Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Non riesco ad accedere ai siti degli antivirus

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Re: Non riesco ad accedere ai siti degli antivirus

Postdi mavck » 07/06/10 09:11

allora grazie della risposta, dopo eseguirò i tuoi passaggi sul primo pc, ma adesso ti posto anche il LOF COMBOFIX che ho fatto sul Portatile..anche qui è emerso il solito problema... :mmmh: ...attendo che mi dici se lo script postato sopra da te va bene anche per il portatile o ce bisogno di un altro :D
scusami...
Codice: Seleziona tutto
ComboFix 10-06-06.03 - marti 07/06/2010   9.57.35.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.39.1040.18.1015.704 [GMT 2:00]
Eseguito da: c:\documents and settings\marti\Documenti\Download\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\File comuni\Real\Update_OB\lang\faust_it.dll
c:\programmi\File comuni\Real\Update_OB\lang\rpsearch_it.dll
c:\programmi\Real\RealPlayer\converter\rnuninst_it.dll
c:\programmi\Real\RealPlayer\lang\cdplay_it.dll
c:\programmi\Real\RealPlayer\lang\dbcomp_it.dll
c:\programmi\Real\RealPlayer\lang\embed_it.dll
c:\programmi\Real\RealPlayer\lang\gemctl_it.dll
c:\programmi\Real\RealPlayer\lang\mydevices_it.dll
c:\programmi\Real\RealPlayer\lang\pngui_it.dll
c:\programmi\Real\RealPlayer\lang\rjctl_it.dll
c:\programmi\Real\RealPlayer\lang\rjdlg_it.dll
c:\programmi\Real\RealPlayer\lang\rjeq_it.dll
c:\programmi\Real\RealPlayer\lang\rjfade_it.dll
c:\programmi\Real\RealPlayer\lang\rjmisc_it.dll
c:\programmi\Real\RealPlayer\lang\rjprog_it.dll
c:\programmi\Real\RealPlayer\lang\rjres_it.dll
c:\programmi\Real\RealPlayer\lang\rjskin_it.dll
c:\programmi\Real\RealPlayer\lang\rjviz_it.dll
c:\programmi\Real\RealPlayer\lang\rjwma_it.dll
c:\programmi\Real\RealPlayer\lang\rnuninst_it.dll
c:\programmi\Real\RealPlayer\lang\rpapp_it.dll
c:\programmi\Real\RealPlayer\lang\rpbgr_it.dll
c:\programmi\Real\RealPlayer\lang\rpbrp_it.dll
c:\programmi\Real\RealPlayer\lang\rpclsvc_it.dll
c:\programmi\Real\RealPlayer\lang\rpclutil_it.dll
c:\programmi\Real\RealPlayer\lang\rpdemand_it.dll
c:\programmi\Real\RealPlayer\lang\rpdsplyr_it.dll
c:\programmi\Real\RealPlayer\lang\rpext_it.dll
c:\programmi\Real\RealPlayer\lang\rpgutil_it.dll
c:\programmi\Real\RealPlayer\lang\rpmnpane_it.dll
c:\programmi\Real\RealPlayer\lang\rpplylst_it.dll
c:\programmi\Real\RealPlayer\lang\rpsearch_it.dll
c:\programmi\Real\RealPlayer\lang\rpwebctl_it.dll
c:\programmi\Real\RealPlayer\lang\systray_it.dll
c:\programmi\Real\RealPlayer\lang\tcdinfo_it.dll
c:\programmi\Real\RealPlayer\lang\tclsvc_it.dll
c:\programmi\Real\RealPlayer\lang\tdwnmgr_it.dll
c:\programmi\Real\RealPlayer\lang\tearm_it.dll
c:\programmi\Real\RealPlayer\lang\teasdk_it.dll
c:\programmi\Real\RealPlayer\lang\tmdedit_it.dll
c:\programmi\Real\RealPlayer\lang\tmp3_it.dll
c:\programmi\Real\RealPlayer\lang\twave_it.dll
c:\programmi\Real\RealPlayer\lang\upgrdhlp_it.dll
c:\programmi\Real\RealPlayer\lang\upgrdlib_it.dll
c:\windows\system32\Thumbs.db

.
(((((((((((((((((((((((((   Files Creati Da 2010-05-07 al 2010-06-07  )))))))))))))))))))))))))))))))))))
.

2010-06-02 21:08 . 2008-04-13 09:47   25856   -c--a-w-   c:\windows\system32\dllcache\usbprint.sys
2010-06-02 21:08 . 2008-04-13 09:47   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys
2010-05-26 12:35 . 2010-05-26 12:35   49152   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-26 12:35 . 2010-05-26 12:35   45056   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-26 12:35 . 2010-05-26 12:35   45056   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-26 12:35 . 2010-05-26 12:35   45056   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-26 12:35 . 2010-05-26 12:35   45056   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 07:58 . 2009-08-25 11:24   70336   ----a-w-   c:\windows\system32\perfc010.dat
2010-06-07 07:58 . 2009-08-25 11:24   438214   ----a-w-   c:\windows\system32\perfh010.dat
2010-06-07 07:53 . 2009-08-25 11:52   --------   d-----w-   c:\programmi\Norton Internet Security
2010-06-07 07:52 . 2010-04-11 23:47   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Norton
2010-05-28 20:20 . 2010-04-11 01:14   148   ----a-w-   c:\documents and settings\marti\Dati applicazioni\wklnhst.dat
2010-05-26 12:35 . 2010-05-26 12:35   40960   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-26 12:35 . 2010-05-26 12:35   308808   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-26 12:35 . 2010-05-26 12:35   14848   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-26 12:35 . 2010-05-26 12:35   341600   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-26 12:35 . 2010-05-26 12:33   --------   d-----w-   c:\programmi\File comuni\Real
2010-05-26 12:34 . 2010-05-26 12:33   --------   d-----w-   c:\programmi\Real
2010-05-26 12:34 . 2010-05-26 12:34   --------   d-----w-   c:\programmi\File comuni\xing shared
2010-05-26 12:34 . 2010-05-26 12:34   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2010-05-26 12:34 . 2010-05-26 12:34   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2010-04-26 18:31 . 2010-04-26 18:31   --------   d-----w-   c:\documents and settings\marti\Dati applicazioni\Template
2010-04-11 23:54 . 2010-04-11 23:54   0   ----a-w-   c:\windows\nsreg.dat
2010-04-11 23:44 . 2010-04-11 23:44   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2009-03-21 14:06 . 2009-08-25 11:24   169822   --sha-r-   c:\windows\system32\uhklxges.dll
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\programmi\ASUS\Eee Docking\Eee Docking.exe" [2009-07-27 397312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"AsusACPIServer"="c:\programmi\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\programmi\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\programmi\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\programmi\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"LiveUpdate"="c:\programmi\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-05-26 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\marti\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
 SuperHybridEngine.lnk - c:\programmi\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-25 376832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7739:TCP"= 7739:TCP:pfszeits

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [18/08/2009 23.44.33 38912]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [25/08/2009 13.08.18 1015424]
S2 yyceyk;Boot Microsoft;c:\windows\system32\svchost.exe -k netsvcs [25/08/2009 13.24.54 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25/08/2009 13.05.30 1684736]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [12/08/2009 8.57.17 39040]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
yyceyk
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3769156265-213131487-877873343-1005.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-06-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3769156265-213131487-877873343-1005.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.talti.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\marti\Dati applicazioni\Mozilla\Firefox\Profiles\rggf6rv0.default\
FF - component: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 10:02
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yyceyk]
"ServiceDll"="c:\windows\system32\uhklxges.dll"
.
Ora fine scansione: 2010-06-07  10:03:59
ComboFix-quarantined-files.txt  2010-06-07 08:03

Pre-Run: 63.425.265.664 byte disponibili
Post-Run: 63.483.047.936 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 51ACEA2DF9022A69EA382AADB57275F4
mavck
Utente Junior
 
Post: 16
Iscritto il: 05/06/10 13:55

Sponsor
 

Re: Non riesco ad accedere ai siti degli antivirus

Postdi -> EleKtrA <- » 07/06/10 09:18

Ciao mavck, anche qui c'è da preparare uno script ma diverso dall'altro.
Preferirei prima concludere con il primo computer e poi passare a questo.
Appena hai concluso le altre scansioni allega i log.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Non riesco ad accedere ai siti degli antivirus

Postdi mavck » 07/06/10 09:53

è solamente che oggi ho sott'occhio questo portatile, mentre il fisso lo rivedo forse questa sera :D
premetto che nessuno dei 2 è mio..(uno sister e uno cognato)..il mio fortunatamente per ora è salvo :lol:
mavck
Utente Junior
 
Post: 16
Iscritto il: 05/06/10 13:55

Re: Non riesco ad accedere ai siti degli antivirus

Postdi -> EleKtrA <- » 07/06/10 10:05

Non volevo sembrare dispettosa, soltanto rendere la procedura efficace e chiara.

Questo è lo script per il secondo computer (marti)
anche qui stessa procedura, comprese le scansioni con Malwarebytes e Hijackthis
Codice: Seleziona tutto
Killall::
File::
c:\windows\system32\uhklxges.dll
Folder::
C:\WINDOWS\temp
C:\WINDOWS\Tasks
Driver::
yyceyk
Boot Microsoft
uvclf
NetSvcs::
yyceyk
Boot Microsoft
uvclf
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7739:TCP"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\uvclf]
Domains::
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Non riesco ad accedere ai siti degli antivirus

Postdi mavck » 07/06/10 10:22

-> EleKtrA <- ha scritto:Non volevo sembrare dispettosa, soltanto rendere la procedura efficace e chiara.

