www.MegaLab.it

[alexmaudit]

la 1° scansione GMER: http://www.freefilehosting.net/download/3g2l5

la 2° scansione GMER: http://www.freefilehosting.net/download/3g2lb

nella seconda scansione mi è apparso un messaggio (in GMER) che mi diceva che aveva trovato delle modifiche nel sistema causate da ROOTKIT...



AIUTOOOOOOOOOO

[alexmaudit]

http://www.freefilehosting.net/download/3g30h

[ste_95]

Disabilita il ripristino configurazione di sistema.

Scarica la nuova versione di Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada. Se ti restituisce un errore di Applicazione WIN32 non valida usa questa versione.
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto

Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\1.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\1.exe
C:\WINDOWS\system32\drivers\Hlo25.sys
C:\WINDOWS\system32\WLCtrl32.dll

Folders to delete:
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\down
C:\Documents and Settings\Standard\Dati applicazioni\m
C:\WINDOWS\TEMP

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Se Avenger ti dice che lo script non è valido (Invalid script), riscrivi manualmente il primo comando (Files to delete:) senza dimenticare i due punti finali.


Fai scansionare il file C:\WINDOWS\System32\drivers\Cgj03.sys su www.virustotal.com e postane qui il responso.

[alexmaudit]

ancora non mi da nessuna risposta virustotal! è normale?

[alexmaudit]

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Tue Apr 22 17:32:34 2008

17:32:34: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Tue Apr 22 17:32:40 2008

17:32:40: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Tue Apr 22 17:32:56 2008

17:32:56: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Tue Apr 22 17:33:28 2008

17:33:28: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Tue Apr 22 17:33:35 2008

17:33:35: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\drivers\srosa.sys" deleted successfully.
File "C:\WINDOWS\system32\wintems.exe" deleted successfully.

Error: file "C:\windows\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\windows\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\drivers\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\avenger\backup-30.10.2007-12.11.00,90.zip" not found!
Deletion of file "C:\avenger\backup-30.10.2007-12.11.00,90.zip" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\avenger\backup-30.10.2007-13.09.38,07.zip" not found!
Deletion of file "C:\avenger\backup-30.10.2007-13.09.38,07.zip" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\avenger\backup.zip" not found!
Deletion of file "C:\avenger\backup.zip" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\rlvknlg.exe" not found!
Deletion of file "C:\WINDOWS\system32\rlvknlg.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\rlai.dll" not found!
Deletion of file "C:\WINDOWS\system32\rlai.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\f3PSSavr.scr" not found!
Deletion of file "C:\WINDOWS\system32\f3PSSavr.scr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: folder "C:\WINDOWS\system32\drivers\downld" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\downld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: could not open folder "C:\Documents and Settings\Flavio 1\Dati applicazioni\m"
Deletion of folder "C:\Documents and Settings\Flavio 1\Dati applicazioni\m" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
bad path / the parent directory does not exist


Error: folder "C:\Muestras" not found!
Deletion of folder "C:\Muestras" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist

Registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Apr 23 12:00:14 2008

12:00:14: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\drivers\srosa.sys" deleted successfully.
File "C:\WINDOWS\system32\wintems.exe" deleted successfully.

Error: file "C:\windows\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\windows\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist

File "C:\WINDOWS\system32\mdelk.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\drivers\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\avenger\backup-30.10.2007-12.11.00,90.zip" not found!
Deletion of file "C:\avenger\backup-30.10.2007-12.11.00,90.zip" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\avenger\backup-30.10.2007-13.09.38,07.zip" not found!
Deletion of file "C:\avenger\backup-30.10.2007-13.09.38,07.zip" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist

File "C:\avenger\backup.zip" deleted successfully.

Error: file "C:\WINDOWS\system32\rlvknlg.exe" not found!
Deletion of file "C:\WINDOWS\system32\rlvknlg.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\rlai.dll" not found!
Deletion of file "C:\WINDOWS\system32\rlai.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\f3PSSavr.scr" not found!
Deletion of file "C:\WINDOWS\system32\f3PSSavr.scr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: folder "C:\WINDOWS\system32\drivers\downld" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\downld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: could not open folder "C:\Documents and Settings\Flavio 1\Dati applicazioni\m"
Deletion of folder "C:\Documents and Settings\Flavio 1\Dati applicazioni\m" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
bad path / the parent directory does not exist


Error: folder "C:\Muestras" not found!
Deletion of folder "C:\Muestras" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist

Registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Apr 23 12:31:37 2008

12:31:37: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\drivers\srosa.sys" deleted successfully.
File "C:\WINDOWS\system32\wintems.exe" deleted successfully.
File "C:\WINDOWS\system32\trusted.exe" deleted successfully.

Error: file "C:\windows\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\windows\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist

File "C:\WINDOWS\system32\mdelk.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\drivers\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist

File "C:\WINDOWS\system32\drivers\Twa58.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Osv03.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Jnq47.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Hmp47.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Rxb37.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Dhk60.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Kor60.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Vad14.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Lps14.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Afi03.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Xbe71.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Txb71.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Qux58.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Rwa47.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Uyc14.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Vbe58.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Lor14.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Xdg03.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Wbe82.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Bfi14.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Bgj35.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Xcf60.sys" deleted successfully.
File "C:\WINDOWS\system32\hldrrr.exe" deleted successfully.
File "C:\WINDOWS\system32\SocksA.exe" deleted successfully.
File "C:\WINDOWS\system32\FileKan.exe" deleted successfully.
File "C:\WINDOWS\Temp\BN2.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN3.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN3D.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN4.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN5.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN6.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN7.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN8.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN29.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN9.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BNA.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN2E.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BNB.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BNC.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BND.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN38.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BNE.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BNF.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN10.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN11.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN12.tmp" deleted successfully.
File "C:\WINDOWS\Temp\BN13.tmp" deleted successfully.
File "C:\WINDOWS\MS32DLL.dll.vbs" deleted successfully.
File "C:\WINDOWS\BACKINF.TAB" deleted successfully.
File "C:\WINDOWS\Session.exe" deleted successfully.
File "C:\Documents and Settings\Standard\Impostazioni locali\Temp\BN9A.tmp" deleted successfully.
File "C:\Documents and Settings\Standard\Dati applicazioni\m\flec006.exe" deleted successfully.
File "C:\Documents and Settings\Standard\Dati applicazioni\m\data.oct" deleted successfully.
File "C:\Documents and Settings\Standard\.jpi_cache\jar\1.0\crtdcghcn.jar-4710de4f-77e45132.zip" deleted successfully.
File "C:\FOUND.024\FILE0001.CHK" deleted successfully.
File "C:\FOUND.004\FILE0002.CHK" deleted successfully.
File "C:\FOUND.004\FILE0003.CHK" deleted successfully.
File "C:\FOUND.004\FILE0008.CHK" deleted successfully.
File "C:\tel.xls.exe" deleted successfully.
File "C:\MS32DLL.dll.vbs" deleted successfully.
File "C:\FOUND.023\FILE0005.CHK" deleted successfully.
File "C:\FOUND.025\FILE0000.CHK" deleted successfully.
File "D:\tel.xls.exe" deleted successfully.
File "D:\MS32DLL.dll.vbs" deleted successfully.
File "D:\FOUND.001\FILE0000.CHK" deleted successfully.
File "D:\FOUND.001\FILE0001.CHK" deleted successfully.

Error: folder "C:\WINDOWS\system32\drivers\downld" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\downld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: folder "c:\WINDOWS\system32\drivers\down" not found!
Deletion of folder "c:\WINDOWS\system32\drivers\down" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist

Folder "C:\WINDOWS\exefnd" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Apr 23 18:31:55 2008

18:31:55: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\drivers\srosa.sys" deleted successfully.

Error: file "C:\WINDOWS\system32\wintems.exe" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\windows\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\windows\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\drivers\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist

File "C:\WINDOWS\system32\drivers\Wbe47.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Ptw82.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\Txb25.sys" deleted successfully.
File "C:\WINDOWS\system32\WLCtrl32.dl_" deleted successfully.

Error: folder "C:\WINDOWS\system32\drivers\downld" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\downld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: folder "C:\WINDOWS\system32\drivers\down" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\down" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist

Folder "C:\WINDOWS\Temp" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Apr 24 15:12:38 2008

15:12:38: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\drivers\srosa.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\hidr.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\wintems.exe" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\windows\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\windows\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: file "C:\WINDOWS\system32\drivers\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist

File "C:\WINDOWS\system32\drivers\Hlo25.sys" deleted successfully.
File "C:\WINDOWS\system32\WLCtrl32.dll" deleted successfully.

Error: folder "C:\WINDOWS\system32\drivers\downld" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\downld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist


Error: folder "C:\WINDOWS\system32\drivers\down" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\down" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
the object does not exist

Folder "C:\Documents and Settings\Standard\Dati applicazioni\m" deleted successfully.
Folder "C:\WINDOWS\TEMP" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


link scansione file:

[ste_95]

Hai ancora problemi?

[alexmaudit]

non ci credo mi ha fatto installare l'AVG!!!!! non ci posso credere!!!! sembra tutto ok!!!!!!!!!!!!!

[ste_95]

Ripristina anche la modalità provvisoria utilizzando questo file.

[alexmaudit]

CRISTOFER LAMBERT!!!!! non finirò mai di ringraziarvi!!!!! come posso sdebitarmi???? vi prego!!!

[ste_95]

Consiglia MegaLab.it ha tutti gli amici che hanno problemi, è il modo migliore per farlo!

[alexmaudit]

ops mi sa che ho parlato troppo presto!!!! (come faccio sempre!)

AVG già mi ha trovato 5 file infetti...

[alexmaudit]

ops mi sa che ho parlato troppo presto!!!! (come faccio sempre!)

AVG già mi ha trovato 5 file infetti...

ma è buono questo AVG??

[ste_95]

Meglio Antivir, comunque, dove trova i virus AVG?

[alexmaudit]

ho ancora bisogno di te ste_95!!!!!

[ste_95]

Sono qui..

[alexmaudit]

li ha trovati in C:\WINDOWS\system32

[ste_95]

Quali sono i nomi dei file infetti?

[alexmaudit]

li ha trovati in C:\WINDOWS\system32

dice che sono Adware Generic

[alexmaudit]

allora abbiamo:

msipcsv.exe
adimage.dll
Amcis2.dll
IPCClient.dll
htmdeng.exe

[ste_95]

Cancellali, poi esegui una nuova scansione online con Kaspersky.