google chrome non apre più molte pagine web

Pubblicità
sueco_82

sueco_82

Utente Attivo
Messaggi
108
Reazioni
1
Punteggio
38
Ciao a tutti, da due giorni a questa parte ho alcuni problemi di navigazione: google chrome non apre più parecchi siti (linkedin, FB, speedtest.net, pure il sito x scaricare hijackthis, ecc..). Eseguita scansione con avira e non ha trovato niente. Malwarebytes trovate 2 minaccie, eliminate. Eseguita pulizia con CCleaner e riavviato sistema ma tutto come prima. In questo momento, tra l'altro, lo speakerino del case ha fatto un bip e si sono accese simultaneamente le 3 lucette della tastiera (bloc num, lock, blocc scorr)..mah!
Eseguita scansione con hijackthis, copio di seguito il log.

Codice: 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:16888
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Badoo Desktop] C:\Documents and Settings\All Users\Dati applicazioni\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: My 190.lnk = C:\Programmi\My 190\My 190.exe
O4 - Startup: Widget vodafone.lnk = C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VPro530.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1312028989389
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe


--
End of file - 5590 bytes

cosa posso fare?
 
eccolo.

Codice: 
Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11.04.40, on 26/01/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Dati applicazioni\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\VPro530.exe
C:\Programmi\My 190\My 190.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:16888
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Badoo Desktop] C:\Documents and Settings\All Users\Dati applicazioni\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: My 190.lnk = C:\Programmi\My 190\My 190.exe
O4 - Startup: Widget vodafone.lnk = C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VPro530.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1312028989389
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe


--
End of file - 5590 bytes
 
Avvia Hijackthis e fixa queste (spuntale e clicca sotto su fix checked) :

O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [Badoo Desktop] C:\Documents and Settings\All Users\Dati applicazioni\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"


Riavvia il pc.
 
Ragazzi ho un problema similare, sempre con google chrome, in pratica non riesco ad accedere su siti tipo ebay o tomshw!

Ecco la scansione con hijackthis...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12.55.27, on 26/01/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Microsoft Security Client\msseces.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\Windows Live\Mail\wlmail.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MSC] "c:\Programmi\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1326931539718
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe


--
End of file - 6335 bytes
 
@Entrambi
Scaricate Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● Disattivate antivirus , firewall e connessione internet
● Se usate Vista\7 , tasto destro sul file scaricato e cliccate su Esegui come amministratore , se usate XP cliccate su combofix.exe e rifiutate la console.
● Si aprirà la schermata blu , seguite le istruzioni a schermo per la scansione e aspettate le operazioni del programma (senza toccare nulla)

Riavviate il pc , postate il log generato dal programma stesso
 
Codice: 
ComboFix 12-01-26.01 - Administrator 26/01/2012  13.41.49.1.2 - x86Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.3071.2580 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Documenti\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\alcrmv.exe
c:\windows\system32\CRYPT.DLL
c:\windows\system32\winlogon.bak
.
.
(((((((((((((((((((((((((   Files Creati Da 2011-12-26 al 2012-01-26  )))))))))))))))))))))))))))))))))))
.
.
2012-01-19 11:01 . 2012-01-19 11:01	--------	d-----w-	C:\9180e28c45daa25c3c4d
2012-01-19 09:53 . 2012-01-19 09:53	--------	d-----w-	C:\832bbfb14c059ef560f15378
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 08:43 . 2008-04-14 12:00	510464	----a-w-	c:\windows\system32\winlogon.exe
2011-11-25 21:57 . 2008-04-14 12:00	293888	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-14 12:00	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2008-04-14 12:00	60928	----a-w-	c:\windows\system32\packager.exe
2011-11-16 14:22 . 2008-04-14 12:00	354816	----a-w-	c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2008-04-14 12:00	152064	----a-w-	c:\windows\system32\schannel.dll
2011-11-09 21:39 . 2011-11-09 21:39	59904	----a-w-	c:\windows\system32\OpenVideo.dll
2011-11-09 21:39 . 2011-11-09 21:39	54784	----a-w-	c:\windows\system32\OVDecode.dll
2011-11-09 21:38 . 2011-11-09 21:38	14375936	----a-w-	c:\windows\system32\amdocl.dll
2011-11-09 21:37 . 2011-11-09 21:37	44032	----a-w-	c:\windows\system32\OpenCL.dll
2011-11-04 19:13 . 2008-04-14 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-14 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2008-04-14 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-11-04 11:24 . 2008-04-14 12:00	385024	------w-	c:\windows\system32\html.iec
2011-11-03 15:28 . 2008-04-14 12:00	386560	----a-w-	c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-14 12:00	1297408	----a-w-	c:\windows\system32\quartz.dll
2011-11-01 20:35 . 2011-11-01 20:35	81920	------w-	c:\windows\system32\ieencode.dll
2011-11-01 16:07 . 2008-04-14 12:00	1288192	----a-w-	c:\windows\system32\ole32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-01-19 . 90F406811EE1EEE294792D00E21CA16C . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"MSC"="c:\programmi\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SoundMan"="SOUNDMAN.EXE" [2004-01-09 65536]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 98304]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows 
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 gupdate;Servizio Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [20/01/2012 18.45.46 136176]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [23/01/2012 23.56.25 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [23/01/2012 23.56.25 8456]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [20/01/2012 18.45.46 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14/04/2008 13.00.00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2012-01-20 17:45]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2012-01-20 17:45]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1275210071-1417001333-500Core.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-01-18 15:06]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1275210071-1417001333-500UA.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-01-18 15:06]
.
2012-01-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
2012-01-26 c:\windows\Tasks\User_Feed_Synchronization-{EEC2154B-8CB8-4A04-B78F-2923A6BD1050}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-26 13:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ... 
.
scansione entrate autostart nascoste ... 
.
Scansione files nascosti ... 
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1614895754-1275210071-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,2f,de,21,26,f2,d5,4a,8d,22,af,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,2f,de,21,26,f2,d5,4a,8d,22,af,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Ora fine scansione: 2012-01-26  13:45:41
ComboFix-quarantined-files.txt  2012-01-26 12:45
.
Pre-Run: 301.831.204.864 byte disponibili
Post-Run: 302.806.454.272 byte disponibili
.
- - End Of File - - 7A624B438324264D9F80DAD2B12A89A6
 
ecco il log di combofix:

