Pagina 1 di 1

connessione siti antivirus

MessaggioInviato: mer nov 24, 2010 9:26 am
da pixel22
Salve gente,
purtoppo ho un problema con un pc di un amico.
In pratica non riesce a visualizzare (nè a pingare) i siti di antivirus come "avast.com", mentre se avvia il pc in modalità provvisoria ci riesce.
Io ho fatto questi passaggi ma non son bastati...
- avviato in modalità provvisoria
- installato avast
- disabilitato i ripristini di sistema

- avviato il pc normalmente
- fatto girare avast che non ha rilevato nulla
- fatto girare hijackthis e rimosso le chiavi strane
- fatto girare combofix che mi ha dato questo output
Codice: Seleziona tutto
ComboFix 10-11-23.01 - utente 23/11/2010  20.58.23.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.39.1040.18.511.162 [GMT 1:00]
Eseguito da: c:\documents and settings\utente\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\utente\Recent\images%3Fq%3Dlogo%2Bdvd&hl=it&usg=__xTREK9FC08Ridbg37pCPrE6pydI=&ei=SW-FS_WLMJT1_AbZz8i-Ag&sa=X&oi=image_result&resnum=3&ct=image&ved=0CA0Q9QEwAg.url
C:\Install.exe
C:\Thumbs.db
c:\windows\system32\AutoRun.inf
c:\windows\system32\Thumbs.db

.
(((((((((((((((((((((((((   Files Creati Da 2010-10-23 al 2010-11-23  )))))))))))))))))))))))))))))))))))
.

2010-11-23 18:54 . 2010-11-23 18:54   --------   d-----w-   C:\backups
2010-11-23 18:46 . 2010-11-23 18:45   388608   ----a-w-   C:\HijackThis.exe
2010-11-23 18:24 . 2010-11-23 19:47   --------   d-----w-   c:\documents and settings\utente\Dati applicazioni\TeamViewer
2010-11-23 18:19 . 2010-09-07 15:52   165584   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2010-11-23 18:19 . 2010-09-07 15:47   17744   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2010-11-23 18:19 . 2010-09-07 15:47   23376   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2010-11-23 18:19 . 2010-09-07 15:52   46672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2010-11-23 18:19 . 2010-09-07 15:47   100176   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2010-11-23 18:19 . 2010-09-07 15:47   94544   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2010-11-23 18:19 . 2010-09-07 15:46   28880   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2010-11-23 18:19 . 2010-09-07 16:12   38848   ----a-w-   c:\windows\avastSS.scr
2010-11-23 18:19 . 2010-09-07 16:11   167592   ----a-w-   c:\windows\system32\aswBoot.exe
2010-11-12 18:46 . 2010-11-12 18:46   4280320   ----a-w-   c:\windows\system32\GPhotos.scr

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 20:39 . 2010-07-05 20:39   7712976   ----a-w-   c:\programmi\vso_image_resizer4_setup.exe
2010-06-08 19:00 . 2010-06-08 19:00   260400   ----a-w-   c:\programmi\SoftonicDownloader12536.exe
2010-04-12 08:11 . 2010-04-12 08:11   253264   ----a-w-   c:\programmi\SoftonicDownloader51705.exe
2010-03-31 17:40 . 2010-03-31 17:40   12400120   ----a-w-   c:\programmi\picasa36-setup.exe
2010-03-10 14:42 . 2010-03-10 14:42   233816   ----a-w-   c:\programmi\SoftonicDownloader69496.exe
2010-02-24 10:18 . 2010-02-24 10:18   11365992   ----a-w-   c:\programmi\zlsSetup_61_737_000_it.exe
2010-02-24 08:57 . 2010-02-24 08:56   97395640   ----a-w-   c:\programmi\Ad-AwareInstaller8.2.exe
2009-10-05 16:07 . 2009-10-05 16:06   10053112   ----a-w-   c:\programmi\picasa3-setup.exe
2009-09-28 09:20 . 2009-09-28 09:20   33853800   ----a-w-   c:\programmi\Nokia_PC_Suite_7_1_30_9_ita_web.exe
2009-09-10 17:50 . 2009-09-10 17:50   1246352   ----a-w-   c:\programmi\Google Updater.exe
2009-08-17 12:45 . 2009-08-17 12:45   17344496   ----a-w-   c:\programmi\IE8-Setup-Full.exe
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-17 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"NokiaOviSuite2"="c:\programmi\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 110592]
"avast5"="c:\programmi\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\utente\Menu Avvio\Programmi\Esecuzione automatica\
Utilit… controllo supporti di PMB.lnk - c:\programmi\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-4-17 333088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^utente^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\utente\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 01:06   40048   ----a-w-   c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34   49152   ----a-w-   c:\programmi\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-19 13:51   1667584   ------w-   c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-17 03:42   577536   ----a-r-   c:\windows\soundman.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7450:TCP"= 7450:TCP:teniwmr

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [24/02/2010 10.02.26 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/11/2010 19.19.38 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/11/2010 19.19.38 17744]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [05/02/2010 10.03.30 1352832]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [10/09/2009 18.51.43 133104]
S2 pnsnvva;Network Manager;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 13.00.00 14336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13/09/2010 8.33.06 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13/09/2010 8.33.06 8320]
S4 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [08/01/2010 0.51.02 380928]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - AVAST!_ANTIVIRUS
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
pnsnvva
.
Contenuto della cartella 'Scheduled Tasks'

2010-11-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-05 06:47]

2010-11-23 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-22 17:50]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-09-10 17:51]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-09-10 17:51]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: {514BDF4B-103F-4BE0-AB68-8CD05F17C35A} = 151.99.0.100,151.99.125.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-NWEReboot - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Picasa Media Detector - c:\programmi\Picasa2\PicasaMediaDetector.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 21:13
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pnsnvva]
"ServiceDll"="c:\windows\system32\cunmpmt.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Ora fine scansione: 2010-11-23  21:16:01
ComboFix-quarantined-files.txt  2010-11-23 20:15

Pre-Run: 98.512.760.832 byte disponibili
Post-Run: 99.984.617.472 byte disponibili

- - End Of File - - 6B8A9CBA0A3BD7F4703340D4E8FB7339



Qualcuno ha qualche idea su come risolvere o trovare il problema?
Secondo me è qualche virus...Grazie

Re: connessione siti antivirus

MessaggioInviato: mer nov 24, 2010 11:22 am
da crazy.cat
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pnsnvva]
"ServiceDll"="c:\windows\system32\cunmpmt.dll"

Brutta questa chiave, trova la dll e caricala sul sito www.virustotal.com e vediamo di cosa si tratta.
Posta anche il log di hijackthis.