www.MegaLab.it

da **klaus124** » dom gen 20, 2008 3:32 pm

ho scaricato un file da emule e mi ha fatto sparire il firewall e l'antivirus come posso risolvere? grazie vi posto il Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.28.34, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\StarModem\StarModem USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -s
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programmi\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8500730906
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 3804 bytes

da **crazy.cat** » dom gen 20, 2008 3:41 pm

http://www.MegaLab.it/forum/viewtopic.php?t=34966

da **klaus124** » dom gen 20, 2008 3:54 pm

scusa ma sono ignorante potresti spiegarmi meglio quale è lo script che devo incollare? grazie

da **crazy.cat** » dom gen 20, 2008 4:51 pm

Fai la scansione online sul sito della kaspersky serve il risultato finale.
Ci sono altre cento discussioni almeno sullo stesso virus intorno alla tua.

da **klaus124** » dom gen 20, 2008 6:15 pm

la sto facendo comunque se mi rivolgo a voi è perché non sono pratico e mi fido di quello che voi mi dite ma il mio modo di scrivere ed esprimermi non è mai scortese se poi non ti va di rispondere non farlo troverò altre soluzioni comunque sempre grazie

da **crazy.cat** » dom gen 20, 2008 6:21 pm

In quella discussione che ti ho segnalato ci sono tutte le spiegazioni necessarie.
E' tutto il giorno che rispondo a domande come la tua, non è che posso fare un poema ogni volta per rispiegare sempre le stesse cose.

da **klaus124** » dom gen 20, 2008 7:13 pm

non farlo è semplice..... li ci sono 2 script e volevo solo sapere quale dei 2 devo incollare visto che la scansione con kav non me la fa completare grazie

da **ste_95** » dom gen 20, 2008 8:01 pm

E' necessaria la scansione con kaspersky, lo script varia da infezione a infezione.

da **klaus124** » lun gen 21, 2008 6:50 pm

sono riuscito a fare la scansione con kav in due volte questo è il primo log<a target="_blank" href="http://w14.easy-share.com/15585671.html">download</a> e questo è l'altro <a target="_blank" href="http://w15.easy-share.com/15585781.html">download</a> dopo il primo ho cancellato una cartella "mbsa " e quando è ripartita la seconda scansione i file infetti non sono stati più segnalati la suddetta sta ancora nel cestino posso cancellarla?

da **ste_95** » lun gen 21, 2008 7:13 pm

Perché hai interrotto la scansione? [...]

da **klaus124** » lun gen 21, 2008 7:31 pm

si era impiantato il programma non andava avanti e così ho rifatto la scansione ho sbagliato?

da **klaus124** » lun gen 21, 2008 7:35 pm

ci riprovo [url="http://www.freefilehosting.net/files/3aki9"]report 1.html[/url] e il secondo [url="http://www.freefilehosting.net/files/3akia"]report21.html[/url]

da **ste_95** » lun gen 21, 2008 7:52 pm

In fondo la scansione cita:

Kaspersky ha scritto:Scan was interrupted by user!

da **klaus124** » mar gen 22, 2008 9:57 am

infatti ti ho scritto che l'ho interrotta io perché si era bloccato kav...... che devo fare vedi tutto normale? e in merito a quella cartella mbsa posso cancellarla?

da **ste_95** » mar gen 22, 2008 2:29 pm

Se la scansione è stata interrotta devi rieseguirla.

da **klaus124** » mer gen 23, 2008 10:33 am

ti riposto il post

da **klaus124** » mer gen 23, 2008 10:34 am

ma come si postano i log???

da **ste_95** » mer gen 23, 2008 2:16 pm

Con un semplice copia-incolla. [rolleyes]

da **klaus124** » gio gen 24, 2008 10:59 am

eccolo Monday, January 21, 2008 5:42:11 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/01/2008
Kaspersky Anti-Virus database records: 525479
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics
Total number of scanned objects 36378
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 03:30:37

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{940AEA58-C501-4F9B-9DD7-EE699B9BA8CA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

da **ste_95** » gio gen 24, 2008 11:02 am

Bagle non c'è più. Reinstalla un antivirus.

www.MegaLab.it

hldrrr.exe

hldrrr.exe

Chi c’è in linea