|
|||||||
|
|
|
 |
|
|
Strumenti |
25-11-2007, 15:20
|
#1 |
|
Senior Member
Iscritto dal: Oct 2007
Città: Messina
Messaggi: 994
|
Esegiubile dei programmi di sicurezza scomparsi
Ciao Ragazzi sono stato infettato da qualche porcheria che mi cancella il file .exe
di qualsiasi programma di sicurezza installi sul pc (AVG,Avast,Pc Tool Antivirus, Spybot). Dopo che termino l'installazione si cancella il file .exe e quindi non posso aprire il programma. Ho provato ad entrare sul computer in modalità provvisoria e dopo aver reinstallato l'antivirus tutto funzionava alla perfezione, ho fatto una scansione e non ho trovato nulla di maligno. Allora ho riavviato il pc in modalità normale e di nuovo tutto da capo il file .exe dell'antivirus cancellato. cosa devo fare? Aiuto!!! Per favore     
|
|
|
|
25-11-2007, 15:44
|
#2 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
 |
|
|
|
|
25-11-2007, 16:22
|
#3 |
|
Senior Member
Iscritto dal: Oct 2007
Città: Messina
Messaggi: 994
|
Qualcosa di più facile?
|
|
|
|
|
25-11-2007, 16:36
|
#4 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
L'alternativa più semplice è formattare.
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
|
|
|
|
|
25-11-2007, 19:50
|
#5 |
|
Senior Member
Iscritto dal: Oct 2007
Città: Messina
Messaggi: 994
|
Ma non esiste un alternativa più semplice comunque se seguo il tuo consiglio di prima quale delle due operazioni mi conviene fare prima la 1 o la 2 ? Ciao
|
|
|
|
|
25-11-2007, 20:06
|
#6 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Visto che non ti è chiaro lo riscrivo. Devi fare la 1. Se non riesci a risolvere con la 1 allora dovrai passare alla 2.
Quote:
Se decidi di provare ricordati di postare qui i log delle scansioni, secondo le regole di sezione(*** REGOLE di SEZIONE - obbligatoria la lettura!! ***).
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
Ultima modifica di Nuz : 25-11-2007 alle 20:42. |
|
|
|
|
|
25-11-2007, 20:36
|
#7 |
|
Senior Member
Iscritto dal: Oct 2007
Città: Messina
Messaggi: 994
|
Ho fatto l'analisi con elibagla ed ecco il post:
Codice:
Sun Nov 25 21:30:52 2007 EliBagle v10.73 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle Sun Nov 25 21:31:55 2007 EliBagle v10.73 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Nº Total de Directorios: 4407 Nº Total de Ficheros: 43604 Nº de Ficheros Analizados: 9214 Nº de Ficheros Infectados: 0 Nº de Ficheros Limpiados: 0 Ultima modifica di andreabarbuscia : 25-11-2007 alle 20:58. |
|
|
|
|
25-11-2007, 20:45
|
#8 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
I log vanno postati secondo queste regole:
Quote:
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
|
|
|
|
|
|
25-11-2007, 20:46
|
#9 |
|
Senior Member
Iscritto dal: Oct 2007
Città: Messina
Messaggi: 994
|
Ho fatto l'analisi con Avenger ed ecco il log:
Codice:
////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\aqeygpwf ******************* Script file located at: \??\C:\nlnnuoci.txt Script file not found! Error Could not open script file! Status: 0xc0000034 Abort! ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\gccugjdk ******************* Script file located at: \??\C:\Program Files\nqqlmfab.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\drivers\hidr.exe not found! Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed! Could not process line: C:\WINDOWS\system32\drivers\hidr.exe Status: 0xc0000034 File C:\WINDOWS\system32\drivers\srosa.sys not found! Deletion of file C:\WINDOWS\system32\drivers\srosa.sys failed! Could not process line: C:\WINDOWS\system32\drivers\srosa.sys Status: 0xc0000034 File C:\WINDOWS\system32\wintems.exe not found! Deletion of file C:\WINDOWS\system32\wintems.exe failed! Could not process line: C:\WINDOWS\system32\wintems.exe Status: 0xc0000034 File C:\WINDOWS\system32\hldrrr.exe not found! Deletion of file C:\WINDOWS\system32\hldrrr.exe failed! Could not process line: C:\WINDOWS\system32\hldrrr.exe Status: 0xc0000034 File C:\WINDOWS\system32\trusted.exe not found! Deletion of file C:\WINDOWS\system32\trusted.exe failed! Could not process line: C:\WINDOWS\system32\trusted.exe Status: 0xc0000034 File C:\WINDOWS\system32\drivers\pci32.sys not found! Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed! Could not process line: C:\WINDOWS\system32\drivers\pci32.sys Status: 0xc0000034 Could not open file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\hidr.exe for deletion Deletion of file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\hidr.exe failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\hidires\hidr.exe Status: 0xc000003a Could not open file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\rosa.sys for deletion Deletion of file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\rosa.sys failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\hidires\rosa.sys Status: 0xc000003a Could not open file C:\Documents and Settings\Andrea\Dati applicazioni\m\data.oct for deletion Deletion of file C:\Documents and Settings\Andrea\Dati applicazioni\m\data.oct failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\m\data.oct Status: 0xc000003a Could not open file C:\Documents and Settings\Andrea\Dati applicazioni\m\flec006.exe for deletion Deletion of file C:\Documents and Settings\Andrea\Dati applicazioni\m\flec006.exe failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\m\flec006.exe Status: 0xc000003a Could not open file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\m_hook.sys for deletion Deletion of file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\m_hook.sys failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\hidires\m_hook.sys Status: 0xc000003a Folder C:\WINDOWS\exefnd not found! Deletion of folder C:\WINDOWS\exefnd failed! Could not process line: C:\WINDOWS\exefnd Status: 0xc0000034 Folder C:\WINDOWS\exefld not found! Deletion of folder C:\WINDOWS\exefld failed! Could not process line: C:\WINDOWS\exefld Status: 0xc0000034 Folder C:\Documents and Settings\Andrea\Dati applicazioni\hidires not found! Deletion of folder C:\Documents and Settings\Andrea\Dati applicazioni\hidires failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\hidires Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\srosa Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully. Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\pci32 Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\rosa not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\rosa failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\rosa Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\m_hook Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK Status: 0xc0000034 Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate.////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\kjqewapy ******************* Script file located at: \??\C:\xdhukgbx.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\drivers\hidr.exe not found! Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed! Could not process line: C:\WINDOWS\system32\drivers\hidr.exe Status: 0xc0000034 File C:\WINDOWS\system32\drivers\srosa.sys not found! Deletion of file C:\WINDOWS\system32\drivers\srosa.sys failed! Could not process line: C:\WINDOWS\system32\drivers\srosa.sys Status: 0xc0000034 File C:\WINDOWS\system32\wintems.exe not found! Deletion of file C:\WINDOWS\system32\wintems.exe failed! Could not process line: C:\WINDOWS\system32\wintems.exe Status: 0xc0000034 File C:\WINDOWS\system32\hldrrr.exe not found! Deletion of file C:\WINDOWS\system32\hldrrr.exe failed! Could not process line: C:\WINDOWS\system32\hldrrr.exe Status: 0xc0000034 File C:\WINDOWS\system32\trusted.exe not found! Deletion of file C:\WINDOWS\system32\trusted.exe failed! Could not process line: C:\WINDOWS\system32\trusted.exe Status: 0xc0000034 File C:\WINDOWS\system32\drivers\pci32.sys not found! Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed! Could not process line: C:\WINDOWS\system32\drivers\pci32.sys Status: 0xc0000034 Could not open file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\hidr.exe for deletion Deletion of file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\hidr.exe failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\hidires\hidr.exe Status: 0xc000003a Could not open file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\rosa.sys for deletion Deletion of file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\rosa.sys failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\hidires\rosa.sys Status: 0xc000003a Could not open file C:\Documents and Settings\Andrea\Dati applicazioni\m\data.oct for deletion Deletion of file C:\Documents and Settings\Andrea\Dati applicazioni\m\data.oct failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\m\data.oct Status: 0xc000003a Could not open file C:\Documents and Settings\Andrea\Dati applicazioni\m\flec006.exe for deletion Deletion of file C:\Documents and Settings\Andrea\Dati applicazioni\m\flec006.exe failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\m\flec006.exe Status: 0xc000003a Could not open file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\m_hook.sys for deletion Deletion of file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\m_hook.sys failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\hidires\m_hook.sys Status: 0xc000003a Folder C:\WINDOWS\exefnd not found! Deletion of folder C:\WINDOWS\exefnd failed! Could not process line: C:\WINDOWS\exefnd Status: 0xc0000034 Folder C:\WINDOWS\exefld not found! Deletion of folder C:\WINDOWS\exefld failed! Could not process line: C:\WINDOWS\exefld Status: 0xc0000034 Folder C:\Documents and Settings\Andrea\Dati applicazioni\hidires not found! Deletion of folder C:\Documents and Settings\Andrea\Dati applicazioni\hidires failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\hidires Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\srosa Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\pci32 Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\rosa not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\rosa failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\rosa Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\m_hook Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK Status: 0xc0000034 Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate.////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ptdcylan ******************* Script file located at: \??\C:\rsxcdpbf.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\drivers\hidr.exe not found! Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed! Could not process line: C:\WINDOWS\system32\drivers\hidr.exe Status: 0xc0000034 File C:\WINDOWS\system32\drivers\srosa.sys not found! Deletion of file C:\WINDOWS\system32\drivers\srosa.sys failed! Could not process line: C:\WINDOWS\system32\drivers\srosa.sys Status: 0xc0000034 File C:\WINDOWS\system32\wintems.exe not found! Deletion of file C:\WINDOWS\system32\wintems.exe failed! Could not process line: C:\WINDOWS\system32\wintems.exe Status: 0xc0000034 File C:\WINDOWS\system32\hldrrr.exe not found! Deletion of file C:\WINDOWS\system32\hldrrr.exe failed! Could not process line: C:\WINDOWS\system32\hldrrr.exe Status: 0xc0000034 File C:\WINDOWS\system32\trusted.exe not found! Deletion of file C:\WINDOWS\system32\trusted.exe failed! Could not process line: C:\WINDOWS\system32\trusted.exe Status: 0xc0000034 File C:\WINDOWS\system32\drivers\pci32.sys not found! Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed! Could not process line: C:\WINDOWS\system32\drivers\pci32.sys Status: 0xc0000034 Could not open file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\hidr.exe for deletion Deletion of file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\hidr.exe failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\hidires\hidr.exe Status: 0xc000003a Could not open file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\rosa.sys for deletion Deletion of file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\rosa.sys failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\hidires\rosa.sys Status: 0xc000003a Could not open file C:\Documents and Settings\Andrea\Dati applicazioni\m\data.oct for deletion Deletion of file C:\Documents and Settings\Andrea\Dati applicazioni\m\data.oct failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\m\data.oct Status: 0xc000003a Could not open file C:\Documents and Settings\Andrea\Dati applicazioni\m\flec006.exe for deletion Deletion of file C:\Documents and Settings\Andrea\Dati applicazioni\m\flec006.exe failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\m\flec006.exe Status: 0xc000003a Could not open file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\m_hook.sys for deletion Deletion of file C:\Documents and Settings\Andrea\Dati applicazioni\hidires\m_hook.sys failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\hidires\m_hook.sys Status: 0xc000003a Folder C:\WINDOWS\exefnd not found! Deletion of folder C:\WINDOWS\exefnd failed! Could not process line: C:\WINDOWS\exefnd Status: 0xc0000034 Folder C:\WINDOWS\exefld not found! Deletion of folder C:\WINDOWS\exefld failed! Could not process line: C:\WINDOWS\exefld Status: 0xc0000034 Folder C:\Documents and Settings\Andrea\Dati applicazioni\hidires not found! Deletion of folder C:\Documents and Settings\Andrea\Dati applicazioni\hidires failed! Could not process line: C:\Documents and Settings\Andrea\Dati applicazioni\hidires Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\srosa Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\pci32 Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\rosa not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\rosa failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\rosa Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\m_hook Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK Status: 0xc0000034 Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Ultima modifica di andreabarbuscia : 25-11-2007 alle 20:58. |
|
|
|
|
25-11-2007, 20:48
|
#10 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Ti invito a modificare i tuoi precedenti post perchè i log vanno postati secondo queste regole:
Quote:
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
|
|
|
|
|
|
25-11-2007, 20:59
|
#11 |
|
Senior Member
Iscritto dal: Oct 2007
Città: Messina
Messaggi: 994
|
Ho fatto la scnasione con Panda Anti-Rootkit e non mi ha trovato niente.
|
|
|
|
|
25-11-2007, 21:02
|
#12 |
|
Senior Member
Iscritto dal: Oct 2007
Città: Messina
Messaggi: 994
|
Ho fatto la scnasione con HijackThis ed ecco il log:
Codice:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.01.34, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andrea\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [aqbqdqtd] C:\gguwhnyj.bat
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192733317156
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFBBFD9-4085-42F4-B982-AC5519C6CDCE}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A39B1F4-014A-4531-97F5-E1C7EA912DA4}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3E183A2-371B-4F00-9992-5FF45B5FEE96}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4AFBBFD9-4085-42F4-B982-AC5519C6CDCE}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{4AFBBFD9-4085-42F4-B982-AC5519C6CDCE}: NameServer = 192.168.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 5905 bytes
|
|
|
|
|
25-11-2007, 21:04
|
#13 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
A questo punto, visto il risultato delle precedenti scansioni è meglio se segui la GUIDA alla DISINFEZIONE per INFETTI.
I prossimi log però mettili con la funzione Gestisci Allegati, così si riduce la lunghezza della discussione.
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
|
|
|
|
|
25-11-2007, 21:08
|
#14 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Fixa queste voci:
O4 - HKLM\..\Run: [aqbqdqtd] C:\gguwhnyj.bat O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) Poi apri Avenger, selezionare "Input script manually" e cliccare sulla lente d'ingrandimento. Nella nuova finestra, incollare lo script che viene indicato cliccare sul pulsante "Done",cliccare sull'icona di semaforo verde rispondere "yes" 2 volte ;il pc dovrebbe riavviarsi da solo se così non fosse, riavvialro manualmente. Quote:
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
Ultima modifica di Nuz : 25-11-2007 alle 21:13. |
|
|
|
|
|
25-11-2007, 21:14
|
#15 |
|
Senior Member
Iscritto dal: Oct 2007
Città: Messina
Messaggi: 994
|
Ha fatto una scansione com gmer e non mi ha riportato nessuna voce in rosso. Ho fixato quella voce che mi hai detto prima. Ora cosa faccio eseguo le instruzione dell'altra guida?
|
|
|
|
|
25-11-2007, 21:16
|
#16 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Roma
Messaggi: 2155
|
Ho modificato il precedente post, leggilo e fai anche le altre cose e poi posta un nuovo log di HJT.
__________________
Kaspersky Virus Removal Tool | Avira AntiVir Rescue System | Threatfire in Italiano | Norton User Account Control (beta) La tua prossima affermazione sarà un No? Rispondi con un Si o un No.
|
|
|
|
|
26-11-2007, 13:32
|
#17 |
|
Senior Member
Iscritto dal: Oct 2007
Città: Messina
Messaggi: 994
|
Ho fixato quelle voci ed ecco il log:
|
|
|
|
|
26-11-2007, 13:42
|
#18 |
|
Senior Member
Iscritto dal: Oct 2007
Città: Messina
Messaggi: 994
|
Ho fatto la scansione con Eset ADS ed ecco il log:
|
|
|
|
|
26-11-2007, 15:04
|
#19 |
|
Senior Member
Iscritto dal: Oct 2007
Città: Messina
Messaggi: 994
|
Ha fatto la scansione con a-squarer ed ecco il log:
|
|
|
|
|
26-11-2007, 15:09
|
#20 |
|
Senior Member
Iscritto dal: Oct 2007
Città: Messina
Messaggi: 994
|
Ha fatto la scansione con Prevx CSI e non mi ha trovato niente.
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 15:36.
