-26 12:35 . 2010-05-26 12:33 -------- d-----w- c:\programmi\File comuni\Real 2010-05-26 12:34 . 2010-05-26 12:33 -------- d-----w- c:\programmi\Real 2010-05-26 12:34 . 2010-05-26 12:34 -------- d-----w- c:\programmi\File comuni\xing shared 2010-05-26 12:34 . 2010-05-26 12:34 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-05-26 12:34 . 2010-05-26 12:34 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-04-26 18:31 . 2010-04-26 18:31 -------- d-----w- c:\documents and settings\marti\Dati applicazioni\Template 2010-04-11 23:54 . 2010-04-11 23:54 0 ----a-w- c:\windows\nsreg.dat 2010-04-11 23:44 . 2010-04-11 23:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller 2009-03-21 14:06 . 2009-08-25 11:24 169822 --sha-r- c:\windows\system32\uhklxges.dll . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Eee Docking"="c:\programmi\ASUS\Eee Docking\Eee Docking.exe" [2009-07-27 397312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088] "AsusACPIServer"="c:\programmi\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784] "AsusEPCMonitor"="c:\programmi\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304] "AsusTray"="c:\programmi\EeePC\ACPI\AsTray.exe" [2009-04-16 118784] "SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744] "SynAsusAcpi"="c:\programmi\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144] "LiveUpdate"="c:\programmi\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704] "TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-05-26 202256] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\marti\Menu Avvio\Programmi\Esecuzione automatica\ Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ SuperHybridEngine.lnk - c:\programmi\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-25 376832] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= "c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\Programmi\\eMule\\emule.exe"= "c:\\Programmi\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7739:TCP"= 7739:TCP:pfszeits R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [18/08/2009 23.44.33 38912] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [25/08/2009 13.08.18 1015424] S2 yyceyk;Boot Microsoft;c:\windows\system32\svchost.exe -k netsvcs [25/08/2009 13.24.54 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25/08/2009 13.05.30 1684736] S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [12/08/2009 8.57.17 39040] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs yyceyk . Contenuto della cartella 'Scheduled Tasks' 2010-06-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3769156265-213131487-877873343-1005.job - c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] 2010-06-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3769156265-213131487-877873343-1005.job - c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . . ------- Scansione supplementare ------- . uStart Page = hxxp://www.talti.com IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\marti\Dati applicazioni\Mozilla\Firefox\Profiles\rggf6rv0.default\ FF - component: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - CHIAVI ORFANE RIMOSSE - - - - HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-07 10:02 Windows 5.1.2600 Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yyceyk] "ServiceDll"="c:\windows\system32\uhklxges.dll" . Ora fine scansione: 2010-06-07 10:03:59 ComboFix-quarantined-files.txt 2010-06-07 08:03 Pre-Run: 63.425.265.664 byte disponibili Post-Run: 63.483.047.936 byte disponibili WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 51ACEA2DF9022A69EA382AADB57275F4

di **-> EleKtrA <-** » 07/06/10 09:18

Ciao mavck, anche qui c'è da preparare uno script ma diverso dall'altro.
Preferirei prima concludere con il primo computer e poi passare a questo.
Appena hai concluso le altre scansioni allega i log.

di **mavck** » 07/06/10 09:53

è solamente che oggi ho sott'occhio questo portatile, mentre il fisso lo rivedo forse questa sera

premetto che nessuno dei 2 è mio..(uno sister e uno cognato)..il mio fortunatamente per ora è salvo :lol:

di **-> EleKtrA <-** » 07/06/10 10:05

Non volevo sembrare dispettosa, soltanto rendere la procedura efficace e chiara.

Questo è lo script per il secondo computer (marti)
anche qui stessa procedura, comprese le scansioni con Malwarebytes e Hijackthis

Codice: Seleziona tutto: Killall:: File:: c:\windows\system32\uhklxges.dll Folder:: C:\WINDOWS\temp C:\WINDOWS\Tasks Driver:: yyceyk Boot Microsoft uvclf NetSvcs:: yyceyk Boot Microsoft uvclf Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7739:TCP"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\uvclf] Domains::

di **mavck** » 07/06/10 10:22

-> EleKtrA <- ha scritto:Non volevo sembrare dispettosa, soltanto rendere la procedura efficace e chiara.

