www.MegaLab.it

da **brig** » dom apr 08, 2007 1:04 pm

salve a tutti,
da quattro giorni ho problemi con l'aggiornamento automatico di avg che mi partiva su richiesta ogni giorno alla connessione in rete...premetto di aver letto vostre istruzioni su symantecnetwork che infatti infestava, in piu ho scaricato virit prevx1 e avg antispywire con le quali ho eliminato una cifra di files sospetti, ma rimane l'impossibilità di scaricare nuovi database dei virus di avg...nella fattispecie apre e chiude la connessione in una frazione di secondo senza riuscire a scaricare nulla...cosa posso fare?
grazie mille in anticipo...

da **crazy.cat** » dom apr 08, 2007 1:24 pm

Posta intanto un log della scansione di hijackthis e poi vediamo
http://www.MegaLab.it/2286

da **brig** » dom apr 08, 2007 1:34 pm

grazie mille, ecco il log...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.34.04, on 08/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Programmi\Prevx1\PXAgent.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Tablet.exe
D:\VEXPLITE\viritsvc.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
D:\Programmi\HP\hpcoretech\hpcmpmgr.exe
D:\Programmi\HP\HP Software Update\HPWuSchd2.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Programmi\File comuni\Real\Update_OB\realsched.exe
D:\Programmi\QuickTime\qttask.exe
D:\WINDOWS\VM_STI.EXE
D:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
D:\Programmi\Prevx1\PXConsole.exe
D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\VEXPLITE\MONLITE.EXE
D:\Programmi\Netropa\Multimedia Keyboard\TrayMon.exe
D:\Programmi\Netropa\Onscreen Display\OSD.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\MSN Messenger\msnmsgr.exe
D:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
D:\Programmi\Philips\SPC 200NC PC Camera\TrayMin.exe
D:\Programmi\PhotosightMessenger\PhotosightMessenger.exe
D:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
D:\Programmi\Windows Media Player\wmplayer.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\Internet Explorer\iexplore.exe
D:\Programmi\WinRAR\WinRAR.exe
D:\DOCUME~1\Utente\IMPOST~1\Temp\Rar$EX00.594\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 160.128.161.153 bute2ieh.com
O1 - Hosts: 98.142.154.12 catolcwxcav.com
O1 - Hosts: 164.105.11.128 ukjp9mn2.com
O1 - Hosts: 26.61.135.9 vkipqugtsx.com
O1 - Hosts: 74.155.15.232 wvdimh98zhq.com
O1 - Hosts: 21.43.177.216 zobcslgff.com
O1 - Hosts: 217.65.130.117 fullows.com
O1 - Hosts: 7.19.148.180 thumbstring.net
O1 - Hosts: 46.227.219.28 wschooler.com
O1 - Hosts: 237.198.174.168 addwjf6zoy.com
O1 - Hosts: 42.9.237.234 itqoipyqsq.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {278C78B7-EB88-B019-039F-EF2C7632359F} - D:\WINDOWS\ybwmm1.dll (file missing)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - D:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\programmi\google\googletoolbar1.dll (file missing)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programmi\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RemoteControl] D:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "D:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] D:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [PrevxOne] "D:\Programmi\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] D:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "D:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PhotosightMessenger.lnk = D:\Programmi\PhotosightMessenger\PhotosightMessenger.exe
O4 - Startup: Utilità controllo supporti di Picture Motion Browser.lnk = D:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Barra delle applicazioni di ATI CATALYST.lnk = D:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: TrayMin.lnk = ?
O8 - Extra context menu item: &Google Search - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://D:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://D:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8753403937
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b47946.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4264647B-191E-49C8-8428-349B7C3D4A2A}: NameServer = 85.37.17.52 85.38.28.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD9916A5-8432-494E-A60F-98608468BEA5}: NameServer = 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4264647B-191E-49C8-8428-349B7C3D4A2A}: NameServer = 85.37.17.52 85.38.28.92
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - D:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - D:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - D:\Programmi\Prevx1\PXAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - D:\WINDOWS\system32\Tablet.exe
O23 - Service: UpdJmf - Unknown owner - D:\Programmi\File comuni\Services\kIfZ.exe (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - D:\VEXPLITE\viritsvc.exe

