Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » problemi pc

5 pages: 1 [2] 3 4 5
problemi pc Opzioni
Topic Precedente · Topic Sucessivo
sibo78
Inviato: Thursday, January 01, 2009 9:28:17 PM
Rank: Newbie

Iscritto dal : 12/9/2008
Posts: 0
avast e zone alarm ancora non partono
Torna in alto
 
shapiro
Inviato: Thursday, January 01, 2009 9:33:25 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
hai provato a far partire avenger?
Torna in alto
 
sibo78
Inviato: Thursday, January 01, 2009 9:36:54 PM
Rank: Newbie

Iscritto dal : 12/9/2008
Posts: 0
quello che prima non partiva, tuttora non parte. Quello che ho scaricato dal tuo ultimo link funziona.
Torna in alto
 
shapiro
Inviato: Thursday, January 01, 2009 9:42:52 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
se avenger che ti ho inviato parte fai copia\incolla nella finestra: "Input script here" il testo in rosso così come lo vedi scritto:


Files to delete:
%SystemDrive%\WINDOWS\system32\drivers\hidr.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys
%SystemDrive%\WINDOWS\system32\wintems.exe
%SystemDrive%\WINDOWS\system32\hldrrr.exe
%SystemDrive%\WINDOWS\system32\trusted.exe
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%UserProfile%\Dati applicazioni\hidires\hidr.exe
%UserProfile%\Dati applicazioni\hidires\rosa.sys
%UserProfile%\Dati applicazioni\m\list.oct
%UserProfile%\Dati applicazioni\m\data.oct
%UserProfile%\Dati applicazioni\m\flec006.exe
%UserProfile%\Dati applicazioni\m\svrlist.oct
%SystemDrive%\system32\re_file.exe
%SystemDrive%\elist.xpt
%UserProfile%\Dati applicazioni\hidires\m_hook.sys
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.ex_
%SystemDrive%\WINDOWS\system32\mdelk.exe
%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%SystemDrive%\WINDOWS\system32\edlm.exe
%SystemDrive%\WINDOWS\system32\edlm2.exe
%SystemDrive%\Windows\system32\ldR64.dll
%SystemDrive%\WINDOWS\system32\german.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys.XXX
%SystemDrive%\WINDOWS\system32\mdelk.exe.XXX
%SystemDrive%\WINDOWS\system32\wintems.exe.XXX
%SystemDrive%\WINDOWS\system32\1.exe

Folders to delete:
%SystemDrive%\WINDOWS\exefqd
%SystemDrive%\WINDOWS\exefnd
%SystemDrive%\WINDOWS\exefld
%UserProfile%\Dati applicazioni\hidires
%UserProfile%\Dati applicazioni\hidn
%UserProfile%\Dati applicazioni\m\shared
%UserProfile%\Dati applicazioni\m
%SystemDrive%\WINDOWS\System32\drivers\down
%SystemDrive%\WINDOWS\system32\drivers\downld

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
HKLM\SYSTEM\CurrentControlSet\Services\rosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | drvsyskit
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | german.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | drv_st_key

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Drivers to disable:
%SystemDrive%\WINDOWS\system32\drivers\hidr.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe
%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe


Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato lo trovi in c:\avenger.
Torna in alto
 
sibo78
Inviato: Thursday, January 01, 2009 9:50:10 PM
Rank: Newbie

Iscritto dal : 12/9/2008
Posts: 0
eccolo:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\drivers\hidr.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hidr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\srosa.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\srosa.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\wintems.exe" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\hldrrr.exe" not found!
Deletion of file "C:\WINDOWS\system32\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\trusted.exe" not found!
Deletion of file "C:\WINDOWS\system32\trusted.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\pci32.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\pci32.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\Documents and Settings\Sibo\Dati applicazioni\hidires\hidr.exe"
Deletion of file "C:\Documents and Settings\Sibo\Dati applicazioni\hidires\hidr.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\Sibo\Dati applicazioni\hidires\rosa.sys"
Deletion of file "C:\Documents and Settings\Sibo\Dati applicazioni\hidires\rosa.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\Sibo\Dati applicazioni\m\list.oct"
Deletion of file "C:\Documents and Settings\Sibo\Dati applicazioni\m\list.oct" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\Sibo\Dati applicazioni\m\data.oct"
Deletion of file "C:\Documents and Settings\Sibo\Dati applicazioni\m\data.oct" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\Sibo\Dati applicazioni\m\flec006.exe"
Deletion of file "C:\Documents and Settings\Sibo\Dati applicazioni\m\flec006.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\Sibo\Dati applicazioni\m\svrlist.oct"
Deletion of file "C:\Documents and Settings\Sibo\Dati applicazioni\m\svrlist.oct" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\system32\re_file.exe"
Deletion of file "C:\system32\re_file.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\elist.xpt" not found!
Deletion of file "C:\elist.xpt" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\Documents and Settings\Sibo\Dati applicazioni\hidires\m_hook.sys"
Deletion of file "C:\Documents and Settings\Sibo\Dati applicazioni\hidires\m_hook.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\WINDOWS\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\hldrrr.ex_" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hldrrr.ex_" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\pci32.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\pci32.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\edlm.exe" not found!
Deletion of file "C:\WINDOWS\system32\edlm.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\edlm2.exe" not found!
Deletion of file "C:\WINDOWS\system32\edlm2.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Windows\system32\ldR64.dll" not found!
Deletion of file "C:\Windows\system32\ldR64.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\german.exe" not found!
Deletion of file "C:\WINDOWS\system32\german.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\srosa.sys.XXX" not found!
Deletion of file "C:\WINDOWS\system32\drivers\srosa.sys.XXX" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe.XXX" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe.XXX" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\wintems.exe.XXX" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe.XXX" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\exefqd" not found!
Deletion of folder "C:\WINDOWS\exefqd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\exefnd" not found!
Deletion of folder "C:\WINDOWS\exefnd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\exefld" not found!
Deletion of folder "C:\WINDOWS\exefld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\Documents and Settings\Sibo\Dati applicazioni\hidires" not found!
Deletion of folder "C:\Documents and Settings\Sibo\Dati applicazioni\hidires" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\Documents and Settings\Sibo\Dati applicazioni\hidn" not found!
Deletion of folder "C:\Documents and Settings\Sibo\Dati applicazioni\hidn" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open folder "C:\Documents and Settings\Sibo\Dati applicazioni\m\shared"
Deletion of folder "C:\Documents and Settings\Sibo\Dati applicazioni\m\shared" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: folder "C:\Documents and Settings\Sibo\Dati applicazioni\m" not found!
Deletion of folder "C:\Documents and Settings\Sibo\Dati applicazioni\m" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\System32\drivers\down" not found!
Deletion of folder "C:\WINDOWS\System32\drivers\down" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\system32\drivers\downld" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\downld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\pci32" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\pci32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\rosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\rosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\m_hook" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\m_hook" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\hidr.exe"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\hidr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\srosa.sys"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\srosa.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\pci32.sys"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\pci32.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64" not found!
Deletion of registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drvsyskit"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drvsyskit" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|german.exe"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|german.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drv_st_key"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drv_st_key" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.
Torna in alto
 
shapiro
Inviato: Thursday, January 01, 2009 10:01:10 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
non ne ha trovato nessuno - buon segno

per favore rimani online che cerchiamo di risolvere
Torna in alto
 
sibo78
Inviato: Thursday, January 01, 2009 10:04:49 PM
Rank: Newbie

Iscritto dal : 12/9/2008
Posts: 0
ok resto in attesa, è da un po che non riesco ad accedere ad internet con il pc infetto, la rete è collegata e funzionante.
Torna in alto
 
shapiro
Inviato: Thursday, January 01, 2009 10:05:29 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
dimmi

il tuo antivirus ora funziona?

riesci ad entrare in provvisoria?

dimmi quali sono i problemi che ora riscontri rispetto a prima
Torna in alto
 
sibo78
Inviato: Thursday, January 01, 2009 10:12:52 PM
Rank: Newbie

Iscritto dal : 12/9/2008
Posts: 0
avast e zone alarm ancora non funzionano, lanciandoli escono sempre gli stessi errori (non è un'applicazione Win32 valida).

la modalità provvisoria funziona.

Appena acceso il pc internet funziona sia con explorer che con firefox, dopo qualche minuto non funziona più con entrambi.

Al momento i problemi che riscontro sono solo questi.
Torna in alto
 
shapiro
Inviato: Thursday, January 01, 2009 10:20:43 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ora esegui attentamente queste due operazioni

scarica http://oldtimer.geekstogo.com/OTMoveIt3.exe

Incolla nella schermata Paste Instruction for Items to be moved lo script che ti ho evidenziato in rosso - controlla che sia abilitata la casella Unregister Dll's and Ocx's e premi il pulsante MoveIt!.



1. : Files
2. %windir%\system32\drivers\winfilse.exe
3. %windir%\system32\drivers\hidr.exe
4. %windir%\system32\drivers\srosa.sys
5. %windir%\system32\drivers\srosa2.sys
6. %windir%\system32\drivers\pci32.sys
7. %windir%\System32\drivers\down
8. %windir%\system32\drivers\downld
9. %windir%\system32\drivers\hldrrr.exe
10. %windir%\system32\drivers\mdelk.exe
11. %windir%\system32\wintems.exe
12. %windir%\system32\hldrrr.exe
13. %windir%\system32\trusted.exe
14. %windir%\system32\winfilse.exe
15. %windir%\system32\mdelk.exe
16. %windir%\system32\german.exe
17. %userprofile%\Dati applicazioni\m


Dopo alcuni secondi compare una richiesta di riavviare il computer per rimuovere i file in uso.


