U-Boot

Disconnessione Da Internet

9 messaggi in questa discussione

Un caloroso saluto a tutti quanti.

Quel cane del mio computer ha deciso che ogni tot, senza il mio volere, si disconnette da internet.

Questo avviene in qualsiasi momento: mentre navigo con FireFox, mentre sono su messenger o mentre sono in cucina a mangiare.

Ho provato a fare una scansione con l'antivirus, ma niente di fatto...

per tornare alla connessione mi basta selezionare "ripristina" nella barra delle applicazioni.

vi posto qua di seguito il log di hijack sperando che mi potete aiutare :)

Ciao!

P.S.

È la terza volta che posto, non mi permetteva di postare perché si diconnetteva...

======

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15.32.38, on 01/03/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\V0270Mon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\DNA\btdna.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\Programmi\Java\jre6\bin\jqs.exe

C:\Programmi\File comuni\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Programmi\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programmi\Windows Live\Messenger\msnmsgr.exe

C:\Programmi\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Giovanni\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

C:\Programmi\Mozilla Firefox\firefox.exe

D:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [V0270Mon.exe] C:\WINDOWS\V0270Mon.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programmi\DNA\btdna.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent] "D:\Programmi\BitTorrent\bittorrent.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210667283984

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15106/CTPID.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Programmi\AGI\common\win32\PythonService.exe (file missing)

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe

--

End of file - 7254 bytes

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao U-Boot,

segui questa guida dal punto 1 al punto 8 ed allega i report di combofix e malwarebytes

Scarica ed esegui questa utility, clicca su entrambi e pulsanti e riavvia

:P:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Uuuh!

Ciao Angelique, mi avevi aiutato te tanto tempo fa!

Io non dimentico mai un avatar! :)

Ho fatto tutto quello che c'era scritto e per ora sembra sia risolto il problema.

Attenderò magari un altro giorno prima di dirti se effettivamente non ci sono più disconnessioni.

Ti allego un log HiJack!

Ciaaao e grazie ancora!

=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=O=

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23.19.48, on 01/03/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\Programmi\Java\jre6\bin\jqs.exe

C:\Programmi\File comuni\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programmi\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\V0270Mon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\DNA\btdna.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Documents and Settings\Giovanni\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

C:\Programmi\Mozilla Firefox\firefox.exe

D:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [V0270Mon.exe] C:\WINDOWS\V0270Mon.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programmi\DNA\btdna.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent] "D:\Programmi\BitTorrent\bittorrent.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210667283984

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15106/CTPID.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Programmi\AGI\common\win32\PythonService.exe (file missing)

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe

--

End of file - 7158 bytes

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao U-Boot,

manca il report di Combofix,

Hijackthis è pulito

:P:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao scusa, sono rimbambito, eccolo qua!

ComboFix 09-02-28.01 - Giovanni 2009-03-01 21:56:05.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2047.1392 [GMT 1:00]

Eseguito da: c:\documents and settings\Giovanni\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

.

((((((((((((((((((((((((( Files Creati Da 2009-02-01 al 2009-03-01 )))))))))))))))))))))))))))))))))))

.

2009-03-01 21:41 . 2009-03-01 21:41 <DIR> d-------- c:\documents and settings\Giovanni\Dati applicazioni\IObit

2009-03-01 21:39 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-01 21:39 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-27 12:03 . 2009-02-27 12:42 <DIR> d--h----- C:\$AVG8.VAULT$

2009-02-25 18:40 . 2009-01-09 20:19 1,090,181 -----c--- c:\windows\system32\dllcache\ntprint.cat

2009-02-22 22:19 . 2009-03-01 12:37 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-02-22 22:19 . 2009-02-22 22:19 <DIR> d-------- c:\programmi\AVG

2009-02-22 22:19 . 2009-02-22 22:19 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\avg8

2009-02-22 22:19 . 2009-02-22 22:19 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-02-22 22:19 . 2009-02-22 22:19 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-02-22 22:19 . 2009-02-22 22:19 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-02-22 19:37 . 2009-02-22 19:38 664 --a------ c:\windows\system32\d3d9caps.dat

2009-02-14 19:07 . 2009-02-14 19:08 <DIR> d-------- c:\windows\system32\Grand Theft Auto IV Screenshot dir

2009-02-14 19:07 . 2009-02-14 19:07 520,192 --a------ c:\windows\system32\Grand Theft Auto IV Screenshot.scr

2009-02-11 17:40 . 2004-07-26 08:51 131,331 --a------ c:\windows\UNINST32.EXE

2009-02-11 17:40 . 2009-02-11 17:40 0 --a------ c:\windows\SelSet.INI

2009-02-11 17:29 . 2008-04-14 04:13 21,504 --a------ c:\windows\system32\hidserv.dll

2009-02-11 17:29 . 2008-04-14 04:13 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll

2009-02-11 17:29 . 2008-04-14 03:53 14,720 --a------ c:\windows\system32\drivers\kbdhid.sys

2009-02-11 17:29 . 2008-04-14 03:53 14,720 --a--c--- c:\windows\system32\dllcache\kbdhid.sys

2009-02-09 13:18 . 2009-02-09 13:18 401,408 --a------ c:\windows\system32\nvcuvid.dll

2009-02-08 16:37 . 2009-02-08 16:40 47,104 --a------ c:\windows\system32\KMVIDC32.DLL

2009-02-08 16:26 . 2009-02-08 16:26 <DIR> d-------- c:\documents and settings\Giovanni\Dati applicazioni\Ahead

2009-02-07 19:12 . 2009-02-07 19:12 <DIR> dr-h----- c:\documents and settings\Giovanni\Dati applicazioni\SecuROM

2009-02-07 19:08 . 2009-02-07 19:08 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Electronic Arts

2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll

2009-02-05 21:50 . 2009-02-05 21:50 42,320 --a------ c:\windows\system32\xfcodec.dll

2009-02-02 18:53 . 2009-02-02 18:53 <DIR> d-------- c:\programmi\directx

2009-02-01 02:00 . 2009-02-04 08:57 <DIR> d-------- c:\documents and settings\Giovanni\Dati applicazioni\Skype

2009-02-01 01:59 . 2009-02-01 01:59 <DIR> d-------- c:\programmi\Skype

2009-02-01 01:59 . 2009-02-01 01:59 <DIR> d-------- c:\programmi\File comuni\Skype

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-01 20:56 --------- d-----w c:\documents and settings\Giovanni\Dati applicazioni\DNA

2009-03-01 20:33 --------- d-----w c:\documents and settings\Giovanni\Dati applicazioni\BitTorrent

2009-03-01 11:35 --------- d-----w c:\programmi\DNA

2009-02-26 06:12 --------- d-----w c:\programmi\Microsoft Silverlight

2009-02-22 21:04 --------- d-----w c:\programmi\File comuni\Apple

2009-02-20 18:59 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard

2009-02-20 18:59 --------- d-----w c:\programmi\AGEIA Technologies

2009-02-17 17:20 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy

2009-02-14 23:02 --------- d--h--w c:\programmi\InstallShield Installation Information

2009-02-14 13:52 --------- d-----w c:\documents and settings\Giovanni\Dati applicazioni\Hamachi

2009-02-14 01:04 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-02-14 01:04 --------- d-----w c:\documents and settings\Giovanni\Dati applicazioni\Xfire

2009-02-14 01:03 202,040 ----a-w c:\windows\system32\PnkBstrB.exe

2009-02-13 20:11 --------- d-----w c:\documents and settings\Giovanni\Dati applicazioni\teamspeak2

2009-02-11 17:21 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-02-11 17:21 --------- d-----w c:\programmi\Java

2009-02-11 16:59 --------- d-----w c:\programmi\Conduit

2009-02-11 16:58 --------- d-----w c:\programmi\Best_Security_Tips

2009-02-11 16:49 --------- d-----w c:\documents and settings\Giovanni\Dati applicazioni\LimeWire

2009-02-07 18:07 4,328 ----a-w c:\windows\system32\ealregsnapshot1.reg

2009-02-04 07:36 --------- d-----w c:\documents and settings\Giovanni\Dati applicazioni\skypePM

2009-02-01 00:59 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype

2009-01-31 20:16 --------- d-----w c:\documents and settings\Giovanni\Dati applicazioni\ScummVM

2009-01-24 20:25 --------- d-----w c:\programmi\LimeWire Turbo Accelerator

2009-01-24 15:28 --------- d-----w c:\documents and settings\Giovanni\Dati applicazioni\Any Video Converter

2009-01-24 13:12 --------- d-----w c:\documents and settings\NetworkService\Dati applicazioni\Xfire

2009-01-24 02:37 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\DriverScanner

2009-01-24 02:33 --------- dc-h--w c:\documents and settings\All Users\Dati applicazioni\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}

2009-01-24 02:33 --------- d-----w c:\documents and settings\Giovanni\Dati applicazioni\Uniblue

2009-01-18 16:06 --------- d-----w c:\documents and settings\Giovanni\Dati applicazioni\dvdcss

2009-01-17 13:15 --------- d-----w c:\programmi\Windows Live SkyDrive

2009-01-17 13:15 --------- d-----w c:\programmi\Microsoft

2009-01-17 13:14 --------- d-----w c:\programmi\Windows Live

2009-01-16 17:24 70,936 ----a-w c:\windows\system32\PhysXLoader.dll

2009-01-15 01:05 911,872 ----a-w c:\windows\system32\wininet.dll

2009-01-15 01:05 43,008 ----a-w c:\windows\system32\licmgr10.dll

2009-01-15 01:04 18,944 ----a-w c:\windows\system32\corpol.dll

2009-01-15 01:03 72,704 ----a-w c:\windows\system32\admparse.dll

2009-01-15 01:03 71,680 ----a-w c:\windows\system32\iesetup.dll

2009-01-15 01:03 420,352 ----a-w c:\windows\system32\vbscript.dll

2009-01-15 01:01 34,304 ----a-w c:\windows\system32\imgutil.dll

2009-01-15 01:00 48,128 ----a-w c:\windows\system32\mshtmler.dll

2009-01-15 01:00 45,568 ----a-w c:\windows\system32\mshta.exe

2009-01-15 00:50 156,160 ----a-w c:\windows\system32\msls31.dll

2009-01-07 23:21 --------- d-----w c:\documents and settings\Giovanni\Dati applicazioni\GanymedeNet

2009-01-04 01:32 --------- d-----w c:\programmi\File comuni\Adobe

2009-01-01 15:48 --------- d-----w c:\documents and settings\Giovanni\Dati applicazioni\Blender Foundation

2008-12-25 23:08 453,152 ----a-w c:\windows\system32\nvudisp.exe

2008-12-23 20:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE

2008-12-17 16:36 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-12-16 21:34 152,904 ----a-w c:\windows\system32\vghd.scr

2008-12-13 13:12 884,442 ----a-w c:\windows\marcotanca.com.exe

2008-12-13 13:12 53,248 ----a-w c:\windows\marcotanca.com.scr

2008-12-11 23:23 22,328 ----a-w c:\documents and settings\Giovanni\Dati applicazioni\PnkBstrK.sys

2008-12-11 23:22 682,280 ----a-w c:\windows\system32\pbsvc.exe

2008-12-11 23:22 66,872 ----a-w c:\windows\system32\PnkBstrA.exe

2008-12-04 08:28 24,344 ----a-w c:\windows\system32\PhysXDevice.dll

2008-12-01 08:10 155,995 ----a-w c:\windows\java\Packages\QS639R9J.ZIP

2008-09-09 22:06 47,360 ----a-w c:\documents and settings\Giovanni\Dati applicazioni\pcouffin.sys

1996-08-08 23:30 30,720 ----a-r c:\documents and settings\Giovanni\REGSVR32.EXE

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2008-12-19 342848]

"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"BitTorrent"="d:\programmi\BitTorrent\bittorrent.exe" [2008-11-21 637232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-22 1601304]

"V0270Mon.exe"="c:\windows\V0270Mon.exe" [2007-08-22 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-22 22:19 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2009-02-09 13:18 1657376 c:\windows\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Programmi\\BitTorrent\\bittorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=

"d:\\Programmi\\iTunes\\iTunes.exe"=

"c:\\Programmi\\DNA\\btdna.exe"=

"c:\\Programmi\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Programmi\\Guillemot\\tools\\giWebUpdater.exe"=

"d:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

"d:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

"d:\\Programmi\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=

"d:\\Giochi\\Left 4 Dead\\left4dead.exe"=

"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"d:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"d:\\Programmi\\Xfire\\Xfire.exe"=

"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

"d:\\Programmi\\Electronic Arts\\EADM\\Core.exe"=

"d:\\Programmi\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"d:\\Programmi\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

"d:\\Programmi\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=

"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"43999:TCP"= 43999:TCP:127.0.0.1

"6908:TCP"= 6908:TCP:utorrent

"6908:UDP"= 6908:UDP:utorrent

"6037:TCP"= 6037:TCP:EMule

"33189:UDP"= 33189:UDP:EMule

"4662:TCP"= 4662:TCP:EMule TCP

"4672:UDP"= 4672:UDP:EMule UDP

"5353:TCP"= 5353:TCP:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-22 325128]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-22 107272]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-22 903960]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-22 298264]

R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2008-12-11 14080]

R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2008-12-11 36352]

R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2008-12-11 77056]

R3 VF0270Dev;Live! Cam Optia;c:\windows\system32\drivers\V0270Dev.sys [2008-11-23 227488]

R3 VF0270Vfx;VF0270 Video FX;c:\windows\system32\drivers\V0270Vfx.sys [2008-11-23 7424]

S1 aswSP;avast! Self Protection; [x]

S2 AGWinService;AG Windows Service;"c:\programmi\AGI\common\win32\PythonService.exe" --> c:\programmi\AGI\common\win32\PythonService.exe [?]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]

S3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\drivers\hdjctrl.sys [2008-12-04 11008]

S3 HDJMidi;Hercules DJ Control MP3 MIDI;c:\windows\system32\drivers\HDJMidi.sys [2008-12-04 95744]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"

.

Contenuto della cartella 'Scheduled Tasks'

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1708537768-725345543-1003.job

- c:\documents and settings\Giovanni\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-02-19 19:59]

2009-02-27 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job

- d:\programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-05-02 14:15]

2008-05-23 c:\windows\Tasks\Uniblue SpeedUpMyPC.job

- d:\programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-05-02 14:15]

2009-03-01 c:\windows\Tasks\User_Feed_Synchronization-{61AD23F1-BF9E-4463-A6A9-9DD503F6C25A}.job

- c:\windows\system32\msfeedssync.exe [2009-01-15 02:01]

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)

.

------- Scansione supplementare -------

.

uStart Page = hxxp://www.google.it/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab

FF - ProfilePath - c:\documents and settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\mn2skzo4.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1400273&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/

FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=

FF - component: c:\documents and settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\mn2skzo4.default\extensions\{f4035115-6152-4901-a81d-f4e0a0479615}\components\FFAlert.dll

FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\documents and settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\mn2skzo4.default\extensions\StreamingPlugin@conviva.com\platform\WINNT_x86-msvc\plugins\npconviva.4.dll

FF - plugin: c:\documents and settings\Giovanni\Impostazioni locali\Dati applicazioni\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\programmi\Mozilla Firefox\plugins\npganymedenet.dll

FF - plugin: d:\programmi\Adobe\Reader 8.0\Reader\browser\nppdf32.dll

FF - plugin: d:\programmi\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: d:\programmi\QuickTime\Plugins\npqtplugin.dll

FF - plugin: d:\programmi\QuickTime\Plugins\npqtplugin2.dll

FF - plugin: d:\programmi\QuickTime\Plugins\npqtplugin3.dll

FF - plugin: d:\programmi\QuickTime\Plugins\npqtplugin4.dll

FF - plugin: d:\programmi\QuickTime\Plugins\npqtplugin5.dll

FF - plugin: d:\programmi\QuickTime\Plugins\npqtplugin6.dll

FF - plugin: d:\programmi\QuickTime\Plugins\npqtplugin7.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-01 21:57:34

Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-117609710-1708537768-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AE912025-70B8-EC51-D385-40579B6E05C4}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"haebfcfbnnneifga"=hex:61,61,00,7c

"jaebfcfbnnneifgapaam"=hex:63,61,6c,6f,6b,6a,00,7c

"pamplmfppngpbnonpkmknhackoaflclf"=hex:64,61,70,6e,68,6a,6e,63,00,00

[HKEY_USERS\S-1-5-21-117609710-1708537768-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:70,f3,26,ca,bc,52,82,84,eb,6d,a8,4b,89,ba,fe,71,a8,1b,34,9d,6a,

0c,5d,cc,80,8d,fc,c8,0c,49,f1,66,fe,0a,6d,8e,05,eb,1c,78,91,82,21,45,26,f5,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

Ora fine scansione: 2009-03-01 21:59:07

ComboFix-quarantined-files.txt 2009-03-01 20:58:59

Pre-Run: 17,354,309,632 byte disponibili

Post-Run: 17,341,112,320 byte disponibili

257 --- E O F --- 2009-02-25 21:44:28

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti
:) Il pc si disconnette ancora...

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

anche con la scansione online di kaspersky non mi ha trovato niente...

Ho scoperto invece che molto spesso quando mi apre dei link con internet explorer il browser continua a "caricare" all'infinito, mentre invece con firefox o altri browser tutto fila liscio...

(Ho firefox come preferito, ma alcune applicazioni che hanno dei link mi mandano ad explorer) Ti faccio un esempio: Apro una mail con Windows Live Mail, all'interno di essa c'è un link, lo clikko e si apre una bella pagina bianca di explorer che carica all'infinito. Nel frattempo apro Firefox, scrivo a mano il link, mi leggo tutta la pagina, chiudo firefox e Explorer è ancora lì che carica...

Faccio notare che quando apro Explorer mi si apre correttamente la pagina iniziale che è google, provo a fare ricerche, cercare immagini o altro e tutto funziona alla perfezione...

Boh... :)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora