ciao a tutti! sono il niubbo di turno che cerca di dare una mano ad una amico ancora più niubbo di me.
Dunque, come da oggetto non riesco ad installargli un antivirus (il vecchio norton era scaduto da molto tempo) ho fatto la scansione on line con "Panda" e mi ha rilevato 47 virus di cui parecchi non rimossi come da elenco:
Spyware:Cookie/YieldManager Non Disinfettato C:\DocumentsandSettings\davide\Cookies\davide@ad.yieldmanager[2].txt
Spyware:Cookie/Advertising Non Disinfettato C:\DocumentsandSettings\davide\Cookies\davide@advertising[2].txt
Spyware:Cookie/Falkag Non Disinfettato C:\DocumentsandSettings\davide\Cookies\davide@as1.falkag[1].txt
Spyware:Cookie/Atlas DMT Non Disinfettato C:\DocumentsandSettings\davide\Cookies\davide@atdmt[2].txt
Spyware:Cookie/Casalemedia Non Disinfettato C:\DocumentsandSettings\davide\Cookies\davide@casalemedia[2].txt
Spyware:Cookie/Com.com Non Disinfettato C:\DocumentsandSettings\davide\Cookies\davide@com[1].txt
Spyware:Cookie/Doubleclick Non Disinfettato C:\DocumentsandSettings\davide\Cookies\davide@doubleclick[1].txt
Spyware:Cookie/DomainSponsor Non Disinfettato C:\DocumentsandSettings\davide\Cookies\davide@landing.domainsponsor[1].txt
Spyware:Cookie/Mediaplex Non Disinfettato C:\DocumentsandSettings\davide\Cookies\davide@mediaplex[1].txt
Spyware:Cookie/Outster Non Disinfettato C:\DocumentsandSettings\davide\Cookies\davide@outster[1].txt
Spyware:Cookie/QuestionMarket Non Disinfettato C:\DocumentsandSettings\davide\Cookies\davide@questionmarket[2].txt
Spyware:Cookie/Server.iad.Liveperson Non Disinfettato C:\DocumentsandSettings\davide\Cookies\davide@server.iad.liveperson[2].txt
Spyware:Cookie/Toplist Non Disinfettato C:\DocumentsandSettings\davide\Cookies\davide@toplist[1].txt
Hacktool:Rootkit/Mitglieder.OJ Non Disinfettato C:\DocumentsandSettings\davide\Dati applicazioni\hidires\hidr.exe
Hacktool:Rootkit/Mitglieder.OJ Non Disinfettato C:\DocumentsandSettings\davide\Dati applicazioni\hidires\rosa.sys
Hacktool:Rootkit/Mitglieder.OJ Non Disinfettato C:\WINDOWS\exefld\126081.exe
Hacktool:Rootkit/Mitglieder.OJ Non Disinfettato C:\WINDOWS\exefld\127663.exe
Hacktool:Rootkit/Mitglieder.OJ Non Disinfettato C:\WINDOWS\exefld\143766.exe
Hacktool:Rootkit/Mitglieder.OM Non Disinfettato C:\WINDOWS\exefld\217492.exe
Hacktool:Rootkit/Mitglieder.OM Non Disinfettato C:\WINDOWS\exefld\720165.exe
Hacktool:Rootkit/Mitglieder.OJ Non Disinfettato C:\WINDOWS\exefld\720726.exe
-----------------------------------------------------------------------------------------------------------------------------------------
ho cercato di fare un po di pulizia manuale ma non ho risolto un granchè come ad esempio una directory ( M ) che quando tento di cancellarla da questo errore anche se quello che conteneva l'ho regolarmente eliminato:
----------------------------------------------------------------------------------------------------------------------------------------------
ho fatto una scansione con hijack e gli ho fatto fixare un problema relativo ad un certo "BHO: senza file" o giù di lì...
-----------------------------------------------------------------------------------------------------------------------------------------------
quindi ho tentato di fare un altra scansione on line con F-secure, ma una volta installato l'activeX ed eseguito il primo step dava sempre questo errore: "impossibile scaricare i componenti necessari di Online Scanner! Riprovare."
-----------------------------------------------------------------------------------------------------------------------------------------------
provo con "Trend Micro" e addirittura a metà scansione fa crashare il pc (anzi il portatile) con schermata blu per due volte di seguito!
-----------------------------------------------------------------------------------------------------------------------------------------------
allora ho provato con "BitDefender" il quale pare abbia rimosso tutto (altri 10 virus più 161 file infetti) producendo il seguente log: (vedi htm allegato)
-----------------------------------------------------------------------------------------------------------------------------------------------
ma niente da fare! continuo a non riuscire ad installare nient'altro, come ad esempio nod32 che da questo errore: "(106) Si è verificato un errore durante l'estrazione di un file dall'archivio"
neanche a parlare di Avast, il quale da questo rapporto di errore:
21.08.2007 15:20:56 general: Started: 21.08.2007, 15:20:56
21.08.2007 15:20:56 general: Running setup_av_pro-3e9 (1001)
21.08.2007 15:20:56 system: Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [service Pack 2]
21.08.2007 15:20:56 system: Computer WinName: DADO
21.08.2007 15:20:56 system: Windows Net User: DADO\davide
21.08.2007 15:20:56 general: Cmdline: /uninstwiz
21.08.2007 15:20:56 general: Old version: 3e9 (1001)
21.08.2007 15:20:56 general: Install check: 'C:\Programmi\Alwil Software\Avast4\ashDisp.exe' does NOT exist
21.08.2007 15:20:56 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 0
21.08.2007 15:20:56 general: DldSrc set to inet
21.08.2007 15:20:56 system: Computer DnsName: DADO
21.08.2007 15:20:56 system: Computer Ip Addr: 192.168.0.5
21.08.2007 15:20:56 registry: Get registry: Software\Microsoft\Internet Explorer\Version=6.0.2900.2180
21.08.2007 15:20:56 general: Operation set to INST_OP_INSTALL
21.08.2007 15:20:56 general: GUID: 452d6e70-4201-4023-bdf0-b4b33bbee651
21.08.2007 15:20:56 general: Default server pseudo definition loaded as ''.
21.08.2007 15:20:56 general: SelectCurrent: selected server 'FailSafeServer' from 'main'
21.08.2007 15:20:56 package: GetPackages - set proxy for inet
21.08.2007 15:20:56 internet: SYNCER: Type: use IE settings
21.08.2007 15:20:56 internet: SYNCER: Auth: another authentication, use WinInet
21.08.2007 15:20:56 general: Entered SetupProcessPro: o( INST_OP_INSTALL )
21.08.2007 15:20:56 general: Entered SetupProcessWin32Avast: o( INST_OP_INSTALL )
21.08.2007 15:20:56 general: Entered SetupProcessWin32: o( INST_OP_INSTALL )
21.08.2007 15:20:56 general: Entered SetupProcess: o( INST_OP_INSTALL )
21.08.2007 15:21:05 internet: SYNCER: Type: use IE settings
21.08.2007 15:21:05 internet: SYNCER: Auth: another authentication, use WinInet
21.08.2007 15:21:07 general: progress thread start
21.08.2007 15:21:07 general: progress start - 1
21.08.2007 15:21:07 general: compatCopyFile( \servers.def.vpu, C:\DOCUME~1\davide\IMPOST~1\Temp\_av_proI.tm~a03924\onefile ) failed with error 0x00000002
21.08.2007 15:21:07 general: InvalidateCurrent: invalidated server 'FailSafeServer' from 'main'
21.08.2007 15:21:07 general: SelectCurrent: unable to find any suitable server in 'main'
21.08.2007 15:21:07 internet: while trying to get file 'servers.def.vpu', error 0x00000002 has occured, try 1
21.08.2007 15:21:07 internet: tried 1 servers to get file 'servers.def.vpu', but failed (0x00000002)
21.08.2007 15:21:07 file: GetNewerStampedFile:GetFileWithRetry failed: C:\DOCUME~1\davide\IMPOST~1\Temp\_av_proI.tm~a03924\onefile, servers.def.vpu, error: 0x00000002
21.08.2007 15:21:07 package: Download servers.def, servers.def.vpu failed with error 0x20000011.
21.08.2007 15:21:08 general: compatCopyFile( \servers.def, C:\DOCUME~1\davide\IMPOST~1\Temp\_av_proI.tm~a03924\onefile ) failed with error 0x00000002
21.08.2007 15:21:08 general: InvalidateCurrent: invalidated server 'FailSafeServer' from 'main'
21.08.2007 15:21:08 general: SelectCurrent: unable to find any suitable server in 'main'
21.08.2007 15:21:08 internet: while trying to get file 'servers.def', error 0x00000002 has occured, try 1
21.08.2007 15:21:08 internet: tried 1 servers to get file 'servers.def', but failed (0x00000002)
21.08.2007 15:21:08 file: GetNewerStampedFile:GetFileWithRetry failed: C:\DOCUME~1\davide\IMPOST~1\Temp\_av_proI.tm~a03924\onefile, servers.def, error: 0x00000002
21.08.2007 15:21:08 package: Tried to download servers.def but failed with error 0x00000002.
21.08.2007 15:21:08 general: progress end - 0
21.08.2007 15:21:08 general: progress thread end
21.08.2007 15:21:08 general: InvalidateCurrent: invalidated server 'FailSafeServer' from 'main'
21.08.2007 15:21:08 general: SelectCurrent: unable to find any suitable server in 'main'
21.08.2007 15:21:08 internet: SYNCER: Type: Invalid
21.08.2007 15:21:08 internet: SYNCER: Auth: no authentication
21.08.2007 15:21:08 general: SelectCurrent: unable to find any suitable server in 'main'
21.08.2007 15:21:08 general: progress end - forced
21.08.2007 15:21:08 general: progress thread end
----------------------------------------------------------------------------------------------------------------------------------------
a questo punto non mi rimane che allegare il log di hijack e sperare che mi possiate indirizzare ad una risoluzione che non sia ne Lourdes ne il formattone, perchè il portatile (acquistato da UniEuro) non ha il cd di installazione di XP aiutooooooooo!! :sigh:
---------------------------------------------------------------------------------------------------------------------------------------
HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.07.04, on 21/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Tommy non toccare\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\MSN Toolbar Suite\DS\02.05.0001.1119\it-it\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/230?d287834eca744f22b6e11885da47975
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/229?d287834eca744f22b6e11885da47975
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://maciupiciumaciupiciu.spaces.live.co...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 7486 bytes
BitDefender_Online_Scanner__Scan_Report.pdf