PROBLEMA nessuna connessione ad internet dopo scansione all'avvio di avast. aiutoooo!!!!!

[kakolukian]

Ciao a tutti.

come ho letto in alcuni post un pò vecchiotti qualcuno ha già avuto di questi problemi in passato, come al solito ho cercato di fare quanto scritto ma con poco successo.
Vengo e mi spiego:
Da tre giorni circa Avira mi segnala sul PC un virus che tenta di rimuovere ma che nn riesce a farlo (non chiedetemi il nome perchè ormai non lo visualizzo più).
Tentando con scansioni approfondite di eliminare il problemi mi viene in mente di installare AVAST (usato in passato sul pc quando avevo XP, approposito il sistema operativo attuale è il SEVEN) inquanto dà la cazzutissima possibilità di avviare una scansione all'avvio di windows che sempre in passato mi ha risolto diversi problemi.
NON L'AVESSI MAI FATTO!!!!!!!!! cosa è successo: in pratica dopo ore di scansione mi ha chiesto la conferma ad eliminare diversi file infetti io ho messo si tutto e lui ha eseguito.
Risolto un problema se ne è creato subito un'altro..... il PC funziona correttamente ma il piccolo problema è che NON SI CONNETTE PI§ A INTERNET!!!!!!!!!
Voglio morire. Seguendo sempre i magici forum stò effettuando una scansione con COMBOFIX, speriamo che vada in porto, mi si diceva che combofix creerà un rapporto di quanto fatto alla fine della scansione che mi appresterò a postare.
Certo di un qualsiasi vostro suggerimento vi ringrazio anticipatamente e soprattutto vi chiedo AIUTOOOOOOOOO!!!!!!!.
P.S. formattare mi sembra davvero un peccato, dato che il PC funziona regolarmente.:sisi::(

 

[kakolukian]

Risoltooooooo!! con ComboFix, la connessione è ritornata normalmente, adesso vi posto il LOG di Combofix vorrei delle delucidazioni su quanto c'è scritto. Perchè molto serenamente e tranquillamente vi dico che NON SI CAPISCE UNA MAZZA!!!!!!!

Naturalmente si accettano suggerimenti su cosa fare se devo disinstallare combofix, se lo devo utilizzare periodicamente, se devo fare altro in base a quello che c'è scritto sul LOG...... ditemi tutto.