Questo è lo script per il secondo computer (marti)
anche qui stessa procedura, comprese le scansioni con Malwarebytes e Hijackthis
Codice: Seleziona tutto
Killall::
File::
c:\windows\system32\uhklxges.dll
Folder::
C:\WINDOWS\temp
C:\WINDOWS\Tasks
Driver::
yyceyk
Boot Microsoft
uvclf
NetSvcs::
yyceyk
Boot Microsoft
uvclf
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7739:TCP"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\yyceyk]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\uvclf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\uvclf]
Domains::

Grazie mille procedo subito su questo :D
mavck
Utente Junior
 
Post: 16
Iscritto il: 05/06/10 13:55

Re: Non riesco ad accedere ai siti degli antivirus

Postdi -> EleKtrA <- » 07/06/10 10:34

@mavck, è inutile ripetere o citare completamente un messaggio precedente.
Appena puoi allega i log perchè ci sono altre cose da sistemare su entrambi i computer. ;)
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Non riesco ad accedere ai siti degli antivirus

Postdi mavck » 07/06/10 10:41

Combofix+cfsscript
Codice: Seleziona tutto
ComboFix 10-06-06.04 - marti 07/06/2010  11.32.53.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.39.1040.18.1015.555 [GMT 2:00]
Eseguito da: c:\documents and settings\marti\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\marti\Desktop\CFScript.txt.txt
 * Creato nuovo punto di ripristino

FILE ::
"c:\windows\system32\uhklxges.dll"
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\uhklxges.dll

.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YYCEYK
-------\Service_yyceyk


(((((((((((((((((((((((((   Files Creati Da 2010-05-07 al 2010-06-07  )))))))))))))))))))))))))))))))))))
.

2010-06-02 21:08 . 2008-04-13 09:47   25856   -c--a-w-   c:\windows\system32\dllcache\usbprint.sys
2010-06-02 21:08 . 2008-04-13 09:47   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys
2010-05-26 12:35 . 2010-05-26 12:35   49152   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-26 12:35 . 2010-05-26 12:35   45056   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-26 12:35 . 2010-05-26 12:35   45056   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-26 12:35 . 2010-05-26 12:35   45056   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-26 12:35 . 2010-05-26 12:35   45056   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 08:10 . 2009-08-25 11:24   70336   ----a-w-   c:\windows\system32\perfc010.dat
2010-06-07 08:10 . 2009-08-25 11:24   438214   ----a-w-   c:\windows\system32\perfh010.dat
2010-06-07 07:53 . 2009-08-25 11:52   --------   d-----w-   c:\programmi\Norton Internet Security
2010-06-07 07:52 . 2010-04-11 23:47   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Norton
2010-05-28 20:20 . 2010-04-11 01:14   148   ----a-w-   c:\documents and settings\marti\Dati applicazioni\wklnhst.dat
2010-05-26 12:35 . 2010-05-26 12:35   40960   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-26 12:35 . 2010-05-26 12:35   308808   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-26 12:35 . 2010-05-26 12:35   14848   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-26 12:35 . 2010-05-26 12:35   341600   ----a-w-   c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-26 12:35 . 2010-05-26 12:33   --------   d-----w-   c:\programmi\File comuni\Real
2010-05-26 12:34 . 2010-05-26 12:33   --------   d-----w-   c:\programmi\Real
2010-05-26 12:34 . 2010-05-26 12:34   --------   d-----w-   c:\programmi\File comuni\xing shared
2010-05-26 12:34 . 2010-05-26 12:34   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2010-05-26 12:34 . 2010-05-26 12:34   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2010-04-26 18:31 . 2010-04-26 18:31   --------   d-----w-   c:\documents and settings\marti\Dati applicazioni\Template
2010-04-11 23:54 . 2010-04-11 23:54   0   ----a-w-   c:\windows\nsreg.dat
2010-04-11 23:44 . 2010-04-11 23:44   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
.

(((((((((((((((((((((((((((((   SnapShot@2010-06-07_08.02.16   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-25 11:24 . 2010-06-07 08:10   59244              c:\windows\system32\perfc009.dat
- 2009-08-25 11:24 . 2010-06-07 07:58   59244              c:\windows\system32\perfc009.dat
+ 2009-08-25 11:24 . 2010-06-07 08:10   392944              c:\windows\system32\perfh009.dat
- 2009-08-25 11:24 . 2010-06-07 07:58   392944              c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\programmi\ASUS\Eee Docking\Eee Docking.exe" [2009-07-27 397312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"AsusACPIServer"="c:\programmi\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\programmi\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\programmi\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\programmi\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"LiveUpdate"="c:\programmi\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-05-26 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\marti\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
 SuperHybridEngine.lnk - c:\programmi\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-25 376832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [18/08/2009 23.44.33 38912]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [25/08/2009 13.08.18 1015424]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25/08/2009 13.05.30 1684736]
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3769156265-213131487-877873343-1005.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-06-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3769156265-213131487-877873343-1005.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.talti.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\marti\Dati applicazioni\Mozilla\Firefox\Profiles\rggf6rv0.default\
FF - component: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 11:37
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2788)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-07  11:40:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2010-06-07 09:40
ComboFix2.txt  2010-06-07 08:04

