non riesco ad installare antivirus

[aroand]

Avrei bisogno di aiuto....
Ho preso un virus che mi rimanda ad un sito pinaccesscode.
Non riesco ad installare alcun antivirus quando arriva all'installazione del file exe blocca tutto.

Pubblico il log di Hijackthis, se mi dite che posso fare mi fate un piaciere.
Grazie.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.19.00, on 03/08/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Abria Merlin\MySQL\bin\mysqld-nt.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer by MatSoftware
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmi\ICQToolbar\toolbaru.dll
O1 - Hosts: 205.214.67.211 auto.search.msn.com
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\Documents and Settings\Administrator\831047.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 6\SnagItIEAddin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmi\ICQToolbar\toolbaru.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Dllstrstrxqk] C:\WINNT\System32\Prptitybr.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\HDSL640 USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [CleanRegPath] C:\PROGRA~1\ADSLUT~1\CleanReg.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Connector] C:\WINNT\System32\ShellExt\sis.EXE -n
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Dllstrstrxqk] C:\WINNT\System32\Prptitybr.exe
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINNT\svchost.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica sito web con Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O12 - Plugin for .mid: C:\Programmi\Internet Explorer\PLUGINS\npvmidi.dll
O12 - Plugin for .mu3: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Programmi\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .php: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://bpi.bancalombarda.it/webbank...l/iNotes6W.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.it/s/v/19.11/uploader2.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Unknown owner - C:\Programmi\Roxio\GoBack\GBPoll.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySql - Unknown owner - C:/Programmi/Abria Merlin/MySQL/bin/mysqld-nt.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 7132 bytes

[ste_95]

seleziona queste vclicca su fix checked:

O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\Documents and Settings\Administrator\831047.dll

O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINNT\svchost.exe

O4 - HKLM\..\Run: [Dllstrstrxqk] C:\WINNT\System32\Prptitybr.exe

O4 - HKCU\..\Run: [Dllstrstrxqk] C:\WINNT\System32\Prptitybr.exe


poi scarica avenger da qui: http://swandog46.geekstogo.com/avenger.zip

aprilo, vai su input script manually,poi sulla lente, e copiaci queste righe:

Files to delete:
C:\Documents and Settings\Administrator\831047.dll
C:\WINNT\svchost.exe
C:\WINNT\System32\Prptitybr.exe

poi su done, sul semaforino, acconsenti, a questo punto il computer dovrebbe riavviarsi, altrimenti fallo tu...

alla fine vai a vedere il percorso fisico del file intarnet.exe...

risolvi?

[aroand]

Con avenger non mi lascia cancellare mi dice che lo script è inesatto

[aroand]

E un bel bastardello questo virus, non mi lascia installare file exe, mi nasconde la cartella programmi, non trova il file intarnet.exe, se tento l'avvio in modalità provvisoria si blocca e va nella schemata blu, e chissà cos'altro

[ste_95]

copia esattamente l'errore....

che cosa hai inserito come script?

[aroand]

script inserito:

C:\Documents and Settings\Administrator\831047.dll
C:\WINNT\svchost.exe
C:\WINNT\System32|\Prptitybr.exe


forse ho capito non avevo scritto files to delete

[aroand]

adesso lo ha fatto, riavvio.... spero che riparta.
Grazie, in ogni caso

[ste_95]

appunto.... senza quella riga il programma non ha le istruzioni su cosa fare dei files...

[ste_95]

ok, scansioni online le riesci a fare...? se si fanne una con kaspersky e postane il relativo log...

[aroand]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\ravrtlyu

*******************

Script file located at: \??\C:\gxajnieq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Documents and Settings\Administrator\831047.dll not found!
Deletion of file C:\Documents and Settings\Administrator\831047.dll failed!

Could not process line:
C:\Documents and Settings\Administrator\831047.dll
Status: 0xc0000034

File C:\WINNT\svchost.exe deleted successfully.
File C:\WINNT\System32\Prptitybr.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Ok ora è andato
Questo lo ha aperto al riavvio.

Prima ho tentato ma kaspersky si è bloccato, avevo fatto con trendline durato otto ore ma il problema era rimasto, ora riprovo