Codice: 
ComboFix 12-01-26.01 - Andrea 26/01/2012  13.58.00.1.1 - x86Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.1279.743 [GMT 1:00]
Eseguito da: c:\documents and settings\Andrea\Documenti\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {00000000-0715-0000-08F2-12001494807C}
AV: Avira Desktop *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\Andrea\WINDOWS
c:\windows\IsUn0410.exe
.
.
(((((((((((((((((((((((((   Files Creati Da 2011-12-26 al 2012-01-26  )))))))))))))))))))))))))))))))))))
.
.
2012-01-26 10:03 . 2012-01-26 10:03	388096	----a-r-	c:\documents and settings\Andrea\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-26 10:03 . 2012-01-26 10:03	--------	d-----w-	c:\programmi\Trend Micro
2012-01-25 18:09 . 2012-01-25 18:50	--------	d-----w-	c:\documents and settings\Administrator
2012-01-25 17:17 . 2012-01-25 17:18	--------	d-----w-	c:\programmi\Google
2012-01-25 14:14 . 2012-01-25 17:09	--------	d-----w-	c:\windows\system32\NtmsData
2012-01-12 13:51 . 2007-04-04 17:55	261480	----a-w-	c:\windows\system32\xactengine2_7.dll
2012-01-12 13:45 . 2012-01-24 15:46	--------	d-----w-	c:\windows\Logs
2012-01-09 15:22 . 2012-01-09 15:22	--------	d-----w-	c:\documents and settings\Andrea\Dati applicazioni\Creative
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 19:01 . 2011-12-12 19:02	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-12-12 19:01 . 2011-12-12 19:02	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-12-10 14:24 . 2011-07-30 12:01	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-01 16:55 . 2011-12-18 16:27	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-12-01 16:55 . 2011-12-18 16:27	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-12-01 16:55 . 2011-12-18 16:27	134856	----a-w-	c:\windows\system32\drivers\avipbb.sys
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\programmi\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2011-12-01 258512]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\
My 190.lnk - c:\programmi\My 190\My 190.exe [2011-12-13 142336]
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [N/A]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
VPro530.lnk - c:\windows\VPro530.exe [2011-11-13 155648]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Andrea\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [18/12/2011 17.27.37 36000]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [18/12/2011 17.27.39 86224]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [30/07/2011 13.01.05 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30/07/2011 13.01.01 20464]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [13/11/2011 14.17.57 88704]
R3 SPC530;Philips SPC530NC PC Camera;c:\windows\system32\drivers\SPC530.sys [13/11/2011 14.17.48 486912]
R3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\system32\drivers\SPC530m.sys [13/11/2011 14.17.48 7680]
S2 gupdate;Servizio Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [25/01/2012 18.18.38 136176]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [25/01/2012 18.18.38 136176]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-01-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-484763869-602162358-725345543-1003Core.job
- c:\documents and settings\Andrea\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2011-12-25 22:32]
.
2012-01-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-484763869-602162358-725345543-1003UA.job
- c:\documents and settings\Andrea\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2011-12-25 22:32]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2012-01-25 17:17]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2012-01-25 17:17]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:16888
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Notify-WgaLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-26 14:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ... 
.
scansione entrate autostart nascoste ... 
.
Scansione files nascosti ... 
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Ora fine scansione: 2012-01-26  14:04:17
ComboFix-quarantined-files.txt  2012-01-26 13:04
.
Pre-Run: 19.176.468.480 byte disponibili
Post-Run: 19.141.271.552 byte disponibili
.
- - End Of File - - 3FC93F5990A0276B6CA3B5C1EBA0E4EE

adesso?:nunu:
 
@sueco
Non visualizzo infenzioni nel log , combofix avrà eliminato qualche minaccia.
Scarica Sophos Anti-rootkit:
Sophos Anti-Rootkit
● Disabilita momentanemanete l'antivirus
● Avvia il tool ed effettua una scansione
● Aspetta che finisce e alla fine posta il suo log delle operazioni effettuate.
 
Da me hai per caso notato qualche Malware/Virus? E' strano perchè avevo formattato si e no la settimana scorsa... Avevo lasciato solo dei file in un hard disk a parte, foto di famiglia, video... possibile che siano rimaste tracce di virus anche su quell'hard disk? booh! Mi dispiacerebbe dover cancellare quelle foto e quei video
 
nel frattempo ho avviato una scansione online con ESET, aspetto che finisca e posto il log. Dopo di che avvio sophos. Vi aggiorno verso le 18.
Peppe: se in quel hd hai messo solo foto e video è difficile che vi siano virus. Questo te lo dico da perfetto ignorante, poi vedi tu..
 
Prima di formattarlo avevo un problema più ricorrente, era un virus che mi aveva devastato un pc... si chiamava jeefo... questo visus praticamente si sdoppiava all'agente smith di matrix per rendere l'idea :D
 
Ultima modifica:
fatta scansione con sophos anti-rootkit ma non ha trovato niente.
Altre possibili vie prima di una violenta formattazione?
 
A questo punto vedrei il problema a livello di rete...la tua configurazione?
ti connetti via wireless o ethernet?modello del router - modem ?
 
Pubblicità
Pubblicità
Indietro
Top