www.MegaLab.it

[Hellena_Maezono]

È andato in modalità provvisoria!! Ho fatto la scansione e la pulizia, vi metto i due log:

Log scansione:

############################## | FindyKill V5.006 |

# User : Elena () # AA-5DO4D3E5JBSY
# Update on 14/08/09 by Chiquitine29
# Start at: 13.35.43 | 29/10/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Processore Intel Pentium III Xeon
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 298,08 Go (170,96 Go free) # NTFS
# D:\ # Disco rigido locale # 298,08 Go (278,32 Go free) [The Sims] # NTFS
# E:\ # Disco CD-ROM
# F:\ # Disco CD-ROM # 0,38 Mo (0 Mo free) [Bluebirds] # CDFS
# G:\ # Disco CD-ROM # 0,38 Mo (0 Mo free) [Bluebirds] # CDFS
# H:\ # Disco CD-ROM

############################## | Active Processes |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | C: |

Found ! F:\autorun.inf
Found ! G:\autorun.inf

################## | C:\WINDOWS |


################## | C:\WINDOWS\system32 |


################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\Elena\Dati applicazioni |

Found ! C:\Documents and Settings\Elena\Dati applicazioni\drivers
Found ! C:\Documents and Settings\Elena\Dati applicazioni\drivers\downld
Found ! C:\Documents and Settings\Elena\Dati applicazioni\hidires
Found ! C:\Documents and Settings\Elena\Dati applicazioni\hidires\flec003.exe
Found ! C:\Documents and Settings\Elena\Dati applicazioni\m
Found ! C:\Documents and Settings\Elena\Dati applicazioni\m\data.oct
Found ! C:\Documents and Settings\Elena\Dati applicazioni\m\flec006.exe
Found ! C:\Documents and Settings\Elena\Dati applicazioni\m\list.oct
Found ! C:\Documents and Settings\Elena\Dati applicazioni\m\srvlist.oct
Found ! C:\Documents and Settings\Elena\Dati applicazioni\m\shared

################## | C:\Documents and Settings\Elena\Temporary Internet Files |


################## | Registry / Infected keys |

Found ! [HKLM\SYSTEM\CurrentControlSet\Services\srosa]
Found ! [HKLM\SYSTEM\ControlSet001\Services\srosa]
Found ! [HKLM\SYSTEM\ControlSet002\Services\srosa]
Found ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
Found ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
Found ! [HKCU\Software\bisoft]
Found ! [HKCU\Software\MuleAppData]
Found ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Found ! [HKU\S-1-5-21-2052111302-1647877149-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Found ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
Found ! [HKU\S-1-5-21-2052111302-1647877149-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
Found ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"
Found ! [HKU\S-1-5-21-2052111302-1647877149-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"
Found ! [HKU\S-1-5-21-2052111302-1647877149-839522115-1003\Software\bisoft]
Found ! [HKU\S-1-5-21-2052111302-1647877149-839522115-1003\Software\MuleAppData]

################## | State / Service / Information |

# Showing of hidden files : OK

# Safe boot mode : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )


################## | Cracks / Keygens / Serials |


################## | End of Report # FindyKill V5.006 ! |

Log pulizia:

############################## | FindyKill V5.006 |

# User : Elena (Administrators) # AA-5DO4D3E5JBSY
# Update on 14/08/09 by Chiquitine29
# Start at: 13.39.35 | 29/10/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Processore Intel Pentium III Xeon
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 298,08 Go (170,96 Go free) # NTFS
# D:\ # Disco rigido locale # 298,08 Go (278,32 Go free) [The Sims] # NTFS
# E:\ # Disco CD-ROM
# F:\ # Disco CD-ROM # 0,38 Mo (0 Mo free) [Bluebirds] # CDFS
# G:\ # Disco CD-ROM # 0,38 Mo (0 Mo free) [Bluebirds] # CDFS
# H:\ # Disco CD-ROM

############################## | Active Processes |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe

################## | C: |

(!) Not Deleted ! F:\autorun.inf
(!) Not Deleted ! G:\autorun.inf

################## | C:\WINDOWS |


################## | C:\WINDOWS\system32 |


################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\Elena\Dati applicazioni |

Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\m\data.oct
(!) Not Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\m\flec006.exe
Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\m\list.oct
Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\m\srvlist.oct
(!) Not Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\hidires\flec003.exe
Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\drivers\downld
Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\drivers
(!) Not Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\hidires
Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\m\shared
(!) Not Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\m

################## | Other ... |

# Reference of comparaison Bagle MD5 :

File : C:\Qoobox\Quarantine\C\Documents and Settings\Elena\Dati applicazioni\drivers\winupgro.exe.vir
-> Crc32 : 4354b82a | Md5 : 7055eee2f4cf762b1de64d21130f41eb


################## | Temporary Internet Files |


################## | Registry / Infected keys |

Deleted ! [HKLM\SYSTEM\CurrentControlSet\Services\srosa]
Deleted ! [HKLM\SYSTEM\ControlSet001\Services\srosa]
Deleted ! [HKLM\SYSTEM\ControlSet002\Services\srosa]
Deleted ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
Deleted ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
Deleted ! [HKCU\Software\bisoft]
Deleted ! [HKCU\Software\MuleAppData]

################## | State / Service / Information |

# Safe boot mode : OK


# Showing of hidden files : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )


################## | PEH ... |

Corrupted : C:\Programmi\MSN\MSNCoreFiles\update.exe
[Offset = 000000DC - Value = 0x0001]

Corrupted : C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB923561\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB946648\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB952004\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB954459\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB954600\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB955069\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB956572\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB956744\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB956802\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB956803\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB956844\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB957097\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB958644\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB958687\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB959426\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB960225\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB960803\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB960859\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB961371-v2\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB961501\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB961503\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB967715\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB968389\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB968537\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB969059\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB970238\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB971486\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB971557\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB971633\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB971657\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB971961\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB972260\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB972260-IE7\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB973346\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB973354\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB973507\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB973525\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB973815\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB973869\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB973874-IE8\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB974112\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB974455-IE7\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB974455-IE8\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB974571\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB975025\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB975467\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$NtServicePackUninstall$\sysinfo.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : sysinfo.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\ie8updates\KB971961-IE8\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\ie8updates\KB973874-IE8\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\ServicePackFiles\i386\sysinfo.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : sysinfo.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\14e43fc576741fc6cfa156925a3fd381\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\33a664f18e233a84884543a7e5985e37\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\82dccab66381b0425b8c4c269fae9ae9\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\99ba743abe0d78e05b0ff4006bb8f789\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\c2f956d12a9d6292916209a9f55d4830\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\d3d66eb1aeb85257e7e8fffa82d99d7b\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\dcc9148bad5dc8a713f1d0d5c5ae1968\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\e774480d6b5f128fa6bdaceb7b79373d\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\e8b20339df578bbd800b341d6fb25044\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\f4f34ad062ad0e584e23fc55e94c498d\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\f9db33f5cc22e47c6ea258a7eb71042a\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\fd47314639ee5083d59f6093da5cf674\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\system32\dllcache\register.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : register.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.



################## | Cracks / Keygens / Serials |


################## | End of Report # FindyKill V5.006 ! |

Peccato però che, come prima, due file non sono stati riparati.

[crazy.cat]

Sono più di due
Not Deleted ! F:\autorun.inf
Not Deleted ! G:\autorun.inf
Not Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\m\flec006.exe
Not Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\hidires\flec003.exe
(!) Not Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\hidires
(!) Not Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\m

Mi sa che è meglio che prepari il cd di ubuntu e li vai a cancellare manualmente così la facciamo finita con questo verme.
Devi cancellare proprio le cartelle C:\Documents and Settings\Elena\Dati applicazioni\hidires e C:\Documents and Settings\Elena\Dati applicazioni\m con tutti i file al loro interno e anche i due autorun.inf

[Hellena_Maezono]

Mi sa che è meglio che prepari il cd di ubuntu e li vai a cancellare manualmente così la facciamo finita con questo verme.
Devi cancellare proprio le cartelle C:\Documents and Settings\Elena\Dati applicazioni\hidires e C:\Documents and Settings\Elena\Dati applicazioni\m con tutti i file al loro interno e anche i due autorun.inf

Come lo faccio il cd di Ubuntu? Parte in automatico come il cd di Avira? E come faccio a eliminare manualmente quei file? Ci vado, li seleziono e premo 'canc'?

[crazy.cat]

Come lo faccio il cd di Ubuntu?

E' un immagine iso da masterizzare per fare il boot come con avira.

Ci vado, li seleziono e premo 'canc'?

si.

La grafica è simile a quella di windows, basta che segui e istruzioni
http://www.MegaLab.it/5192/2/recuperare ... n-si-avvia

[Hellena_Maezono]

Ci vado, li seleziono e premo 'canc'?

si.

Ci ho provato, ma mi dice che i files sono in sola lettura e non me li fa cancellare... come si fa??

Ho letto il tutorial per il cd di ubuntu... ma nn ci ho capito molto... è un programma per recuperare i files 'intrappolati' nel pc che non vuole accendersi... cosa c'entra con questo? Siamo sicuri che sia il link giusto?

[crazy.cat]

Ci ho provato, ma mi dice che i files sono in sola lettura e non me li fa cancellare... come si fa??

Adesso non ho a disposizione il cd per fare una prova, prova a cliccare con il tasto destro (sempre se funziona) sui file e vedi se ti lascia cambiare le proprietà del file.

Ho letto il tutorial per il cd di ubuntu...

Serve a recuperare i file, serve a cancellarli, serve per provare (o installare ubuntu), ci si può fare tante cose tante cose

[Hellena_Maezono]

prova a cliccare con il tasto destro (sempre se funziona) sui file e vedi se ti lascia cambiare le proprietà del file

L'ho fatto, ma anche se tolgo la spunta a 'sola lettura' non cambia nulla...

(ubuntu) Serve a recuperare i file, serve a cancellarli, serve per provare (o installare ubuntu), ci si può fare tante cose tante cose

Si, ma quindi di che utilità posso usufruire nel mio caso? T___T Oddio non voglio fare una riformattazione...

[Hellena_Maezono]

Perfetto, sono riuscita a entrare con Ubuntu, ed ho cancellato questi quattro files:

Not Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\m\flec006.exe
Not Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\hidires\flec003.exe
(!) Not Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\hidires
(!) Not Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\m

Però, poi mi sono accorta che:

Not Deleted ! F:\autorun.inf
Not Deleted ! G:\autorun.inf

Questi due sono i files che si trovano all'interno dei due slot cd. Dite che non li cancella proprio perché SERVONO ai due slot cd per funzionare? Oppure sono due virus belli e buoni? Help!!

[crazy.cat]

Si, ma quindi di che utilità posso usufruire nel mio caso?

A cancellare i file di troppo.

Però, poi mi sono accorta che:
Not Deleted ! F:\autorun.inf
Not Deleted ! G:\autorun.inf

Sei hai due cdrom inseriti nel lettore allora va bene così.
Pensavo che fossero delle partizioni del disco infettate dal virus.

Prova adesso a rifare una scansione con findykill e combofix e poi vedi se riesci a reinstallare l'antivirus.

[Hellena_Maezono]

Questo è il file log della scansione con Findykill:

############################## | FindyKill V5.006 |

# User : Elena (Administrators) # AA-5DO4D3E5JBSY
# Update on 14/08/09 by Chiquitine29
# Start at: 18.26.59 | 29/10/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Processore Intel Pentium III Xeon
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 298,08 Go (170,16 Go free) # NTFS
# D:\ # Disco rigido locale # 298,08 Go (278,32 Go free) [The Sims] # NTFS
# E:\ # Disco CD-ROM
# F:\ # Disco CD-ROM # 0,38 Mo (0 Mo free) [Bluebirds] # CDFS
# G:\ # Disco CD-ROM # 0,38 Mo (0 Mo free) [Bluebirds] # CDFS
# H:\ # Disco CD-ROM # 698,96 Mo (0 Mo free) [Ubuntu 9.04 i386] # CDFS

############################## | Active Processes |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Search Guard PlusU\sgpUpdaters.exe
C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
C:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | C: |

Found ! F:\autorun.inf
Found ! G:\autorun.inf
Found ! H:\autorun.inf

################## | C:\WINDOWS |


################## | C:\WINDOWS\system32 |


################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\Elena\Dati applicazioni |

Found ! C:\Documents and Settings\Elena\Dati applicazioni\drivers
Found ! C:\Documents and Settings\Elena\Dati applicazioni\drivers\downld

################## | C:\Documents and Settings\Elena\Temporary Internet Files |


################## | Registry / Infected keys |

Found ! [HKLM\SYSTEM\CurrentControlSet\Services\srosa]
Found ! [HKLM\SYSTEM\ControlSet001\Services\srosa]
Found ! [HKLM\SYSTEM\ControlSet002\Services\srosa]
Found ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
Found ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
Found ! [HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA]
Found ! [HKCU\Software\bisoft]
Found ! [HKCU\Software\MuleAppData]
Found ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Found ! [HKU\S-1-5-21-2052111302-1647877149-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Found ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
Found ! [HKU\S-1-5-21-2052111302-1647877149-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
Found ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"
Found ! [HKU\S-1-5-21-2052111302-1647877149-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"
Found ! [HKU\S-1-5-21-2052111302-1647877149-839522115-1003\Software\bisoft]
Found ! [HKU\S-1-5-21-2052111302-1647877149-839522115-1003\Software\MuleAppData]

################## | State / Service / Information |

# Showing of hidden files : OK

# Safe boot mode : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )


################## | Cracks / Keygens / Serials |


################## | End of Report # FindyKill V5.006 ! |

Adesso posto quello della pulizia:

############################## | FindyKill V5.006 |

# User : Elena (Administrators) # AA-5DO4D3E5JBSY
# Update on 14/08/09 by Chiquitine29
# Start at: 18.32.16 | 29/10/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Processore Intel Pentium III Xeon
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 298,08 Go (170,16 Go free) # NTFS
# D:\ # Disco rigido locale # 298,08 Go (278,32 Go free) [The Sims] # NTFS
# E:\ # Disco CD-ROM
# F:\ # Disco CD-ROM # 0,38 Mo (0 Mo free) [Bluebirds] # CDFS
# G:\ # Disco CD-ROM # 0,38 Mo (0 Mo free) [Bluebirds] # CDFS
# H:\ # Disco CD-ROM # 698,96 Mo (0 Mo free) [Ubuntu 9.04 i386] # CDFS

############################## | Active Processes |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe

################## | C: |

(!) Not Deleted ! F:\autorun.inf
(!) Not Deleted ! G:\autorun.inf
(!) Not Deleted ! H:\autorun.inf

################## | C:\WINDOWS |

Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf

################## | C:\WINDOWS\system32 |


################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\Elena\Dati applicazioni |

Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\drivers\downld
Deleted ! C:\Documents and Settings\Elena\Dati applicazioni\drivers

################## | Other ... |

# Reference of comparaison Bagle MD5 :

File : C:\Qoobox\Quarantine\C\Documents and Settings\Elena\Dati applicazioni\drivers\winupgro.exe.vir
-> Crc32 : 4354b82a | Md5 : 7055eee2f4cf762b1de64d21130f41eb


################## | Temporary Internet Files |


################## | Registry / Infected keys |

Deleted ! [HKLM\SYSTEM\CurrentControlSet\Services\srosa]
Deleted ! [HKLM\SYSTEM\ControlSet001\Services\srosa]
Deleted ! [HKLM\SYSTEM\ControlSet002\Services\srosa]
Deleted ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
Deleted ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
Deleted ! [HKCU\Software\bisoft]
Deleted ! [HKCU\Software\MuleAppData]

################## | State / Service / Information |

# Safe boot mode : OK


# Showing of hidden files : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )


################## | PEH ... |

Corrupted : C:\Programmi\MSN\MSNCoreFiles\update.exe
[Offset = 000000DC - Value = 0x0001]

Corrupted : C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB923561\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB946648\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB952004\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB954459\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB954600\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB955069\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB956572\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB956744\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB956802\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB956803\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB956844\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB957097\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB958644\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB958687\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB959426\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB960225\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB960803\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB960859\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB961371-v2\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB961501\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB961503\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB967715\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB968389\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB968537\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB969059\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB970238\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB971486\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB971557\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB971633\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB971657\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB971961\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB972260\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB972260-IE7\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB973346\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB973354\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB973507\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB973525\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB973815\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB973869\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB973874-IE8\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB974112\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB974455-IE7\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB974455-IE8\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB974571\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB975025\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$hf_mig$\KB975467\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\$NtServicePackUninstall$\sysinfo.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : sysinfo.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\ie8updates\KB971961-IE8\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\ie8updates\KB973874-IE8\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\ServicePackFiles\i386\sysinfo.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : sysinfo.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\14e43fc576741fc6cfa156925a3fd381\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\33a664f18e233a84884543a7e5985e37\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\82dccab66381b0425b8c4c269fae9ae9\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\99ba743abe0d78e05b0ff4006bb8f789\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\c2f956d12a9d6292916209a9f55d4830\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\d3d66eb1aeb85257e7e8fffa82d99d7b\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\dcc9148bad5dc8a713f1d0d5c5ae1968\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\e774480d6b5f128fa6bdaceb7b79373d\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\e8b20339df578bbd800b341d6fb25044\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\f4f34ad062ad0e584e23fc55e94c498d\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\f9db33f5cc22e47c6ea258a7eb71042a\update\update.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\SoftwareDistribution\Download\fd47314639ee5083d59f6093da5cf674\update\update.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : update.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : C:\WINDOWS\system32\dllcache\register.exe
[Offset = 000000E4 - Value = 0x0001]

Attempt of repair...
Backup : register.exe.REN
[Offset = 000000E4 - New value = 0x4C01]
File repaired successfully.



################## | Cracks / Keygens / Serials |


################## | End of Report # FindyKill V5.006 ! |

[crazy.cat]

Prova a reinstallare l'antivirus.

[Hellena_Maezono]

...no... mi da sempre lo stesso errore... ma k accipicchia è???
Ho fatto anche una scansione con combofix, e prima di partire ha detto che ha rilevato dei rootkit e che bisognava riavviare il pc, poi durante il processo di scansione, verso la fine, si è riavviato ma nn ho fatto in tempo a leggere il perché, e quando si è riacceso ha detto che il file log sta in C:\Combofix.txt... ma nn c'è! O__O'''

[crazy.cat]

A questo punto mi serve il file per avviare l'infezione, devo vedere cosa combina o qui non se ne esce fuori.

[crazy.cat]

Ho dato una prima occhiata e scatenato l'infezione.
Questa volta sono veramente cavoli amari...
Ci sono driver che appaiono solo al momento dell'avvio del pc e poi spariscono i loro file, ci sono copie infette del virus nascoste in archivi zip sparsi nel pc, degli strani exe modificati nelle ore del virus ma che non vengono segnalati come infetti.

Dopo tanti anni che ci lavorano questa volta direi che hanno fatto veramente l'arma letale per il pc che ti costringe a formattare.
Adesso ho lanciato una scansione dal Megalabcd con kaspersky per vedere cosa ne esce, ma temo che al riavvio rispunti fuori il virus lo stesso.

[Hellena_Maezono]

...oddio no... la riformattazione no... davvero non si può fare proprio niente di niente??

[crazy.cat]

Ho ripreso la scansione adesso ed è piuttosto lunga ma trova veramente parecchie cose.
Leggiti questo articolo intanto http://www.MegaLab.it/4044/megalab-it-c ... a-versione e vedi se sei in grado di preparartelo con il Kaspersky aggiornato sembra in grado di eliminare veramente qualcosa.
Quando ha finito poi ti dico cosa è stato in grado di fare

[crazy.cat]

Su Vista mi ha creato un infezione diversa dalla tua, alla fine dopo un riavvio del pc dopo aver eliminato dei file, Vista ha deciso di passare a miglior vita e non si è più avviato.
Domani vedo se riesco a organizzare un pc con xp e vedo se fine fuori l'infezione come la tua.

[Hellena_Maezono]

Su Vista mi ha creato un infezione diversa dalla tua, alla fine dopo un riavvio del pc dopo aver eliminato dei file, Vista ha deciso di passare a miglior vita e non si è più avviato.
Domani vedo se riesco a organizzare un pc con xp e vedo se fine fuori l'infezione come la tua.

Mi disp, ma tipo fai conto k il mio pc, a parte essere un xp, è stato sottoposto già ad un mucchio di riformattazioni, e sono indietrissimo col lavoro, coi programmi che mi hai suggerito, adesso posso sentire l'audio e va in modalità provvisoria. Questo significa che, anche se il virus non è stato eliminato, almeno ha 'perso potenza'. Ti prego, non abbandonarmi ora.

[crazy.cat]

Provato il virus su Xp e sono riuscito a portare a termine la prova.
Ci vuole la scansione dal MegaLabcd utility fatta con Kaspersky aggiornato è l'unico al momento che rileva tutti le componenti del virus.
Findykill va usato dopo il riavvio del pc per rimettere a posto i servizi danneggiati, usarlo prima non serve perché non rimuove tutti i file infetti.
Il virus nasconde delle copie di se stesso dentro degli archivi che non vengono poi visti da findykill e penso che le usi per ricrearsi all'avvio.
Al momento è l'unica possibilità per rimuovere il virus completamente.

[Hellena_Maezono]

Quindi sei riuscitonel tuo intento? Beh, grazie mille!!! Solo che mi sono dimenticata cosa devo utilizzare, mi puoi mandare i link e le istruzioni dei programmi che devo utilizzare? Sono in debito con te, grazie mille!!