Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

due pc con bagle

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Messaggioda suntleone » mer gen 09, 2008 10:15 pm

antivirus impossibile da installare:
ho due pc conciati male; non mi riesce di estirpare irootkits esistenti con i problemi uguali ad altri e precedenti topics( tutti grazie a Voi brillantemente risolti) io ho provato a fere qualcosa ma il tutto non è alla mia portata. Inizio a postarvi le scan del primo:
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2008-01-09 02:16:02
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT d347bus.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwCreateFile
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwQueryDirectoryFile
SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwQuerySystemInformation
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState
Avatar utente
suntleone
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: mer gen 09, 2008 9:55 pm
Top

Messaggioda suntleone » mer gen 09, 2008 10:25 pm

continuo con lo scan di F-security blacklight:
01/09/08 01:02:21 [Info]: BlackLight Engine 1.0.67 initialized
01/09/08 01:02:21 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/09/08 01:02:22 [Note]: 7019 4
01/09/08 01:02:22 [Note]: 7005 0
01/09/08 01:02:26 [Note]: 7006 0
01/09/08 01:02:26 [Note]: 7011 388
01/09/08 01:02:26 [Note]: 7026 0
01/09/08 01:02:26 [Note]: 7026 0
01/09/08 01:02:26 [Note]: 7024 3
01/09/08 01:02:26 [Info]: Hidden process: C:\WINDOWS\system32\wintems.exe
01/09/08 01:02:26 [Note]: 7024 3
01/09/08 01:02:26 [Info]: Hidden process: C:\WINDOWS\system32\drivers\hldrrr.exe
01/09/08 01:02:28 [Note]: FSRAW library version 1.7.1024
01/09/08 01:02:44 [Info]: Hidden file: c:\Programmi\Movie Maker\Shared\Empty.txt
01/09/08 01:02:44 [Note]: 10002 3
01/09/08 01:02:44 [Info]: Hidden file: c:\Programmi\Movie Maker\Shared\Filters.xml
01/09/08 01:02:44 [Note]: 10002 3
01/09/08 01:02:44 [Info]: Hidden file: c:\Programmi\Movie Maker\Shared\news.png
01/09/08 01:02:44 [Note]: 10002 3
01/09/08 01:02:44 [Info]: Hidden file: c:\Programmi\Movie Maker\Shared\paint.png
01/09/08 01:02:44 [Note]: 10002 3
01/09/08 01:02:44 [Info]: Hidden file: c:\Programmi\Movie Maker\Shared\Profiles\Blank.txt
01/09/08 01:02:44 [Note]: 10002 3
01/09/08 01:02:44 [Info]: Hidden file: c:\Programmi\Movie Maker\Shared\Sample1.jpg
01/09/08 01:02:44 [Note]: 10002 3
01/09/08 01:02:44 [Info]: Hidden file: c:\Programmi\Movie Maker\Shared\Sample2.jpg
01/09/08 01:02:44 [Note]: 10002 3
01/09/08 01:02:44 [Note]: 10002 2
01/09/08 01:02:44 [Note]: 10002 2
01/09/08 01:04:43 [Note]: 10002 2
01/09/08 01:04:43 [Note]: 10002 2
01/09/08 01:04:58 [Info]: Hidden file: C:\WINDOWS\system32\wintems.exe
01/09/08 01:04:58 [Note]: 10002 2
01/09/08 01:05:04 [Info]: Hidden file: C:\WINDOWS\system32\drivers\hldrrr.exe
01/09/08 01:05:04 [Note]: 10002 2
01/09/08 01:05:04 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
01/09/08 01:05:04 [Note]: 10002 2
01/09/08 01:06:36 [Note]: 7007 0
Avatar utente
suntleone
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: mer gen 09, 2008 9:55 pm
Top

Messaggioda suntleone » mer gen 09, 2008 10:30 pm

quindi il report dopo aver analizzato il sistema con avenger ed un goffo tentativo di pulizia immettendo uno script che evidentemente non è il mio forte:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fkfvxeuj

*******************

Script file located at: \??\C:\iokkuenj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034



Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

Spero abbiate la possibilità di aiutarmi.
Ringrazio comunque anticipatamente, facendo i complimenti per l'alto livello delle conversazioni sempre e comunque interessantissime. [applauso+] [cry+]
Avatar utente
suntleone
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: mer gen 09, 2008 9:55 pm
Top
Top

Messaggioda ste_95 » gio gen 10, 2008 7:05 am

Il nuovo script per la nuova variante è questa:

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\down

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32

Eseguilo. Se hai ancora problemi esegui la scansione online con kaspersky e postane i risultati.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda suntleone » gio gen 10, 2008 9:56 am

grazie mille per il momento. ci provo subito e ti faccio sapere! [applauso+]
Avatar utente
suntleone
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: mer gen 09, 2008 9:55 pm
Top

Messaggioda suntleone » gio gen 10, 2008 8:01 pm

ciao a tutti e soprattutto a te STE_95,
ancora grazie per l'attenzione. Ho eseguito lo script che mi hai postato ma sembra senza un grosso risultato infatti ti allego le varie scan ottenute dopo ciò: -------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, January 10, 2008 7:39:08 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/01/2008
Kaspersky Anti-Virus database records: 506636
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 51076
Number of viruses found: 18
Number of infected objects: 196
Number of suspicious objects: 0
Duration of the scan process: 02:04:10

Infected Object Name / Virus Name / Last Action
C:\avenger\backup-10.01.2008-10.01.40,50.zip/avenger/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
C:\avenger\backup-10.01.2008-10.01.40,50.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
C:\avenger\backup-10.01.2008-10.01.40,50.zip/avenger/wintems.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-10.01.2008-10.01.40,50.zip ZIP: infected - 3 skipped
C:\avenger\backup.zip/avenger/down/118126187.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/132849468.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/132911343.exe Infected: Trojan-Downloader.Win32.Bagle.gi skipped
C:\avenger\backup.zip/avenger/down/14431625.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/14487187.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/147629765.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/162544656.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/162601062.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/192065765.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/206982656.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/207040750.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/221832140.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/236754671.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/251567359.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/266335359.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/266404046.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/281175812.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/281250812.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/29342203.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/296004015.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/296066687.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/310846500.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/310898078.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/325638500.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/325695578.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/340389046.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/340458515.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/355224500.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/369968625.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/384836203.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/384905062.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/399634703.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/414466171.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/429201656.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/44022437.exe Infected: Trojan-Downloader.Win32.Bagle.gi skipped
C:\avenger\backup.zip/avenger/down/44059593.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/88478312.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/down/88532859.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup.zip/avenger/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
C:\avenger\backup.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
C:\avenger\backup.zip ZIP: infected - 40 skipped
C:\Documents and Settings\enrico\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\enrico\Desktop\burn4free_setup.exe/data0007/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\Documents and Settings\enrico\Desktop\burn4free_setup.exe/data0007/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
C:\Documents and Settings\enrico\Desktop\burn4free_setup.exe/data0007/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\enrico\Desktop\burn4free_setup.exe/data0007/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\enrico\Desktop\burn4free_setup.exe/data0007/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\enrico\Desktop\burn4free_setup.exe/data0007 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\enrico\Desktop\burn4free_setup.exe Inno: infected - 6 skipped
C:\Documents and Settings\enrico\Desktop\isofter\setup.exe Infected: P2P-Worm.Win32.Kapucen.ac skipped
C:\Documents and Settings\enrico\Desktop\RegistryCleaner.exe/RegistryCleaner.exe Infected: not-a-virus:FraudTool.Win32.RegCleanFix.a skipped
C:\Documents and Settings\enrico\Desktop\RegistryCleaner.exe SetupFactory: infected - 1 skipped
C:\Documents and Settings\enrico\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\enrico\Impostazioni locali\Cronologia\History.IE5\MSHist012008011020080111\index.dat Object is locked skipped
C:\Documents and Settings\enrico\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\enrico\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temp\IMG28.tmp Object is locked skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temp\ISOBurn 1.0.10.0.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_1[2].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_1[3].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_1[4].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_1[5].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_1[6].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_1[7].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_1[8].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_3[2].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_3[3].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_3[4].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_3[5].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_3[6].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_3[7].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_3[8].jpg Infected: Trojan-Downloader.Win32.Bagle.gi skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_1[2].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_2[3].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_2[4].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_2[5].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_2[6].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_3[2].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_3[3].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_3[4].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_3[6].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_1[2].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.gi skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_3[2].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_3[4].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_3[5].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_3[6].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_1[2].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_1[3].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_1[4].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_1[5].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_2[3].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_2[4].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_2[5].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_2[6].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_3[3].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_3[4].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_3[5].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_3[6].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\enrico\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\enrico\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\NavExcel\NavHelper\v2.0.4b\NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
C:\Programmi\NavExcel\NavHelper\v2.0.4b\NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Programmi\NavExcel\NavHelper\v2.0.4b\NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Programmi\NavExcel\NavHelper\v2.0.4b\v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
C:\Programmi\NavExcel\NavHelper\v2.0.4b\v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Programmi\NavExcel\NavHelper\v2.0.4b\v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Programmi\NavExcel\NavHelper\v2.0.4b\v2.0.4b.cab CAB: infected - 3 skipped
C:\Programmi\NavExcel Search Toolbar\NavExcelBar.dll Infected: not-a-virus:AdWare.Win32.NavExcel.o skipped
C:\Programmi\RegistryCleaner\RegistryCleaner.exe Infected: not-a-virus:FraudTool.Win32.RegCleanFix.a skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP1\A0000002.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000020.reg Infected: Trojan-Downloader.Win32.Bagle.hp skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000021.reg Infected: Trojan-Downloader.Win32.Bagle.hp skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000023.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000024.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000025.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000055.reg Infected: Trojan-Downloader.Win32.Bagle.hp skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000056.reg Infected: Trojan-Downloader.Win32.Bagle.hp skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000078.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000096.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000098.exe Infected: Trojan-Downloader.Win32.Bagle.gi skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000117.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000122.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000162.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000197.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000199.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000238.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000256.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000258.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000276.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000297.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000316.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000336.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000338.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000357.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000359.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000400.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000435.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000437.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000456.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000458.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000477.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000479.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000498.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000500.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000519.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000539.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000559.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000561.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000580.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000601.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000620.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000662.exe Infected: Trojan-Downloader.Win32.Bagle.gi skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000665.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000758.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000760.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000779.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP2\A0000780.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
C:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP3\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Installer\{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}\PQBoot.exe Object is locked skipped
C:\WINDOWS\nxstinst.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
C:\WINDOWS\remover.dll Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
E:\PROGRAMMI\PDVDServ.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP3\change.log Object is locked skipped
F:\incoming\Autodesk Maya 8.5 Crack Updated-Fixed 03-2007.rar/setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
F:\incoming\Autodesk Maya 8.5 Crack Updated-Fixed 03-2007.rar RAR: infected - 1 skipped
F:\incoming\Cycling74 MAX-MSP 4.5.2\Cycling '74 MAX MSP v4.5.5 updated-fixed 10-2007.rar/setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
F:\incoming\Cycling74 MAX-MSP 4.5.2\Cycling '74 MAX MSP v4.5.5 updated-fixed 10-2007.rar RAR: infected - 1 skipped
F:\incoming\masterizzatori etc\(AIO)_Burn_Suite_vol.3_2007_(Nero7, Alkohol, Slysoft, Ashampoo, Roxio, Gear, PowerISO, DVD Shrink, DVD43, DVD Decrypter, uvm.cRs2007.NEW.rar/[AIO]_Burn_Suite_vol.3_2007_(Nero7, Alkohol, Slysoft, Ashampoo, Roxio, Gear, PowerISO, DVD Shrink, DVD43, DVD Decrypter, uvm.cRs2007.NEW/AIO Burn Suite 2007.cRs.exe/AutoPlay/Docs/Nero/Setup.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
F:\incoming\masterizzatori etc\(AIO)_Burn_Suite_vol.3_2007_(Nero7, Alkohol, Slysoft, Ashampoo, Roxio, Gear, PowerISO, DVD Shrink, DVD43, DVD Decrypter, uvm.cRs2007.NEW.rar/[AIO]_Burn_Suite_vol.3_2007_(Nero7, Alkohol, Slysoft, Ashampoo, Roxio, Gear, PowerISO, DVD Shrink, DVD43, DVD Decrypter, uvm.cRs2007.NEW/AIO Burn Suite 2007.cRs.exe/AutoPlay/Docs/Nero/Setup.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
F:\incoming\masterizzatori etc\(AIO)_Burn_Suite_vol.3_2007_(Nero7, Alkohol, Slysoft, Ashampoo, Roxio, Gear, PowerISO, DVD Shrink, DVD43, DVD Decrypter, uvm.cRs2007.NEW.rar/[AIO]_Burn_Suite_vol.3_2007_(Nero7, Alkohol, Slysoft, Ashampoo, Roxio, Gear, PowerISO, DVD Shrink, DVD43, DVD Decrypter, uvm.cRs2007.NEW/AIO Burn Suite 2007.cRs.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
F:\incoming\masterizzatori etc\(AIO)_Burn_Suite_vol.3_2007_(Nero7, Alkohol, Slysoft, Ashampoo, Roxio, Gear, PowerISO, DVD Shrink, DVD43, DVD Decrypter, uvm.cRs2007.NEW.rar RAR: infected - 3 skipped
F:\incoming\masterizzatori etc\Burn4free_1.0.0.602(masterizza cd e dvd anche imm ISO).zip/burn4free_setup.exe/data0007/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
F:\incoming\masterizzatori etc\Burn4free_1.0.0.602(masterizza cd e dvd anche imm ISO).zip/burn4free_setup.exe/data0007/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
F:\incoming\masterizzatori etc\Burn4free_1.0.0.602(masterizza cd e dvd anche imm ISO).zip/burn4free_setup.exe/data0007/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
F:\incoming\masterizzatori etc\Burn4free_1.0.0.602(masterizza cd e dvd anche imm ISO).zip/burn4free_setup.exe/data0007/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
F:\incoming\masterizzatori etc\Burn4free_1.0.0.602(masterizza cd e dvd anche imm ISO).zip/burn4free_setup.exe/data0007/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
F:\incoming\masterizzatori etc\Burn4free_1.0.0.602(masterizza cd e dvd anche imm ISO).zip/burn4free_setup.exe/data0007 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
F:\incoming\masterizzatori etc\Burn4free_1.0.0.602(masterizza cd e dvd anche imm ISO).zip/burn4free_setup.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
F:\incoming\masterizzatori etc\Burn4free_1.0.0.602(masterizza cd e dvd anche imm ISO).zip ZIP: infected - 7 skipped
F:\incoming\masterizzatori etc\dopo ISOBurn 1.8.zip/dopo ISOBurn 1.8.exe Infected: Trojan-Downloader.Win32.Bagle.he skipped
F:\incoming\masterizzatori etc\dopo ISOBurn 1.8.zip ZIP: infected - 1 skipped
F:\incoming\masterizzatori etc\ISOBurn 1.0.10.0.zip/ISOBurn 1.0.10.0.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
F:\incoming\masterizzatori etc\ISOBurn 1.0.10.0.zip ZIP: infected - 1 skipped
F:\incoming\masterizzatori etc\iSofter.DVD.Audio.Ripper.DVD.Ripper.Deluxe.DVD.Ripper.convert.DVD.to.AVI-DivX-XviD-MPEG-MP3-WMV-WMA.rar/setup.exe Infected: P2P-Worm.Win32.Kapucen.ac skipped
F:\incoming\masterizzatori etc\iSofter.DVD.Audio.Ripper.DVD.Ripper.Deluxe.DVD.Ripper.convert.DVD.to.AVI-DivX-XviD-MPEG-MP3-WMV-WMA.rar RAR: infected - 1 skipped
F:\incoming\musica\Mozart-Beethoven-Stravinskij-Schumann - Quartetti per archi - Quartetto Italiano - (EAC=ape+cue+covers) updated-fixed Release 09-2007.zip/Setup.exe Infected: P2P-Worm.Win32.Kapucen.ac skipped
F:\incoming\musica\Mozart-Beethoven-Stravinskij-Schumann - Quartetti per archi - Quartetto Italiano - (EAC=ape+cue+covers) updated-fixed Release 09-2007.zip ZIP: infected - 1 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.================================

quindi:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19.49.46, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\RALINK\Common\RaUI.exe
E:\PROGRAMMI\emule\emule.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\enrico\Desktop\gmer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\enrico\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://italian.ircfast2.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Programmi\NavExcel\NavHelper\v2.0.4b\NHelper.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Programmi\NavExcel Search Toolbar\NavExcelBar.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Programmi\NavExcel Search Toolbar\NavExcelBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [RemoteControl] E:\PROGRAMMI\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Programmi\RegistryCleaner\RegistryCleaner.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Eurobarre.lnk = C:\Programmi\eurobarre\eb.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programmi\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DMFQ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\enrico\IMPOST~1\Temp\DMFQ.exe
O23 - Service: LMV - Sysinternals - www.sysinternals.com - C:\DOCUME~1\enrico\IMPOST~1\Temp\LMV.exe

--
End of file - 4416 bytes
=======================================
per ultimo:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\geerxrat

*******************

Script file located at: \??\C:\WINDOWS\system32\lfjhcrde.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\windows\system32\drivers\hldrrr.exe deleted successfully.


Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
forse sono un po' troppo prolisso ma sono disperato!

Grazie ancora dell'attenzione
A presto [cry+]
Avatar utente
suntleone
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: mer gen 09, 2008 9:55 pm
Top

Messaggioda ste_95 » gio gen 10, 2008 8:38 pm

Disabilita il ripristino configurazione di sistema ed esegui il seguente script con avenger:

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\avenger\backup.zip
C:\Documents and Settings\enrico\Desktop\isofter\setup.exe
C:\Documents and Settings\enrico\Desktop\RegistryCleaner.exe
C:\Documents and Settings\enrico\Impostazioni locali\Temp\ISOBurn 1.0.10.0.exe
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_1[1].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_1[2].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_1[3].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_1[4].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_1[5].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_1[6].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_1[7].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_1[1].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_2[1].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_2[2].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_3[1].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_3[2].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_3[3].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_3[4].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_3[5].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_3[6].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_3[7].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\CKHR5D60\b64_3[8].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_1[1].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_1[2].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_2[1].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_2[2].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_2[3].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_2[4].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_2[5].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_2[6].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_3[1].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_3[2].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_3[3].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_3[4].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\KXMF8LQB\b64_3[6].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_1[1].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_1[2].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_2[1].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_2[2].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_3[1].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_3[2].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_3[4].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_3[5].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\V69C2I7Z\b64_3[6].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_1[1].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_1[2].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_1[3].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_1[4].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_1[5].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_2[1].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_2[2].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_2[3].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_2[4].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_2[5].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_2[6].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_3[1].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_3[3].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_3[4].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_3[5].jpg
C:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\WDUV092N\b64_3[6].jpg
E:\PROGRAMMI\PDVDServ.exe
F:\incoming\Autodesk Maya 8.5 Crack Updated-Fixed 03-2007.rar
F:\incoming\Cycling74 MAX-MSP 4.5.2\Cycling '74 MAX MSP v4.5.5 updated-fixed 10-2007.rar
F:\incoming\masterizzatori etc\iSofter.DVD.Audio.Ripper.DVD.Ripper.Deluxe.DVD.Ripper.convert.DVD.to.AVI-DivX-XviD-MPEG-MP3-WMV-WMA.rar
F:\incoming\musica\Mozart-Beethoven-Stravinskij-Schumann - Quartetti per archi - Quartetto Italiano - (EAC=ape+cue+covers) updated-fixed Release 09-2007.zip
C:\DOCUME~1\enrico\IMPOST~1\Temp\LMV.exe
C:\DOCUME~1\enrico\IMPOST~1\Temp\DMFQ.exe

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\down
C:\Programmi\NavExcel

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32

Ti chiedo inoltre gentilmente di mettere i seguenti file su www.mediafire.com e spedirmi i link in un messaggio privato:

F:\incoming\masterizzatori etc\ISOBurn 1.0.10.0.zip
F:\incoming\masterizzatori etc\dopo ISOBurn 1.8.zip
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda suntleone » gio gen 10, 2008 11:40 pm

CIAO STE_95,
Bhè non ho parole, sei stato bravissimo.
Tuttto sembra funzionare alla perfezione, ho installato finalmente l'antivirus ed il sistema è tornato scattante come prima.
Ancora GRAZIE!!!!!! [rotolo]
Dammi maggiori dettagli su come fare per mettere i link dei files che mi hai chiesto sul PM. Non ho mai fatto nulla del genere.
Altrimenti se hai un ftp posso metterli lì oppure li puoi attingere dal mio, dimmi tu.
Scusa se abuso ma come da oggetto della mia prima richiesta ho un secondo pc altrettanto incasinato, posterò le scan, per cui se ce la fai dagli un'occhiata.
Inoltre sul pc appena rimesso a posto ho un programma fastidioso che non riesco a disinstallare con i metodi classici, cosa si può fare?
A presto
GRAZIE infinitamente
SIETE GRANDISSIMI!
Avatar utente
suntleone
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: mer gen 09, 2008 9:55 pm
Top

Messaggioda ste_95 » ven gen 11, 2008 7:05 am

Devi andare sul sito www.mediafire.com

Quindi scegliere il pulsante Sfoglia e scegliere prima un file elencato prima e premere upload file to mediafire.

Copia il link che ti dirà il sito e mandamelo con un messaggio privato.

Esegui la stessa operazione per il secondo.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda crazy.cat » ven gen 11, 2008 9:35 am

suntleone ha scritto:Scusa se abuso ma come da oggetto della mia prima richiesta ho un secondo pc altrettanto incasinato, posterò le scan, per cui se ce la fai dagli un'occhiata.
Inoltre sul pc appena rimesso a posto ho un programma fastidioso che non riesco a disinstallare con i metodi classici, cosa si può fare?

Apri magari due discussioni separate per questi problemi, così possiamo trattarle meglio.

E vedi se riesci a farci avere quel file infetto così possiamo studiarlo sotto Vista perché è un grosso problema.
Domani piove, almeno gioco un po con il virus.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda suntleone » ven gen 11, 2008 8:16 pm

salve a tutti,
torno a bomba denunciando l'impossibilità di disinstallare una barra che non ho capito come è arrivata nel mio pc.
Lei si chiama EUROBAR, prevede al suo interno un exe unistall, ma non funziona e neanche utilizzando il rimuovi di windows.
Il mio o.s. è win xp sp2.
l'errore che viene visualizzato ad ogni tentativo di rimozione è: "ERRORE D'ESECUZIONE 75".
Scusatemi se questo è il posto sbagliato dove segnalare questa anomalia.
Grazie anticipatamente
Avatar utente
suntleone
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: mer gen 09, 2008 9:55 pm
Top

Messaggioda ste_95 » ven gen 11, 2008 8:20 pm

Apri una nuova discussione ed esponi il tuo problema allegando un log di hijackthis:

Scarica HiJackThis
Salvalo in una cartella (non aprirlo direttamente, sennò non farà i backup!)
Apri l'eseguibile
Clicca quindi su "Do a System Scan and Save a Logfile"
Attendi che finisca la scansione
Quindi copia il contenuto del blocco note qui sul forum.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda suntleone » ven gen 11, 2008 8:49 pm

Ciao STE_95,
ecco il log di hijackthis che avevo gia preparato:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20.46.19, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Programmi\Analog Devices\Core\smax4pnp.exe
H:\Programmi\Analog Devices\SoundMAX\Smax4.exe
H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE
H:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
H:\Programmi\QuickTime\qttask.exe
H:\Programmi\Multimedia Card Reader\shwicon2k.exe
H:\Programmi\D-Tools\daemon.exe
H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Programmi\CyberLink\Shared Files\RichVideo.exe
H:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
H:\Programmi\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
H:\WINDOWS\system32\svchost.exe
H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
H:\Programmi\iPod\bin\iPodService.exe
H:\Programmi\PC Connectivity Solution\ServiceLayer.exe
H:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
H:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
H:\WINDOWS\system32\rundll32.exe
H:\Programmi\Mozilla Firefox\firefox.exe
H:\Documents and Settings\enrico\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 210.14.129.6 www.myfilmcodeclive.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MouseGest - {112AB43D-32C4-3B21-53BA-13A46743BC34} - H:\WINDOWS\system32\mousegex.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - J:\PROGRA~1\OFFICE~1\Office12\GRA8E1~1.DLL
O2 - BHO: Web Mon - {7428F943-BC4F-4A39-3B43-AB433C523B34} - H:\WINDOWS\system32\WebMon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - H:\Programmi\NavExcel\NavHelper\v2.0.4b\NHelper.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - H:\Programmi\NavExcel Search Toolbar\NavExcelBar.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - H:\Programmi\NavExcel Search Toolbar\NavExcelBar.dll
O4 - HKLM\..\Run: [nTrayFw] H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "H:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [RemoteControl] H:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] H:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "J:\Programmi\office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Soundlibs] H:\WINDOWS\soundlib.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] H:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [drvsyskit] H:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [NBJ] "H:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [german.exe] H:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [PC Suite Tray] "H:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = H:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = H:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = H:\Programmi\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://J:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - J:\PROGRA~1\OFFICE~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - H:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - H:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - H:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - H:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - H:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8415 bytes
sono tutto orecchi
grazie mille
Avatar utente
suntleone
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: mer gen 09, 2008 9:55 pm
Top

Messaggioda ste_95 » ven gen 11, 2008 9:08 pm

Esegui la scansione online con kaspersky e alla fine postane il log.

Per postare il log apri una nuova discussione.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda suntleone » ven gen 11, 2008 11:00 pm

non mi permette di effettuare la scansione on line!
non scarica il pacchetto di installazione.
??????
che fare?
grazie ciao a presto
Avatar utente
suntleone
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: mer gen 09, 2008 9:55 pm
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 6 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising