sono infetto.. file 2E.tmp

[parachut3s]

sono infetto da un trojan (credo)

le sto provando tutte ma nisba.

posto il mio filelog di hijackthis così magari potete aiutarmi

Logfile of HijackThis v1.99.1
Scan saved at 17.13.59, on 16/02/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\disvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\2E.tmp
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wmsv.exe
C:\WINDOWS\System32\dslagent.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\bak\qttask.exe
C:\Programmi\Java\jre1.5.0_06\bin\bak\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\programmi\internet explorer\iexplore.exe
C:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\2E.tmp
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\system32\2E.tmp
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliType] "C:\Programmi\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft (R) Windows Protocol Deployment Manager] C:\WINDOWS\system32\2E.tmp
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmi\GetRight\getright.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135429397732
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9541C64-377F-4DFC-A01A-85DD433DE7B5}: NameServer = 85.255.116.87 85.255.112.174
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Microsoft Windows Software Update Service (mswsus) - Unknown owner - C:\WINDOWS\System32\mswsus.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Protocol Deployment Manager (PDM) - Unknown owner - C:\WINDOWS\system32\2E.tmp
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

[wearethechampions]

3d ufficiali

[wizard1993]

fixa
C:\WINDOWS\system32\disvc.exe
C:\WINDOWS\system32\2E.tmp
C:\WINDOWS\system32\wmsv.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\2E.tm
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\system32\2E.tmp
O4 - HKLM\..\Run: [Microsoft (R) Windows Protocol Deployment Manager] C:\WINDOWS\system32\2E.tmp
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O23 - Service: Microsoft Windows Software Update Service (mswsus) - Unknown owner - C:\WINDOWS\System32\mswsus.exe
O23 - Service: Windows Protocol Deployment Manager (PDM) - Unknown owner - C:\WINDOWS\system32\2E.tmp

e scaricati prevx1 e fai una bella passata; poi falla anceh con le scan on-line di trendmicro bitdefender e panda

[parachut3s]

i fix di hijackthis sembrano non aver effetto. dopo che fixo i file si rigenerano.

per quanto riguarda prevx1 non riesco ad installarlo. arriva all'81% e si blocca.

poi quando riavvia il computer dice "unable to start Prevx service. your machine is not protected. impossibile avviare il servizio. il servizio è disabilitato oppure non è associato a nessuna periferica"

[lancetta]

vedo che non hai neanche il service pack2 ad ogni buon modo posta nel 3d ufficiale di hijackthis