Questo è lo script per il secondo computer (marti)
anche qui stessa procedura, comprese le scansioni con Malwarebytes e Hijackthis
Codice: Seleziona tutto
Killall:: File:: c:\windows\system32\uhklxges.dll Folder:: C:\WINDOWS\temp C:\WINDOWS\Tasks Driver:: yyceyk Boot Microsoft uvclf NetSvcs:: yyceyk Boot Microsoft uvclf Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7739:TCP"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\yyceyk] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\uvclf] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\uvclf] Domains::

Grazie mille procedo subito su questo

di **-> EleKtrA <-** » 07/06/10 10:34

@mavck, è inutile ripetere o citare completamente un messaggio precedente.
Appena puoi allega i log perchè ci sono altre cose da sistemare su entrambi i computer.

di **mavck** » 07/06/10 10:41

Combofix+cfsscript

Codice: Seleziona tutto: ComboFix 10-06-06.04 - marti 07/06/2010 11.32.53.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.555 [GMT 2:00] Eseguito da: c:\documents and settings\marti\Desktop\ComboFix.exe Opzioni usate :: c:\documents and settings\marti\Desktop\CFScript.txt.txt * Creato nuovo punto di ripristino FILE :: "c:\windows\system32\uhklxges.dll" . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\uhklxges.dll . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_YYCEYK -------\Service_yyceyk ((((((((((((((((((((((((( Files Creati Da 2010-05-07 al 2010-06-07 ))))))))))))))))))))))))))))))))))) . 2010-06-02 21:08 . 2008-04-13 09:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2010-06-02 21:08 . 2008-04-13 09:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2010-05-26 12:35 . 2010-05-26 12:35 49152 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-05-26 12:35 . 2010-05-26 12:35 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-05-26 12:35 . 2010-05-26 12:35 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-05-26 12:35 . 2010-05-26 12:35 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-05-26 12:35 . 2010-05-26 12:35 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-07 08:10 . 2009-08-25 11:24 70336 ----a-w- c:\windows\system32\perfc010.dat 2010-06-07 08:10 . 2009-08-25 11:24 438214 ----a-w- c:\windows\system32\perfh010.dat 2010-06-07 07:53 . 2009-08-25 11:52 -------- d-----w- c:\programmi\Norton Internet Security 2010-06-07 07:52 . 2010-04-11 23:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton 2010-05-28 20:20 . 2010-04-11 01:14 148 ----a-w- c:\documents and settings\marti\Dati applicazioni\wklnhst.dat 2010-05-26 12:35 . 2010-05-26 12:35 40960 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-05-26 12:35 . 2010-05-26 12:35 308808 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-05-26 12:35 . 2010-05-26 12:35 14848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll 2010-05-26 12:35 . 2010-05-26 12:35 341600 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-05-26 12:35 . 2010-05-26 12:33 -------- d-----w- c:\programmi\File comuni\Real 2010-05-26 12:34 . 2010-05-26 12:33 -------- d-----w- c:\programmi\Real 2010-05-26 12:34 . 2010-05-26 12:34 -------- d-----w- c:\programmi\File comuni\xing shared 2010-05-26 12:34 . 2010-05-26 12:34 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-05-26 12:34 . 2010-05-26 12:34 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-04-26 18:31 . 2010-04-26 18:31 -------- d-----w- c:\documents and settings\marti\Dati applicazioni\Template 2010-04-11 23:54 . 2010-04-11 23:54 0 ----a-w- c:\windows\nsreg.dat 2010-04-11 23:44 . 2010-04-11 23:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller . ((((((((((((((((((((((((((((( SnapShot@2010-06-07_08.02.16 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-25 11:24 . 2010-06-07 08:10 59244 c:\windows\system32\perfc009.dat - 2009-08-25 11:24 . 2010-06-07 07:58 59244 c:\windows\system32\perfc009.dat + 2009-08-25 11:24 . 2010-06-07 08:10 392944 c:\windows\system32\perfh009.dat - 2009-08-25 11:24 . 2010-06-07 07:58 392944 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Eee Docking"="c:\programmi\ASUS\Eee Docking\Eee Docking.exe" [2009-07-27 397312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088] "AsusACPIServer"="c:\programmi\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784] "AsusEPCMonitor"="c:\programmi\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304] "AsusTray"="c:\programmi\EeePC\ACPI\AsTray.exe" [2009-04-16 118784] "SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744] "SynAsusAcpi"="c:\programmi\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144] "LiveUpdate"="c:\programmi\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704] "TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-05-26 202256] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\marti\Menu Avvio\Programmi\Esecuzione automatica\ Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ SuperHybridEngine.lnk - c:\programmi\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-25 376832] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= "c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\Programmi\\eMule\\emule.exe"= "c:\\Programmi\\Messenger\\msmsgs.exe"= R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [18/08/2009 23.44.33 38912] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [25/08/2009 13.08.18 1015424] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25/08/2009 13.05.30 1684736] . Contenuto della cartella 'Scheduled Tasks' 2010-06-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3769156265-213131487-877873343-1005.job - c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] 2010-06-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3769156265-213131487-877873343-1005.job - c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . . ------- Scansione supplementare ------- . uStart Page = hxxp://www.talti.com IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\marti\Dati applicazioni\Mozilla\Firefox\Profiles\rggf6rv0.default\ FF - component: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-07 11:37 Windows 5.1.2600 Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** . --------------------- Dlls caricate dai processi in esecuzione --------------------- - - - - - - - > 'explorer.exe'(2788) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Altri processi in esecuzione ------------------------ . c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\windows\system32\igfxext.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Ora fine scansione: 2010-06-07 11:40:25 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2010-06-07 09:40 ComboFix2.txt 2010-06-07 08:04 Pre-Run: 63.491.432.448 byte disponibili Post-Run: 63.305.818.112 byte disponibili - - End Of File - - 863C41BA219D2B6E10B78897618DE2D7

di **-> EleKtrA <-** » 07/06/10 10:48

Hai dato una doppia estensione al file CFScript, ma fortunatamente ha funzionato.
Opzioni usate :: c:\documents and settings\marti\Desktop\CFScript.txt.txt

Ora continua con la procedura.

di **mavck** » 07/06/10 11:08

stesso pc..usato Malwarebytes' Anti-Malware 1.46

Codice: Seleziona tutto: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versione database: 4174 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 07/06/2010 12.07.36 mbam-log-2010-06-07 (12-07-36).txt Tipo di scansione: Scansione completa (C:\|D:\|) Elementi esaminati: 145534 Tempo trascorso: 23 minuti, 49 secondi Processi infetti in memoria: 0 Moduli di memoria infetti: 0 Chiavi di registro infette: 0 Valori di registro infetti: 0 Voci infette nei dati di registro: 0 Cartelle infette: 0 File infetti: 0 Processi infetti in memoria: (Non sono stati rilevati elementi nocivi) Moduli di memoria infetti: (Non sono stati rilevati elementi nocivi) Chiavi di registro infette: (Non sono stati rilevati elementi nocivi) Valori di registro infetti: (Non sono stati rilevati elementi nocivi) Voci infette nei dati di registro: (Non sono stati rilevati elementi nocivi) Cartelle infette: (Non sono stati rilevati elementi nocivi) File infetti: (Non sono stati rilevati elementi nocivi)

di **mavck** » 07/06/10 11:10

ed infine il Log HIjackthis

Codice: Seleziona tutto: R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmi\EeePC\ACPI\AsEPCMon.exe O4 - HKLM\..\Run: [AsusTray] C:\Programmi\EeePC\ACPI\AsTray.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SynAsusAcpi] C:\Programmi\Synaptics\SynTP\SynAsusAcpi.exe O4 - HKLM\..\Run: [LiveUpdate] C:\Programmi\Asus\LiveUpdate\LiveUpdate.exe auto O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Eee Docking] C:\Programmi\ASUS\Eee Docking\Eee Docking.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: SuperHybridEngine.lnk = ? O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll -- End of file - 6749 bytes

di **mavck** » 07/06/10 11:12

ed infine il Log HIjackthis

Codice: Seleziona tutto: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12.09.22, on 07/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\RTHDCPL.EXE C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe C:\Programmi\EeePC\ACPI\AsEPCMon.exe C:\Programmi\EeePC\ACPI\AsTray.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programmi\Asus\LiveUpdate\LiveUpdate.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe C:\WINDOWS\system32\igfxext.exe C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Documents and Settings\marti\Documenti\Download\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmi\EeePC\ACPI\AsEPCMon.exe O4 - HKLM\..\Run: [AsusTray] C:\Programmi\EeePC\ACPI\AsTray.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SynAsusAcpi] C:\Programmi\Synaptics\SynTP\SynAsusAcpi.exe O4 - HKLM\..\Run: [LiveUpdate] C:\Programmi\Asus\LiveUpdate\LiveUpdate.exe auto O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Eee Docking] C:\Programmi\ASUS\Eee Docking\Eee Docking.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: SuperHybridEngine.lnk = ? O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll -- End of file - 6749 bytes

di **-> EleKtrA <-** » 07/06/10 11:49

Bene, Malwarebytes non ha trovato niente e il log di HIjackthis risulta pulito.

Non vedo installato l'antivirus, immagino sia una scelta ponderata sulla base delle prestazioni, trattandosi di un EeePC. Tuttavia sarebbe consigliabile eseguire almeno una scansione online di tanto in tanto.
ESET Online Scanner (rimuove le eventuali infezioni)

Ti suggerisco anche un'applicazione che consente di risolvere le potenziali vulnerabilità del sistema.
PSI, l’ispettore personale di casa Secunia.

di **mavck** » 07/06/10 11:56

guarda istallato c'era il norton datomi col eeepc, ma per effettuare il combofix, lo avevo disitallato e ora sto istallato kaspersky pure, che in seguito compro la licenza per 2 anni

cmq ora naviga senza problemi, credo che quindi sia risolto...stasera ti aggiorno sull'altro PC, grazie

di **-> EleKtrA <-** » 07/06/10 12:04

Non occorreva disinstallare Norton o qualsiasi altro antivirus per eseguire Combofix, bastava disattivarlo momentaneamente.
Se hai la licenza di kaspersky Pure, va benissimo, altrimenti anche Avira AntiVir Personal fa egregiamente il suo mestiere.

di **mavck** » 07/06/10 20:05

Ciao, senti ti allego i Log del primo pc...
Combofix

Codice: Seleziona tutto: ComboFix 10-06-03.01 - claudio 07/06/2010 19.56.32.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.766.421 [GMT 2:00] Eseguito da: c:\documents and settings\claudio\Desktop\abc.exe Opzioni usate :: c:\documents and settings\claudio\Desktop\CFScript.txt AV: Kaspersky PURE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky PURE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} FILE :: "c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\{E3F35E26-3D56-4841-A4D5-C410B2B069C2}" "c:\windows\system32\hhlepas.dll" . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\hhlepas.dll . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WPYCBXAI -------\Service_wpycbxai ((((((((((((((((((((((((( Files Creati Da 2010-05-07 al 2010-06-07 ))))))))))))))))))))))))))))))))))) . 2010-06-05 14:26 . 2010-06-05 14:26 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2010-06-05 14:26 . 2010-06-05 14:26 108059 ----a-w- c:\windows\system32\drivers\klin.dat 2010-06-05 14:25 . 2009-12-14 10:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys 2010-06-05 14:25 . 2009-12-14 10:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys 2010-06-05 14:24 . 2010-06-05 14:24 -------- d-----w- c:\programmi\File comuni\InfoWatch 2010-06-05 14:24 . 2010-06-05 14:24 -------- d-----w- c:\programmi\Kaspersky Lab 2010-06-05 14:24 . 2010-06-05 14:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab 2010-06-05 14:22 . 2010-06-05 14:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files 2010-06-04 17:09 . 2010-06-04 17:09 -------- d-----w- c:\programmi\MSSOAP 2010-06-04 17:09 . 2010-06-04 17:09 -------- d-----w- c:\programmi\Webroot 2010-06-04 16:43 . 2010-06-04 16:43 164 ----a-w- c:\windows\install.dat 2010-06-04 16:28 . 2010-06-04 16:28 -------- d-----w- c:\programmi\Windows Live Safety Center 2010-06-04 16:08 . 2010-06-04 16:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avg8 2010-06-04 15:23 . 2010-06-04 15:23 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Norman 2010-06-02 20:01 . 2010-06-02 20:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion 2010-06-02 19:46 . 2010-06-02 19:46 -------- d-----w- c:\programmi\Yahoo! 2010-06-02 17:50 . 2010-06-02 17:50 -------- d-----w- c:\programmi\Alwil Software 2010-06-02 17:48 . 2010-06-02 17:48 -------- d-----w- C:\Software 2010-06-02 17:42 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll 2010-06-02 17:42 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2010-05-30 10:06 . 2009-07-23 10:57 100480 ----a-r- c:\windows\system32\drivers\ewusbfake.sys 2010-05-30 08:37 . 2010-05-30 08:37 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\FLEXnet 2010-05-30 08:31 . 2009-07-23 10:57 112640 ----a-r- c:\windows\system32\drivers\ewusbnet.sys 2010-05-30 08:31 . 2009-07-23 10:57 102528 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys 2010-05-30 08:30 . 2010-06-05 14:25 -------- dc----w- c:\windows\system32\DRVSTORE 2010-05-30 08:30 . 2010-05-30 08:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Vodafone 2010-05-30 08:30 . 2010-05-30 18:38 -------- d-----w- c:\programmi\Vodafone 2010-05-30 08:30 . 2010-05-30 08:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet 2010-05-30 08:29 . 2010-05-30 11:02 -------- d-----w- c:\windows\SxsCaPendDel 2010-05-30 08:27 . 2010-05-30 08:27 -------- d-----w- c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\{E3F35E26-3D56-4841-A4D5-C410B2B069C2} . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-06 11:01 . 2007-06-10 21:23 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Image Zone Express 2010-06-02 20:24 . 2006-10-13 11:53 59736 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT 2010-06-02 18:17 . 2006-11-28 18:34 -------- d-----w- c:\programmi\File comuni\Symantec Shared 2010-06-02 18:17 . 2006-11-28 18:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec 2010-06-02 17:47 . 2010-06-02 17:46 -------- d-----w- c:\programmi\K-Lite Codec Pack 2010-03-28 09:06 . 2004-10-25 18:40 74210 ----a-w- c:\windows\system32\perfc010.dat 2010-03-28 09:06 . 2004-10-25 18:40 447502 ----a-w- c:\windows\system32\perfh010.dat . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2009-12-25 14:42 129552 ----a-w- c:\programmi\Kaspersky Lab\Kaspersky PURE\shellex.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264] "SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975] "Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272] "DetectorApp"="c:\programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400] "ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952] "HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "MobileConnect"="c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032] "AVP"="c:\programmi\Kaspersky Lab\Kaspersky PURE\avp.exe" [2009-12-25 340456] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-07 15360] c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\APPS\\skype\\phone\\Skype.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Programmi\\Messenger\\msmsgs.exe"= R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [05/06/2010 16.25.20 88632] R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20.18.34 36880] R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [05/06/2010 16.25.22 39352] R2 CSObjectsSrv;Servizio di controllo CryptoStorage;c:\programmi\File comuni\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 17.34.38 743992] R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [18/09/2009 18.48.28 9216] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13.42.46 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18.39.44 19472] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [30/05/2010 10.31.25 112640] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [30/05/2010 12.06.23 100480] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [11/02/2010 12.07.47 7680] S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [11/02/2010 12.08.26 110080] S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [11/02/2010 12.08.19 104960] . . ------- Scansione supplementare ------- . uStart Page = hxxp://www.google.it/ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-07 20:03 Windows 5.1.2600 Service Pack 2 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** . --------------------- Dlls caricate dai processi in esecuzione --------------------- - - - - - - - > 'winlogon.exe'(640) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3508) c:\progra~1\GOTOSO~1\VADERE~1\VrOe_hook.dll c:\windows\system32\msi.dll . ------------------------ Altri processi in esecuzione ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\windows\system32\HPZipm12.exe c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\wdfmgr.exe c:\programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\eHome\ehmsas.exe c:\programmi\HP\Digital Imaging\bin\hpqSTE08.exe . ************************************************************************** . Ora fine scansione: 2010-06-07 20:08:09 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2010-06-07 18:08 ComboFix2.txt 2010-06-05 14:46 Pre-Run: 132.895.227.904 byte disponibili Post-Run: 132.921.503.744 byte disponibili - - End Of File - - 84C955E6E00667D5EF8DB14EAD87A3D2

Malware:

Codice: Seleziona tutto: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versione database: 4176 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 07/06/2010 20.56.18 mbam-log-2010-06-07 (20-56-18).txt Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|) Elementi esaminati: 183050 Tempo trascorso: 31 minuti, 41 secondi Processi infetti in memoria: 0 Moduli di memoria infetti: 0 Chiavi di registro infette: 0 Valori di registro infetti: 0 Voci infette nei dati di registro: 0 Cartelle infette: 0 File infetti: 1 Processi infetti in memoria: (Non sono stati rilevati elementi nocivi) Moduli di memoria infetti: (Non sono stati rilevati elementi nocivi) Chiavi di registro infette: (Non sono stati rilevati elementi nocivi) Valori di registro infetti: (Non sono stati rilevati elementi nocivi) Voci infette nei dati di registro: (Non sono stati rilevati elementi nocivi) Cartelle infette: (Non sono stati rilevati elementi nocivi) File infetti: C:\WINDOWS\system32\qhdfv.msv (Worm.Conficker) -> Quarantined and deleted successfully.

HijackThis

Codice: Seleziona tutto: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20.56.54, on 07/06/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programmi\File comuni\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehtray.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe C:\Programmi\HP\HP Software Update\HPWuSchd2.exe C:\APPS\SMP\SmpSys.exe C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe C:\Programmi\internet explorer\iexplore.exe C:\Programmi\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\claudio\Desktop\HijackThis.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky PURE\ievkbd.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe" O4 - HKLM\..\Run: [ATICCC] "c:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] "HDAShCut.exe" O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" O4 - HKLM\..\Run: [DetectorApp] "C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [MobileConnect] "%programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" /silent O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky PURE\avp.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Tastiera &Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky PURE\avp.exe O23 - Service: Servizio di controllo CryptoStorage (CSObjectsSrv) - Infowatch - C:\Programmi\File comuni\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- End of file - 7630 bytes

di **-> EleKtrA <-** » 07/06/10 22:16

Per il primo pc (claudio), segui questa procedura.

Step 1:Fixiamo le voci inutili in avvio automatico
Con tutte le applicazioni chiuse e disconnesso da internet
Avvia Hijackthis e clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked"

Codice: Seleziona tutto: O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

Step 2: Installa questo Aggiornamento della protezione per Windows XP (KB958644)

Step 3:Pulizia dei file temporanei
Scarica TFC by OldTimer sul desktop
chiudi tutti i programmi
avvia TFC, clicca su "star"
al termine della scansione ti chiederà il riavvio, dai ok.

Step 4: Pulizia e disinstallazione dei tool usati
Scarica OTC by OldTimer sul desktop
doppio clic per eseguirlo
clicca su "CleanUP" > "Yes" > "Yes"
riavvia.

Step 5: aggiornamento dei software
- Scarica e installa l'ultima versione di Adobe Reader
- Scarica e installa l'ultima versione di Java Sun
- Aggiorna Adobe FlashPlayer:
1. Scarica il programma di disinstallazione di FlashPlayer
2. Scarica l'ultima versione di FlashPlayer per IE
3. Scarica l'ultima versione di FlashPlayer per FF
4. Chiudi tutti i browser (IE, Opera, Firefox, Chrome, etc)
5. Esegui il programma di disinstallazione scaricato al punto 1.
6. Esegui il programma di installazione scaricato al punto 2.
7. Esegui il programma di installazione scaricato al punto 3.

Step 6: Correzione piccoli errori e velocizzazione del Sistema

- Esegui una deframmentazione degli hardisk, puoi usare IObit SmartDefrag.
Oppure con l' utility interna di windows:
Start / Programmi / Accessori / Utilità di sistema / Utilità di deframmentazione dischi.

- Esegui uno Scandisk:
Apri Risorse del computer / Tasto destro sul disco fisso / proprietà / Strumenti / Esegui Scandisk
Seleziona entrambe le opzioni:
correggi automaticamente gli errori del File system,
cerca i settori danneggiati e tenta il ripristino.
Si aprirà una finestra di avvertimento:
Impossibile ottenere accesso esclusivo ad alcuni file di Windows...
Clicca su "SI" per pianificare l'operazione al prossimo avvio.

Installa il service Pack3

di **mavck** » 08/06/10 10:23

grazie mille...ho finito di mettere tutto quello che mi hai consigliato....davvero grazie..credo ke ora sia tutto ok...o almeno spero..ma che fatica!!!

di **-> EleKtrA <-** » 08/06/10 11:59

...quasi quasi chiedo la verifica dei passi seguiti con un log di hijackthis

A parte gli scherzi, se dovessero esserci problemi torna a trovarci.

di **luckymat** » 19/06/10 09:33

Ciao a tutti. Ho anche io lo stesso problema. Ho scaricato il combofix e ho seguito le istruzioni che avete riportato. Il file che ha creato è il seguente:

ComboFix 10-06-17.03 - Matarazzo 18/06/2010 19.30.18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1673 [GMT 2:00]
Eseguito da: c:\documents and settings\Matarazzo\desktop\abc.exe
Opzioni usate :: /killall

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-05-18 al 2010-06-18 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 07:36 . 2010-06-13 07:36 4096 ----a-w- c:\windows\system32\03.tmp
2010-06-08 07:41 . 2010-06-08 07:41 4096 ----a-w- c:\windows\system32\02.tmp
2010-06-07 16:42 . 2009-08-25 09:06 -------- d-----w- c:\documents and settings\Matarazzo\Dati applicazioni\U3
2010-06-04 12:46 . 2007-08-23 07:00 -------- d-----w- c:\programmi\File comuni\Adobe
2010-06-04 12:38 . 2006-03-02 12:00 97170 ----a-w- c:\windows\system32\perfc010.dat
2010-06-04 12:38 . 2006-03-02 12:00 524002 ----a-w- c:\windows\system32\perfh010.dat
2010-06-01 10:46 . 2010-06-01 10:46 4096 ----a-w- c:\windows\system32\022.tmp
2010-05-28 15:17 . 2010-05-28 15:17 503808 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23db819a-n\msvcp71.dll
2010-05-28 15:17 . 2010-05-28 15:17 499712 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23db819a-n\jmc.dll
2010-05-28 15:17 . 2010-05-28 15:17 348160 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23db819a-n\msvcr71.dll
2010-05-28 15:17 . 2010-05-28 15:17 61440 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1ea598ac-n\decora-sse.dll
2010-05-28 15:17 . 2010-05-28 15:17 12800 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1ea598ac-n\decora-d3d.dll
2010-05-24 08:45 . 2010-05-24 08:45 4096 ----a-w- c:\windows\system32\018.tmp
2010-05-22 17:51 . 2009-09-24 09:38 1 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-15 06:46 . 2010-05-15 06:46 4096 ----a-w- c:\windows\system32\017.tmp
2010-04-28 07:58 . 2008-06-04 08:02 -------- d-----w- c:\programmi\AccessDBRecovery
2010-04-23 10:51 . 2010-04-23 10:51 4096 ----a-w- c:\windows\system32\01.tmp
2010-04-23 10:42 . 2007-11-22 21:32 -------- d-----w- c:\programmi\Windows Live
2010-04-23 10:38 . 2007-11-02 20:47 -------- d-----w- c:\documents and settings\Matarazzo\Dati applicazioni\SlipStream
2010-04-21 14:22 . 2010-04-21 14:22 -------- d-----w- c:\programmi\iStar
2010-04-20 12:42 . 2010-04-20 12:42 4096 ----a-w- c:\windows\system32\027.tmp
2010-04-12 15:29 . 2010-04-17 14:14 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-11 06:17 . 2010-04-11 06:17 4096 ----a-w- c:\windows\system32\026.tmp
2010-03-30 16:18 . 2010-03-30 16:18 503808 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-27566479-n\msvcp71.dll
2010-03-30 16:18 . 2010-03-30 16:18 499712 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-27566479-n\jmc.dll
2010-03-30 16:18 . 2010-03-30 16:18 348160 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-27566479-n\msvcr71.dll
2010-03-30 16:18 . 2010-03-30 16:18 61440 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2dd0fdb1-n\decora-sse.dll
2010-03-30 16:18 . 2010-03-30 16:18 12800 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2dd0fdb1-n\decora-d3d.dll
2009-03-21 14:06 . 2006-03-02 12:00 166162 --sha-r- c:\windows\system32\ujlbcfip.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Google Update"="c:\documents and settings\Matarazzo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-10-06 133104]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-10 39408]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"Quick TV Agent"="c:\programmi\Empire\QuickTV\Scheduled.exe" [2004-10-11 740352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ESDUSBMon.exe"="c:\windows\system32\ESDUSBMon.exe" [2005-05-26 188416]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\programmi\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\programmi\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\programmi\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\programmi\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-02 630784]
"ControlCenter3"="c:\programmi\Brother\ControlCenter3\brctrcen.exe" [2006-11-07 65536]
"Recorder.exe"="c:\programmi\Linksys\Linksys Surveillance Utility\Recorder.exe" [2006-01-18 344064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"Nokia FastStart"="c:\programmi\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Matarazzo\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Telecomando TV.lnk - c:\programmi\Empire\Enjoy Stereo TV FM - Utility\P3XRCtl.exe [2009-5-11 69632]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:Italian /KBD:3

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-12 09:33 16132608 ------r- c:\windows\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Programmi\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3458:TCP"= 3458:TCP:nftfbf

R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]
R2 Esdpdx01;Esdpdx01;c:\windows\system32\drivers\ESDPDX01.SYS [25/12/2003 12.00.54 95485]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [18/01/2010 22.10.26 8192]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 13.31.14 92008]
R2 WILPAR;Wordcraft Parallel Driver;c:\windows\system32\drivers\WILPAR.SYS [24/08/2007 17.39.19 23008]
R2 wilusbmonitor;Unimessage Printer Tracking Service;c:\windows\system32\wilpmove.exe [24/08/2007 17.40.25 77824]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [28/08/2007 12.55.10 685824]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [23/08/2007 19.21.56 362944]
S2 713xTVCard;SAA7133 TV Card;c:\windows\system32\drivers\SAA713x.sys [15/03/2005 13.00.00 277504]
S2 apmjifux;Monitor Boot;c:\windows\system32\svchost.exe -k netsvcs [02/03/2006 14.00.00 14336]
S2 TwonkyMedia;TwonkyMedia;c:\programmi\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\programmi\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S2 uksnun;Security Helper;c:\windows\system32\svchost.exe -k netsvcs [02/03/2006 14.00.00 14336]
S3 hsovyt;hsovyt;c:\windows\system32\02.tmp [08/06/2010 9.41.30 4096]
S3 nevrovax;nevrovax;c:\windows\system32\026.tmp [11/04/2010 8.17.10 4096]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [02/07/2009 14.43.12 136704]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 uwmjr;uwmjr;c:\windows\system32\03.tmp [13/06/2010 9.36.13 4096]
S3 vktmtwmm;vktmtwmm;c:\windows\system32\01.tmp [23/04/2010 12.51.14 4096]
S3 wxvhle;wxvhle;c:\windows\system32\017.tmp [15/05/2010 8.46.13 4096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uksnun
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-18 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-10 18:13]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1336601894-839522115-1003Core.job
- c:\documents and settings\Matarazzo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-10-06 09:07]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1336601894-839522115-1003UA.job
- c:\documents and settings\Matarazzo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-10-06 09:07]

2010-06-18 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-06-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
Trusted Zone: giocasport.biz\backend
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-MsnMsgr - c:\programmi\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Run-Windows Upgrate Utility - c:\windows\system32\winulty.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 19:37
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hsovyt]
"ImagePath"="\??\c:\windows\system32\02.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nevrovax]
"ImagePath"="\??\c:\windows\system32\026.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uwmjr]
"ImagePath"="\??\c:\windows\system32\03.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vktmtwmm]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wxvhle]
"ImagePath"="\??\c:\windows\system32\017.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\apmjifux]
"ServiceDll"="c:\windows\system32\ujlbcfip.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uksnun]
"ServiceDll"="c:\windows\system32\ujlbcfip.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3604)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSIT.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\ATKKBService.exe
c:\windows\system32\EpStsSrv.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
c:\programmi\Brother\ControlCenter3\brccMCtl.exe
c:\programmi\Linksys\Linksys Surveillance Utility\Monitor.exe
c:\documents and settings\Matarazzo\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\programmi\OpenOffice.org 3\program\soffice.exe
c:\programmi\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\SearchProtocolHost.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programmi\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-18 19:42:38 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-18 17:42

Pre-Run: 171.179.765.760 byte disponibili
Post-Run: 171.217.555.456 byte disponibili

- - End Of File - - 7AE14A911153BF50C565971C62C49FE5

Se potete dare anche a me le ulteriori istruzioni da eseguire per risovere il problema ve ne sarò grato.
Grazie

di **Luke57** » 19/06/10 10:11

Ciao, Apri un file di testo sul Desktop
Start > esegui, digita: notepad.exe e poi clicca Ok
Incolla il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente
con il nome CFScript.txt sul desktop.

Codice: Seleziona tutto: NetSvcs:: uksnun Driver:: hsovyt nevrovax uwmjr vktmtwmm wxvhle apmjifux uksnun File:: c:\windows\system32\02.tmp c:\windows\system32\026.tmp c:\windows\system32\03.tmp c:\windows\system32\01.tmp c:\windows\system32\017.tmp c:\windows\system32\ujlbcfip.dll c:\windows\system32\018.tmp c:\windows\system32\027.tmp

trascina il file con il puntatore del mouse sull'icona di combofix. Il proghramma avvierà una nuova scansione: al termine di essa posta il nuovo report C:\combofix.txt.

scarica e installa malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.

Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Re: Non riesco ad accedere ai siti degli antivirus

Topic correlati a "Non riesco ad accedere ai siti degli antivirus":

Chi c’è in linea