--
End of file - 11110 bytes

da **crazy.cat** » dom apr 08, 2007 1:47 pm

Rifai la scansione con hijackthis e selezioni le caselle di queste righe e poi premi Fix checked per eliminarle.
O1 - Hosts: 160.128.161.153 bute2ieh.com
O1 - Hosts: 98.142.154.12 catolcwxcav.com
O1 - Hosts: 164.105.11.128 ukjp9mn2.com
O1 - Hosts: 26.61.135.9 vkipqugtsx.com
O1 - Hosts: 74.155.15.232 wvdimh98zhq.com
O1 - Hosts: 21.43.177.216 zobcslgff.com
O1 - Hosts: 217.65.130.117 fullows.com
O1 - Hosts: 7.19.148.180 thumbstring.net
O1 - Hosts: 46.227.219.28 wschooler.com
O1 - Hosts: 237.198.174.168 addwjf6zoy.com
O1 - Hosts: 42.9.237.234 itqoipyqsq.com
O2 - BHO: Class - {278C78B7-EB88-B019-039F-EF2C7632359F} - D:\WINDOWS\ybwmm1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\programmi\google\googletoolbar1.dll (file missing)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programmi\google\googletoolbar1.dll (file missing)

Controlla se nella cartella in rosso trovi dei file exe con nomi strani e alcuni sono nascosti di solito, se cisono usa questo tools per eliminarli
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP
O23 - Service: UpdJmf - Unknown owner - D:\Programmi\File comuni\Services\kIfZ.exe (file missing)

per togliere il servizio fasullo puoi usare questo sistema
http://www.MegaLab.it/2578

Riavvia il pc e riprova l'aggiornamento, se ancora non risolve prova a reinstallare l'antivirus oppure una scansione online sul sito della kaspersky
http://www.kaspersky.com/virusscanner per vedere che non ci siano altri virus nascosti (se arrivi a questo e trova dei virus salva il log della scansione e postalo qui).

Puoi anche disinstallare prevx e virit intanto.

da **brig** » dom apr 08, 2007 1:50 pm

grazie tante crazy, faccio tutto e poi ti dico
di nuovo, e intanto buona pasqua

da **brig** » dom apr 08, 2007 2:48 pm

ciao crazy,
nella cartella in rosso in verità per me che nn sono un addetto ai lavori di files con nomi strani ce ne sono un casino [...]

anche per l'altro procedimento ho qualche difficolta perché nn saprei quale servizio disattivare...puoi indicarmi meglio?
comunque ho spuntato le stringhe che avevi indicato, riavviato e tutto come prima..
proverò al limite a disinstallare l'antivirus e a fare una scansione online come suggerivi...
ti riaggiorno domani che ahimè vado a lavorà... [V]

grazie di tutto
brig

da **crazy.cat** » dom apr 08, 2007 3:49 pm

Nella cartella in rosso potrebbero esserci parecchi exe strani, l'ultima volta ne ho trovato 281 generati da quel virus che hai preso.
Cancella quelli che puoi direttamente con Gestione risorse di windows e quelli che non si lasciano eliminare usa quel tools che ti ho detto.

Il servizio fasullo e quello indicato in rosso, ricerca quella stringa nel registro ed eliminala.

O23 - Service: UpdJmf - Unknown owner - D:\Programmi\File comuni\Services\kIfZ.exe (file missing)

da **brig** » lun apr 09, 2007 1:44 pm

salve a tutti
ciao crazy, ho fatto uno scan con kaspersky on line ed ha trovato degli oggetti infetti...questo è il report:

C:\boot.ini Object is locked skipped
C:\NTDETECT.COM Object is locked skipped
C:\ntldr Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D246E94B-C57D-40A6-BCC7-49A9E3435595}\RP24\change.log Object is locked skipped
D:\Documents and Settings\All Users\Dati applicazioni\avg7\AVG7QT.DAT Infected: Trojan.Win32.Qhost.kk skipped
D:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log Object is locked skipped
D:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
D:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
D:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Utente\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Utente\Dati applicazioni\AVG7\l_000282.log Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Cronologia\History.IE5\MSHist012007040920070410\index.dat Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\dromedar78@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\dromedar78@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\dromedar78@hotmail.com\SharingMetadata\Working\database_1418_A7A3_18A7_81FA\dfsr.db Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\dromedar78@hotmail.com\SharingMetadata\Working\database_1418_A7A3_18A7_81FA\fsr.log Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\dromedar78@hotmail.com\SharingMetadata\Working\database_1418_A7A3_18A7_81FA\fsrtmp.log Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\dromedar78@hotmail.com\SharingMetadata\Working\database_1418_A7A3_18A7_81FA\tmp.edb Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\dromedar78@hotmail.com\real\members.stg Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\dromedar78@hotmail.com\shadow\members.stg Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Temp\~DFB886.tmp Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Temp\~DFB962.tmp Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Temp\~DFD68B.tmp Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Temp\~DFDE21.tmp Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Temp\~DFDE98.tmp Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Temporary Internet Files\AntiPhishing\2997C193-A464-4307-88C9-F9C00083CD16.dat Object is locked skipped
D:\Documents and Settings\Utente\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Utente\ntuser.dat Object is locked skipped
D:\Documents and Settings\Utente\ntuser.dat.LOG Object is locked skipped
D:\Programmi\File comuni\Services\Anrdj.exe Object is locked skipped
D:\Programmi\File comuni\Services\aOM.exe Object is locked skipped
D:\Programmi\File comuni\Services\arX.exe Object is locked skipped
D:\Programmi\File comuni\Services\BacIl.exe Object is locked skipped
D:\Programmi\File comuni\Services\ccOffB.exe Object is locked skipped
D:\Programmi\File comuni\Services\cFSa.exe Object is locked skipped
D:\Programmi\File comuni\Services\CgXX.exe Object is locked skipped
D:\Programmi\File comuni\Services\Cml.exe Object is locked skipped
D:\Programmi\File comuni\Services\dLs.exe Object is locked skipped
D:\Programmi\File comuni\Services\EayX.exe Object is locked skipped
D:\Programmi\File comuni\Services\eMS.exe Object is locked skipped
D:\Programmi\File comuni\Services\EOsZu.exe Object is locked skipped
D:\Programmi\File comuni\Services\fcSylC.exe Object is locked skipped
D:\Programmi\File comuni\Services\FrhWW.exe Object is locked skipped
D:\Programmi\File comuni\Services\fZfP.exe Object is locked skipped
D:\Programmi\File comuni\Services\ggQH.exe Object is locked skipped
D:\Programmi\File comuni\Services\Ghh.exe Object is locked skipped
D:\Programmi\File comuni\Services\GqHrms.exe Object is locked skipped
D:\Programmi\File comuni\Services\gXOAdq.exe Object is locked skipped
D:\Programmi\File comuni\Services\GYcye.exe Object is locked skipped
D:\Programmi\File comuni\Services\Ibj.exe Object is locked skipped
D:\Programmi\File comuni\Services\ienZ.exe Object is locked skipped
D:\Programmi\File comuni\Services\JuUhNk.exe Object is locked skipped
D:\Programmi\File comuni\Services\JWVSb.exe Object is locked skipped
D:\Programmi\File comuni\Services\JyhFCn.exe Object is locked skipped
D:\Programmi\File comuni\Services\kEe.exe Object is locked skipped
D:\Programmi\File comuni\Services\kqSq.exe Object is locked skipped
D:\Programmi\File comuni\Services\kwjtl.exe Object is locked skipped
D:\Programmi\File comuni\Services\lCue.exe Object is locked skipped
D:\Programmi\File comuni\Services\lJFMc.exe Object is locked skipped
D:\Programmi\File comuni\Services\ljx.exe Object is locked skipped
D:\Programmi\File comuni\Services\lpS.exe Object is locked skipped
D:\Programmi\File comuni\Services\lVon.exe Object is locked skipped
D:\Programmi\File comuni\Services\mfIrh.exe Object is locked skipped
D:\Programmi\File comuni\Services\muEcu.exe Object is locked skipped
D:\Programmi\File comuni\Services\MUXpAX.exe Object is locked skipped
D:\Programmi\File comuni\Services\MVKl.exe Object is locked skipped
D:\Programmi\File comuni\Services\MYz.exe Object is locked skipped
D:\Programmi\File comuni\Services\NvM.exe Object is locked skipped
D:\Programmi\File comuni\Services\OApqAH.exe Object is locked skipped
D:\Programmi\File comuni\Services\OKU.exe Object is locked skipped
D:\Programmi\File comuni\Services\OXbRX.exe Object is locked skipped
D:\Programmi\File comuni\Services\pdT.exe Object is locked skipped
D:\Programmi\File comuni\Services\pMhYYQ.exe Object is locked skipped
D:\Programmi\File comuni\Services\ppQ.exe Object is locked skipped
D:\Programmi\File comuni\Services\Psn.exe Object is locked skipped
D:\Programmi\File comuni\Services\pul.exe Object is locked skipped
D:\Programmi\File comuni\Services\qbe.exe Object is locked skipped
D:\Programmi\File comuni\Services\rKPtl.exe Object is locked skipped
D:\Programmi\File comuni\Services\RrdW.exe Object is locked skipped
D:\Programmi\File comuni\Services\SCu.exe Object is locked skipped
D:\Programmi\File comuni\Services\Sft.exe Object is locked skipped
D:\Programmi\File comuni\Services\SIsI.exe Object is locked skipped
D:\Programmi\File comuni\Services\Ssf.exe Object is locked skipped
D:\Programmi\File comuni\Services\Top.exe Object is locked skipped
D:\Programmi\File comuni\Services\txK.exe Object is locked skipped
D:\Programmi\File comuni\Services\TZe.exe Object is locked skipped
D:\Programmi\File comuni\Services\UhlS.exe Object is locked skipped
D:\Programmi\File comuni\Services\UhS.exe Object is locked skipped
D:\Programmi\File comuni\Services\Ujjr.exe Object is locked skipped
D:\Programmi\File comuni\Services\uLhq.exe Object is locked skipped
D:\Programmi\File comuni\Services\UNSDcC.exe Object is locked skipped
D:\Programmi\File comuni\Services\UxO.exe Object is locked skipped
D:\Programmi\File comuni\Services\VJCAWd.exe Object is locked skipped
D:\Programmi\File comuni\Services\vRZ.exe Object is locked skipped
D:\Programmi\File comuni\Services\VyG.exe Object is locked skipped
D:\Programmi\File comuni\Services\WaC.exe Object is locked skipped
D:\Programmi\File comuni\Services\WcR.exe Object is locked skipped
D:\Programmi\File comuni\Services\WfAKA.exe Object is locked skipped
D:\Programmi\File comuni\Services\WIc.exe Object is locked skipped
D:\Programmi\File comuni\Services\Wpv.exe Object is locked skipped
D:\Programmi\File comuni\Services\Wtn.exe Object is locked skipped
D:\Programmi\File comuni\Services\xcobb.exe Object is locked skipped
D:\Programmi\File comuni\Services\xHQ.exe Object is locked skipped
D:\Programmi\File comuni\Services\xKS.exe Object is locked skipped
D:\Programmi\File comuni\Services\xuQv.exe Object is locked skipped
D:\Programmi\File comuni\Services\xUxxs.exe Object is locked skipped
D:\Programmi\File comuni\Services\XWS.exe Object is locked skipped
D:\Programmi\File comuni\Services\YARfy.exe Object is locked skipped
D:\Programmi\File comuni\Services\YEP.exe Object is locked skipped
D:\Programmi\File comuni\Services\yHq.exe Object is locked skipped
D:\Programmi\File comuni\Services\zEL.exe Object is locked skipped
D:\Programmi\File comuni\Services\ZkA.exe Object is locked skipped
D:\Programmi\File comuni\Services\zlf.exe Object is locked skipped
D:\Programmi\HP\hpcoretech\hpcmerr.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{D246E94B-C57D-40A6-BCC7-49A9E3435595}\RP21\A0003077.exe Object is locked skipped
D:\System Volume Information\_restore{D246E94B-C57D-40A6-BCC7-49A9E3435595}\RP21\A0003096.exe Infected: Trojan.Win32.Dialer.gen skipped
D:\System Volume Information\_restore{D246E94B-C57D-40A6-BCC7-49A9E3435595}\RP23\A0003223.exe Infected: Trojan.Win32.Dialer.gen skipped
D:\System Volume Information\_restore{D246E94B-C57D-40A6-BCC7-49A9E3435595}\RP23\A0003240.exe Object is locked skipped
D:\System Volume Information\_restore{D246E94B-C57D-40A6-BCC7-49A9E3435595}\RP24\A0003311.exe Object is locked skipped
D:\System Volume Information\_restore{D246E94B-C57D-40A6-BCC7-49A9E3435595}\RP24\A0003393.exe Object is locked skipped
D:\System Volume Information\_restore{D246E94B-C57D-40A6-BCC7-49A9E3435595}\RP24\change.log Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\SchedLgU.Txt Object is locked skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS\Sti_Trace.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
D:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\default Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\Internet.evt Object is locked skipped
D:\WINDOWS\system32\config\Paramete.evt Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\software Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\system Object is locked skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\h323log.txt Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\wiadebug.log Object is locked skipped
D:\WINDOWS\wiaservc.log Object is locked skipped
D:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

che faccio?
come mi comporto?

da **Amantide** » lun apr 09, 2007 3:03 pm

Scarica ed avvia Systemscan, spunta tutte le voci e clicca su Scan Now. A scansione terminata trova in C:\suspectfile il file report.txt, comprimilo in un archivio rar o zip ed allegalo qui.

da **brig** » lun apr 09, 2007 3:05 pm

ok, ma purtroppo ahime vado a lavoro e ti aggiorno domattina...
grazie ancora

da **brig** » mar apr 10, 2007 3:21 pm

ciao crazy,
mi dispiace abusare del tuo tempo e paziaenza a intermittenza...
comunque ho fatto quello che indicavi ieri e questo è il report...

da **Amantide** » mar apr 10, 2007 3:50 pm

brig ha scritto:ciao crazy,
mi dispiace abusare del tuo tempo e paziaenza a intermittenza...
comunque ho fatto quello che indicavi ieri e questo è il report...

Mmm.. veramente il report di Systemscan te l'avevo chiesto io [:D]

Disabilita per prima cosa il ripristino configurazione di sistema.

Poi scarica The Avenger, estrai archivio in una cartella ed avvia il file Avenger.exe.
Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno del form copia ed incolla questo script:

Files to delete:
D:\Programmi\File comuni\Services\Anrdj.exe
D:\Programmi\File comuni\Services\aOM.exe
D:\Programmi\File comuni\Services\arX.exe
D:\Programmi\File comuni\Services\BacIl.exe
D:\Programmi\File comuni\Services\ccOffB.exe
D:\Programmi\File comuni\Services\cFSa.exe
D:\Programmi\File comuni\Services\CgXX.exe
D:\Programmi\File comuni\Services\Cml.exe
D:\Programmi\File comuni\Services\dLs.exe
D:\Programmi\File comuni\Services\EayX.exe
D:\Programmi\File comuni\Services\eMS.exe
D:\Programmi\File comuni\Services\EOsZu.exe
D:\Programmi\File comuni\Services\fcSylC.exe
D:\Programmi\File comuni\Services\FrhWW.exe
D:\Programmi\File comuni\Services\fZfP.exe
D:\Programmi\File comuni\Services\ggQH.exe
D:\Programmi\File comuni\Services\Ghh.exe
D:\Programmi\File comuni\Services\GqHrms.exe
D:\Programmi\File comuni\Services\gXOAdq.exe
D:\Programmi\File comuni\Services\GYcye.exe
D:\Programmi\File comuni\Services\Ibj.exe
D:\Programmi\File comuni\Services\ienZ.exe
D:\Programmi\File comuni\Services\JuUhNk.exe
D:\Programmi\File comuni\Services\JWVSb.exe
D:\Programmi\File comuni\Services\JyhFCn.exe
D:\Programmi\File comuni\Services\kEe.exe
D:\Programmi\File comuni\Services\kqSq.exe
D:\Programmi\File comuni\Services\kwjtl.exe
D:\Programmi\File comuni\Services\lCue.exe
D:\Programmi\File comuni\Services\lJFMc.exe
D:\Programmi\File comuni\Services\ljx.exe
D:\Programmi\File comuni\Services\lpS.exe
D:\Programmi\File comuni\Services\lVon.exe
D:\Programmi\File comuni\Services\mfIrh.exe
D:\Programmi\File comuni\Services\muEcu.exe
D:\Programmi\File comuni\Services\MUXpAX.exe
D:\Programmi\File comuni\Services\MVKl.exe
D:\Programmi\File comuni\Services\MYz.exe
D:\Programmi\File comuni\Services\NvM.exe
D:\Programmi\File comuni\Services\OApqAH.exe
D:\Programmi\File comuni\Services\OKU.exe
D:\Programmi\File comuni\Services\OXbRX.exe
D:\Programmi\File comuni\Services\pdT.exe
D:\Programmi\File comuni\Services\pMhYYQ.exe
D:\Programmi\File comuni\Services\ppQ.exe
D:\Programmi\File comuni\Services\Psn.exe
D:\Programmi\File comuni\Services\pul.exe
D:\Programmi\File comuni\Services\qbe.exe
D:\Programmi\File comuni\Services\rKPtl.exe
D:\Programmi\File comuni\Services\RrdW.exe
D:\Programmi\File comuni\Services\SCu.exe
D:\Programmi\File comuni\Services\Sft.exe
D:\Programmi\File comuni\Services\SIsI.exe
D:\Programmi\File comuni\Services\Ssf.exe
D:\Programmi\File comuni\Services\Top.exe
D:\Programmi\File comuni\Services\txK.exe
D:\Programmi\File comuni\Services\TZe.exe
D:\Programmi\File comuni\Services\UhlS.exe
D:\Programmi\File comuni\Services\UhS.exe
D:\Programmi\File comuni\Services\Ujjr.exe
D:\Programmi\File comuni\Services\uLhq.exe
D:\Programmi\File comuni\Services\UNSDcC.exe
D:\Programmi\File comuni\Services\UxO.exe
D:\Programmi\File comuni\Services\VJCAWd.exe
D:\Programmi\File comuni\Services\vRZ.exe
D:\Programmi\File comuni\Services\VyG.exe
D:\Programmi\File comuni\Services\WaC.exe
D:\Programmi\File comuni\Services\WcR.exe
D:\Programmi\File comuni\Services\WfAKA.exe
D:\Programmi\File comuni\Services\WIc.exe
D:\Programmi\File comuni\Services\Wpv.exe
D:\Programmi\File comuni\Services\Wtn.exe
D:\Programmi\File comuni\Services\xcobb.exe
D:\Programmi\File comuni\Services\xHQ.exe
D:\Programmi\File comuni\Services\xKS.exe
D:\Programmi\File comuni\Services\xuQv.exe
D:\Programmi\File comuni\Services\xUxxs.exe
D:\Programmi\File comuni\Services\XWS.exe
D:\Programmi\File comuni\Services\YARfy.exe
D:\Programmi\File comuni\Services\YEP.exe
D:\Programmi\File comuni\Services\yHq.exe
D:\Programmi\File comuni\Services\zEL.exe
D:\Programmi\File comuni\Services\ZkA.exe
D:\Programmi\File comuni\Services\zlf.exe
D:\WINDOWS\SYSTEM32\SIEMEN~1.EXE

folders to delete:
D:\documents and settings\fwEMpcKcwe

registry values to delete:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts | fwEMpcKcwe

registry keys to delete:
HKEY_LOCAL_MACHINE\system\controlset002\services\UpdJmf

Dopodichè clicca sul pulsante Done, poi 2 volte sull'icona del semaforo verde e rispondi alle successive domande Si .
Il pc dovrebbe riavviarsi da solo,se cosi non fosse riavvialo manualmente.
Alla fine allegami il log di Avenger che si trova in C:/avenger.txt

Alla fine riavvia il sistema in modalità provvisoria (F8 all'avvio) e fai la scansione con CCleaner.

da **brig** » mar apr 10, 2007 4:11 pm

oppss
perdona la gaffe... [fischio]

faccio tutto...

da **brig** » mar apr 10, 2007 4:30 pm

amantide ti allego il file report che mi ha dato dopo l'operazione con avenger..

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\udwyylic

*******************

Script file located at: pkxvtwhk

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!

comunque la modalità provvisoria nn è partita con f8...e ccleaner è un comando o un programma?

da **Amantide** » mar apr 10, 2007 6:59 pm

brig ha scritto:amantide ti allego il file report che mi ha dato dopo l'operazione con avenger..

Il pc si era riavviato? Prova a rifare l'operazione, magari chiudendo prima la connessione internet ed i programmi in esecuzione, perché l'esito di Avenger è negativo.

comunque la modalità provvisoria nn è partita con f8...

Vedi qui, forse sbagli qualcosa.

e ccleaner è un comando o un programma?

E' un programma per la pulizia dei file temporanei.
http://download.piriform.com/ccsetup138.exe

da **brig** » mer apr 11, 2007 1:03 pm

grazie amantide,
sembra che l'ultima operazione abbia funzionato e stamattina mi si è aggiornato tutto... [applauso+]

di nuovo
ciao

da **Amantide** » mer apr 11, 2007 1:07 pm

brig ha scritto:sembra che l'ultima operazione abbia funzionato e stamattina mi si è aggiornato tutto...
di nuovo

Quella della pulizia con CCleaner dalla modalità provvisoria? Ci sei riuscito poi ad eseguire con successo lo script per Avenger?

da **brig** » gio apr 12, 2007 8:10 pm

ciao amantide,
in effetti una cosa strana è successa, ossia nn essendo riuscito comunque a riavviare in modalità provvisoria con f8 ho seguito le istruzioni per andarci da msconfig, ma quando sono andato a spuntare su saveboot mi compariva "msconfig.exe ha eseguito un operazione nn valida e sarà terminato"...indi per cui la pulizia con ccleaner nn l'ho fatta in modalita provvisoria... [boh]

del resto l'aggiornamento del database avg sembra funzionare, devo avviarlo 2 o 3 volte ma poi scarica...mah

lo script con avenger l'ho fatto e questo è il report comparso una volta riavviato il pc

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dxclayak

*******************

Script file located at: \??\D:\WINDOWS\system32\bvmkpeqj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

File D:\Programmi\File comuni\Services\Anrdj.exe deleted successfully.
File D:\Programmi\File comuni\Services\aOM.exe deleted successfully.
File D:\Programmi\File comuni\Services\arX.exe deleted successfully.
File D:\Programmi\File comuni\Services\BacIl.exe deleted successfully.
File D:\Programmi\File comuni\Services\ccOffB.exe deleted successfully.
File D:\Programmi\File comuni\Services\cFSa.exe deleted successfully.
File D:\Programmi\File comuni\Services\CgXX.exe deleted successfully.
File D:\Programmi\File comuni\Services\Cml.exe deleted successfully.
File D:\Programmi\File comuni\Services\dLs.exe deleted successfully.
File D:\Programmi\File comuni\Services\EayX.exe deleted successfully.
File D:\Programmi\File comuni\Services\eMS.exe deleted successfully.
File D:\Programmi\File comuni\Services\EOsZu.exe deleted successfully.
File D:\Programmi\File comuni\Services\fcSylC.exe deleted successfully.
File D:\Programmi\File comuni\Services\FrhWW.exe deleted successfully.
File D:\Programmi\File comuni\Services\fZfP.exe deleted successfully.
File D:\Programmi\File comuni\Services\ggQH.exe deleted successfully.
File D:\Programmi\File comuni\Services\Ghh.exe deleted successfully.
File D:\Programmi\File comuni\Services\GqHrms.exe deleted successfully.
File D:\Programmi\File comuni\Services\gXOAdq.exe deleted successfully.
File D:\Programmi\File comuni\Services\GYcye.exe deleted successfully.
File D:\Programmi\File comuni\Services\Ibj.exe deleted successfully.
File D:\Programmi\File comuni\Services\ienZ.exe deleted successfully.
File D:\Programmi\File comuni\Services\JuUhNk.exe deleted successfully.
File D:\Programmi\File comuni\Services\JWVSb.exe deleted successfully.
File D:\Programmi\File comuni\Services\JyhFCn.exe deleted successfully.
File D:\Programmi\File comuni\Services\kEe.exe deleted successfully.
File D:\Programmi\File comuni\Services\kqSq.exe deleted successfully.
File D:\Programmi\File comuni\Services\kwjtl.exe deleted successfully.
File D:\Programmi\File comuni\Services\lCue.exe deleted successfully.
File D:\Programmi\File comuni\Services\lJFMc.exe deleted successfully.
File D:\Programmi\File comuni\Services\ljx.exe deleted successfully.
File D:\Programmi\File comuni\Services\lpS.exe deleted successfully.
File D:\Programmi\File comuni\Services\lVon.exe deleted successfully.
File D:\Programmi\File comuni\Services\mfIrh.exe deleted successfully.
File D:\Programmi\File comuni\Services\muEcu.exe deleted successfully.
File D:\Programmi\File comuni\Services\MUXpAX.exe deleted successfully.
File D:\Programmi\File comuni\Services\MVKl.exe deleted successfully.
File D:\Programmi\File comuni\Services\MYz.exe deleted successfully.
File D:\Programmi\File comuni\Services\NvM.exe deleted successfully.
File D:\Programmi\File comuni\Services\OApqAH.exe deleted successfully.
File D:\Programmi\File comuni\Services\OKU.exe deleted successfully.
File D:\Programmi\File comuni\Services\OXbRX.exe deleted successfully.
File D:\Programmi\File comuni\Services\pdT.exe deleted successfully.
File D:\Programmi\File comuni\Services\pMhYYQ.exe deleted successfully.
File D:\Programmi\File comuni\Services\ppQ.exe deleted successfully.
File D:\Programmi\File comuni\Services\Psn.exe deleted successfully.
File D:\Programmi\File comuni\Services\pul.exe deleted successfully.
File D:\Programmi\File comuni\Services\qbe.exe deleted successfully.
File D:\Programmi\File comuni\Services\rKPtl.exe deleted successfully.
File D:\Programmi\File comuni\Services\RrdW.exe deleted successfully.
File D:\Programmi\File comuni\Services\SCu.exe deleted successfully.
File D:\Programmi\File comuni\Services\Sft.exe deleted successfully.
File D:\Programmi\File comuni\Services\SIsI.exe deleted successfully.
File D:\Programmi\File comuni\Services\Ssf.exe deleted successfully.
File D:\Programmi\File comuni\Services\Top.exe deleted successfully.
File D:\Programmi\File comuni\Services\txK.exe deleted successfully.
File D:\Programmi\File comuni\Services\TZe.exe deleted successfully.
File D:\Programmi\File comuni\Services\UhlS.exe deleted successfully.
File D:\Programmi\File comuni\Services\UhS.exe deleted successfully.
File D:\Programmi\File comuni\Services\Ujjr.exe deleted successfully.
File D:\Programmi\File comuni\Services\uLhq.exe deleted successfully.
File D:\Programmi\File comuni\Services\UNSDcC.exe deleted successfully.
File D:\Programmi\File comuni\Services\UxO.exe deleted successfully.
File D:\Programmi\File comuni\Services\VJCAWd.exe deleted successfully.
File D:\Programmi\File comuni\Services\vRZ.exe deleted successfully.
File D:\Programmi\File comuni\Services\VyG.exe deleted successfully.
File D:\Programmi\File comuni\Services\WaC.exe deleted successfully.
File D:\Programmi\File comuni\Services\WcR.exe deleted successfully.
File D:\Programmi\File comuni\Services\WfAKA.exe deleted successfully.
File D:\Programmi\File comuni\Services\WIc.exe deleted successfully.
File D:\Programmi\File comuni\Services\Wpv.exe deleted successfully.
File D:\Programmi\File comuni\Services\Wtn.exe deleted successfully.
File D:\Programmi\File comuni\Services\xcobb.exe deleted successfully.
File D:\Programmi\File comuni\Services\xHQ.exe deleted successfully.
File D:\Programmi\File comuni\Services\xKS.exe deleted successfully.
File D:\Programmi\File comuni\Services\xuQv.exe deleted successfully.
File D:\Programmi\File comuni\Services\xUxxs.exe deleted successfully.
File D:\Programmi\File comuni\Services\XWS.exe deleted successfully.
File D:\Programmi\File comuni\Services\YARfy.exe deleted successfully.
File D:\Programmi\File comuni\Services\YEP.exe deleted successfully.
File D:\Programmi\File comuni\Services\yHq.exe deleted successfully.
File D:\Programmi\File comuni\Services\zEL.exe deleted successfully.
File D:\Programmi\File comuni\Services\ZkA.exe deleted successfully.
File D:\Programmi\File comuni\Services\zlf.exe deleted successfully.
File D:\WINDOWS\SYSTEM32\SIEMEN~1.EXE deleted successfully.
Folder D:\documents and settings\fwEMpcKcwe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\system\controlset002\services\UpdJmf deleted successfully.

Could not delete registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts|fwEMpcKcwe
Deletion of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts|fwEMpcKcwe failed!
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

cosa ne pensi della storia della modalita provvisoria?
è stata compromessa da qualcosa?

da **Amantide** » gio apr 12, 2007 8:26 pm

Prova ad applicare questo file REG.
http://www.MegaLab.it/3250

da **brig** » gio apr 12, 2007 9:25 pm

ok, con il file di registro modalità provvisoria è partita con f8 ma nn con msconfig...comunque sono riuscito a fare la pulizia con ccleaner...era la pulizia che dovevo fare, giusto? [;)]

c'è altro che consigli di fare?

www.MegaLab.it

problemi di aggionamento avg

problemi di aggionamento avg

Chi c’è in linea