lucasspd non e' il log delle eliminazioni quello, guarda bene dentro la cartella del programma
Guardato nella cartella di percorso: C/ cartella OTL, poi MovedFiles, poi cartella 10212012_130536 (dentro non trovo nulla) ma affianco della cartella c’è il documento di testo come Ti riporto QUI:
Error: Unable to interpret < "Custom Scans\Fixes"> in the current context!
OTL by OldTimer - Version 3.2.69.0 log created on 10212012_130536
Praticamente la cartella: 10212012_130536 è vuota.
Cosa significa copiare sotto il testo che mi hai inviato, io ho copiato nello spazio bianco di OTL "Custom Scans\Fixes", Poi ho cliccato run fix.
Volevi forse dire che devo copiare tutta la citazione nello spazio in OTL ?
La citazione inizia con: SRV - (MSDTC) -- File not found e finisce con [Reboot]
Ti prego di farmi capire cosa devo copiare su OTL
Ciao!
Ecco qui:
========== OTL ==========
Service MSDTC stopped successfully!
Service MSDTC deleted successfully!
File File not found not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{1921ED09-583B-4B28-84F2-8BBDB35CEF39}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1921ED0 9-583B-4B28-84F2-8BBDB35CEF39}\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{7DB0124C-1A43-4F77-876C-79EA5BCF12C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB0124 C-1A43-4F77-876C-79EA5BCF12C6}\ not found.
HKEY_USERS\S-1-5-21-1078081533-261903793-1801674531-500\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1078081533-261903793-1801674531-500\Software\Microsoft\Internet Explorer\SearchScopes\{1921ED09-583B-4B28-84F2-8BBDB35CEF39}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1921ED0 9-583B-4B28-84F2-8BBDB35CEF39}\ not found.
Registry key HKEY_USERS\S-1-5-21-1078081533-261903793-1801674531-500\Software\Microsoft\Internet Explorer\SearchScopes\{7DB0124C-1A43-4F77-876C-79EA5BCF12C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB0124 C-1A43-4F77-876C-79EA5BCF12C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.c om/nsJSRealPlayerPlugin;version=\ deleted successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32 folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Dati applicazioni\TEMP folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Dati applicazioni folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
Folder move failed. C:\Qoobox\BackEnv scheduled to be moved on reboot.
C:\Qoobox folder moved successfully.
C:\Documents and Settings\Administrator\Desktop\ComboFix.exe moved successfully.
C:\WINDOWS\PEV.exe moved successfully.
C:\WINDOWS\MBR.exe moved successfully.
C:\WINDOWS\sed.exe moved successfully.
C:\WINDOWS\grep.exe moved successfully.
C:\WINDOWS\zip.exe moved successfully.
ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:C43ED645 deleted successfully.
ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:5C321E34 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Svuotata la cache del resolver DNS.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.69.0 log created on 10212012_135144
Files\Folders moved on Reboot...
File\Folder C:\Qoobox\BackEnv not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Attendo Tua opinione,
thank you very much
mi sembra di vedere anche un'infezione da vundo
scarica systemscan aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verranno rilasciati (sempre sul desktop all'interno della cartella suspectfile) due file. Allega il file con estensione .zip nella tua prossima risposta.
non ho il zip come programma, ma il Rar, fa lo stesso ?
capito dal Rar lo passo in Zip che si può fare, però dove lo allego il file Zip ? come faccio ad allegarlo ?
Capito, allegato intendevi come caricato tipo:free file host.net
Essendo abituato ad inviare posta elettronica, l'allegato per me significa inviare un file alla risposta che sto dando, e non caricato su es. free file host.net.
Scusa per il disguido
http://www.freefilehosting.net/suspectfile
Suspectfile l'ho lasciato aperto sul desktop, in attesa da parte Tua se devo cliccare su qualcosa
Thank you !
Permessi di invio
Rispondi quotando