MegaLab.it

Inviato: **mar apr 22, 2008 5:54 pm**

penso proprio di aver fatto un errore nell'aver postato prima un mio messaggio, adesso dovrebbe andare bene, scusatemi ancora, vi chiedo umilmente di aiutarmi!!! GRAZIE!!!

questo è il log:

http://www.mediafire.com/?rmgjtc2n1c1

Inviato: **mar apr 22, 2008 6:06 pm**

Devi, come ti ho detto nell'altro topic, fare la scansione online con Kaspersky.

Esegui la scansione on-line estesa con Kaspersky come descritto qui e postane il log seguendo queste indicazioni.

Inviato: **mer apr 23, 2008 10:05 am**

ECCO IL REPORT DI KASPERSY:

http://www.mediafire.com/?gxo1uudyexm

Inviato: **mer apr 23, 2008 11:20 am**

Che antivirus utilizzi?
Avast o Norton?

Disattiva il ripristino della configurazione su tutti i dischi poi riavvia il pc
http://www.MegaLab.it/2330

Scarica Avenger nuova versione http://swandog46.geekstogo.com/avenger.zip

Se non dovesse funzionare (Applicazione non valida) utilizzate questi
http://www.MegaLab.it/forum/viewtopic.p ... 172#325172

Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto: Files to delete: C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\wintems.exe C:\WINDOWS\system32\trusted.exe C:\windows\system32\drivers\hldrrr.exe C:\WINDOWS\system32\mdelk.exe C:\WINDOWS\system32\1.exe C:\WINDOWS\system32\drivers\mdelk.exe C:\WINDOWS\system32\drivers\1.exe C:\WINDOWS\system32\drivers\Twa58.sys C:\WINDOWS\system32\drivers\Osv03.sys C:\WINDOWS\system32\drivers\Jnq47.sys C:\WINDOWS\system32\drivers\Hmp47.sys C:\WINDOWS\system32\drivers\Rxb37.sys C:\WINDOWS\system32\drivers\Dhk60.sys C:\WINDOWS\system32\drivers\Kor60.sys C:\WINDOWS\system32\drivers\Vad14.sys C:\WINDOWS\system32\drivers\Lps14.sys C:\WINDOWS\system32\drivers\Afi03.sys C:\WINDOWS\system32\drivers\Xbe71.sys C:\WINDOWS\system32\drivers\Txb71.sys C:\WINDOWS\system32\drivers\Qux58.sys C:\WINDOWS\system32\drivers\Rwa47.sys C:\WINDOWS\system32\drivers\Uyc14.sys C:\WINDOWS\system32\drivers\Vbe58.sys C:\WINDOWS\system32\drivers\Lor14.sys C:\WINDOWS\system32\drivers\Xdg03.sys C:\WINDOWS\system32\drivers\Wbe82.sys C:\WINDOWS\system32\drivers\Bfi14.sys C:\WINDOWS\system32\drivers\Bgj35.sys C:\WINDOWS\system32\drivers\Xcf60.sys C:\WINDOWS\system32\hldrrr.exe C:\WINDOWS\system32\SocksA.exe C:\WINDOWS\system32\FileKan.exe C:\WINDOWS\Temp\BN2.tmp C:\WINDOWS\Temp\BN3.tmp C:\WINDOWS\Temp\BN3D.tmp C:\WINDOWS\Temp\BN4.tmp C:\WINDOWS\Temp\BN5.tmp C:\WINDOWS\Temp\BN6.tmp C:\WINDOWS\Temp\BN7.tmp C:\WINDOWS\Temp\BN8.tmp C:\WINDOWS\Temp\BN29.tmp C:\WINDOWS\Temp\BN9.tmp C:\WINDOWS\Temp\BNA.tmp C:\WINDOWS\Temp\BN2E.tmp C:\WINDOWS\Temp\BNB.tmp C:\WINDOWS\Temp\BNC.tmp C:\WINDOWS\Temp\BND.tmp C:\WINDOWS\Temp\BN38.tmp C:\WINDOWS\Temp\BNE.tmp C:\WINDOWS\Temp\BNF.tmp C:\WINDOWS\Temp\BN10.tmp C:\WINDOWS\Temp\BN11.tmp C:\WINDOWS\Temp\BN12.tmp C:\WINDOWS\Temp\BN13.tmp C:\WINDOWS\MS32DLL.dll.vbs C:\WINDOWS\BACKINF.TAB C:\WINDOWS\Session.exe C:\Documents and Settings\Standard\Impostazioni locali\Temp\BN9A.tmp C:\Documents and Settings\Standard\Dati applicazioni\m\flec006.exe C:\Documents and Settings\Standard\Dati applicazioni\m\data.oct C:\Documents and Settings\Standard\.jpi_cache\jar\1.0\crtdcghcn.jar-4710de4f-77e45132.zip C:\FOUND.024\FILE0001.CHK C:\FOUND.004\FILE0002.CHK C:\FOUND.004\FILE0003.CHK C:\FOUND.004\FILE0008.CHK C:\tel.xls.exe C:\MS32DLL.dll.vbs C:\FOUND.023\FILE0005.CHK C:\FOUND.025\FILE0000.CHK D:\tel.xls.exe D:\MS32DLL.dll.vbs D:\FOUND.001\FILE0000.CHK D:\FOUND.001\FILE0001.CHK folders to delete: C:\WINDOWS\system32\drivers\downld c:\WINDOWS\system32\drivers\down C:\WINDOWS\exefnd registry keys to delete: HKLM\SYSTEM\CurrentControlSet\Services\srosa HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Dopo prova a reinstallare subito l'antivirus e cancella la cartella c:\avenger.

Dovrai, quasi sicuramente, riscaricare i file d'installazione dei programmi di sicurezza perché danneggiati dal virus

Inviato: **mer apr 23, 2008 11:33 am**

ecco il contenuto del blocco note:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\drivers\srosa.sys" deleted successfully.
File "C:\WINDOWS\system32\wintems.exe" deleted successfully.
File "C:\WINDOWS\system32\trusted.exe" deleted successfully.

Error: file "C:\windows\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\windows\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

File "C:\WINDOWS\system32\mdelk.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\drivers\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

File "C:\WINDOWS\system32\drivers\Twa58.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Osv03.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Jnq47.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Hmp47.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Rxb37.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Dhk60.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Kor60.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Vad14.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Lps14.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Afi03.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Xbe71.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Txb71.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Qux58.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Rwa47.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Uyc14.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Vbe58.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Lor14.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Xdg03.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Wbe82.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Bfi14.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Bgj35.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Xcf60.sys" deleted successfully.
File "C:\WINDOWS\system32\hldrrr.exe" deleted successfully.
File "C:\WINDOWS\system32\SocksA.exe" deleted successfully.
File "C:\WINDOWS\system32\FileKan.exe" deleted successfully.
File "C:\WINDOWS\Temp\BN2.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN3.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN3D.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN4.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN5.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN6.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN7.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN8.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN29.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN9.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BNA.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN2E.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BNB.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BNC.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BND.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN38.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BNE.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BNF.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN10.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN11.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN12.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN13.tmp" deleted successfully.
File "C:\WINDOWS\MS32DLL.dll.vbs" deleted successfully.
File "C:\WINDOWS\BACKINF.TAB" deleted successfully.
File "C:\WINDOWS\Session.exe" deleted successfully.
File "C:\Documents and Settings\Standard\Impostazioni locali\Temp\BN9A.tmp" deleted successfully.
File "C:\Documents and Settings\Standard\Dati applicazioni\m\flec006.exe" deleted successfully.
File "C:\Documents and Settings\Standard\Dati applicazioni\m\data.oct" deleted successfully.
File "C:\Documents and Settings\Standard\.jpi_cache\jar\1.0\crtdcghcn.jar-4710de4f-77e45132.zip" deleted successfully.
File "C:\FOUND.024\FILE0001.CHK" deleted successfully.
File "C:\FOUND.004\FILE0002.CHK" deleted successfully.
File "C:\FOUND.004\FILE0003.CHK" deleted successfully.
File "C:\FOUND.004\FILE0008.CHK" deleted successfully.
File "C:\tel.xls.exe" deleted successfully.
File "C:\MS32DLL.dll.vbs" deleted successfully.
File "C:\FOUND.023\FILE0005.CHK" deleted successfully.
File "C:\FOUND.025\FILE0000.CHK" deleted successfully.
File "D:\tel.xls.exe" deleted successfully.
File "D:\MS32DLL.dll.vbs" deleted successfully.
File "D:\FOUND.001\FILE0000.CHK" deleted successfully.
File "D:\FOUND.001\FILE0001.CHK" deleted successfully.

Error: folder "C:\WINDOWS\system32\drivers\downld" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\downld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: folder "c:\WINDOWS\system32\drivers\down" not found!
Deletion of folder "c:\WINDOWS\system32\drivers\down" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Folder "C:\WINDOWS\exefnd" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Inviato: **mer apr 23, 2008 11:34 am**

non mi fa installare nessun antivirus!!!!

Inviato: **mer apr 23, 2008 11:45 am**

alexmaudit ha scritto:non mi fa installare nessun antivirus!!!!

Lo hai riscaricato nuovamente?
I vecchi file si sono danneggiati.

Inviato: **mer apr 23, 2008 3:06 pm**

porca miseria!!! ma come devo fare??? niente niente niente!! ho scaricato nuovamente addirittura un altro programma (Panda) nenche questo mi fa installare!!!

Inviato: **mer apr 23, 2008 3:14 pm**

Esegui una nuova scansione on-line estesa con Kaspersky come descritto qui e postane il log seguendo queste indicazioni.

Inviato: **mer apr 23, 2008 4:16 pm**

ho fatto la seconda scansione, stavolta me ne ha trovati di meno virus e meno file infetti... (GRAZIE DAVVERO PER L'AIUTO CHE MI STATE DANDO!!!!)

ecco il link:

http://www.mediafire.com/?zppzwmg9ozy

Inviato: **mer apr 23, 2008 5:12 pm**

Disabilita il ripristino configurazione di sistema.

Scarica la nuova versione di Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada. Se ti restituisce un errore di Applicazione WIN32 non valida usa questa versione.
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto: Files to delete: C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\wintems.exe C:\windows\system32\drivers\hldrrr.exe C:\WINDOWS\system32\mdelk.exe C:\WINDOWS\system32\1.exe C:\WINDOWS\system32\drivers\mdelk.exe C:\WINDOWS\system32\drivers\1.exe C:\WINDOWS\system32\drivers\Wbe47.sys C:\WINDOWS\system32\drivers\Ptw82.sys C:\WINDOWS\system32\drivers\Txb25.sys C:\WINDOWS\system32\WLCtrl32.dl_ Folders to delete: C:\WINDOWS\system32\drivers\downld C:\WINDOWS\system32\drivers\down C:\WINDOWS\Temp Registry keys to delete: HKLM\SYSTEM\CurrentControlSet\Services\srosa HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Se Avenger ti dice che lo script non è valido (Invalid script), riscrivi manualmente il primo comando (Files to delete:) senza dimenticare i due punti finali.

Fai scansionare il file C:\Acer\Empowering Technology\eRecovery\NtiAspi.dll su www.virustotal.com e postane i risultati.

Inviato: **mer apr 23, 2008 5:27 pm**

http://www.virustotal.com/it/analisis/4 ... 4b68e84a22

Inviato: **mer apr 23, 2008 5:29 pm**

Sospetto un falso positivo, lasciamolo stare.

Inviato: **mer apr 23, 2008 5:40 pm**

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Tue Apr 22 17:32:34 2008

17:32:34: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Tue Apr 22 17:32:40 2008

17:32:40: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Tue Apr 22 17:32:56 2008

17:32:56: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Tue Apr 22 17:33:28 2008

17:33:28: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Tue Apr 22 17:33:35 2008

17:33:35: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\drivers\srosa.sys" deleted successfully.
File "C:\WINDOWS\system32\wintems.exe" deleted successfully.

Error: file "C:\windows\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\windows\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\drivers\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\avenger\backup-30.10.2007-12.11.00,90.zip" not found!
Deletion of file "C:\avenger\backup-30.10.2007-12.11.00,90.zip" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\avenger\backup-30.10.2007-13.09.38,07.zip" not found!
Deletion of file "C:\avenger\backup-30.10.2007-13.09.38,07.zip" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\avenger\backup.zip" not found!
Deletion of file "C:\avenger\backup.zip" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\rlvknlg.exe" not found!
Deletion of file "C:\WINDOWS\system32\rlvknlg.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\rlai.dll" not found!
Deletion of file "C:\WINDOWS\system32\rlai.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\f3PSSavr.scr" not found!
Deletion of file "C:\WINDOWS\system32\f3PSSavr.scr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: folder "C:\WINDOWS\system32\drivers\downld" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\downld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: could not open folder "C:\Documents and Settings\Flavio 1\Dati applicazioni\m"
Deletion of folder "C:\Documents and Settings\Flavio 1\Dati applicazioni\m" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
-->

bad path / the parent directory does not exist

Error: folder "C:\Muestras" not found!
Deletion of folder "C:\Muestras" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Apr 23 12:00:14 2008

12:00:14: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\drivers\srosa.sys" deleted successfully.
File "C:\WINDOWS\system32\wintems.exe" deleted successfully.

Error: file "C:\windows\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\windows\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

File "C:\WINDOWS\system32\mdelk.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\drivers\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\avenger\backup-30.10.2007-12.11.00,90.zip" not found!
Deletion of file "C:\avenger\backup-30.10.2007-12.11.00,90.zip" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\avenger\backup-30.10.2007-13.09.38,07.zip" not found!
Deletion of file "C:\avenger\backup-30.10.2007-13.09.38,07.zip" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

File "C:\avenger\backup.zip" deleted successfully.

Error: file "C:\WINDOWS\system32\rlvknlg.exe" not found!
Deletion of file "C:\WINDOWS\system32\rlvknlg.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\rlai.dll" not found!
Deletion of file "C:\WINDOWS\system32\rlai.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\f3PSSavr.scr" not found!
Deletion of file "C:\WINDOWS\system32\f3PSSavr.scr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: folder "C:\WINDOWS\system32\drivers\downld" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\downld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: could not open folder "C:\Documents and Settings\Flavio 1\Dati applicazioni\m"
Deletion of folder "C:\Documents and Settings\Flavio 1\Dati applicazioni\m" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
-->

bad path / the parent directory does not exist

Error: folder "C:\Muestras" not found!
Deletion of folder "C:\Muestras" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Apr 23 12:31:37 2008

12:31:37: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\drivers\srosa.sys" deleted successfully.
File "C:\WINDOWS\system32\wintems.exe" deleted successfully.
File "C:\WINDOWS\system32\trusted.exe" deleted successfully.

Error: file "C:\windows\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\windows\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

File "C:\WINDOWS\system32\mdelk.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\drivers\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

File "C:\WINDOWS\system32\drivers\Twa58.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Osv03.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Jnq47.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Hmp47.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Rxb37.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Dhk60.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Kor60.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Vad14.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Lps14.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Afi03.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Xbe71.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Txb71.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Qux58.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Rwa47.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Uyc14.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Vbe58.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Lor14.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Xdg03.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Wbe82.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Bfi14.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Bgj35.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Xcf60.sys" deleted successfully.
File "C:\WINDOWS\system32\hldrrr.exe" deleted successfully.
File "C:\WINDOWS\system32\SocksA.exe" deleted successfully.
File "C:\WINDOWS\system32\FileKan.exe" deleted successfully.
File "C:\WINDOWS\Temp\BN2.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN3.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN3D.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN4.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN5.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN6.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN7.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN8.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN29.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN9.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BNA.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN2E.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BNB.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BNC.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BND.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN38.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BNE.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BNF.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN10.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN11.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN12.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN13.tmp" deleted successfully.
File "C:\WINDOWS\MS32DLL.dll.vbs" deleted successfully.
File "C:\WINDOWS\BACKINF.TAB" deleted successfully.
File "C:\WINDOWS\Session.exe" deleted successfully.
File "C:\Documents and Settings\Standard\Impostazioni locali\Temp\BN9A.tmp" deleted successfully.
File "C:\Documents and Settings\Standard\Dati applicazioni\m\flec006.exe" deleted successfully.
File "C:\Documents and Settings\Standard\Dati applicazioni\m\data.oct" deleted successfully.
File "C:\Documents and Settings\Standard\.jpi_cache\jar\1.0\crtdcghcn.jar-4710de4f-77e45132.zip" deleted successfully.
File "C:\FOUND.024\FILE0001.CHK" deleted successfully.
File "C:\FOUND.004\FILE0002.CHK" deleted successfully.
File "C:\FOUND.004\FILE0003.CHK" deleted successfully.
File "C:\FOUND.004\FILE0008.CHK" deleted successfully.
File "C:\tel.xls.exe" deleted successfully.
File "C:\MS32DLL.dll.vbs" deleted successfully.
File "C:\FOUND.023\FILE0005.CHK" deleted successfully.
File "C:\FOUND.025\FILE0000.CHK" deleted successfully.
File "D:\tel.xls.exe" deleted successfully.
File "D:\MS32DLL.dll.vbs" deleted successfully.
File "D:\FOUND.001\FILE0000.CHK" deleted successfully.
File "D:\FOUND.001\FILE0001.CHK" deleted successfully.

Error: folder "C:\WINDOWS\system32\drivers\downld" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\downld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: folder "c:\WINDOWS\system32\drivers\down" not found!
Deletion of folder "c:\WINDOWS\system32\drivers\down" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Folder "C:\WINDOWS\exefnd" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Apr 23 18:31:55 2008

18:31:55: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\drivers\srosa.sys" deleted successfully.

Error: file "C:\WINDOWS\system32\wintems.exe" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\windows\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\windows\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: file "C:\WINDOWS\system32\drivers\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

File "C:\WINDOWS\system32\drivers\Wbe47.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Ptw82.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Txb25.sys" deleted successfully.
File "C:\WINDOWS\system32\WLCtrl32.dl_" deleted successfully.

Error: folder "C:\WINDOWS\system32\drivers\downld" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\downld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Error: folder "C:\WINDOWS\system32\drivers\down" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\down" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
-->

the object does not exist

Folder "C:\WINDOWS\Temp" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Inviato: **mer apr 23, 2008 5:44 pm**

Prova a reinstallare un antivirus.

Inviato: **mer apr 23, 2008 5:47 pm**

quale mi consigli?

Inviato: **mer apr 23, 2008 5:48 pm**

alexmaudit ha scritto:quale mi consigli?

devo scaricarlo nuovamente?

Inviato: **mer apr 23, 2008 5:52 pm**

Avira Antivir Personal Edition Classic.

Inviato: **mer apr 23, 2008 6:04 pm**

disperazione più totale!!! niente non me lo fa installare!!!

Inviato: **mer apr 23, 2008 6:21 pm**

Scarica GMER, poi segui i seguenti passaggi:

--- 1° passaggio ---
Avviamo gmer
clicchiamo su > > >
Clicchiamo su Autostart
mettiamo il segno di spunta a Show All
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e carichiamolo su FreeFileHosting
Postiamo qui il link che ci viene assegnato.

--- 2° passaggio ---
Sempre nel programma appena scaricato (gmer),
clicchiamo su Rootkit
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e carichiamolo su FreeFileHosting
Postiamo qui il link che ci viene assegnato.

MegaLab.it

aiuto problema bagle credo log di gmer

aiuto problema bagle credo log di gmer

Aiuto!!! COSA DEVO FARE CON QUESTO rEPORT DI kASPERSKY?

seconda scansione

link scansione VirusTotal

contenuto blocco note

consiglio?

Re: consiglio?

niente da fare