Condividi:        

--- URGENTE: qualcosa mi ha disinstallato firewall e antivir

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Postdi (b)ananartista » 05/01/07 15:44

ecco:...


avenger log:


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: Registry kes to delete:


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 1813
Line: HKLM\SYSTEM\CurrentControlSet\Services\Events


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wqyvdqam

*******************

Script file located at: \??\C:\Program Files\wxnacyuy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Folder C:\Documents and Settings\bananartista\Dati applicazioni\hidires not found!
Deletion of folder C:\Documents and Settings\bananartista\Dati applicazioni\hidires failed!

Could not process line:
C:\Documents and Settings\bananartista\Dati applicazioni\hidires
Status: 0xc0000034



File C:\WINNT\system32\hldrrr.exe not found!
Deletion of file C:\WINNT\system32\hldrrr.exe failed!

Could not process line:
C:\WINNT\system32\hldrrr.exe
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.



hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 15.48.30, on 05/01/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\WINNT\system32\notepad.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E737B55-ADF2-4BB6-A72E-21656714761E}: NameServer = 85.37.17.15 85.38.28.74
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Bluetooth System Drivers (Btsdriv) - Unknown owner - C:\WINNT\system32\btsdriv.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing)



siamo a buon punto?
http://www.bananartista.com
http://www.myspace.com/bananartista
------------------(b)--------------------
(b)ananartista
Utente Junior
 
Post: 49
Iscritto il: 29/08/06 15:07
Località: lolomo

Sponsor
 

Postdi Luke57 » 05/01/07 15:51

Ciao, non ha funzionato: ripeti l'esecuzione di Avenger con lo stesso script:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Registry kes to delete:
HKLM\SYSTEM\CurrentControlSet\Services\Events


Folders to delete:
C:\Documents and Settings\bananartista\Dati applicazioni\hidires

Files to delete:
C:\WINNT\system32\hldrrr.exe


Inoltre, riavvia Gmer, entra in Avanzate, seleziona il tab. Rootkit, spunta anche la casella ADS, premi Scan, al termine clicca Copy e incolla il log in un post. Adesso devo andare, ciao.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi (b)ananartista » 09/01/07 00:25

ecco il reporto di GMER:


GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-09 00:27:32
Windows 5.0.2195 Service Pack 4


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwConnectPort
SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwCreatePort
SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwCreateThread
SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

.text NTDLL.DLL!NtClose 784681F8 5 Bytes JMP 72033FAA
.text NTDLL.DLL!NtCreateProcess 78468308 5 Bytes JMP 72034135
.text NTDLL.DLL!NtCreateSection 78468328 5 Bytes JMP 72033FC8

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\bananartista\Documenti\Immagini\CIMG3192.JPG:#Q30lsldxJoudresxAaaqpcawXc
ADS C:\Documents and Settings\bananartista\Documenti\Immagini\CIMG3192.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\bananartista\Documenti\Immagini\CIMG3193.JPG:#Q30lsldxJoudresxAaaqpcawXc
ADS C:\Documents and Settings\bananartista\Documenti\Immagini\CIMG3193.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\bananartista\Documenti\Immagini\CIMG3194.JPG:#Q30lsldxJoudresxAaaqpcawXc
ADS C:\Documents and Settings\bananartista\Documenti\Immagini\CIMG3194.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\bananartista\Documenti\Immagini\CIMG3195.JPG:#Q30lsldxJoudresxAaaqpcawXc
ADS C:\Documents and Settings\bananartista\Documenti\Immagini\CIMG3195.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\bananartista\Documenti\Immagini\CIMG3196.JPG:#Q30lsldxJoudresxAaaqpcawXc
ADS C:\Documents and Settings\bananartista\Documenti\Immagini\CIMG3196.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\bananartista\Documenti\Immagini\CIMG3197.JPG:#Q30lsldxJoudresxAaaqpcawXc
ADS ...
ADS D:\(b)ellinda\bellinda-exposition-sbuffy-doudou.jpg:#Q30lsldxJoudresxAaaqpcawXc
ADS D:\(b)ellinda\bellinda-exposition-sbuffy-doudou.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS D:\(b)ellinda\bellinda-exposition.jpg:#Q30lsldxJoudresxAaaqpcawXc
ADS D:\(b)ellinda\bellinda-exposition.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS D:\(b)ellinda\bellinda-ritratto-(b).jpg:#Q30lsldxJoudresxAaaqpcawXc
ADS D:\(b)ellinda\bellinda-ritratto-(b).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS D:\(b)ellinda\bellinda-sbuff.gif:#Q30lsldxJoudresxAaaqpcawXc
ADS D:\(b)ellinda\bellinda-sbuff.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS D:\(b)ellinda\bellinda_(b)ananartista.jpg:#Q30lsldxJoudresxAaaqpcawXc
ADS D:\(b)ellinda\bellinda_(b)ananartista.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS D:\(b)ellinda\bellinda_(b)ove.jpg:#Q30lsldxJoudresxAaaqpcawXc
ADS ...
ADS E:\(b)ananatom\(b)ananatom.jpg:#Q30lsldxJoudresxAaaqpcawXc
ADS E:\(b)ananatom\(b)ananatom.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS E:\(b)ananatom\(b)ananatom1.jpg:#Q30lsldxJoudresxAaaqpcawXc
ADS E:\(b)ananatom\(b)ananatom1.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS E:\(b)ananatom\(b)ananatom2.jpg:#Q30lsldxJoudresxAaaqpcawXc
ADS E:\(b)ananatom\(b)ananatom2.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS E:\(b)ananatom\(b)ananatom3.jpg:#Q30lsldxJoudresxAaaqpcawXc
ADS E:\(b)ananatom\(b)ananatom3.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS E:\(b)ananatom\bananatom.jpg:#Q30lsldxJoudresxAaaqpcawXc
ADS E:\(b)ananatom\bananatom.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS E:\(b)ananatom\bananatom.psd:#Q30lsldxJoudresxAaaqpcawXc
ADS ...
ADS G:\bananartista.com\(b)ananartista-02-little.jpg:#Q30lsldxJoudresxAaaqpcawXc
ADS G:\bananartista.com\(b)ananartista-02-little.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS G:\bananartista.com\(b)ananartista-allah.jpg:#Q30lsldxJoudresxAaaqpcawXc
ADS G:\bananartista.com\(b)ananartista-allah.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS G:\bananartista.com\(b)ananartista-capolavoro55.jpg:#Q30lsldxJoudresxAaaqpcawXc
ADS G:\bananartista.com\(b)ananartista-capolavoro55.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS G:\bananartista.com\(b)ananartista-capolavoro68.jpg:#Q30lsldxJoudresxAaaqpcawXc
ADS G:\bananartista.com\(b)ananartista-capolavoro68.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS G:\bananartista.com\(b)ananartista-dibano.jpg:#Q30lsldxJoudresxAaaqpcawXc
ADS G:\bananartista.com\(b)ananartista-dibano.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS G:\bananartista.com\(b)ananartista-gesuconbambi.jpg:#Q30lsldxJoudresxAaaqpcawXc
ADS ...
ADS I:\bananartista.gif:#Q30lsldxJoudresxAaaqpcawXc
ADS I:\bananartista.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS I:\banners\(b)ananartista\(b).gif:#Q30lsldxJoudresxAaaqpcawXc
ADS I:\banners\(b)ananartista\(b).gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS I:\banners\(b)ananartista\(b)ananartista-(b)-2006\(b)1.gif:#Q30lsldxJoudresxAaaqpcawXc
ADS I:\banners\(b)ananartista\(b)ananartista-(b)-2006\(b)1.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS I:\banners\(b)ananartista\(b)ananartista-(b)-2006\(b)2.gif:#Q30lsldxJoudresxAaaqpcawXc
ADS I:\banners\(b)ananartista\(b)ananartista-(b)-2006\(b)2.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS I:\banners\(b)ananartista\(b)ananartista-(b)-2006\(b)3.gif:#Q30lsldxJoudresxAaaqpcawXc
ADS I:\banners\(b)ananartista\(b)ananartista-(b)-2006\(b)3.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS I:\banners\(b)ananartista\(b)ananartista-(b)-2006\(b)4.gif:#Q30lsldxJoudresxAaaqpcawXc
ADS ...
File I:\Programmi\Carpe Diem\filecamconfiguration..\filecamconfiguration....ico

---- EOF - GMER 1.0.12 ----



a che punto siamo ora?
http://www.bananartista.com
http://www.myspace.com/bananartista
------------------(b)--------------------
(b)ananartista
Utente Junior
 
Post: 49
Iscritto il: 29/08/06 15:07
Località: lolomo

Postdi Luke57 » 09/01/07 08:27

Ciao, il rootkit è scomparso.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi (b)ananartista » 09/01/07 11:31

sì perfetto infatti adesso sono riuscito ad installare avg.


ora per difendermi da futuri attacchi come devo agire?


sto usando AVG appunto come antivirus
e jetico come firewall.


possono bastare o mi consigli qualcosaltro?


supergrazie a te.


(b)ananartista
http://www.bananartista.com
http://www.myspace.com/bananartista
------------------(b)--------------------
(b)ananartista
Utente Junior
 
Post: 49
Iscritto il: 29/08/06 15:07
Località: lolomo

Postdi Luke57 » 09/01/07 13:07

Ciao, fra gli antivirus free il migliore è considerato Antivir che regge il confronto anche con quelli professionali. Di firewall non me ne intendo tanto, jetico mi sembra che vada bene.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi (b)ananartista » 11/01/07 17:14

oh luke
tutto sembra funzionare
come posso ringraziare?


:)


(b)ananartista pittore captatore
http://www.bananartista.com
http://www.myspace.com/bananartista
------------------(b)--------------------
(b)ananartista
Utente Junior
 
Post: 49
Iscritto il: 29/08/06 15:07
Località: lolomo

AVS

Postdi SILVELLO10 » 15/01/07 09:34

Come antivirus completo free AVS (ACTIVE VIRUS SHIELD) il fratello del famoso KASPERSKY ottimo come antivirus consiglierei .scusate se mi sono intromesso .
SILVELLO10
Utente Senior
 
Post: 106
Iscritto il: 06/12/05 11:58

Richiesta

Postdi Opensource » 15/01/07 21:02

Ciao Luke

vorrei chiederti a cosa serve principalmente avenger,
su come si usa (bisogna saper scrivere dei script?),e
dove potrei impararlo ad usarlo(o almeno come hai fatto Tu?)

conosci qualche guida?

ti ringrazio già da ora
Avatar utente
Opensource
Utente Senior
 
Post: 684
Iscritto il: 02/11/06 20:45

Postdi BilloKenobi » 15/01/07 23:52

in merito al bagle, il virus che ti impediva di installare gli antivirus, ecco un bell'articolo

ps. dato che megalab.it è tra i siti da cui pc-facile prende le news, riportare questa non sarebbe affatto male :D

http://www.megalab.it/articoli.php?id=948
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "--- URGENTE: qualcosa mi ha disinstallato firewall e antivir":


Chi c’è in linea

Visitano il forum: Nessuno e 41 ospiti

cron