Dopo il riavvio compare a video un report in un file di testo che visualizza le operazioni andate a buon fine o meno.





scarica Malwarebytes http://www.malwarebytes.org/mbam/program/mbam-setup.exe
1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
Torna in alto
 
sibo78
Inviato: Thursday, January 01, 2009 10:39:00 PM
Rank: Newbie

Iscritto dal : 12/9/2008
Posts: 0
ho lanciato OTMove ed ho fatto le operazioni descritte ma nella finestra results, per ognuno dei 17 files della lista è apparso il seguenta messaggio ed il pc non si è riavviato:

Error: Unable to interpret <1. : Files > in the current context!
Error: Unable to interpret <2. %windir%\system32\drivers\winfilse.exe > in the current context!
Error: Unable to interpret <3. %windir%\system32\drivers\hidr.exe > in the current context!
Error: Unable to interpret <4. %windir%\system32\drivers\srosa.sys > in the current context!
Error: Unable to interpret <5. %windir%\system32\drivers\srosa2.sys > in the current context!
Error: Unable to interpret <6. %windir%\system32\drivers\pci32.sys > in the current context!
Error: Unable to interpret <7. %windir%\System32\drivers\down > in the current context!
Error: Unable to interpret <8. %windir%\system32\drivers\downld > in the current context!
Error: Unable to interpret <9. %windir%\system32\drivers\hldrrr.exe > in the current context!
Error: Unable to interpret <10. %windir%\system32\drivers\mdelk.exe > in the current context!
Error: Unable to interpret <11. %windir%\system32\wintems.exe > in the current context!
Error: Unable to interpret <12. %windir%\system32\hldrrr.exe > in the current context!
Error: Unable to interpret <13. %windir%\system32\trusted.exe > in the current context!
Error: Unable to interpret <14. %windir%\system32\winfilse.exe > in the current context!
Error: Unable to interpret <15. %windir%\system32\mdelk.exe > in the current context!
Error: Unable to interpret <16. %windir%\system32\german.exe > in the current context!
Error: Unable to interpret <17. %userprofile%\Dati applicazioni\m> in the current context!

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01012009_223117
Torna in alto
 
shapiro
Inviato: Thursday, January 01, 2009 10:43:15 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
non ti ha chiesto se volevi riavviare il pc?
Torna in alto
 
sibo78
Inviato: Thursday, January 01, 2009 10:44:20 PM
Rank: Newbie

Iscritto dal : 12/9/2008
Posts: 0
no, non ha chiesto nulla
Torna in alto
 
shapiro
Inviato: Thursday, January 01, 2009 10:46:40 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
probabilmente non li ha trovati perche' non ci sono- meglio cosi'

fai la scansione con malwarebytes e se riesci ad accedere a internet fammelo sapere
Torna in alto
 
sibo78
Inviato: Thursday, January 01, 2009 10:54:09 PM
Rank: Newbie

Iscritto dal : 12/9/2008
Posts: 0
ecco il log della scansione, sembra non abbia trovato nulla, ma l'antivirus non parte ancora, mentra internet sembra funzioni ora.

Malwarebytes' Anti-Malware 1.31
Versione del database: 1590
Windows 5.1.2600 Service Pack 3

01/01/2009 22.51.47
mbam-log-2009-01-01 (22-51-47).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 48737
Tempo trascorso: 3 minute(s), 20 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
shapiro
Inviato: Thursday, January 01, 2009 10:59:10 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
Tipo di scansione: Scansione rapida
Elementi scansionati: 48737
Tempo trascorso: 3 minute(s), 20 second(s)



se non fai la scansione completa come ti ho consigliato, penso proprio che dovrai aprire un albergo tra un po'
Torna in alto
 
sibo78
Inviato: Thursday, January 01, 2009 11:31:06 PM
Rank: Newbie

Iscritto dal : 12/9/2008
Posts: 0
ecco il log:

Malwarebytes' Anti-Malware 1.31
Versione del database: 1590
Windows 5.1.2600 Service Pack 3

01/01/2009 23.28.08
mbam-log-2009-01-01 (23-28-08).txt

Tipo di scansione: Scansione completa (C:\|D:\|F:\|G:\|)
Elementi scansionati: 73076
Tempo trascorso: 24 minute(s), 35 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)




internet funzione per una decona di minuti dopo il riavvio del pc poi non funziona più
Torna in alto
 
shapiro
Inviato: Friday, January 02, 2009 11:09:10 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
se internet regge solo pochi minuti,potresti tentare una scansione con kaspersky

altrimenti dovrai usare questo programma, ma con molta attenzione

quando ti rileva le minacce, annotale su un foglio e poi me le posti- praticamente se ti chiede di metterle in quarantena puoi anche farlo, ma non cancellarle


ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe

appena lo lanci fara' una scansione breve - appena finita, scegli quella completa

la scansione devi farla in modalita' provvisoria
Torna in alto
 
sibo78
Inviato: Friday, January 02, 2009 4:22:23 PM
Rank: Newbie

Iscritto dal : 12/9/2008
Posts: 0
sono riuscito a fare una scansione delle aree critiche con kaspersky ha trovato solo questo:

c:\programmi\FindyKill\Tools\Kill.exe

ora faccio una scansione dell'intero computer
Torna in alto
 
shapiro
Inviato: Friday, January 02, 2009 4:39:26 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
e siamo a -1 ma dovrebbe essere il programma findkill che ti ho fatto usare....continua con la scansione
Torna in alto
 
Utenti presenti in questo topic
Guest

5 pages: 1 [2] 3 4 5

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » problemi pc


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.