Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

aiuto virus!!!!!!!!! urgente!!!!!!! Opzioni
lobo81
Inviato: Friday, October 08, 2010 12:10:08 AM
Rank: Newbie

Iscritto dal : 10/7/2010
Posts: 2
il computer non mi va piu su internet e non posso installare programmi!!! ogni volta che lo spengo mi limita sempre di piu sull'utilizzare programmi!!! mi dice che c'è qualche problema con win32
solo in modalità provvisoria riesco ad andare su internet ed installare qualche antivirus o altro....
grazie anticipatamente per l'aiuto
andrea




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.53.53, on 07/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programmi\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{29BAFC96-CB40-4C65-B86B-A52D73D6CE7E}: NameServer = 192.168.1.1,85.38.28.93
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5063 bytes
Sponsor
Inviato: Friday, October 08, 2010 12:10:08 AM

 
shapiro
Inviato: Friday, October 08, 2010 12:24:49 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

esegui queste scansioni

scarica malwarebytes

1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum



scarica combofix sul desktop

se ricevi messaggi da parte del tuo antivirus ignorali e prosegui

non installare la recovery consolle


- esegui ComboFix.exe
- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt
-

come usare correttamente combofix
lobo81
Inviato: Friday, October 08, 2010 10:29:52 PM
Rank: Newbie

Iscritto dal : 10/7/2010
Posts: 2
ok
ho fatto come mi hai detto!! ecco il file di testo copiato


ComboFix 10-10-07.02 - Administrator 08/10/2010 22.14.27.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.756 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 101007-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\lobo\Dati applicazioni\Microsoft\stor.cfg
C:\Install.exe
c:\programmi\driver

.
((((((((((((((((((((((((( Files Creati Da 2010-09-08 al 2010-10-08 )))))))))))))))))))))))))))))))))))
.

2010-10-08 20:03 . 2010-10-08 20:03 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-10-08 19:25 . 2010-10-08 20:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-10-08 19:25 . 2010-10-08 19:26 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-10-08 19:24 . 2010-10-08 19:24 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Conduit
2010-10-08 19:24 . 2010-10-08 19:24 -------- d-----w- c:\programmi\Conduit
2010-10-08 19:24 . 2010-10-08 19:24 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Softonic-IT
2010-10-08 19:24 . 2010-10-08 19:24 -------- d-----w- c:\programmi\Softonic-IT
2010-10-07 21:53 . 2010-10-07 21:53 -------- d-----w- c:\programmi\Trend Micro
2010-10-07 21:49 . 2010-10-07 21:49 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\.clamwin
2010-10-07 21:49 . 2010-10-07 21:49 -------- d-----w- c:\programmi\ClamWin
2010-10-07 21:49 . 2010-10-07 21:49 -------- d-----w- c:\documents and settings\All Users\.clamwin
2010-10-07 21:47 . 2010-10-07 21:47 -------- d-----w- c:\programmi\CCleaner
2010-10-07 21:38 . 2010-10-07 21:38 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-10-07 21:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-07 21:38 . 2010-10-07 21:38 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-10-07 21:38 . 2010-10-07 21:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-10-07 21:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\3513\AdobeARM.exe
2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\3513\AdobeExtractFiles.dll
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\3513\ReaderUpdater.exe
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Adobe\Reader\9.3\ARM\3513\AcrobatUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 21:25 . 2010-04-20 12:20 -------- d-----w- c:\documents and settings\lobo\Dati applicazioni\Skype
2010-10-07 21:25 . 2010-04-20 12:21 -------- d-----w- c:\documents and settings\lobo\Dati applicazioni\skypePM
2010-10-06 12:54 . 2010-01-23 18:39 -------- d-----w- c:\documents and settings\lobo\Dati applicazioni\vlc
2010-10-03 22:30 . 2010-07-08 22:40 456400 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-10-03 11:12 . 2010-06-29 12:21 -------- d-----w- c:\programmi\Docfa4
2010-09-19 01:19 . 2010-01-22 20:43 -------- d-----w- c:\programmi\Google
2010-09-18 18:54 . 2010-01-20 22:53 59064 ----a-w- c:\documents and settings\lobo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-08-17 16:41 . 2010-06-06 19:46 -------- d-----w- c:\documents and settings\lobo\Dati applicazioni\Sports Interactive
2010-08-17 15:52 . 2010-08-17 15:51 -------- d-----w- c:\programmi\WinUAE
2010-08-08 01:21 . 2010-08-08 01:21 503808 ----a-w- c:\documents and settings\lobo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b4f7fb2-n\msvcp71.dll
2010-08-08 01:21 . 2010-08-08 01:21 499712 ----a-w- c:\documents and settings\lobo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b4f7fb2-n\jmc.dll
2010-08-08 01:21 . 2010-08-08 01:21 348160 ----a-w- c:\documents and settings\lobo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b4f7fb2-n\msvcr71.dll
2010-08-08 01:21 . 2010-08-08 01:21 61440 ----a-w- c:\documents and settings\lobo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7f2ba780-n\decora-sse.dll
2010-08-08 01:21 . 2010-08-08 01:21 12800 ----a-w- c:\documents and settings\lobo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7f2ba780-n\decora-d3d.dll
2010-06-27 11:40 . 2010-06-27 11:40 21959 ----a-w- c:\programmi\FirmaVerifica2.1_InstallLog.log
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2010-06-03 16:24 2736736 ----a-w- c:\programmi\Softonic-IT\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2010-08-19 86016]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NVMixerTray"="c:\programmi\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"CnxDslTaskBar"="c:\programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" [2003-10-29 462848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\lobo\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Programmi\\emule\\emule.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4772:TCP"= 4772:TCP:emuleTCP
"4662:UDP"= 4662:UDP:emuleUDP

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/03/2010 21.48.40 691696]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22/01/2010 22.43.49 114768]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [22/01/2010 20.50.19 13696]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/01/2010 22.43.49 20560]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [22/01/2010 22.43.51 133104]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [28/04/2010 23.54.34 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [28/04/2010 23.54.34 646784]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [28/04/2010 23.54.34 108675]
.
Contenuto della cartella 'Scheduled Tasks'

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-22 20:43]

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-22 20:43]
.
.
------- Scansione supplementare -------
.
uStart Page =
uLocal Page =
uInternet Connection Wizard,ShellNext = hxxp://hjt-data.trendmicro.com/hjt/analyzethis/index.php?report=14038556
TCP: {29BAFC96-CB40-4C65-B86B-A52D73D6CE7E} = 192.168.1.1,85.38.28.93
.
.
Ora fine scansione: 2010-10-08 22:18:48
ComboFix-quarantined-files.txt 2010-10-08 20:18

Pre-Run: 151.325.540.352 byte disponibili
Post-Run: 155.633.934.336 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 293856A829414C9A6F60A6885FF84E13
shapiro
Inviato: Friday, October 08, 2010 10:39:22 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
vorrei anche vedere il log di malwarebytes per un confronto
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.