Pre-Run: 63.491.432.448 byte disponibili
Post-Run: 63.305.818.112 byte disponibili

- - End Of File - - 863C41BA219D2B6E10B78897618DE2D7
mavck
Utente Junior
 
Post: 16
Iscritto il: 05/06/10 13:55

Re: Non riesco ad accedere ai siti degli antivirus

Postdi -> EleKtrA <- » 07/06/10 10:48

Hai dato una doppia estensione al file CFScript, ma fortunatamente ha funzionato.
Opzioni usate :: c:\documents and settings\marti\Desktop\CFScript.txt.txt

Ora continua con la procedura.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Non riesco ad accedere ai siti degli antivirus

Postdi mavck » 07/06/10 11:08

stesso pc..usato Malwarebytes' Anti-Malware 1.46
Codice: Seleziona tutto
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4174

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/06/2010 12.07.36
mbam-log-2010-06-07 (12-07-36).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 145534
Tempo trascorso: 23 minuti, 49 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)
mavck
Utente Junior
 
Post: 16
Iscritto il: 05/06/10 13:55

Re: Non riesco ad accedere ai siti degli antivirus

Postdi mavck » 07/06/10 11:10

ed infine il Log HIjackthis
Codice: Seleziona tutto
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmi\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Programmi\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Programmi\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [LiveUpdate] C:\Programmi\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Eee Docking] C:\Programmi\ASUS\Eee Docking\Eee Docking.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup:  SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

--
End of file - 6749 bytes
mavck
Utente Junior
 
Post: 16
Iscritto il: 05/06/10 13:55

Re: Non riesco ad accedere ai siti degli antivirus

Postdi mavck » 07/06/10 11:12

ed infine il Log HIjackthis
Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12.09.22, on 07/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
C:\Programmi\EeePC\ACPI\AsEPCMon.exe
C:\Programmi\EeePC\ACPI\AsTray.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Asus\LiveUpdate\LiveUpdate.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\marti\Documenti\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmi\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Programmi\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Programmi\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [LiveUpdate] C:\Programmi\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Eee Docking] C:\Programmi\ASUS\Eee Docking\Eee Docking.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup:  SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

--
End of file - 6749 bytes
mavck
Utente Junior
 
Post: 16
Iscritto il: 05/06/10 13:55

Re: Non riesco ad accedere ai siti degli antivirus

Postdi -> EleKtrA <- » 07/06/10 11:49

Bene, Malwarebytes non ha trovato niente e il log di HIjackthis risulta pulito.

Non vedo installato l'antivirus, immagino sia una scelta ponderata sulla base delle prestazioni, trattandosi di un EeePC. Tuttavia sarebbe consigliabile eseguire almeno una scansione online di tanto in tanto.
ESET Online Scanner (rimuove le eventuali infezioni)

Ti suggerisco anche un'applicazione che consente di risolvere le potenziali vulnerabilità del sistema.
PSI, l’ispettore personale di casa Secunia.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Non riesco ad accedere ai siti degli antivirus

Postdi mavck » 07/06/10 11:56

guarda istallato c'era il norton datomi col eeepc, ma per effettuare il combofix, lo avevo disitallato e ora sto istallato kaspersky pure, che in seguito compro la licenza per 2 anni :D
cmq ora naviga senza problemi, credo che quindi sia risolto...stasera ti aggiorno sull'altro PC, grazie
mavck
Utente Junior
 
Post: 16
Iscritto il: 05/06/10 13:55

Re: Non riesco ad accedere ai siti degli antivirus

Postdi -> EleKtrA <- » 07/06/10 12:04

Non occorreva disinstallare Norton o qualsiasi altro antivirus per eseguire Combofix, bastava disattivarlo momentaneamente.
Se hai la licenza di kaspersky Pure, va benissimo, altrimenti anche Avira AntiVir Personal fa egregiamente il suo mestiere.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Non riesco ad accedere ai siti degli antivirus

Postdi mavck » 07/06/10 20:05

Ciao, senti ti allego i Log del primo pc...
Combofix
Codice: Seleziona tutto
ComboFix 10-06-03.01 - claudio 07/06/2010  19.56.32.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.39.1040.18.766.421 [GMT 2:00]
Eseguito da: c:\documents and settings\claudio\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\claudio\Desktop\CFScript.txt
AV: Kaspersky PURE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\{E3F35E26-3D56-4841-A4D5-C410B2B069C2}"
"c:\windows\system32\hhlepas.dll"
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\hhlepas.dll

.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WPYCBXAI
-------\Service_wpycbxai


(((((((((((((((((((((((((   Files Creati Da 2010-05-07 al 2010-06-07  )))))))))))))))))))))))))))))))))))
.

2010-06-05 14:26 . 2010-06-05 14:26   95259   ----a-w-   c:\windows\system32\drivers\klick.dat
2010-06-05 14:26 . 2010-06-05 14:26   108059   ----a-w-   c:\windows\system32\drivers\klin.dat
2010-06-05 14:25 . 2009-12-14 10:44   39352   ----a-w-   c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2010-06-05 14:25 . 2009-12-14 10:44   88632   ----a-w-   c:\windows\system32\drivers\CSCrySec.sys
2010-06-05 14:24 . 2010-06-05 14:24   --------   d-----w-   c:\programmi\File comuni\InfoWatch
2010-06-05 14:24 . 2010-06-05 14:24   --------   d-----w-   c:\programmi\Kaspersky Lab
2010-06-05 14:24 . 2010-06-05 14:24   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-06-05 14:22 . 2010-06-05 14:22   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2010-06-04 17:09 . 2010-06-04 17:09   --------   d-----w-   c:\programmi\MSSOAP
2010-06-04 17:09 . 2010-06-04 17:09   --------   d-----w-   c:\programmi\Webroot
2010-06-04 16:43 . 2010-06-04 16:43   164   ----a-w-   c:\windows\install.dat
2010-06-04 16:28 . 2010-06-04 16:28   --------   d-----w-   c:\programmi\Windows Live Safety Center
2010-06-04 16:08 . 2010-06-04 16:08   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Avg8
2010-06-04 15:23 . 2010-06-04 15:23   --------   d-----w-   c:\documents and settings\claudio\Dati applicazioni\Norman
2010-06-02 20:01 . 2010-06-02 20:01   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2010-06-02 19:46 . 2010-06-02 19:46   --------   d-----w-   c:\programmi\Yahoo!
2010-06-02 17:50 . 2010-06-02 17:50   --------   d-----w-   c:\programmi\Alwil Software
2010-06-02 17:48 . 2010-06-02 17:48   --------   d-----w-   C:\Software
2010-06-02 17:42 . 2007-04-04 16:53   81768   ----a-w-   c:\windows\system32\xinput1_3.dll
2010-06-02 17:42 . 2006-11-29 11:06   3426072   ----a-w-   c:\windows\system32\d3dx9_32.dll
2010-05-30 10:06 . 2009-07-23 10:57   100480   ----a-r-   c:\windows\system32\drivers\ewusbfake.sys
2010-05-30 08:37 . 2010-05-30 08:37   --------   d-----w-   c:\documents and settings\claudio\Dati applicazioni\FLEXnet
2010-05-30 08:31 . 2009-07-23 10:57   112640   ----a-r-   c:\windows\system32\drivers\ewusbnet.sys
2010-05-30 08:31 . 2009-07-23 10:57   102528   ----a-r-   c:\windows\system32\drivers\ewusbmdm.sys
2010-05-30 08:30 . 2010-06-05 14:25   --------   dc----w-   c:\windows\system32\DRVSTORE
2010-05-30 08:30 . 2010-05-30 08:30   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Vodafone
2010-05-30 08:30 . 2010-05-30 18:38   --------   d-----w-   c:\programmi\Vodafone
2010-05-30 08:30 . 2010-05-30 08:30   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-05-30 08:29 . 2010-05-30 11:02   --------   d-----w-   c:\windows\SxsCaPendDel
2010-05-30 08:27 . 2010-05-30 08:27   --------   d-----w-   c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\{E3F35E26-3D56-4841-A4D5-C410B2B069C2}

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 11:01 . 2007-06-10 21:23   --------   d-----w-   c:\documents and settings\claudio\Dati applicazioni\Image Zone Express
2010-06-02 20:24 . 2006-10-13 11:53   59736   ----a-w-   c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-06-02 18:17 . 2006-11-28 18:34   --------   d-----w-   c:\programmi\File comuni\Symantec Shared
2010-06-02 18:17 . 2006-11-28 18:34   --------   d-----w-   c:\documents and settings\All Users\Dati applicazioni\Symantec
2010-06-02 17:47 . 2010-06-02 17:46   --------   d-----w-   c:\programmi\K-Lite Codec Pack
2010-03-28 09:06 . 2004-10-25 18:40   74210   ----a-w-   c:\windows\system32\perfc010.dat
2010-03-28 09:06 . 2004-10-25 18:40   447502   ----a-w-   c:\windows\system32\perfh010.dat
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2009-12-25 14:42   129552   ----a-w-   c:\programmi\Kaspersky Lab\Kaspersky PURE\shellex.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"DetectorApp"="c:\programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"MobileConnect"="c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky PURE\avp.exe" [2009-12-25 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-07 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [05/06/2010 16.25.20 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20.18.34 36880]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [05/06/2010 16.25.22 39352]
R2 CSObjectsSrv;Servizio di controllo CryptoStorage;c:\programmi\File comuni\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 17.34.38 743992]
R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [18/09/2009 18.48.28 9216]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13.42.46 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18.39.44 19472]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [30/05/2010 10.31.25 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [30/05/2010 12.06.23 100480]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [11/02/2010 12.07.47 7680]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [11/02/2010 12.08.26 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [11/02/2010 12.08.19 104960]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 20:03
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3508)
c:\progra~1\GOTOSO~1\VADERE~1\VrOe_hook.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\HPZipm12.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\programmi\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-07  20:08:09 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2010-06-07 18:08
ComboFix2.txt  2010-06-05 14:46

Pre-Run: 132.895.227.904 byte disponibili
Post-Run: 132.921.503.744 byte disponibili

- - End Of File - - 84C955E6E00667D5EF8DB14EAD87A3D2

Malware:
Codice: Seleziona tutto
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4176

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

07/06/2010 20.56.18
mbam-log-2010-06-07 (20-56-18).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Elementi esaminati: 183050
Tempo trascorso: 31 minuti, 41 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 1

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\WINDOWS\system32\qhdfv.msv (Worm.Conficker) -> Quarantined and deleted successfully.








HijackThis
Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.56.54, on 07/06/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\APPS\SMP\SmpSys.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe
C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\claudio\Desktop\HijackThis.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [ATICCC] "c:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] "HDAShCut.exe"
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] "C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MobileConnect] "%programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" /silent
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky PURE\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Tastiera &Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky PURE\avp.exe
O23 - Service: Servizio di controllo CryptoStorage (CSObjectsSrv) - Infowatch - C:\Programmi\File comuni\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 7630 bytes
mavck
Utente Junior
 
Post: 16
Iscritto il: 05/06/10 13:55

Re: Non riesco ad accedere ai siti degli antivirus

Postdi -> EleKtrA <- » 07/06/10 22:16

Per il primo pc (claudio), segui questa procedura.

Step 1:Fixiamo le voci inutili in avvio automatico
Con tutte le applicazioni chiuse e disconnesso da internet
Avvia Hijackthis e clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked"
Codice: Seleziona tutto
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime


Step 2: Installa questo Aggiornamento della protezione per Windows XP (KB958644)

Step 3:Pulizia dei file temporanei
Scarica TFC by OldTimer sul desktop
chiudi tutti i programmi
avvia TFC, clicca su "star"
al termine della scansione ti chiederà il riavvio, dai ok.

Step 4: Pulizia e disinstallazione dei tool usati
Scarica OTC by OldTimer sul desktop
doppio clic per eseguirlo
clicca su "CleanUP" > "Yes" > "Yes"
riavvia.

Step 5: aggiornamento dei software
- Scarica e installa l'ultima versione di Adobe Reader
- Scarica e installa l'ultima versione di Java Sun
- Aggiorna Adobe FlashPlayer:
1. Scarica il programma di disinstallazione di FlashPlayer
2. Scarica l'ultima versione di FlashPlayer per IE
3. Scarica l'ultima versione di FlashPlayer per FF
4. Chiudi tutti i browser (IE, Opera, Firefox, Chrome, etc)
5. Esegui il programma di disinstallazione scaricato al punto 1.
6. Esegui il programma di installazione scaricato al punto 2.
7. Esegui il programma di installazione scaricato al punto 3.

Step 6: Correzione piccoli errori e velocizzazione del Sistema

- Esegui una deframmentazione degli hardisk, puoi usare IObit SmartDefrag.
Oppure con l' utility interna di windows:
Start / Programmi / Accessori / Utilità di sistema / Utilità di deframmentazione dischi.

- Esegui uno Scandisk:
Apri Risorse del computer / Tasto destro sul disco fisso / proprietà / Strumenti / Esegui Scandisk
Seleziona entrambe le opzioni:
correggi automaticamente gli errori del File system,
cerca i settori danneggiati e tenta il ripristino.
Si aprirà una finestra di avvertimento:
Impossibile ottenere accesso esclusivo ad alcuni file di Windows...
Clicca su "SI" per pianificare l'operazione al prossimo avvio.

Installa il service Pack3
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Non riesco ad accedere ai siti degli antivirus

Postdi mavck » 08/06/10 10:23

grazie mille...ho finito di mettere tutto quello che mi hai consigliato....davvero grazie..credo ke ora sia tutto ok...o almeno spero..ma che fatica!!! :D
mavck
Utente Junior
 
Post: 16
Iscritto il: 05/06/10 13:55

Re: Non riesco ad accedere ai siti degli antivirus

Postdi -> EleKtrA <- » 08/06/10 11:59

...quasi quasi chiedo la verifica dei passi seguiti con un log di hijackthis :D

A parte gli scherzi, se dovessero esserci problemi torna a trovarci.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: Non riesco ad accedere ai siti degli antivirus

Postdi luckymat » 19/06/10 09:33

Ciao a tutti. Ho anche io lo stesso problema. Ho scaricato il combofix e ho seguito le istruzioni che avete riportato. Il file che ha creato è il seguente:

ComboFix 10-06-17.03 - Matarazzo 18/06/2010 19.30.18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1673 [GMT 2:00]
Eseguito da: c:\documents and settings\Matarazzo\desktop\abc.exe
Opzioni usate :: /killall

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-05-18 al 2010-06-18 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 07:36 . 2010-06-13 07:36 4096 ----a-w- c:\windows\system32\03.tmp
2010-06-08 07:41 . 2010-06-08 07:41 4096 ----a-w- c:\windows\system32\02.tmp
2010-06-07 16:42 . 2009-08-25 09:06 -------- d-----w- c:\documents and settings\Matarazzo\Dati applicazioni\U3
2010-06-04 12:46 . 2007-08-23 07:00 -------- d-----w- c:\programmi\File comuni\Adobe
2010-06-04 12:38 . 2006-03-02 12:00 97170 ----a-w- c:\windows\system32\perfc010.dat
2010-06-04 12:38 . 2006-03-02 12:00 524002 ----a-w- c:\windows\system32\perfh010.dat
2010-06-01 10:46 . 2010-06-01 10:46 4096 ----a-w- c:\windows\system32\022.tmp
2010-05-28 15:17 . 2010-05-28 15:17 503808 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23db819a-n\msvcp71.dll
2010-05-28 15:17 . 2010-05-28 15:17 499712 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23db819a-n\jmc.dll
2010-05-28 15:17 . 2010-05-28 15:17 348160 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23db819a-n\msvcr71.dll
2010-05-28 15:17 . 2010-05-28 15:17 61440 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1ea598ac-n\decora-sse.dll
2010-05-28 15:17 . 2010-05-28 15:17 12800 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1ea598ac-n\decora-d3d.dll
2010-05-24 08:45 . 2010-05-24 08:45 4096 ----a-w- c:\windows\system32\018.tmp
2010-05-22 17:51 . 2009-09-24 09:38 1 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-15 06:46 . 2010-05-15 06:46 4096 ----a-w- c:\windows\system32\017.tmp
2010-04-28 07:58 . 2008-06-04 08:02 -------- d-----w- c:\programmi\AccessDBRecovery
2010-04-23 10:51 . 2010-04-23 10:51 4096 ----a-w- c:\windows\system32\01.tmp
2010-04-23 10:42 . 2007-11-22 21:32 -------- d-----w- c:\programmi\Windows Live
2010-04-23 10:38 . 2007-11-02 20:47 -------- d-----w- c:\documents and settings\Matarazzo\Dati applicazioni\SlipStream
2010-04-21 14:22 . 2010-04-21 14:22 -------- d-----w- c:\programmi\iStar
2010-04-20 12:42 . 2010-04-20 12:42 4096 ----a-w- c:\windows\system32\027.tmp
2010-04-12 15:29 . 2010-04-17 14:14 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-11 06:17 . 2010-04-11 06:17 4096 ----a-w- c:\windows\system32\026.tmp
2010-03-30 16:18 . 2010-03-30 16:18 503808 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-27566479-n\msvcp71.dll
2010-03-30 16:18 . 2010-03-30 16:18 499712 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-27566479-n\jmc.dll
2010-03-30 16:18 . 2010-03-30 16:18 348160 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-27566479-n\msvcr71.dll
2010-03-30 16:18 . 2010-03-30 16:18 61440 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2dd0fdb1-n\decora-sse.dll
2010-03-30 16:18 . 2010-03-30 16:18 12800 ----a-w- c:\documents and settings\Matarazzo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2dd0fdb1-n\decora-d3d.dll
2009-03-21 14:06 . 2006-03-02 12:00 166162 --sha-r- c:\windows\system32\ujlbcfip.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Google Update"="c:\documents and settings\Matarazzo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-10-06 133104]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-10 39408]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"Quick TV Agent"="c:\programmi\Empire\QuickTV\Scheduled.exe" [2004-10-11 740352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ESDUSBMon.exe"="c:\windows\system32\ESDUSBMon.exe" [2005-05-26 188416]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\programmi\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\programmi\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\programmi\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\programmi\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-02 630784]
"ControlCenter3"="c:\programmi\Brother\ControlCenter3\brctrcen.exe" [2006-11-07 65536]
"Recorder.exe"="c:\programmi\Linksys\Linksys Surveillance Utility\Recorder.exe" [2006-01-18 344064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"Nokia FastStart"="c:\programmi\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Matarazzo\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Telecomando TV.lnk - c:\programmi\Empire\Enjoy Stereo TV FM - Utility\P3XRCtl.exe [2009-5-11 69632]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:Italian /KBD:3

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-12 09:33 16132608 ------r- c:\windows\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Programmi\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3458:TCP"= 3458:TCP:nftfbf

R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]
R2 Esdpdx01;Esdpdx01;c:\windows\system32\drivers\ESDPDX01.SYS [25/12/2003 12.00.54 95485]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [18/01/2010 22.10.26 8192]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 13.31.14 92008]
R2 WILPAR;Wordcraft Parallel Driver;c:\windows\system32\drivers\WILPAR.SYS [24/08/2007 17.39.19 23008]
R2 wilusbmonitor;Unimessage Printer Tracking Service;c:\windows\system32\wilpmove.exe [24/08/2007 17.40.25 77824]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [28/08/2007 12.55.10 685824]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [23/08/2007 19.21.56 362944]
S2 713xTVCard;SAA7133 TV Card;c:\windows\system32\drivers\SAA713x.sys [15/03/2005 13.00.00 277504]
S2 apmjifux;Monitor Boot;c:\windows\system32\svchost.exe -k netsvcs [02/03/2006 14.00.00 14336]
S2 TwonkyMedia;TwonkyMedia;c:\programmi\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\programmi\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S2 uksnun;Security Helper;c:\windows\system32\svchost.exe -k netsvcs [02/03/2006 14.00.00 14336]
S3 hsovyt;hsovyt;c:\windows\system32\02.tmp [08/06/2010 9.41.30 4096]
S3 nevrovax;nevrovax;c:\windows\system32\026.tmp [11/04/2010 8.17.10 4096]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [02/07/2009 14.43.12 136704]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 uwmjr;uwmjr;c:\windows\system32\03.tmp [13/06/2010 9.36.13 4096]
S3 vktmtwmm;vktmtwmm;c:\windows\system32\01.tmp [23/04/2010 12.51.14 4096]
S3 wxvhle;wxvhle;c:\windows\system32\017.tmp [15/05/2010 8.46.13 4096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uksnun
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-18 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-10 18:13]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1336601894-839522115-1003Core.job
- c:\documents and settings\Matarazzo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-10-06 09:07]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1336601894-839522115-1003UA.job
- c:\documents and settings\Matarazzo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-10-06 09:07]

2010-06-18 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-06-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
Trusted Zone: giocasport.biz\backend
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-MsnMsgr - c:\programmi\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Run-Windows Upgrate Utility - c:\windows\system32\winulty.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 19:37
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hsovyt]
"ImagePath"="\??\c:\windows\system32\02.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nevrovax]
"ImagePath"="\??\c:\windows\system32\026.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uwmjr]
"ImagePath"="\??\c:\windows\system32\03.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vktmtwmm]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wxvhle]
"ImagePath"="\??\c:\windows\system32\017.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\apmjifux]
"ServiceDll"="c:\windows\system32\ujlbcfip.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uksnun]
"ServiceDll"="c:\windows\system32\ujlbcfip.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3604)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSIT.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\ATKKBService.exe
c:\windows\system32\EpStsSrv.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
c:\programmi\Brother\ControlCenter3\brccMCtl.exe
c:\programmi\Linksys\Linksys Surveillance Utility\Monitor.exe
c:\documents and settings\Matarazzo\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\programmi\OpenOffice.org 3\program\soffice.exe
c:\programmi\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\SearchProtocolHost.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programmi\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-18 19:42:38 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-18 17:42

Pre-Run: 171.179.765.760 byte disponibili
Post-Run: 171.217.555.456 byte disponibili

- - End Of File - - 7AE14A911153BF50C565971C62C49FE5

Se potete dare anche a me le ulteriori istruzioni da eseguire per risovere il problema ve ne sarò grato.
Grazie
luckymat
Newbie
 
Post: 1
Iscritto il: 18/06/10 19:11

Re: Non riesco ad accedere ai siti degli antivirus

Postdi Luke57 » 19/06/10 10:11

Ciao, Apri un file di testo sul Desktop
Start > esegui, digita: notepad.exe e poi clicca Ok
Incolla il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente
con il nome CFScript.txt sul desktop.

Codice: Seleziona tutto
NetSvcs::
uksnun

Driver::
hsovyt
nevrovax
uwmjr
vktmtwmm
wxvhle
apmjifux
uksnun

File::
c:\windows\system32\02.tmp
c:\windows\system32\026.tmp
c:\windows\system32\03.tmp
c:\windows\system32\01.tmp
c:\windows\system32\017.tmp
c:\windows\system32\ujlbcfip.dll
c:\windows\system32\018.tmp
c:\windows\system32\027.tmp


trascina il file con il puntatore del mouse sull'icona di combofix. Il proghramma avvierà una nuova scansione: al termine di essa posta il nuovo report C:\combofix.txt.

scarica e installa malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "Non riesco ad accedere ai siti degli antivirus":


Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti