MegaLab.it

Salve ragazzi,sono nuovo del forum....ho fatto la scansione con kaspersky e questi sono i risultati.....potete aiutarmi a debellare questo male incurabile che mi affligge da diverso tempo? Ve ne sarei grato a vita.Credo che il virus appartenga alla famiglia dei bagles in quanto non riesco a installare più antivirus...SE qualcuno potesse mandarmi lo script
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 09, 2008 1:37:27 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/01/2008
Kaspersky Anti-Virus database records: 471176


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
G:\
H:\

Scan Statistics
Total number of scanned objects 46944
Number of viruses found 1
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 01:40:56

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Pier\.housecall6.6\Quarantine\Snappy Photocard Creator Intermediate 2.00.2181 (With Crack).zip.bac_a03064/Snappy PhotoCard Creator Intermediate 2.00.2181 (With Crack).exe Infected: Trojan-Downloader.Win32.Bagle.hj skipped

C:\Documents and Settings\Pier\.housecall6.6\Quarantine\Snappy Photocard Creator Intermediate 2.00.2181 (With Crack).zip.bac_a03064 ZIP: infected - 1 skipped

C:\Documents and Settings\Pier\.housecall6.6\Quarantine\Snappy Photocard Creator Intermediate 2.00.2181 (With Crack).zip.bac_a03064 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Pier\.housecall6.6\Quarantine\Snappy Photocard Creator Professional 2.00.2181.zip.bac_a03064/Snappy PhotoCard Creator Professional 2.00.2181.exe Infected: Trojan-Downloader.Win32.Bagle.hj skipped

C:\Documents and Settings\Pier\.housecall6.6\Quarantine\Snappy Photocard Creator Professional 2.00.2181.zip.bac_a03064 ZIP: infected - 1 skipped

C:\Documents and Settings\Pier\.housecall6.6\Quarantine\Snappy Photocard Creator Professional 2.00.2181.zip.bac_a03064 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Pier\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Pier\Dati applicazioni\Mozilla\Firefox\Profiles\6mym9aly.default\cert8.db Object is locked skipped

C:\Documents and Settings\Pier\Dati applicazioni\Mozilla\Firefox\Profiles\6mym9aly.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\Pier\Dati applicazioni\Mozilla\Firefox\Profiles\6mym9aly.default\history.dat Object is locked skipped

C:\Documents and Settings\Pier\Dati applicazioni\Mozilla\Firefox\Profiles\6mym9aly.default\key3.db Object is locked skipped

C:\Documents and Settings\Pier\Dati applicazioni\Mozilla\Firefox\Profiles\6mym9aly.default\parent.lock Object is locked skipped

C:\Documents and Settings\Pier\Dati applicazioni\Mozilla\Firefox\Profiles\6mym9aly.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Pier\Dati applicazioni\Mozilla\Firefox\Profiles\6mym9aly.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Pier\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pier\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Pier\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Pier\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\6mym9aly.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Pier\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\6mym9aly.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Pier\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\6mym9aly.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Pier\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\6mym9aly.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Pier\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Pier\ntuser.dat Object is locked skipped

C:\Documents and Settings\Pier\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Sembra che l'infezione sia già passata, comunque:

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
C:\Documents and Settings\Pier\.housecall6.6

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32

Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

ok fatto,ecco i risultati....attendo nuovi ordini signore



Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lmjsxfge

*******************

Script file located at: \??\C:\WINDOWS\yohfmxos.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.


File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034



File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\windows\system32\drivers\hldrrr.exe deleted successfully.


Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Folder C:\Documents and Settings\Pier\.housecall6.6 deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

pierpy10 ha scritto:ok fatto,ecco i risultati....attendo nuovi ordini signore

Prova a reinstallare l'antivirus.

ok grazie di tutto ho provato a installare kaspersky e funge....Quale antivirus internet security mi consigli?

Quello che già possiedi, Kaspersky Internet Security