|
| Precedente :: Successivo |
| Autore |
Messaggio |
D34THC0R3
Mortale devoto
Registrato: 07/01/07 19:43
Messaggi: 12
Residenza: Milano
|
 Inviato: 10 Giu 2008 08:24 Oggetto: Problemi Firefox e Google |
 |
|
Ciao a tutti, ho 2 problemi...
1: nel task manager, ho perennemente 2 processi "firefox.exe" uno grande circa 40-50 mb, ovvero quello che utilizzo io... e un altro grande circa 3 mb.. se lo termino, riappare dopo 1 secondo nel task manager
2: ogni volta che apro google, e cerco qualsiasi cosa, mi da la scritta "Siamo spiacenti... ma la tua ricerca è simile alle richieste automatiche generate da un virus informatico o da uno spyware" ecc ecc.
Potete aiutarmi? |
|
| Top |
|
 |
zius
Dio minore
Registrato: 17/09/05 20:33
Messaggi: 626
Residenza: Mediterraneo
|
| Inviato: 10 Giu 2008 09:11 Oggetto: |
|
|
Buondì! 
in attesa che arrivino gli esperti ti faccio un paio di domande di riscaldamento (suppongo che utilizzi Windows):
1. prova a cercare in tutto il disco C firefox.exe (START --> CERCA --> FILE E CARTELLE --> TUTTI I FILE E LE CARTELLE); che risultati trovi?
2. ho letto qui che non dovrebbe dipendere per forza da virus & co. ma forse sono solo disservizi temporanei di google, dipendenti magari da un errato riconoscimento del tuo indirizzo IP (ti scambiano per spammer).
Per sicurezza suggeriscono | Google ha scritto: | | Se continui a ricevere questo errore, potresti riuscire a risolvere il problema eliminando il tuo cookie di Google e a riaccedere a Google. |
Fatto? |
|
| Top |
|
|
D34THC0R3
Mortale devoto
Registrato: 07/01/07 19:43
Messaggi: 12
Residenza: Milano
|
| Inviato: 10 Giu 2008 09:20 Oggetto: |
|
|
Buongiorno anche a te Zius , ho cercato firefox.exe e ne ha trovato solo uno... ovviamente nella directory di firefox. Inoltre mi ha trovato un certo "FIREFOX.EXE-17EE503B.pf" in: C:\Windows\Prefetch
Perquanto riguarda il problema riguardante google... è gia un pò che lo fa... prima non molto spesso, ora da circa 2 giorni ogni volta che apro firefox, è sempre cosi.. inserire il codice di sicurezza ecc ecc
dimenticavo.. ho provato anche con i cookie riguardanti google.. niente  |
|
| Top |
|
|
zius
Dio minore
Registrato: 17/09/05 20:33
Messaggi: 626
Residenza: Mediterraneo
|
| Inviato: 10 Giu 2008 09:30 Oggetto: |
|
|
quindi il problema si presenta già appena apri FF?
E che messaggio ti da riguardo il "codice di sicurezza"..?
La tua Home è Google? eventualmente prova a cambiare Home e vedi che messaggio ti da quando avvii FF (giusto per capire se il problema è legato a FF o alla home di Google).
Quel secondo firefox.exe che ti compare nel taskmanager, è presenta già prima di avviare FF? |
|
| Top |
|
|
D34THC0R3
Mortale devoto
Registrato: 07/01/07 19:43
Messaggi: 12
Residenza: Milano
|
| Inviato: 10 Giu 2008 09:45 Oggetto: |
|
|
Si, il problema si presenta già in partenza.
il messaggio di google è questo:
Siamo spiacenti...
... ma la tua ricerca è simile alle richieste automatiche generate da un virus informatico o da uno spyware. Per proteggere i nostri utenti ora non può essere elaborata.
Ripristineremo il tuo accesso il più rapidamente possibile; ti invitiamo quindi a riprovare più tardi. Nel frattempo, se ritieni che il tuo computer o la tua rete siano stati infettati, ti consigliamo di utilizzare un programma antivirus o un'applicazione per la rimozione degli spyware per assicurarti che i tuoi sistemi siano immuni da virus o da altri software dannosi.
Se continui a ricevere questo errore, potresti riuscire a risolvere il problema eliminando il tuo cookie di Google e a riaccedere a Google. Per istruzioni specifiche relative al browser utilizzato, consulta il corrispondente centro assistenza online.
Se il problema interessa tutta la tua rete, puoi visualizzare ultreirori informazioni nel Centro assistenza Google Ricerca Web.
Ci scusiamo per gli eventuali disagi causati e ci auguriamo di rivederti presto su Google.
Per continuare la ricerca, digita i caratteri visualizzati sotto:
Si, la mia Homepage è Google.it, ho provato a cambiarla, ma non succede assolutamente nulla, il messaggio persiste.
il secondo firefox.exe è presente gia prima di avviare firefox... ho provato a cancellare firefox.exe e mi da accesso negato. ho provado a disinstallare ff, mi ha chiesto ripetutamente di chiudere il programma (io non l'avevo assolutamente aperto) l'ho reinstallato, ed è ritornato il secondo firefox.exe |
|
| Top |
|
|
zius
Dio minore
Registrato: 17/09/05 20:33
Messaggi: 626
Residenza: Mediterraneo
|
| Inviato: 10 Giu 2008 10:05 Oggetto: |
|
|
OK,
pur non sapendo ancora con certezza se il secondo firefox.exe e il messaggio di google siano strettamente collegati, possiamo immaginare che questo firefox.exe non sia ospite gradito:
ho trovato che "FIREFOX.EXE-17EE503B.pf" presente in C:\Windows\Prefetch non è buon segno!
1. Aggiorna l'antivirus
2. Riavvia in modalità provvisoria disconnesso dalla rete
3. se si avvia firefox.exe terminalo da task manager e cancella il contenuto di C:\Windows\Prefetch
4. Visualizza cartelle e file nascosti
5. pulisci cache, file temporanei, ecc
6. avvia scansione antivirus completa
Buona fortuna e facci sapere
N.B.
Alla fine di tutto dai una bella ripulita al file di registro (previo backup di sicurezza!) con un software affidabile come RegSeeker o Eusing Free Registry Cleaner; anche CCleaner è molto comodo sia per la pulizia iniziale (punto 5) che per il file di registro |
|
| Top |
|
|
D34THC0R3
Mortale devoto
Registrato: 07/01/07 19:43
Messaggi: 12
Residenza: Milano
|
| Inviato: 10 Giu 2008 10:11 Oggetto: |
|
|
Daccordo.
Ho appena messo Kav 2009, ora faccio una bella scansione come si deve, tanto devo uscire.
Farò tutto quanto spiegato da te, e ti farò sicuramente sapere in giornata, spero |
|
| Top |
|
|
D34THC0R3
Mortale devoto
Registrato: 07/01/07 19:43
Messaggi: 12
Residenza: Milano
|
| Inviato: 10 Giu 2008 19:04 Oggetto: |
|
|
| sono tornato. ho effettuato una scansione completa del sistema, sia in modalità normale che provvisoria. il problema "doppio" firefox.exe è sparito.. mentre il problema di google persiste ancora. |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
|
| Top |
|
|
D34THC0R3
Mortale devoto
Registrato: 07/01/07 19:43
Messaggi: 12
Residenza: Milano
|
| Inviato: 10 Giu 2008 19:52 Oggetto: |
|
|
| Ho fatto tutto, devo riportare il log di Combofix? |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 10 Giu 2008 20:18 Oggetto: |
|
|
| Devi riportare tutti i log... |
|
| Top |
|
|
D34THC0R3
Mortale devoto
Registrato: 07/01/07 19:43
Messaggi: 12
Residenza: Milano
|
| Inviato: 10 Giu 2008 20:22 Oggetto: |
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.21.44, on 10/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\WebcamMax\wcmmon.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Webteh\BSplayerPro\bsplayer.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Programmi\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207234429763
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 5702 bytes
ComboFix 08-06-09.7 - D34THC0R3 2008-06-10 19.36.05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1545 [GMT 2:00]
Eseguito da: C:\Documents and Settings\D34THC0R3\Desktop\CombokFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\svcr.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-05-10 al 2008-06-10 )))))))))))))))))))))))))))))))))))
.
2008-06-10 16:11 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis
2008-06-10 08:31 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-10 08:29 . 2008-06-10 08:29 <DIR> d-------- C:\Programmi\CCleaner
2008-06-10 08:06 . 2008-06-10 19:41 6,089,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-10 08:06 . 2008-06-10 19:44 319,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-10 08:06 . 2008-06-10 19:41 49,700 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-10 08:06 . 2008-06-10 19:41 2,172 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-10 08:03 . 2008-06-10 18:54 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-10 08:03 . 2008-06-10 18:54 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-10 08:01 . 2008-06-10 08:01 <DIR> d-------- C:\Programmi\SugarwareZ
2008-06-10 06:34 . 2008-06-10 18:42 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-06-10 06:34 . 2008-06-10 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-06-10 06:32 . 2008-06-10 06:32 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-06-09 01:11 . 2003-11-17 11:49 154,624 --a------ C:\WINDOWS\system32\fmod.dll
2008-06-09 01:11 . 1998-08-09 12:07 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-06-04 05:14 . 2008-06-04 05:14 <DIR> d-------- C:\Programmi\LucasArts
2008-06-04 02:41 . 2008-06-04 02:43 <DIR> d-------- C:\Programmi\WebcamMax
2008-06-04 02:41 . 2008-06-04 02:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Webcammax
2008-06-04 01:27 . 2008-06-10 09:32 <DIR> d-------- C:\Documents and Settings\D34THC0R3\Dati applicazioni\Hide IP NG
2008-06-03 23:37 . 2008-06-10 08:30 <DIR> d-------- C:\Programmi\mIRC
2008-06-03 23:37 . 2008-06-04 01:42 <DIR> d-------- C:\Documents and Settings\D34THC0R3\Dati applicazioni\mIRC
2008-05-29 04:32 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpA5B.tmp
2008-05-29 04:32 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpA5A.tmp
2008-05-29 04:16 . 2008-05-29 04:16 <DIR> d-------- C:\Programmi\Codemasters
2008-05-27 21:10 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp3FF.tmp
2008-05-27 21:10 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp3FE.tmp
2008-05-27 13:08 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp291.tmp
2008-05-27 13:08 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp290.tmp
2008-05-26 20:27 . 2008-05-26 20:27 <DIR> d-------- C:\Programmi\SpeedFan
2008-05-26 20:27 . 2008-05-26 20:27 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-05-24 19:41 . 2008-05-27 12:44 <DIR> d-------- C:\Documents and Settings\D34THC0R3\Dati applicazioni\Thinstall
2008-05-24 19:40 . 2008-05-24 20:04 <DIR> d-------- C:\Programmi\Audio Recorder Pro
2008-05-24 09:14 . 2008-05-24 09:14 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-05-19 07:10 . 2008-05-19 07:10 <DIR> d-------- C:\unded
2008-05-18 10:06 . 2008-05-18 10:06 <DIR> d-------- C:\Programmi\BreakPoint Software
2008-05-18 09:42 . 2008-05-18 09:42 <DIR> d-------- C:\WINDOWS\system\KEEPER
2008-05-18 09:42 . 2008-05-18 09:42 <DIR> d-------- C:\Program Files
2008-05-18 09:42 . 2008-05-18 09:42 <DIR> d-------- C:\Documents and Settings\D34THC0R3\Bullfrog
2008-05-18 09:36 . 1996-01-09 16:38 283,648 --a------ C:\WINDOWS\uninst.exe
2008-05-16 17:57 . 2008-05-16 17:57 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-05-16 17:56 . 2008-05-16 17:56 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-05-16 17:56 . 2008-05-16 17:56 22,328 --a------ C:\Documents and Settings\D34THC0R3\Dati applicazioni\PnkBstrK.sys
2008-05-15 21:41 . 2008-05-15 21:41 <DIR> d-------- C:\Programmi\ServerMania
2008-05-12 19:47 . 2008-05-12 19:47 <DIR> d-------- C:\Programmi\Trend Micro
2008-05-12 14:10 . 2008-05-29 03:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Codemasters
2008-05-12 14:10 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-05-12 14:10 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-05-12 14:10 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmpA0.tmp
2008-05-12 14:10 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp9F.tmp
2008-05-12 14:10 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-05-12 14:10 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-05-12 14:10 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-05-12 14:10 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-05-11 04:35 . 2008-05-11 04:35 <DIR> d-------- C:\Programmi\directx
2008-05-10 21:01 . 2008-05-10 21:01 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 16:40 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-06-10 14:17 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-06-10 08:07 --------- d-----w C:\Programmi\AdunanzA
2008-06-10 07:36 --------- d-----w C:\Programmi\Windows Media Connect 2
2008-06-10 05:58 --------- d-----w C:\Programmi\ESET
2008-06-10 05:51 --------- d-----w C:\Programmi\Ice
2008-06-10 03:35 --------- d-----w C:\Programmi\Steam
2008-06-09 23:07 --------- d-----w C:\Programmi\Lineage II
2008-06-08 23:02 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\ReGet Software
2008-06-07 22:09 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\Hamachi
2008-06-07 18:47 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TrackMania
2008-06-07 17:22 --------- d-----w C:\Programmi\StuffPlug3
2008-06-07 01:17 --------- d-----w C:\Programmi\VirtualDJ
2008-06-04 03:20 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-03 21:50 --------- d-----w C:\Programmi\Rapget
2008-06-02 20:46 --------- d-----w C:\Programmi\JackSMS 4
2008-05-30 20:47 --------- d-----w C:\Programmi\Hamachi
2008-05-30 12:35 --------- d-----w C:\Programmi\DAEMON Tools Lite
2008-05-30 12:07 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\Skype
2008-05-30 06:06 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\skypePM
2008-05-27 19:12 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-17 17:13 --------- d-----w C:\Programmi\Microsoft Games
2008-05-16 15:49 --------- d-----w C:\Programmi\Electronic Arts
2008-05-12 12:10 --------- d-----w C:\Programmi\OpenAL
2008-05-11 17:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-11 02:35 --------- d-----w C:\Programmi\Rockstar Games
2008-05-09 02:04 33,952 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys
2008-05-08 20:34 --------- d-----w C:\Programmi\Soulseek
2008-05-07 01:56 --------- d-----w C:\Programmi\Camfrog
2008-05-06 02:25 --------- d-----w C:\Programmi\Google
2008-04-28 23:50 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\BSplayer PRO
2008-04-27 18:14 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\Media Player Classic
2008-04-25 16:21 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-04-25 16:15 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\Touchstone
2008-04-25 13:35 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-04-25 13:35 --------- d-----w C:\Programmi\AGEIA Technologies
2008-04-24 17:18 --------- d-----w C:\Programmi\Windows Live
2008-04-24 17:15 --------- d-----w C:\Programmi\Real Desktop
2008-04-24 16:59 --------- d-----w C:\Programmi\Your Uninstaller 2008
2008-04-24 16:57 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\URSoft
2008-04-24 14:07 --------- d-----w C:\Programmi\RivaTuner v2.08
2008-04-24 13:47 --------- d-----w C:\Programmi\NVIDIA nTune Performance Application
2008-04-24 13:47 --------- d-----w C:\Programmi\NVIDIA Corporation
2008-04-19 09:30 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\GetRightToGo
2008-04-19 01:57 --------- d-----w C:\Programmi\Myspace Mp3 Gopher
2008-04-18 06:30 --------- d-----w C:\Programmi\Total Video Converter
2008-04-17 06:26 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-17 06:26 249,856 ------w C:\WINDOWS\Setup1.exe
2008-04-16 22:46 --------- d-----w C:\Programmi\TmNationsForever
2008-04-16 12:23 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-04-14 00:15 --------- d-----w C:\Programmi\Empire Interactive
2008-04-13 17:13 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-13 16:56 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-13 16:56 68,736 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-13 16:56 120,448 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-13 16:55 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-13 16:55 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-13 16:54 154,240 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 16:53 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 16:53 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-13 16:52 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-13 16:52 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-13 16:52 37,504 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-13 16:51 65,792 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 16:51 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 16:50 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 16:49 58,368 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-13 16:49 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 16:49 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 16:48 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-13 16:48 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-13 16:48 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-13 16:48 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-13 16:48 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-13 16:48 327,168 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-13 16:47 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 16:47 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-13 16:47 188,416 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 10:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 10:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 10:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 10:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 10:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 10:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 10:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 10:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 10:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 10:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 10:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 10:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 10:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 10:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 10:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 10:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 10:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 10:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 10:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 10:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 10:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 10:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2008-03-05 19:49 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"WebcamMaxMoniter"="C:\Programmi\WebcamMax\wcmmon.exe" [2008-02-09 06:58 456024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^D34THC0R3^Menu Avvio^Programmi^Esecuzione automatica^hamachi.lnk]
path=C:\Documents and Settings\D34THC0R3\Menu Avvio\Programmi\Esecuzione automatica\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\67506]
C:\WINDOWS/67506.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2008-04-25 18:21 201992 C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamWizard]
--a------ 2005-05-13 14:42 184320 C:\Programmi\File comuni\Logitech\QCDRV\BIN\CamWizrd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 01:09 486856 C:\Programmi\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Programmi\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 16:24 458752 C:\Programmi\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 16:14 217088 C:\Programmi\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-09-04 19:25 81920 C:\Programmi\NVIDIA Corporation\nTune\nTuneCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Real Desktop]
C:\Programmi\Real Desktop\Real Desktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 18:22 21898024 C:\Programmi\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-04-24 22:03 1271032 C:\Programmi\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxMoniter]
--a------ 2008-02-09 06:58 456024 C:\Programmi\WebcamMax\wcmmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"C:\\Programmi\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programmi\\Codemasters\\GRID\\GRID.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-05-09 04:04]
R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2008-02-09 06:58]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Setup.EXE
\Shell\verb0\command - \SETUP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2bf41070-b2b1-21d1-b5c1-0305f4055515}]
C:\windows\svcr.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 19:44:07
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-06-10 19:48:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-10 17:48:09
11 Directory 122,529,087,488 byte disponibili
15 Directory 124,043,001,856 byte disponibili
287 --- E O F --- 2008-02-26 15:06:24
Virit non mi ha trovato nulla  |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 10 Giu 2008 22:46 Oggetto: |
|
|
Crea un file di testo con le seguenti istruzioni in rosso:
| Citazione: | File::
C:\WINDOWS/67506.exe
C:\windows\svcr.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\67506]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2bf41070-b2b1-21d1-b5c1-0305f4055515}] |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro. 
Posta i logs aggiornati di combofix e di hijackthis. |
|
| Top |
|
|
D34THC0R3
Mortale devoto
Registrato: 07/01/07 19:43
Messaggi: 12
Residenza: Milano
|
| Inviato: 10 Giu 2008 23:14 Oggetto: |
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.13.21, on 10/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\WebcamMax\wcmmon.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Steam\Steam.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Programmi\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207234429763
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 5686 bytes
ComboFix 08-06-09.7 - D34THC0R3 2008-06-10 23.04.46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1497 [GMT 2:00]
Eseguito da: C:\Documents and Settings\D34THC0R3\Desktop\CombokFix.exe
Command switches used :: C:\Documents and Settings\D34THC0R3\Desktop\CFScript.txt.txt
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS/67506.exe
C:\windows\svcr.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-05-10 al 2008-06-10 )))))))))))))))))))))))))))))))))))
.
2008-06-10 19:49 . 2008-06-10 20:07 <DIR> d-------- C:\VEXPLITE
2008-06-10 16:11 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis
2008-06-10 08:31 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-10 08:29 . 2008-06-10 08:29 <DIR> d-------- C:\Programmi\CCleaner
2008-06-10 08:06 . 2008-06-10 20:06 6,089,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-10 08:06 . 2008-06-10 23:05 417,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-10 08:06 . 2008-06-10 20:06 49,700 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-10 08:06 . 2008-06-10 23:05 3,556 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-10 08:03 . 2008-06-10 18:54 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-10 08:03 . 2008-06-10 18:54 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-10 08:01 . 2008-06-10 08:01 <DIR> d-------- C:\Programmi\SugarwareZ
2008-06-10 06:34 . 2008-06-10 18:42 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-06-10 06:34 . 2008-06-10 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-06-10 06:32 . 2008-06-10 06:32 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-06-09 01:11 . 2003-11-17 11:49 154,624 --a------ C:\WINDOWS\system32\fmod.dll
2008-06-09 01:11 . 1998-08-09 12:07 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-06-04 05:14 . 2008-06-04 05:14 <DIR> d-------- C:\Programmi\LucasArts
2008-06-04 02:41 . 2008-06-04 02:43 <DIR> d-------- C:\Programmi\WebcamMax
2008-06-04 02:41 . 2008-06-04 02:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Webcammax
2008-06-04 01:27 . 2008-06-10 09:32 <DIR> d-------- C:\Documents and Settings\D34THC0R3\Dati applicazioni\Hide IP NG
2008-06-03 23:37 . 2008-06-10 08:30 <DIR> d-------- C:\Programmi\mIRC
2008-06-03 23:37 . 2008-06-04 01:42 <DIR> d-------- C:\Documents and Settings\D34THC0R3\Dati applicazioni\mIRC
2008-05-29 04:32 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpA5B.tmp
2008-05-29 04:32 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpA5A.tmp
2008-05-29 04:16 . 2008-05-29 04:16 <DIR> d-------- C:\Programmi\Codemasters
2008-05-27 21:10 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp3FF.tmp
2008-05-27 21:10 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp3FE.tmp
2008-05-27 13:08 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp291.tmp
2008-05-27 13:08 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp290.tmp
2008-05-26 20:27 . 2008-05-26 20:27 <DIR> d-------- C:\Programmi\SpeedFan
2008-05-26 20:27 . 2008-05-26 20:27 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-05-24 19:41 . 2008-05-27 12:44 <DIR> d-------- C:\Documents and Settings\D34THC0R3\Dati applicazioni\Thinstall
2008-05-24 19:40 . 2008-05-24 20:04 <DIR> d-------- C:\Programmi\Audio Recorder Pro
2008-05-24 09:14 . 2008-05-24 09:14 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-05-19 07:10 . 2008-05-19 07:10 <DIR> d-------- C:\unded
2008-05-18 10:06 . 2008-05-18 10:06 <DIR> d-------- C:\Programmi\BreakPoint Software
2008-05-18 09:42 . 2008-05-18 09:42 <DIR> d-------- C:\WINDOWS\system\KEEPER
2008-05-18 09:42 . 2008-05-18 09:42 <DIR> d-------- C:\Program Files
2008-05-18 09:42 . 2008-05-18 09:42 <DIR> d-------- C:\Documents and Settings\D34THC0R3\Bullfrog
2008-05-18 09:36 . 1996-01-09 16:38 283,648 --a------ C:\WINDOWS\uninst.exe
2008-05-16 17:57 . 2008-05-16 17:57 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-05-16 17:56 . 2008-05-16 17:56 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-05-16 17:56 . 2008-05-16 17:56 22,328 --a------ C:\Documents and Settings\D34THC0R3\Dati applicazioni\PnkBstrK.sys
2008-05-15 21:41 . 2008-05-15 21:41 <DIR> d-------- C:\Programmi\ServerMania
2008-05-12 19:47 . 2008-05-12 19:47 <DIR> d-------- C:\Programmi\Trend Micro
2008-05-12 14:10 . 2008-05-29 03:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Codemasters
2008-05-12 14:10 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-05-12 14:10 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-05-12 14:10 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmpA0.tmp
2008-05-12 14:10 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmp9F.tmp
2008-05-12 14:10 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-05-12 14:10 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-05-12 14:10 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-05-12 14:10 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-05-11 04:35 . 2008-05-11 04:35 <DIR> d-------- C:\Programmi\directx
2008-05-10 21:01 . 2008-05-10 21:01 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 19:50 --------- d-----w C:\Programmi\Steam
2008-06-10 16:40 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-06-10 14:17 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-06-10 08:07 --------- d-----w C:\Programmi\AdunanzA
2008-06-10 07:36 --------- d-----w C:\Programmi\Windows Media Connect 2
2008-06-10 05:58 --------- d-----w C:\Programmi\ESET
2008-06-10 05:51 --------- d-----w C:\Programmi\Ice
2008-06-09 23:07 --------- d-----w C:\Programmi\Lineage II
2008-06-08 23:02 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\ReGet Software
2008-06-07 22:09 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\Hamachi
2008-06-07 18:47 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TrackMania
2008-06-07 17:22 --------- d-----w C:\Programmi\StuffPlug3
2008-06-07 01:17 --------- d-----w C:\Programmi\VirtualDJ
2008-06-04 03:20 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-03 21:50 --------- d-----w C:\Programmi\Rapget
2008-06-02 20:46 --------- d-----w C:\Programmi\JackSMS 4
2008-05-30 20:47 --------- d-----w C:\Programmi\Hamachi
2008-05-30 12:35 --------- d-----w C:\Programmi\DAEMON Tools Lite
2008-05-30 12:07 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\Skype
2008-05-30 06:06 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\skypePM
2008-05-29 02:32 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-05-29 02:32 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-05-27 19:12 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-27 19:12 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-17 17:13 --------- d-----w C:\Programmi\Microsoft Games
2008-05-16 15:49 --------- d-----w C:\Programmi\Electronic Arts
2008-05-12 12:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-12 12:10 --------- d-----w C:\Programmi\OpenAL
2008-05-11 17:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-11 02:35 --------- d-----w C:\Programmi\Rockstar Games
2008-05-09 02:04 33,952 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys
2008-05-08 20:34 --------- d-----w C:\Programmi\Soulseek
2008-05-07 01:56 --------- d-----w C:\Programmi\Camfrog
2008-05-06 02:25 --------- d-----w C:\Programmi\Google
2008-04-28 23:50 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\BSplayer PRO
2008-04-27 18:14 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\Media Player Classic
2008-04-25 16:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-04-25 16:21 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-04-25 16:15 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\Touchstone
2008-04-25 13:35 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-04-25 13:35 --------- d-----w C:\Programmi\AGEIA Technologies
2008-04-24 17:18 --------- d-----w C:\Programmi\Windows Live
2008-04-24 17:15 --------- d-----w C:\Programmi\Real Desktop
2008-04-24 16:59 --------- d-----w C:\Programmi\Your Uninstaller 2008
2008-04-24 16:57 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\URSoft
2008-04-24 14:07 --------- d-----w C:\Programmi\RivaTuner v2.08
2008-04-24 13:47 --------- d-----w C:\Programmi\NVIDIA nTune Performance Application
2008-04-24 13:47 --------- d-----w C:\Programmi\NVIDIA Corporation
2008-04-19 09:30 --------- d-----w C:\Documents and Settings\D34THC0R3\Dati applicazioni\GetRightToGo
2008-04-19 01:57 --------- d-----w C:\Programmi\Myspace Mp3 Gopher
2008-04-18 06:30 --------- d-----w C:\Programmi\Total Video Converter
2008-04-17 06:26 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-17 06:26 249,856 ------w C:\WINDOWS\Setup1.exe
2008-04-16 22:46 --------- d-----w C:\Programmi\TmNationsForever
2008-04-16 12:23 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-04-14 00:15 --------- d-----w C:\Programmi\Empire Interactive
2008-04-13 17:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-13 17:16 331,776 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-13 17:13 99,840 ----a-w C:\WINDOWS\system32\loadperf.dll
2008-04-13 17:12 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-13 17:11 539,648 ----a-w C:\WINDOWS\system32\comuid.dll
2008-04-13 17:11 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-13 17:11 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-13 16:56 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-13 16:56 68,736 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-13 16:56 120,448 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-13 16:55 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-13 16:55 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-13 16:55 2,027,520 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 16:54 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 16:54 2,148,864 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 16:54 154,240 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 16:53 92,672 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 16:53 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 16:53 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-13 16:52 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 16:52 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-13 16:52 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-13 16:52 37,504 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-13 16:51 65,792 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 16:51 566,272 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:51 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 16:51 51,200 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 16:50 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 16:50 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 16:49 68,608 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 16:49 58,368 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-13 16:49 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-13 16:49 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 16:49 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 16:49 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-13 16:48 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-13 16:48 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-13 16:48 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-13 16:48 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-13 16:48 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-13 16:48 327,168 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-13 16:47 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 16:47 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-13 16:47 188,416 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-10_19.47.56.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-10 17:43:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 18:07:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 18:07:46 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_120.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2008-03-05 19:49 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"WebcamMaxMoniter"="C:\Programmi\WebcamMax\wcmmon.exe" [2008-02-09 06:58 456024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^D34THC0R3^Menu Avvio^Programmi^Esecuzione automatica^hamachi.lnk]
path=C:\Documents and Settings\D34THC0R3\Menu Avvio\Programmi\Esecuzione automatica\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2008-04-25 18:21 201992 C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamWizard]
--a------ 2005-05-13 14:42 184320 C:\Programmi\File comuni\Logitech\QCDRV\BIN\CamWizrd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 01:09 486856 C:\Programmi\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Programmi\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 16:24 458752 C:\Programmi\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 16:14 217088 C:\Programmi\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-09-04 19:25 81920 C:\Programmi\NVIDIA Corporation\nTune\nTuneCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Real Desktop]
C:\Programmi\Real Desktop\Real Desktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 18:22 21898024 C:\Programmi\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-04-24 22:03 1271032 C:\Programmi\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxMoniter]
--a------ 2008-02-09 06:58 456024 C:\Programmi\WebcamMax\wcmmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"C:\\Programmi\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programmi\\Codemasters\\GRID\\GRID.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-05-09 04:04]
R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2008-02-09 06:58]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-06-10 19:55]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Setup.EXE
\Shell\verb0\command - \SETUP.EXE
*Newly Created Service* - CATCHME
*Newly Created Service* - VIRAGTLT
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 23:09:09
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-06-10 23.11.33
ComboFix-quarantined-files.txt 2008-06-10 21:11:30
ComboFix2.txt 2008-06-10 17:48:14
12 Directory 123,881,791,488 byte disponibili
15 Directory 123,876,900,864 byte disponibili
285 --- E O F --- 2008-02-26 15:06:24 |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 10 Giu 2008 23:29 Oggetto: |
|
|
Pare sia andato a buon fine...
Si è normalizzata la situazione?
Fai la scansione con Systemscan e posta il log generato come
indicato quì |
|
| Top |
|
|
D34THC0R3
Mortale devoto
Registrato: 07/01/07 19:43
Messaggi: 12
Residenza: Milano
|
| Inviato: 10 Giu 2008 23:59 Oggetto: |
|
|
http://www.freefilehosting.net/download/3i8l2
il problema di google persiste... è venuto un amico con il suo portatile, e quando si collega anche a lui da lo stesso problema.. e anche a mio fratello di sopra... ed anche 2 miei amici a casa loro.. tutti noi abbiamo Fastweb |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 11 Giu 2008 10:14 Oggetto: |
|
|
Cancella manualmente questo file in grassetto:
| Citazione: | | c:\WINDOWS\Prefetch\SYSTEM32:SVHOST.EXE-0573ABE7.pf |
Non vedo altre anomalie nel log;
Collegati a Kaspersky online scanner e procedi con la scansione estesa del PC. |
|
| Top |
|
|
syaochan
Dio minore
Registrato: 15/02/06 10:38
Messaggi: 779
|
| Inviato: 11 Giu 2008 10:32 Oggetto: |
|
|
| D34THC0R3 ha scritto: | http://www.freefilehosting.net/download/3i8l2
il problema di google persiste... è venuto un amico con il suo portatile, e quando si collega anche a lui da lo stesso problema.. e anche a mio fratello di sopra... ed anche 2 miei amici a casa loro.. tutti noi abbiamo Fastweb |
Ci sarà un altro utente con un pc infetto che esce dalla rete fastweb dallo stesso nodo da cui accedi alla rete tu e i tuoi amici, credo che non ci sia nulla che tu possa fare. |
|
| Top |
|
|
zius
Dio minore
Registrato: 17/09/05 20:33
Messaggi: 626
Residenza: Mediterraneo
|
| Inviato: 11 Giu 2008 18:32 Oggetto: |
|
|
Questo quindi avvallerebbe quello che avevo trovato all'inizio del discorso... 
In effetti Fastweb assegna lo stesso indirizzo IP pubblico a gruppi di utenti, per cui su internet risultano tutti con lo stesso. A volte capita di andare su Wikipedia e trovare la nota che dice pressappoco "Attenzione! Sei stato segnalato per atti di vandalismo, ora fa il bravo o verrai bannato." e magari non hai mai postato su Wikipedia!
Lo stesso discorso varrà forse per il problema con Google... |
|
| Top |
|
|
Zeus
Amministratore
Registrato: 21/10/00 02:01
Messaggi: 13267
Residenza: San Junipero
|
| Inviato: 11 Giu 2008 19:28 Oggetto: |
 |
|
| Ma quindi ti succede anche con Opera o Internet Explorer? non solo con Firefox? |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
