Il compiuter ha dei virus non riesco ad intallare un antivirus da cd, oppure scaricare da microsoft removal tool
L'unica cosa che ancora funziona è la posta

Ciao :-)

Dovresti inserire un log di Hijack This.

Al link trovi istruzioni su come tentare una prima pulizia (per le parti che riesci a fare) e, successivamente, su come inserire un log qui in modo che ti possa venire analizzato:

http://www.aiutamici.com/software?ID=11175

:-)

ciao

antonpaco ha avuto fiuto, dovrebbe essere bagle

prova se riesci a scaricare questo programma

http://dc108.4shared.com/download/75022994/b07bff/FindyKill.exe?tsid=20090209-102651-de3379fb

Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 2 e premi Invio. Attendi il termine della scansione e posta qui il log che trovi in C:\FindyKill.txt

Grazie per l'interessamento
Ho eseguito la pulizia del disco C con CLAMWIN, il programma ha messo in directory infetti 19 files.
Ho cercato di eseguire il programma SPYBOT-S & D ma cliccando intalla da error seding request a conneting with the server could not be estabilined. Anche con HIJACK THIS ha dato errore sul collegamento al sito: cannot find http (DNS ERROR - server cannot be found) stesso errore che da quando cerco di connettermi a microsoft removal tool oppure nod32.it.
Ora che cosa faccio !

Mando il log di CLAMWIN.
Nel compiuter parte in automatico un "antivirus" SYSTEM DEFENDER anche se più volte cancellato sia sul destop che nella lista programmi.
Ho eseguito MICROSOFT_REMOVAL_TOOL.EXE da dischetto e dopo aver trovato 48 file infetti si è bloccato su un file di sistema (windows/system32/drivers/tcpip.sys con un error MRT.exe.
allego log:
Scan Started Sat Nov 28 15:44:20 2009

---

C:\Documents and Settings\All Users\.clamwin\quarantine\codec.exe.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\CommonUI.dll.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\ctfmon.exe.tmp.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\FWk2Oi3c.exe.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\mc001.exe.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\mc2293.exe.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\nod32fix.reg.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\nod32fix.reg.infected.000.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\nsinet.exe.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\nsoffersfortoday.dll.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\Official-eMule_setup.exe.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\protect.sys.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\qttask.exe.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\SimCity.zip.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\studio.dll.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\TOTALCMD.EXE.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\Uninstall.exe.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\vjhaiyjvwgcptzb.dll.infected not moved/copied since already in quarantine

C:\Documents and Settings\All Users\.clamwin\quarantine\VRT98.tmp.infected not moved/copied since already in quarantine

C:\pagefile.sys: Permission denied

C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx: Permission denied

C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx: Permission denied

C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS: Permission denied

C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000019.FCS: Permission denied

C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx: Permission denied

C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx: Permission denied

C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx: Permission denied

C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx: Permission denied

C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx: Permission denied

C:\Programmi\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx: Permission denied

C:\WINDOWS\system32\config\default: Permission denied

C:\WINDOWS\system32\config\SAM: Permission denied

C:\WINDOWS\system32\config\SECURITY: Permission denied

C:\WINDOWS\system32\config\software: Permission denied

C:\WINDOWS\system32\config\system: Permission denied



C:\Documents and Settings\All Users\.clamwin\quarantine\codec.exe.infected: Trojan.Downloader-69822 FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\CommonUI.dll.infected: Trojan.Swizzor.Gen FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\ctfmon.exe.tmp.infected: Trojan.Downloader-23242 FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\FWk2Oi3c.exe.infected: Trojan.Downloader-60677 FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\mc001.exe.infected: Trojan.Dropper.FCD FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\mc2293.exe.infected: Trojan.Dropper.FCD FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\nod32fix.reg.infected: VBS.Hacksoft.NODfix FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\nod32fix.reg.infected.000.infected: VBS.Hacksoft.NODfix FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\nsinet.exe.infected: Dialer-2389 FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\nsoffersfortoday.dll.infected: Trojan.Zlob-11351 FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\Official-eMule_setup.exe.infected: Trojan.Downloader-72726 FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\protect.sys.infected: Trojan.Agent-7550 FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\qttask.exe.infected: Trojan.Downloader-23242 FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\SimCity.zip.infected: Joke.Scr FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\studio.dll.infected: Trojan.Downloader-27284 FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\TOTALCMD.EXE.infected: W32.Virut-71 FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\Uninstall.exe.infected: Trojan.Downloader-72726 FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\vjhaiyjvwgcptzb.dll.infected: Adware.AdRotator-10 FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\VRT98.tmp.infected: Trojan.Bredolab-99 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 646731

Engine version: 0.95.3

Scanned directories: 16787

Scanned files: 118048

Infected files: 19



Not copied: 19

Data scanned: 29517.60 MB

Data read: 42281.02 MB (ratio 0.70:1)

Time: 17140.594 sec (285 m 40 s)

---

Completed

---

Ho eseguito una scasione rapida con Malwarebytes - -'aggirnamento ha dato error code: 732(0,0)
Una parte del log è allegata:
Malwarebytes' Anti-Malware 1.41
Versione del database: 2775
Windows 5.1.2600 Service Pack 2

29/11/2009 23.37.54
mbam-log-2009-11-29 (23-34-26).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 145327
Tempo trascorso: 39 minute(s), 59 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 787
Valori di registro infetti: 35
Elementi dato del registro infetti: 27
Cartelle infette: 6333
File infetti: 6536

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iewarning32.warningbho (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iewarning32.warningbho.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wininetapp.wininet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wininetapp.wininet.1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
...
...
la fine log
C:\WINDOWS\system32\meawk_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smaogcs_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cont_offersfortoday-remove.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\22b5fs6E.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FWk2Oi3c.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\accessv.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\net.net (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Benedetto\Impostazioni locali\Temp\prun.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\dialerexe.ini (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\services.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msb.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\vjhaiyjvwgcptzb.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Ciao.
Ho scaricato Combofix messo in desktop, chiuso tutto, ma non parte mi da il seguente messaggio:
- allert it is not save to continue
- the contents of the combo fix package has been compromise.
Non so cosa ha eseguito ma penso niente.

System Defender è un rogue (un fetecchione, insomma, antivirus-fuffa!)...
Per tentar di rimuoverlo, ecco le ISTRUZIONI.

Il messaggio relativo a ComboFix t'informa semplicemente che il file che hai scaricato è difettoso. Soluzione: ri-scarica il tutto daccapo.