MegaLab.it

So che ci sono già molti topic che trattano questo argomento ma è da qualche giorno che tento di eliminare un virus.... senza successo! ! !

La situazione è questo:

non posso ne avviare ne installare nuovi antivirus perché ogni volta che faccio partire il file .exe mi compare la scritta: ..... non è una applicazione di win32 valida. Penso che sia un beagle così ho provato con ogni programma o sistema trovato sulla rete: da Avenger a delle scansioni online etc. Da ogni nuova scansione online(l'unica che riesco ad avviare) mi compaiono nuovi virus che elimino prontamente...... ma il proplema non si risolve!!!!!!!!!!
Prima di optare per l'ultima spiaggio(formattazione) volevo sapere cosa ne pensavate

Esegui la scansione on-line estesa con Kaspersky come descritto qui.

Ho già provato più di una volta con Kaspersky ma alla fine della scansione... anche se ha trovato qualche trojan il problema principale rimane! Gli antivirus non partono nè si installano..... anche la protezione anti firewall di windows "si spegne"

Se ci dai il log di kaspersky e tu non provi a cancellare niente, ti diciamo poi noi cosa eliminare e come.

Mi sono sbaglito con lo scanner online ni Kaspersky non c'è verso di farlo partire.... un volta selezioneto: installa controllo A...., mi esce Norton Antivirus 2006 does not support the Repair faeture cosa devo fare?????

Norton antivirus l'avevo installato per cercare di rimuovere il virus ma adesso è intoccabile visto che anche mantre cerco di eliminarlo esce la solita scritta di win32

Ci sto tiuscendo...... dopo molti ed estenuanti tentativi sono riuscito a far partire la scansione, appena ha finito vi metto al corrente del risultato. Ok???

Michelinho ha scritto:Ok???

Michelinho ha scritto:Norton antivirus l'avevo installato per cercare di rimuovere il virus ma adesso è intoccabile visto che anche mantre cerco di eliminarlo esce la solita scritta di win32

Utilizza questo per rimuoverlo
http://service1.symantec.com/support/in ... 7160511924

Adesso sono riuscito a rimuovere norton comunque la scansione di Kaspersky da questo risultato:


KASPERSKY ONLINE SCANNER REPORT
Monday, April 07, 2008 4:00:58 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/04/2008
Kaspersky Anti-Virus database records: 617480


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 51355
Number of viruses found 5
Number of infected objects 15
Number of suspicious objects 0
Duration of the scan process 00:25:43

Infected Object Name Virus Name Last Action
C:\APPS\SMP\SMPSYS.EXE Infected: Trojan-Downloader.Win32.Bagle.mn skipped

C:\APPS\Softex\OmniPass\btype0.dat Object is locked skipped

C:\APPS\Softex\OmniPass\btype256.dat Object is locked skipped

C:\APPS\Softex\OmniPass\btype259.dat Object is locked skipped

C:\APPS\Softex\OmniPass\btype3.dat Object is locked skipped

C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 Infected: Trojan-Downloader.Win32.Bagle.mq skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir Infected: Trojan-Downloader.Win32.Bagle.mq skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\srosa.sys.vir Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped

C:\QooBox\Quarantine\Registry_backups\Service_srosa.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\tracking.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{6A20CBD7-FA6A-4080-B795-4035D6773276}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{248333D8-D741-43AC-A8BC-AD3FBB305D71}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\drivers\downld\1154218.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\downld\119093.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\downld\95218.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped

C:\WINDOWS\system32\drivers\mdelk.exe Infected: Trojan-Downloader.Win32.Bagle.mn skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\0040_File_Monitoring_eventlog.rpt Object is locked skipped

D:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\0042_Web_Monitoring_eventlog.rpt Object is locked skipped

D:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\0046_AdBlocker_eventcritlog.rpt Object is locked skipped

D:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\0046_AdBlocker_eventlog.rpt Object is locked skipped

D:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\0054_Active_Disinfect_eventcritlog.rpt Object is locked skipped

D:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\0054_Active_Disinfect_eventlog.rpt Object is locked skipped

D:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped

D:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped

D:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped

D:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped

D:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

D:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\MSDVRMM_2418690414_196608_425 Object is locked skipped

D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\MSDVRMM_2418690414_786432_1452 Object is locked skipped

D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\SBE1.tmp Object is locked skipped

D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\SBE2.tmp Object is locked skipped

D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\{5BE5BCF1-59B3-4185-AFDA-C117B6CF9916}.TmpSBE Object is locked skipped

D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\{D176EDED-C061-48FE-9E88-D62D0B22EEB6}.TmpSBE Object is locked skipped

D:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

D:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

D:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

D:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

D:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

D:\Documents and Settings\Michele\Cookies\index.dat Object is locked skipped

D:\Documents and Settings\Michele\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

D:\Documents and Settings\Michele\Impostazioni locali\Cronologia\History.IE5\MSHist012008040720080408\index.dat Object is locked skipped

D:\Documents and Settings\Michele\Impostazioni locali\Dati applicazioni\ApplicationHistory\cli.exe.af01e8cc.ini.inuse Object is locked skipped

D:\Documents and Settings\Michele\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

D:\Documents and Settings\Michele\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

D:\Documents and Settings\Michele\Impostazioni locali\Temp\Perflib_Perfdata_4c0.dat Object is locked skipped

D:\Documents and Settings\Michele\Impostazioni locali\Temp\Perflib_Perfdata_bf4.dat Object is locked skipped

D:\Documents and Settings\Michele\Impostazioni locali\Temp\Perflib_Perfdata_e00.dat Object is locked skipped

D:\Documents and Settings\Michele\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

D:\Documents and Settings\Michele\NTUSER.DAT Object is locked skipped

D:\Documents and Settings\Michele\ntuser.dat.LOG Object is locked skipped

D:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

D:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

D:\eMule\Incoming\NoAdware 5.0 With Crack.zip/NoAdware 5.0 With Crack.exe Infected: Trojan-Downloader.Win32.Bagle.mq skipped

D:\eMule\Incoming\NoAdware 5.0 With Crack.zip ZIP: infected - 1 skipped

D:\eMule\Incoming\NoAdware 5.0.zip/NoAdware 5.0.exe Infected: Trojan-Downloader.Win32.Bagle.mq skipped

D:\eMule\Incoming\NoAdware 5.0.zip ZIP: infected - 1 skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Il bagle è mutato un altra volta...

Che programma hai usato per fare questa scansione e creare questa cartella C:\QooBox\ ?


Disattiva il ripristino della configurazione su tutti i dischi poi riavvia il pc
http://www.MegaLab.it/2330

Scarica Avenger nuova versione http://swandog46.geekstogo.com/avenger.zip

Se non dovesse funzionare (Applicazione non valida) utilizza questi
http://www.MegaLab.it/forum/viewtopic.p ... 172#325172

Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto

Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\trusted.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\1.exe
C:\APPS\SMP\SMPSYS.EXE
C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\srosa.sys.vir
C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir
C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir
C:\QooBox\Quarantine\Registry_backups\Service_srosa.reg.dat
C:\WINDOWS\system32\drivers\downld\1154218.exe
C:\WINDOWS\system32\drivers\downld\119093.exe
C:\WINDOWS\system32\drivers\downld\95218.exe
C:\WINDOWS\system32\drivers\mdelk.exe
D:\eMule\Incoming\NoAdware 5.0 With Crack.zip
D:\eMule\Incoming\NoAdware 5.0.zip

folders to delete:
c:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\downld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Dopo prova a reinstallare subito l'antivirus e cancella la cartella c:\avenger.

Dovrai, quasi sicuramente, riscaricare i file d'installazione dei programmi di sicurezza perché danneggiati dal virus.

crazy.cat ha scritto:Che programma hai usato per fare questa scansione e creare questa cartella C:\QooBox\ ?

Quelli sono i backup di ComboFix.

La scansione l'ho fatta con Kaspersky online, ma con evenger mi dice che la scritta è invalida!!!!!

Disabilita il ripristino configurazione di sistema.

Scarica e salva questo file.

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Premi l'icona rappresentata da una cartellina in alto a sinistra e seleziona il file di testo prima scaricato.
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Ecco il risultato, è un po' lungo....
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 06 23:37:48 2008

23:36:13: Warning: Trying to solve a NULL hostname: giving up
23:36:14: Error: Could not open input stream to URL:
http:// (error 6: handle non valido.)
23:37:48: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 06 23:38:08 2008

23:38:08: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 06 23:39:15 2008

23:39:15: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 06 23:39:25 2008

23:39:25: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 06 23:39:32 2008

23:39:32: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 06 23:39:44 2008

23:39:44: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 06 23:39:50 2008

23:39:50: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 06 23:40:57 2008

23:40:52: Warning: Trying to solve a NULL hostname: giving up
23:40:53: Error: Could not open input stream to URL:
http:// (error 6: handle non valido.)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 06 23:44:19 2008

23:44:19: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 06 23:44:33 2008

23:44:33: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 13:37:55 2008

13:37:55: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 13:39:41 2008

13:39:41: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 13:40:00 2008

13:40:00: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 13:41:18 2008

13:41:18: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 13:41:41 2008

13:41:41: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 13:41:58 2008

13:41:58: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 13:45:11 2008

13:45:03: Error: Invalid syntax in command:
"Clicca sul pulsante Execute"
Skipping line. (Registry value replacement mode)
13:45:06: Error: Invalid syntax in command:
"Il computer si dovrebbe riavviare, se non lo facesse riavvialo tu."
Skipping line. (Registry value replacement mode)
13:45:07: Error: Invalid syntax in command:
"Copia e incolla in un post poi il log generato da avenger, lo trovi in C:\avenger.txt è un file di testo."
Skipping line. (Registry value replacement mode)
13:45:08: Error: Invalid syntax in command:
"Se avenger non dovesse funzionare, scaricalo da qui:"
Skipping line. (Registry value replacement mode)
13:45:08: Error: Invalid syntax in command:
"scaricalo da qui:"
Skipping line. (Registry value replacement mode)
13:45:08: Error: Invalid syntax in command:
"<http://www.wikifortio.com/630243/AntiBagle.zip>"
Skipping line. (Registry value replacement mode)
13:45:09: Error: Invalid syntax in command:
"Al riavvio del computer"
Skipping line. (Registry value replacement mode)
13:45:09: Error: Invalid syntax in command:
"copia questo codice:"
Skipping line. (Registry value replacement mode)
13:45:09: Error: Invalid syntax in command:
"Windows Registry Editor Version 5.00"
Skipping line. (Registry value replacement mode)
13:45:10: Error: Invalid syntax in command:
"[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"
Skipping line. (Registry value replacement mode)
13:45:10: Error: Invalid syntax in command:
""drvsyskit"=-"
Skipping line. (Registry value replacement mode)
13:45:10: Error: Invalid syntax in command:
""german.exe"=-"
Skipping line. (Registry value replacement mode)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\drivers\hidr.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hidr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\drivers\srosa.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\srosa.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\wintems.exe" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\hldrrr.exe" not found!
Deletion of file "C:\WINDOWS\system32\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\trusted.exe" not found!
Deletion of file "C:\WINDOWS\system32\trusted.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\drivers\pci32.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\pci32.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: could not open file "C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe"
Deletion of file "C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
bad path / the parent directory does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\wmmfilt32.dll" not found!
Deletion of file "C:\WINDOWS\system32\wmmfilt32.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: folder "C:\WINDOWS\exefnd" not found!
Deletion of folder "C:\WINDOWS\exefnd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: folder "C:\WINDOWS\exefld" not found!
Deletion of folder "C:\WINDOWS\exefld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: folder "C:\WINDOWS\system32\drivers\down" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\down" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: could not open folder "C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5"
Deletion of folder "C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
bad path / the parent directory does not exist


Error: could not open folder "C:\Documents and Settings\USER\.jpi_cache\jar\1.0\cnte-dhncgts.jar-215807d4-50ebc1ab.zip"
Deletion of folder "C:\Documents and Settings\USER\.jpi_cache\jar\1.0\cnte-dhncgts.jar-215807d4-50ebc1ab.zip" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
bad path / the parent directory does not exist


Error: could not open folder "C:\Documents and Settings\USER\Impostazioni locali\Temp"
Deletion of folder "C:\Documents and Settings\USER\Impostazioni locali\Temp" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
bad path / the parent directory does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\pci32" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\pci32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist

Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 13:50:28 2008

13:50:28: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 13:51:04 2008

13:51:04: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 13:51:50 2008

13:51:50: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 13:52:49 2008

13:52:49: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 14:13:40 2008

14:13:40: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 14:13:49 2008

14:13:49: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 14:14:01 2008

14:14:01: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 14:55:16 2008

14:55:16: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 16:27:52 2008

16:27:52: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 16:29:23 2008

16:29:23: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 16:30:41 2008

16:30:41: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Apr 07 16:30:45 2008

16:30:45: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\drivers\srosa.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\srosa.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\wintems.exe" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\windows\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\windows\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\APPS\SMP\SMPSYS.EXE" not found!
Deletion of file "C:\APPS\SMP\SMPSYS.EXE" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist

File "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0" deleted successfully.
File "C:\WINDOWS\system32\drivers\downld\1154218.exe" deleted successfully.
File "C:\WINDOWS\system32\drivers\downld\119093.exe" deleted successfully.
File "C:\WINDOWS\system32\drivers\downld\95218.exe" deleted successfully.
File "C:\WINDOWS\system32\drivers\mdelk.exe" deleted successfully.
File "D:\eMule\Incoming\NoAdware 5.0 With Crack.zip" deleted successfully.
File "D:\eMule\Incoming\NoAdware 5.0.zip" deleted successfully.

Error: folder "c:\WINDOWS\system32\drivers\down" not found!
Deletion of folder "c:\WINDOWS\system32\drivers\down" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist

Folder "C:\WINDOWS\system32\drivers\downld" deleted successfully.
Folder "C:\QooBox" deleted successfully.

Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Riesci ad aprire gli eseguibili? Prova a reinstallare un antivirus.

No, sempre lo stesso problema ....non è una applicazione di win32 valida!!!!! non so proprio che fare!!!!

Esegui una nuova scansione online con Kaspersky.

é quello che ho fatto e poi ho messo il risultato:


KASPERSKY ONLINE SCANNER REPORT
Monday, April 07, 2008 4:00:58 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/04/2008
Kaspersky Anti-Virus database records: 617480


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Co

Devi rifarla!