critical error !

[steghi]

non capisco come possa ancora collegarsi alla rete !

ho un critical error
per essere più precisi un hard drive error
problem with ide/sata hd

non mi vede più i dati dell'hd !?...nessun file nessun programma.....

sul desktop non trova più nulla !!

ho provato a lanciare combofix da una chiavetta, ma non ha risolto nulla....


sono in una bella crisi....

come posso fare ?

grazie

ps. il s.o.è XP e ho ancora 35 Gb di spazio !

[marcosx86]

fai così intanto..

start -> esegui -> cmd

scrivi:

chkdsk X: /f /r /v

x è la lettera dell'unità.

Riavvia e vedi un po' se funziona o meno

[steghi]

ha lanciato il comando,
scansione effettuata,
ma tutto come prima....

!!

[steghi]

ho fatto girare Malwarebytes' Anti-Malware e mi ha pulito un po' di roba.
restano i seguenti problemi:
- i file e le cartelle sono tutte in grigio, come se non fossero operative, ma cliccandoci funzionano (per fortuna !),
- Non trovo più firefox (con tutti i miei preferiti !)
- non trovo più outlook
questo di primo acchito
Allego il log di Malwarebytes.
ditemi voi...grazie



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 331545
Tempo trascorso: 1 ore, 38 minuti, 22 secondi

Processi infetti in memoria: 2
Moduli di memoria infetti: 2
Chiavi di registro infette: 16
Valori di registro infetti: 6
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 79

Processi infetti in memoria:
c:\documents and settings\all users\dati applicazioni\kjeenxnpeglsp.exe (Trojan.FakeMS) -> 2648 -> Unloaded process successfully.
c:\WINDOWS\Vzimol.exe (Trojan.Downloader) -> 5268 -> Unloaded process successfully.

Moduli di memoria infetti:
c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\aunt32.dll (Trojan.Hiloti) -> Delete on reboot.

Chiavi di registro infette:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo rer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo rer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\4ECYTQ9SIC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\5NZQ29B3L2 (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CL2GFOKBC9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\LKGGOPABUH (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OPLE7CLDO2 (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TBXQRHV4KR (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\idgbn5xehg (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WORT (Trojan.Vilsel) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\Wronurimu (Trojan.Hiloti) -> Value: Wronurimu -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\kjEenXNPEgLSP (Trojan.FakeMS) -> Value: kjEenXNPEgLSP -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\NtWqIVLZEWZU (Trojan.Downloader) -> Value: NtWqIVLZEWZU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\OPLE7CLDO2 (Trojan.Downloader) -> Value: OPLE7CLDO2 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\SvrWsc (Trojan.Agent) -> Value: SvrWsc -> Quarantined and deleted successfully.

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

[steghi]

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\aunt32.dll (Trojan.Hiloti) -> Delete on reboot.
c:\documents and settings\all users\dati applicazioni\kjeenxnpeglsp.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Documents and Settings\Ghini\Impostazioni locali\temp\Vxq.exe (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\Vzimol.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\impostazioni locali\temp\Vxj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\programmi\mozilla firefox\0.6052631545050637.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\all users\dati applicazioni\ywjcrfuitusqdav.exe.vir (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\all users\dati applicazioni\jp28601acopa28601\jp28601acopa28601.e xe.vir (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\Ghini\dati applicazioni\svrwsc.exe.vir (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\qoobox\quarantine\c\documents and settings\ghini\dati applicazioni\adobe\adobeupdate.exe.vir (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\Ghini\dati applicazioni\Risuil\obhu.exe.vir (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\Ghini\dati applicazioni\Soycp\avec.exe.vir (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\Ghini\dati applicazioni\Sun\hwdhy.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\qoobox\quarantine\c\documents and settings\ghini\dati applicazioni\updates\updates.exe.vir (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\aunt32.dll.vir (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\qoobox\quarantine\c\windows\vzimoa.exe.vir (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\qoobox\quarantine\c\windows\vzimob.exe.vir (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\qoobox\quarantine\c\windows\vzimoc.exe.vir (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\qoobox\quarantine\c\windows\vzimod.exe.vir (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\qoobox\quarantine\c\windows\system32\sshnas21.d ll.vir (Trojan.Downloader.VCP) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\svrwsc.exe .vir (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\qoobox\quarantine\c\windows\system32\config\sys temprofile\pgsij.exe.vir (Worm.SFDC) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cc0a0aa9-d6d0-414e-bf94-ef3f5da87823}\RP2\A0001189.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cc0a0aa9-d6d0-414e-bf94-ef3f5da87823}\RP2\A0001225.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cc0a0aa9-d6d0-414e-bf94-ef3f5da87823}\RP24\A0009606.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cc0a0aa9-d6d0-414e-bf94-ef3f5da87823}\RP43\A0016056.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cc0a0aa9-d6d0-414e-bf94-ef3f5da87823}\RP57\A0024486.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cc0a0aa9-d6d0-414e-bf94-ef3f5da87823}\RP58\A0024683.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cc0a0aa9-d6d0-414e-bf94-ef3f5da87823}\RP59\A0024723.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cc0a0aa9-d6d0-414e-bf94-ef3f5da87823}\RP63\A0029755.exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cc0a0aa9-d6d0-414e-bf94-ef3f5da87823}\RP63\A0029756.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cc0a0aa9-d6d0-414e-bf94-ef3f5da87823}\RP63\A0029757.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\menu avvio\programmi\esecuzione automatica\elro.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\menu avvio\programmi\esecuzione automatica\haapoh.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\menu avvio\programmi\esecuzione automatica\raygna.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\menu avvio\programmi\esecuzione automatica\taecq.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\menu avvio\programmi\esecuzione automatica\vehiyc.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\all users\dati applicazioni\fe28601igbel28601\fe28601igbel28601.e xe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\documents and settings\default user\menu avvio\programmi\esecuzione automatica\axlao.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\default user\menu avvio\programmi\esecuzione automatica\daohat.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\default user\menu avvio\programmi\esecuzione automatica\masaz.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\documents and settings\default user\menu avvio\programmi\esecuzione automatica\pibaes.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\default user\menu avvio\programmi\esecuzione automatica\vefo.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\ghini\dati applicazioni\e6f33cf892eb1b96f9d7494ea5836680\agib ck70dl.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\dati applicazioni\e6f33cf892eb1b96f9d7494ea5836680\lss7 00dbgg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\ghini\dati applicazioni\e6f33cf892eb1b96f9d7494ea5836680\sokd rt700.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\impostazioni locali\temp\Vxn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\impostazioni locali\temp\Vxo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\impostazioni locali\temp\Vxp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\impostazioni locali\temp\jar_cache3203958312250964724.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\impostazioni locali\temp\jar_cache7599671670476863063.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\impostazioni locali\temp\ncxsemwrao.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\impostazioni locali\temp\0.021988535477787008.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\impostazioni locali\temp\0.2055403795940416.exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\impostazioni locali\temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\impostazioni locali\temp\Vxf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\impostazioni locali\temp\Vxg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\impostazioni locali\temp\Vxh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\impostazioni locali\temp\Vxi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\impostazioni locali\temp\Vxk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\impostazioni locali\temp\Vxl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Ghini\impostazioni locali\temp\Vxm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\dati applicazioni\Sun\Java\deployment\cache\6.0\56\7802 578-3d627175 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\dati applicazioni\sun\java\deployment\cache\6.0\9\40bfa 749-26dd4fca (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\Vzimoa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Vzimob.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Vzimoc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Vzimod.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Vzimoe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Vzimof.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Vzimog.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Vzimoh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Vzimoi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Vzimoj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Vzimok.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\documents and settings\all users\dati applicazioni\17882916.exe (Trojan.Agent) -> Quarantined and deleted successfully.

[R16]

Ciao.
Segui queste indicazioni:
Disistalla Combofix con questo tool:
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Poi :
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.

Per postare il log fai così:
Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.