ComboFix 12-04-16.02 - Casa Romeo 17/04/2012 11:10:05.1.1 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.2304.1638 [GMT 2:00]
Eseguito da: J:\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB52911$
c:\windows\$NtUninstallKB52911$\2753129142\@
c:\windows\$NtUninstallKB52911$\2753129142\cfg.ini
c:\windows\$NtUninstallKB52911$\2753129142\Desktop.ini
c:\windows\$NtUninstallKB52911$\2753129142\L\xadqgnnk
c:\windows\$NtUninstallKB52911$\2753129142\oemid
c:\windows\$NtUninstallKB52911$\2753129142\U\00000001.@
c:\windows\$NtUninstallKB52911$\2753129142\U\00000002.@
c:\windows\$NtUninstallKB52911$\2753129142\U\00000004.@
c:\windows\$NtUninstallKB52911$\2753129142\U\80000000.@
c:\windows\$NtUninstallKB52911$\2753129142\U\80000004.@
c:\windows\$NtUninstallKB52911$\2753129142\U\80000032.@
c:\windows\$NtUninstallKB52911$\2753129142\version
c:\windows\$NtUninstallKB52911$\3938249497
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dds_trash_log.cmd
.
c:\windows\system32\drivers\afd.sys was missing
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-17 al 2012-04-17 )))))))))))))))))))))))))))))))))))
.
.
2012-04-17 08:13 . 2012-04-17 08:13 -------- d-----w- c:\program files\WareSoft Software Toolbar
2012-04-17 08:13 . 2008-11-13 07:26 616024 ----a-w- c:\windows\system32\COMCTL32.OCX
2012-04-16 10:58 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-16 10:58 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-16 10:58 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-16 10:58 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-16 10:58 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-16 10:58 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-16 10:57 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-16 10:57 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-16 10:56 . 2012-04-16 10:56 -------- d-----w- c:\programdata\AVAST Software
2012-04-16 10:56 . 2012-04-16 10:56 -------- d-----w- c:\program files\AVAST Software
2012-04-16 10:24 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2012-04-16 10:24 . 2012-04-16 10:24 -------- d-----w- c:\program files\Panda Security
2012-04-16 08:58 . 2012-04-16 08:58 -------- d-----w- c:\users\Casa Romeo\AppData\Local\NokiaAccount
2012-04-12 09:26 . 2012-04-14 11:52 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-12 08:05 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 08:05 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 08:05 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 08:05 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 08:05 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 08:05 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 11:52 . 2011-05-31 14:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 05:34 . 2012-03-13 18:26 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 18:26 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 18:26 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-14 18:21 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 03:54 . 2012-03-14 18:21 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:32 . 2012-03-13 18:26 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-13 18:26 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-13 18:26 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36D66554-AA81-4F55-9203-F18C941AC280}]
2011-11-08 11:53 420576 ----a-w- c:\program files\WareSoft Software Toolbar\Toolbar32.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]
"{6F9C75C9-9646-4BF2-BC9B-D9A6003461E4}"= "c:\program files\WareSoft Software Toolbar\Toolbar32.dll" [2011-11-08 420576]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CLASSES_ROOT\clsid\{6f9c75c9-9646-4bf2-bc9b-d9a6003461e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousUserGroupPolicy"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-11-03 15232]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-31 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-11-03 64512]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-09 218688]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 Updater Service for WareSoft Software Toolbar;Updater Service for WareSoft Software Toolbar;c:\program files\WareSoft Software Toolbar\ToolbarUpdaterService.exe [2011-11-08 244960]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
bltrust
bthidenum
WinVd32
hpwirelessmgr
aexnsclient
winachcf
oracle%oracle_home_service%clientcache80
drvnddm
nic1394
ScsiPort
lxcc_device
aic78u2
usbsermptxp
lxby_device
sfvfs02
bdpredir
mozyFilter
upnp
DN2AKNET
IBM_LLC2
nicconfigsvc
btwavdt
vsapint
roxwatch
SbcpHid
oracleorahometnslistener
interactivelogon
rismxdp
BLKWGU(Belkin)
pxhelp20
smcservice
lxcj_device
NPDriver
mdmxsdk
NxFsMon
kraidsvc
crystalaps
USB11LDR
vulfnths
pmj151la
EKECioCtl
ntrtscan
Tb2RCAssist
Slpsvdr
basfipm
icollectservice
aegisp
HssSrv
savscan
avidstartup
iaimtv1
isamsmt
winpowermonitor
mps9
omniusbl
CXTUNE
PGPwded
w200bus
Defrag32
audstub
ni_nic
nipxirmu
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 11:52]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 20:19]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 20:19]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2005554318-3220130060-1088774552-1000Core.job
- c:\users\Casa Romeo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 09:39]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2005554318-3220130060-1088774552-1000UA.job
- c:\users\Casa Romeo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 09:39]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.waresoftsearch.com/?src=startpage&provider=&provider_name=yahoo&provider_code=&partner_id=267&product_id=849&affiliate_id=&channel=&toolbar_id=232&toolbar_version=2.4.0&install_country=US&install_date=20120417&user_guid=BCF86A0A3BDA46EAAF83246FB52B2B88&machine_id=38186f302a1961fafeeb80e69bda552c&browser=IE&os=win&os_version=6.1-x86-SP1
IE: E&sporta in Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(4788)
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\DllHost.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2012-04-17 11:34:31 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-04-17 09:34
.
Pre-Run: 106.760.376.320 byte disponibili
Post-Run: 109.079.416.832 byte disponibili
.
- - End Of File - - 92AB238283C516B95C05263E9423D2F5

 

[kakolukian]

hei ragazzi..... sono nuovamente quì, attendo un riscontro cosa dorei fare con combofix?????

notte a domani.:look: