Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

AIUTO VIRUS CHE NON RIESCO A DEBELLARE!!

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

AIUTO VIRUS CHE NON RIESCO A DEBELLARE!!

Messaggioda pucioletta » mar gen 15, 2008 7:17 pm

Aiuto sto impazzendo con questi maledetti virus!
Dopo aver fatto un'accurata scansione con bitdefender come consigliatomi da un mio amico è venuto fuori quanto segue:


C:\WINDOWS\system32\mdelk.exe è infetto dal virus
Win32.Beagle.FQ

C:\WINDOWS\sFonts\svchost.exe è infetto dal virus
Trojan.Agent.AFSZ

C:\WINDOWS\system32\ddcya.dll è infetto dal virus
Trojan Vundo. DVD

e da questo maledettissimo virus sono infetti anche questi a seguire:

C:\WINDOWS\Fonts\schost.exe
C:\WINDOWS\Fonts\a.zip=>Crack.exe
C:\WINDOWS\Temp\umzaca.exe



VI PREGO NON SONO UN GENIO DEL PC MI DATE UNA MANO? LA SITUAZIONE è GRAVE? grazie infinite [cry+]
Avatar utente
pucioletta
Aficionado
Aficionado
 
Messaggi: 28
Iscritto il: mar gen 15, 2008 4:58 pm
Top

Messaggioda ste_95 » mar gen 15, 2008 8:30 pm

Le infezioni sono molteplici, e immagino che ti sarà scomparso l'antivirus, esegui quindi la scansione online con kaspersky e postane il risultato.

Segui anche questa guida:

http://www.MegaLab.it/2785
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda pucioletta » mar gen 15, 2008 11:47 pm

grazie grazie e ancora grazie, è un respiro di sollievo sapere che nn sono sola contro questi maledetti virus!! [acc2]
Il risultato della scansione di Kaspersky l'avrei postato anche subito, maè ancora al 35%, spero che entro domani finisca. Per ora indica 9 virus trovati e 64 oggetti infetti [V] [cry+]
Aiuto!! Ditemi che tutto si può risolvere, sto scrivendo la tesi e in più il portatile è fondamentale [cry]
Spero possiate darmi una mano. comunque si, sono rimasta totalmente senza antivirus e non riesco neanche più ad installarne uno.
Intanto posso allegarvi la scansione totale di bitfinder:

BitDefender Online Scanner

Scan report generated at: Tue, Jan 15, 2008 - 22:00:36

Scan path: C:\;D:\;E:\;

Results

Identified Viruses 7
Infected Files 28
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 21
Scanned File
Status

C:\WINDOWS\system32\drivers\down\14853062.exe
Infected with: Win32.Beagle.FQ

C:\WINDOWS\system32\drivers\down\14853062.exe
Disinfection failed

C:\WINDOWS\system32\drivers\down\14853062.exe
Deleted

C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe.tmp
Infected with: Trojan.Dropper.Vundo.D

C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe.tmp
Disinfection failed

C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe.tmp
Deleted

C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe.tmp
Infected with: Trojan.Dropper.Vundo.D

C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe.tmp
Disinfection failed

C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe.tmp
Deleted

C:\WINDOWS\system32\aycdd.ini
Infected with: Trojan.Vundo.DVS

C:\WINDOWS\system32\aycdd.ini
Disinfection failed

C:\WINDOWS\system32\aycdd.ini
Deleted

C:\WINDOWS\system32\mdelk.exe
Infected with: Win32.Beagle.FQ

C:\WINDOWS\system32\mdelk.exe
Disinfection failed

C:\WINDOWS\system32\mdelk.exe
Delete failed

C:\WINDOWS\system32\ddcya.exe
Infected with: Trojan.Dropper.Vundo.D

C:\WINDOWS\system32\ddcya.exe
Disinfection failed

C:\WINDOWS\system32\ddcya.exe
Deleted

C:\WINDOWS\system32\RCX32.tmp
Infected with: Trojan.Dropper.Vundo.D

C:\WINDOWS\system32\RCX32.tmp
Disinfection failed

C:\WINDOWS\system32\RCX32.tmp
Deleted

C:\WINDOWS\system32\ddcya.dll
Infected with: Trojan.Vundo.DVD

C:\WINDOWS\system32\ddcya.dll
Disinfection failed

C:\WINDOWS\system32\ddcya.dll
Delete failed

C:\WINDOWS\system32\aycdd.ini2
Infected with: Trojan.Vundo.DVS

C:\WINDOWS\system32\aycdd.ini2
Disinfection failed

C:\WINDOWS\system32\aycdd.ini2
Deleted

C:\WINDOWS\Fonts\svchost .exe
Infected with: Trojan.Agent.AFSZ

C:\WINDOWS\Fonts\svchost .exe
Disinfection failed

C:\WINDOWS\Fonts\svchost .exe
Delete failed

C:\WINDOWS\Fonts\Crack.exe
Infected with: Trojan.Agent.AFSZ

C:\WINDOWS\Fonts\Crack.exe
Disinfection failed

C:\WINDOWS\Fonts\Crack.exe
Deleted

C:\WINDOWS\Fonts\svchost.exe
Infected with: Trojan.Dropper.Vundo.D

C:\WINDOWS\Fonts\svchost.exe
Disinfection failed

C:\WINDOWS\Fonts\svchost.exe
Delete failed

C:\WINDOWS\Fonts\a.zip=>Crack.exe
Infected with: Trojan.Agent.AFSZ

C:\WINDOWS\Fonts\a.zip=>Crack.exe
Disinfection failed

C:\WINDOWS\Fonts\a.zip=>Crack.exe
Deleted

C:\WINDOWS\Fonts\a.zip
Updated

C:\WINDOWS\Temp\umzaca.exe
Infected with: Trojan.Dropper.Vundo.D

C:\WINDOWS\Temp\umzaca.exe
Disinfection failed

C:\WINDOWS\Temp\umzaca.exe
Delete failed

C:\WINDOWS\Temp\tuqsea.exe
Infected with: Trojan.Dropper.Vundo.D

C:\WINDOWS\Temp\tuqsea.exe
Disinfection failed

C:\WINDOWS\Temp\tuqsea.exe
Deleted

C:\WINDOWS\ime\imjp8_1\imjpmig.exe.tmp
Infected with: Trojan.Dropper.Vundo.D

C:\WINDOWS\ime\imjp8_1\imjpmig.exe.tmp
Disinfection failed

C:\WINDOWS\ime\imjp8_1\imjpmig.exe.tmp
Deleted

C:\Documents and Settings\All Users\Dati applicazioni\each new axis love\Kind dumb.exe
Infected with: Trojan.Dropper.Vundo.D

C:\Documents and Settings\All Users\Dati applicazioni\each new axis love\Kind dumb.exe
Disinfection failed

C:\Documents and Settings\All Users\Dati applicazioni\each new axis love\Kind dumb.exe
Deleted

C:\Documents and Settings\All Users\Documenti\Immagini\trivial pursuit ita crack bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_solid_nsis0005
Infected with: Trojan.Obfus.6.Gen

C:\Documents and Settings\All Users\Documenti\Immagini\trivial pursuit ita crack bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_solid_nsis0005
Disinfection failed

C:\Documents and Settings\All Users\Documenti\Immagini\trivial pursuit ita crack bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)=>lzma_solid_nsis0005
Deleted

C:\Documents and Settings\All Users\Documenti\Immagini\trivial pursuit ita crack bittorrent downloader.zip=>BitDownload Setup.exe=>(NSIS o)
Update failed

C:\Documents and Settings\All Users\Documenti\Immagini\trivial pursuit ita crack hentai anime.zip=>setup.exe=>(NSIS o)=>lzma_nsis0008=>(NSIS o)=>lzma_solid_nsis0004
Infected with: Trojan.Downloader.Zlob.AATN

C:\Documents and Settings\All Users\Documenti\Immagini\trivial pursuit ita crack hentai anime.zip=>setup.exe=>(NSIS o)=>lzma_nsis0008=>(NSIS o)=>lzma_solid_nsis0004
Disinfection failed

C:\Documents and Settings\All Users\Documenti\Immagini\trivial pursuit ita crack hentai anime.zip=>setup.exe=>(NSIS o)=>lzma_nsis0008=>(NSIS o)=>lzma_solid_nsis0004
Deleted

C:\Documents and Settings\All Users\Documenti\Immagini\trivial pursuit ita crack hentai anime.zip=>setup.exe=>(NSIS o)=>lzma_nsis0008=>(NSIS o)
Update failed

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX2F.tmp
Infected with: Trojan.Dropper.Vundo.D

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX2F.tmp
Disinfection failed

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX2F.tmp
Deleted

C:\Documents and Settings\chiara\Impostazioni locali\Temp\BitDownload Setup.exe=>(NSIS o)=>lzma_solid_nsis0005
Infected with: Trojan.Obfus.6.Gen

C:\Documents and Settings\chiara\Impostazioni locali\Temp\BitDownload Setup.exe=>(NSIS o)=>lzma_solid_nsis0005
Disinfection failed

C:\Documents and Settings\chiara\Impostazioni locali\Temp\BitDownload Setup.exe=>(NSIS o)=>lzma_solid_nsis0005
Deleted

C:\Documents and Settings\chiara\Impostazioni locali\Temp\BitDownload Setup.exe=>(NSIS o)
Update failed

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX3E.tmp
Infected with: Trojan.Dropper.Vundo.D

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX3E.tmp
Disinfection failed

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX3E.tmp
Deleted

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX41.tmp
Infected with: Trojan.Dropper.Vundo.D

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX41.tmp
Disinfection failed

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX41.tmp
Deleted

C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\FRBENEFF\b64_3[1].jpg
Infected with: Win32.Beagle.FQ

C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\FRBENEFF\b64_3[1].jpg
Disinfection failed

C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\FRBENEFF\b64_3[1].jpg
Deleted

C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
Infected with: Trojan.Dropper.Vundo.D

C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
Disinfection failed

C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
Delete failed

C:\Programmi\SpywareDetector\SDSystemTray.exe
Infected with: Trojan.Dropper.Vundo.D

C:\Programmi\SpywareDetector\SDSystemTray.exe
Disinfection failed

C:\Programmi\SpywareDetector\SDSystemTray.exe
Delete failed

C:\Programmi\SpywareDetector\LiveUpdateSD.exe
Infected with: Trojan.Dropper.Vundo.D

C:\Programmi\SpywareDetector\LiveUpdateSD.exe
Disinfection failed

C:\Programmi\SpywareDetector\LiveUpdateSD.exe
Deleted

C:\taomudgb.bat
Infected with: Trojan.Dropper.Vundo.D

C:\taomudgb.bat
Disinfection failed

C:\taomudgb.bat
Deleted
Avatar utente
pucioletta
Aficionado
Aficionado
 
Messaggi: 28
Iscritto il: mar gen 15, 2008 4:58 pm
Top
Top

Messaggioda crazy.cat » mer gen 16, 2008 8:33 am

pucioletta ha scritto:Ditemi che tutto si può risolvere

Una volta in possesso della scansione online di kaspersky, si crea lo script adatto e si fa pulizia di tutto.
http://www.MegaLab.it/forum/viewtopic.php?t=34966
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda pucioletta » mer gen 16, 2008 9:37 am

ciao crazy la scansione con kaspersky sta ancora andando, purtoppo ho dovuto ravviarla perché avevo lasciato il pc connesso ma è saltata la connessione. Intanto ho effettuato la scansione con VundoFIX come indicato nell'articolo, ma umzaca.exe non è riuscito a levalo.
Ho provato con gli altri 2 siti che mi avete consigliato , ma il secondo non è reperibile e l'ultimo ,una volta scaricato, mi dice che nonè un percoso di Win32 e non me lo fa aprire [cry]

Appena Kasperky è pronto vi aggiorno
Avatar utente
pucioletta
Aficionado
Aficionado
 
Messaggi: 28
Iscritto il: mar gen 15, 2008 4:58 pm
Top

Messaggioda crazy.cat » mer gen 16, 2008 9:38 am

Una volta avviata la scansione di kaspersky, puoi anche chiudere la connessione, continua da sola anche off-line.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda pucioletta » mer gen 16, 2008 11:01 am

crazy cat davvero? ma il link giusto da cui farla è questo:
http://www.kaspersky.com/virusscanner

perché a me esce "scansione online"...

sarebbe molto meglio chiudere la connessione perché continuano ad aprirsi terribili siti pop up [cry+]

spero tu sia on line !
Avatar utente
pucioletta
Aficionado
Aficionado
 
Messaggi: 28
Iscritto il: mar gen 15, 2008 4:58 pm
Top

Messaggioda crazy.cat » mer gen 16, 2008 1:05 pm

Gli lasci scaricare gli aggiornamenti, dopo essere arrivati alla selezione dei dischi fissi, aver avviato la scansione e veder cambiare i file controllati, puoi anche scollegarti.
(forse lo puoi fare anche prima ma non avevo provato. Io mi sono scollegato aquel punto)
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

FINALMENTE SCANSIONE KASPERSKY

Messaggioda pucioletta » mer gen 16, 2008 4:06 pm

CRAZY cat finalmente ho la scansione di KASPERSKY, eccola di seguito:
(ti prego dimmi che si piò risolvere! Ho già scarico Avenger! [^]



Wednesday, January 16, 2008 3:59:10 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/01/2008
Kaspersky Anti-Virus database records: 512646


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 71584
Number of viruses found 16
Number of infected objects 101
Number of suspicious objects 0
Duration of the scan process 04:02:44

Infected Object Name Virus Name Last Action
C:\i386\ntoskrnl.exe Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\drivers\down\16168437.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\16184390.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\30828250.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\55044046.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\782734.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07 .exe Infected: Trojan.Win32.Agent.dxh skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\dllcache\ntoskrnl.exe Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\ntoskrnl.exe Object is locked skipped

C:\WINDOWS\system32\hlpsjdif.exe Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\ddcya.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\WINDOWS\system32\ntonpeae.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped

C:\WINDOWS\system32\hyutszrf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped

C:\WINDOWS\system32\cwckubwm.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped

C:\WINDOWS\system32\hkcmd .exe Infected: Trojan.Win32.Agent.dxh skipped

C:\WINDOWS\system32\igfxtray .exe Infected: Trojan.Win32.Agent.dxh skipped

C:\WINDOWS\system32\igfxpers .exe Infected: Trojan.Win32.Agent.dxh skipped

C:\WINDOWS\system32\ctfmon.exe.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\WINDOWS\Fonts\svchost .exe Infected: Trojan.Win32.Agent.cmn skipped

C:\WINDOWS\Fonts\Crack.exe Infected: Trojan.Win32.Agent.cmn skipped

C:\WINDOWS\Fonts\a.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped

C:\WINDOWS\Fonts\a.zip ZIP: infected - 1 skipped

C:\WINDOWS\Fonts\svchost.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt Object is locked skipped

C:\WINDOWS\Temp\umzaca.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\WINDOWS\Temp\umzaca .exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\WINDOWS\Temp\sqlite_7T36Cqu6T0Dk5gl Object is locked skipped

C:\WINDOWS\Temp\s1o0.48 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe Object is locked skipped

C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe Object is locked skipped

C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_14c.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wsb Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy4.gthr Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.85.gthr Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.85.Crwl Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

C:\Documents and Settings\All Users\Documenti\Immagini\trivial pursuit ita crack.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped

C:\Documents and Settings\All Users\Documenti\Immagini\trivial pursuit ita crack.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Documenti\Immagini\trivial pursuit ita crack hentai anime.zip/setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped

C:\Documents and Settings\All Users\Documenti\Immagini\trivial pursuit ita crack hentai anime.zip/setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped

C:\Documents and Settings\All Users\Documenti\Immagini\trivial pursuit ita crack hentai anime.zip/setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped

C:\Documents and Settings\All Users\Documenti\Immagini\trivial pursuit ita crack hentai anime.zip/setup.exe Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped

C:\Documents and Settings\All Users\Documenti\Immagini\trivial pursuit ita crack hentai anime.zip ZIP: infected - 4 skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\chiara\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\chiara\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\535021865.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\688590638.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\3784175450.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\3690078359.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\2084570924.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\387811582.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\3879150525.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\3576653675.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\wcfbdlkl.exe Infected: Trojan.Win32.Dialer.aan skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\TMP48.tmp Infected: Trojan.Win32.Agent.dxh skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\2525129273.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\TMP80.tmp Infected: not-a-virus:Porn-Dialer.Win32.Agent.aw skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\2021400706.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\1852603545.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\2447976686.exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX238B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\tem44.tmp.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.jb skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\tem44.tmp.exe NSIS: infected - 1 skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX2380.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\TMP46.tmp Infected: not-a-virus:Porn-Dialer.Win32.Agent.aw skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\TMP8E.tmp Infected: not-a-virus:Porn-Dialer.Win32.Agent.aw skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\mspirlhw.exe Infected: Trojan.Win32.Dialer.aan skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\TMP42.tmp Infected: not-a-virus:Porn-Dialer.Win32.Agent.aw skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\jar_cache9852.tmp Infected: Trojan.Win32.Dialer.aan skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\jar_cache42907.tmp Infected: Trojan.Win32.Dialer.aan skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\jar_cache25908.tmp Infected: Trojan.Win32.Dialer.aan skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\rwcoaclu.exe Infected: Trojan.Win32.Dialer.aan skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\jar_cache3041.tmp Infected: Trojan.Win32.Dialer.aan skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCXE.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX1D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\jar_cache38795.tmp Infected: Trojan.Win32.Dialer.aan skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX2383.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX236F.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\TMP2384.tmp Infected: not-a-virus:Porn-Dialer.Win32.Agent.aw skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX20.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\~DFFE08.tmp Object is locked skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\TMP21.tmp Infected: not-a-virus:Porn-Dialer.Win32.Agent.aw skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX793.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\2417106580.exe Object is locked skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX782.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\RCX798.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temp\TMP799.tmp Infected: not-a-virus:Porn-Dialer.Win32.Agent.aw skipped

C:\Documents and Settings\chiara\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\RITE7Q6C\setup[1].exe/file1 Infected: not-a-virus:FraudTool.Win32.AntiSpyware.c skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\RITE7Q6C\setup[1].exe Inno: infected - 1 skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\KWWNNZ9T\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\KWWNNZ9T\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\KWWNNZ9T\apst377[1] Infected: not-a-virus:AdWare.Win32.SuperJuan.ez skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\KWWNNZ9T\tr[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\HC1XOV3F\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\HC1XOV3F\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\HC1XOV3F\gamadril20071203[1] Infected: Backdoor.Win32.Agent.dbm skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\PC9T9EKV\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\PC9T9EKV\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\chiara\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\chiara\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\chiara\Impostazioni locali\Dati applicazioni\Microsoft\Desktop Search\Logs\OTFSMonLog.txt Object is locked skipped

C:\Documents and Settings\chiara\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\chiara\Dati applicazioni\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped

C:\Documents and Settings\chiara\zuqtnmpw.exe Infected: Trojan.Win32.Dialer.aan skipped

C:\Documents and Settings\chiara\dwmheapz.exe Infected: Trojan.Win32.Dialer.aan skipped

C:\Documents and Settings\chiara\nftyqmwd.exe Infected: Trojan.Win32.Dialer.aan skipped

C:\Documents and Settings\chiara\xkhrazrk.exe Infected: Trojan.Win32.Dialer.aan skipped

C:\Documents and Settings\chiara\luddfxcl.exe Infected: Trojan.Win32.Dialer.aan skipped

C:\Programmi\Realtek\InstallShield\AzMixerSel .exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Programmi\Realtek\InstallShield\AzMixerSel.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Programmi\Synaptics\SynTP\SynTPLpr .exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Programmi\Synaptics\SynTP\SynTPEnh .exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped

C:\Programmi\Acer\Acer Arcade\PCMService .exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Programmi\Java\jre1.6.0_03\bin\jusched .exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Programmi\eMule\Temp\021.part/Nod.32.Antivirus.Ver.7.Ita.Crack.exe Infected: Trojan-Downloader.Win32.Bagle.hx skipped

C:\Programmi\eMule\Temp\021.part ZIP: infected - 1 skipped

C:\Programmi\BrowsingAdvisor\BrowsingAdvisor.dat Object is locked skipped

C:\Programmi\QuickTime\bak\qttask .exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Acer\ePM\epm-dm .exe Infected: Trojan.Win32.Agent.dxh skipped

C:\Acer\ePM\ePM .exe Infected: Trojan.Win32.Agent.dxh skipped

C:\VundoFix Backups\ddcya.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\VundoFix Backups\tuqsea .exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\VundoFix Backups\umzaca .exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\VundoFix Backups\umzaca.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped

Scan process completed.
Avatar utente
pucioletta
Aficionado
Aficionado
 
Messaggi: 28
Iscritto il: mar gen 15, 2008 4:58 pm
Top

Messaggioda ste_95 » mer gen 16, 2008 4:18 pm

Sei infetta da molteplici virus, vediamo di rimuoverli tutti...:

Per prima cosa Disattiva il ripristino configurazione di sistema.

Poi segui questa guida:

http://www.MegaLab.it/2785

Esegui la scansione con FindAWF.

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\hldrrr.ex_
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07 .exe
C:\WINDOWS\system32\ddcya.exe
C:\WINDOWS\system32\cwckubwm.exe
C:\WINDOWS\system32\cwckubwm.exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\Fonts\svchost .exe
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\svchost.exe
C:\Documents and Settings\All Users\Documenti\Immagini\trivial pursuit ita crack.zip
C:\Documents and Settings\chiara\zuqtnmpw.exe
C:\Documents and Settings\chiara\dwmheapz.exe
C:\Documents and Settings\chiara\nftyqmwd.exe
C:\Documents and Settings\chiara\xkhrazrk.exe
C:\Documents and Settings\chiara\luddfxcl.exe
C:\Programmi\Realtek\InstallShield\AzMixerSel .exe
C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr .exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Acer\Acer Arcade\PCMService .exe
C:\Programmi\eMule\Temp\021.part
C:\Programmi\QuickTime\bak\qttask .exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Acer\ePM\ePM .exe
C:\Acer\ePM\epm-dm .exe

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\Temp
C:\Documents and Settings\chiara\Impostazioni locali\Temp
C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\RITE7Q6C
C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\KWWNNZ9T
C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\HC1XOV3F
C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\PC9T9EKV
C:\VundoFix Backups

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32

Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda pucioletta » mer gen 16, 2008 4:28 pm

ciao ste l'articolo mi era già stato indicato ma purtroppo VundoFix non ha saputo rimuoverli tutti [cry+]

Per gli altri 2 programmi, non sono riuscita ad aprirli mi dava un blocco :(
Per quanto riguarda la scansione cone FINDAWF, dove andare?

Avenger l'ho già scaricato

grazie del sostegno, spero riuscremo a debellarli tutti. mi stanno mettendo in seria difficoltà [V]
Avatar utente
pucioletta
Aficionado
Aficionado
 
Messaggi: 28
Iscritto il: mar gen 15, 2008 4:58 pm
Top

Messaggioda ste_95 » mer gen 16, 2008 4:32 pm

Che blocco dava per VirtumondeBeGone e ComboFix?

Qui trovi FindAWF:

http://noahdfear.geekstogo.com/FindAWF.exe
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda pucioletta » mer gen 16, 2008 4:46 pm

HO FATTO TUTTO CON AVENGER COME HAI DETTO, ECCO COSA è COMPARSO NEL BLOKNOTES AL RIAVVIO:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bjxosrjg

*******************

Script file located at: \??\C:\mcakeevg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\windows\system32\drivers\hldrrr.exe deleted successfully.


File C:\WINDOWS\system32\drivers\hldrrr.ex_ not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc0000034

File C:\WINDOWS\system32\mdelk.exe deleted successfully.
File C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07 .exe deleted successfully.
File C:\WINDOWS\system32\ddcya.exe deleted successfully.
File C:\WINDOWS\system32\cwckubwm.exe deleted successfully.


File C:\WINDOWS\system32\cwckubwm.exe not found!
Deletion of file C:\WINDOWS\system32\cwckubwm.exe failed!

Could not process line:
C:\WINDOWS\system32\cwckubwm.exe
Status: 0xc0000034

File C:\WINDOWS\system32\igfxtray .exe deleted successfully.
File C:\WINDOWS\system32\igfxpers .exe deleted successfully.
File C:\WINDOWS\system32\ctfmon.exe.tmp deleted successfully.
File C:\WINDOWS\Fonts\svchost .exe deleted successfully.
File C:\WINDOWS\Fonts\Crack.exe deleted successfully.
File C:\WINDOWS\Fonts\a.zip deleted successfully.
File C:\WINDOWS\Fonts\svchost.exe deleted successfully.
File C:\Documents and Settings\All Users\Documenti\Immagini\trivial pursuit ita crack.zip deleted successfully.
File C:\Documents and Settings\chiara\zuqtnmpw.exe deleted successfully.
File C:\Documents and Settings\chiara\dwmheapz.exe deleted successfully.
File C:\Documents and Settings\chiara\nftyqmwd.exe deleted successfully.
File C:\Documents and Settings\chiara\xkhrazrk.exe deleted successfully.
File C:\Documents and Settings\chiara\luddfxcl.exe deleted successfully.
File C:\Programmi\Realtek\InstallShield\AzMixerSel .exe deleted successfully.
File C:\Programmi\Realtek\InstallShield\AzMixerSel.exe deleted successfully.
File C:\Programmi\Synaptics\SynTP\SynTPLpr .exe deleted successfully.


File C:\Programmi\Synaptics\SynTP\SynTPLpr.exe not found!
Deletion of file C:\Programmi\Synaptics\SynTP\SynTPLpr.exe failed!

Could not process line:
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
Status: 0xc0000034

File C:\Programmi\Acer\Acer Arcade\PCMService .exe deleted successfully.
File C:\Programmi\eMule\Temp\021.part deleted successfully.
File C:\Programmi\QuickTime\bak\qttask .exe deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe deleted successfully.
File C:\Acer\ePM\ePM .exe deleted successfully.
File C:\Acer\ePM\epm-dm .exe deleted successfully.


Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Folder C:\WINDOWS\Temp deleted successfully.
Folder C:\Documents and Settings\chiara\Impostazioni locali\Temp deleted successfully.
Folder C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\RITE7Q6C deleted successfully.
Folder C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\KWWNNZ9T deleted successfully.
Folder C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\HC1XOV3F deleted successfully.
Folder C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\PC9T9EKV deleted successfully.
Folder C:\VundoFix Backups deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
pucioletta
Aficionado
Aficionado
 
Messaggi: 28
Iscritto il: mar gen 15, 2008 4:58 pm
Top

SCANSIONE FINDAWF

Messaggioda pucioletta » mer gen 16, 2008 4:52 pm

ecco il report:

Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 05.00 15.360 ctfmon.exe
18/07/2005 20.06 77.824 hkcmd.exe
18/07/2005 20.10 114.688 igfxpers.exe
18/07/2005 20.09 94.208 igfxtray.exe
4 File 302.080 byte
2 Directory 10.017.996.800 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\QUICKT~1\BAK

0 File 0 byte
3 Directory 10.017.996.800 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\ESET\BAK

0 File 0 byte
2 Directory 10.017.996.800 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\ACER\EPM\BAK

15/03/2005 10.03 2.893.824 ePM.exe
11/08/2005 19.21 200.704 epm-dm.exe
2 File 3.094.528 byte
2 Directory 10.017.996.800 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\WINDOWS\IME\IMJP8_1\BAK

19/08/2004 05.00 208.952 IMJPMIG.EXE
1 File 208.952 byte
2 Directory 10.017.996.800 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\REALTEK\INSTAL~1\BAK

11/06/2005 19.51 53.248 AzMixerSel.exe
1 File 53.248 byte
2 Directory 10.017.996.800 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

08/10/2004 14.43 688.218 SynTPEnh.exe
08/10/2004 14.44 98.394 SynTPLpr.exe
2 File 786.612 byte
2 Directory 10.017.996.800 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\ACER\ACERAR~1\BAK

31/08/2005 19.59 147.456 PCMService.exe
1 File 147.456 byte
2 Directory 10.017.996.800 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\QUICKT~1\BAK\BAK

14/08/2006 09.54 77.824 qttask.exe
1 File 77.824 byte
2 Directory 10.017.996.800 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

23/07/2007 13.13 68.856 GoogleToolbarNotifier.exe
1 File 68.856 byte
2 Directory 10.017.996.800 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\ACER\EMPOWE~1\ERECOV~1\BAK

0 File 0 byte
2 Directory 10.017.996.800 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\WINDOWS\SYSTEM32\IME\PINTLGNT\BAK

19/08/2004 05.00 59.392 ImScInst.exe
1 File 59.392 byte
2 Directory 10.017.996.800 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

19/08/2004 05.00 455.168 TINTSETP.EXE
1 File 455.168 byte
2 Directory 10.017.996.800 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\DOCUME~1\CHIARA\DATIAP~1\ELSEPL~1\BAK

0 File 0 byte
2 Directory 10.017.996.800 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

25/09/2007 01.11 132.496 jusched.exe
1 File 132.496 byte
2 Directory 10.017.996.800 byte disponibili
Il volume nell'unit… C Š ACER
Numero di serie del volume: 320D-180E

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

16/05/2003 07.59 188.416 hpztsb07.exe
1 File 188.416 byte
2 Directory 10.017.996.800 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
94208 18 Jul 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
94208 18 Jul 2005 "C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\igfxtray.exe"
77824 18 Jul 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
77824 8 Jun 2005 "C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\hkcmd.exe"
77824 18 Jul 2005 "C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\hkcmd.exe"
114688 18 Jul 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
114688 8 Jun 2005 "C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\igfxpers.exe"
114688 18 Jul 2005 "C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\igfxpers.exe"
10256 11 Jan 2008 "C:\Programmi\QuickTime\qttask.exe"
77824 14 Aug 2006 "C:\Programmi\QuickTime\bak\bak\qttask.exe"
200704 11 Aug 2005 "C:\Acer\ePM\bak\epm-dm.exe"
2893824 15 Mar 2005 "C:\Acer\ePM\bak\ePM.exe"
208952 19 Aug 2004 "C:\WINDOWS\ime\imjp8_1\imjpmig.exe"
208952 19 Aug 2004 "C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE"
53248 11 Jun 2005 "C:\Programmi\Realtek\InstallShield\bak\AzMixerSel.exe"
98394 8 Oct 2004 "C:\Programmi\Synaptics\SynTP\Media\SynTPLpr.exe"
98394 8 Oct 2004 "C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe"
688218 8 Oct 2004 "C:\Programmi\Synaptics\SynTP\Media\SynTPEnh.exe"
688218 8 Oct 2004 "C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe"
147456 31 Aug 2005 "C:\Programmi\Acer\Acer Arcade\bak\PCMService.exe"
10256 11 Jan 2008 "C:\Programmi\QuickTime\qttask.exe"
77824 14 Aug 2006 "C:\Programmi\QuickTime\bak\bak\qttask.exe"
52272 25 Jan 2007 "C:\Programmi\Google\googletoolbar3user.exe"
68856 23 Jul 2007 "C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
138168 25 Jan 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
59392 19 Aug 2004 "C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe"
59392 19 Aug 2004 "C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe"
455168 19 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe"
455168 19 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
36975 13 Apr 2005 "C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe"
83608 14 Mar 2007 "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
132496 12 Jul 2007 "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
132496 25 Sep 2007 "C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe"
188416 16 May 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb07.exe"


end of report
Avatar utente
pucioletta
Aficionado
Aficionado
 
Messaggi: 28
Iscritto il: mar gen 15, 2008 4:58 pm
Top

Messaggioda pucioletta » mer gen 16, 2008 5:06 pm

Per COMBOFIX mi viene detto che l'applicazione non è valida.
Per il momento sembrano non aprirsi più le antipatiche finestre POP up.
Dato che sono sprovvista di antivirus, ora che dovremmo aver debellato quell'antipatico virus, posso scaricarne uno? Quale mi consigli? Prima avevo NOD32.
aH!!!sono riuscita a lanciare VIRTUMONDOBEGONE e questo è quello che ne deriva: (C'è il log -credo si chiami così- sul mio desktop)

[01/16/2008, 16:57:27] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\chiara\Impostazioni locali\Temporary Internet Files\Content.IE5\HC1XOV3F\VirtumundoBeGone[1].exe" )
[01/16/2008, 16:57:34] - Detected System Information:
[01/16/2008, 16:57:34] - Windows Version: 5.1.2600, Service Pack 2
[01/16/2008, 16:57:34] - Current Username: chiara (Admin)
[01/16/2008, 16:57:34] - Windows is in NORMAL mode.
[01/16/2008, 16:57:34] - Searching for Browser Helper Objects:
[01/16/2008, 16:57:34] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/16/2008, 16:57:34] - BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[01/16/2008, 16:57:34] - BHO 3: {2C9C06A0-E32D-4585-AB40-176DD72259C3} ()
[01/16/2008, 16:57:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/16/2008, 16:57:34] - Checking for HKLM\...\Winlogon\Notify\ddcya
[01/16/2008, 16:57:34] - Key not found: HKLM\...\Winlogon\Notify\ddcya, continuing.
[01/16/2008, 16:57:34] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/16/2008, 16:57:34] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/16/2008, 16:57:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/16/2008, 16:57:34] - No filename found. Continuing.
[01/16/2008, 16:57:34] - BHO 6: {8A406068-D45C-40B9-A096-38AC717FB608} (CBHOBJObj Object)
[01/16/2008, 16:57:34] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[01/16/2008, 16:57:34] - BHO 8: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[01/16/2008, 16:57:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/16/2008, 16:57:34] - Checking for HKLM\...\Winlogon\Notify\hyutszrf
[01/16/2008, 16:57:34] - Found: HKLM\...\Winlogon\Notify\hyutszrf - This is probably Virtumundo.
[01/16/2008, 16:57:34] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
[01/16/2008, 16:57:34] - BHO list has been changed! Starting over...
[01/16/2008, 16:57:34] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/16/2008, 16:57:34] - BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[01/16/2008, 16:57:34] - BHO 3: {2C9C06A0-E32D-4585-AB40-176DD72259C3} ()
[01/16/2008, 16:57:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/16/2008, 16:57:34] - Checking for HKLM\...\Winlogon\Notify\ddcya
[01/16/2008, 16:57:34] - Key not found: HKLM\...\Winlogon\Notify\ddcya, continuing.
[01/16/2008, 16:57:34] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/16/2008, 16:57:34] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/16/2008, 16:57:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/16/2008, 16:57:34] - No filename found. Continuing.
[01/16/2008, 16:57:34] - BHO 6: {8A406068-D45C-40B9-A096-38AC717FB608} (CBHOBJObj Object)
[01/16/2008, 16:57:34] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[01/16/2008, 16:57:34] - BHO 8: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[01/16/2008, 16:57:34] - ALERT: Found MSEvents Object!
[01/16/2008, 16:57:34] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/16/2008, 16:57:34] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[01/16/2008, 16:57:34] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/16/2008, 16:57:34] - BHO 12: {dbd9c38e-4ad1-4ab8-a7b4-b13282939059} ()
[01/16/2008, 16:57:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/16/2008, 16:57:34] - Checking for HKLM\...\Winlogon\Notify\mpvpdjmk
[01/16/2008, 16:57:34] - Key not found: HKLM\...\Winlogon\Notify\mpvpdjmk, continuing.
[01/16/2008, 16:57:34] - BHO 13: {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} (BrowsingAdvisor)
[01/16/2008, 16:57:34] - BHO 14: {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} ()
[01/16/2008, 16:57:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/16/2008, 16:57:34] - Checking for HKLM\...\Winlogon\Notify\urqqrom
[01/16/2008, 16:57:34] - Key not found: HKLM\...\Winlogon\Notify\urqqrom, continuing.
[01/16/2008, 16:57:34] - Finished Searching Browser Helper Objects
[01/16/2008, 16:57:34] - *** Detected MSEvents Object
[01/16/2008, 16:57:34] - Trying to remove MSEvents Object...
[01/16/2008, 16:57:35] - Terminating Process: IEXPLORE.EXE
[01/16/2008, 16:57:35] - Terminating Process: RUNDLL32.EXE
[01/16/2008, 16:57:35] - Disabling Automatic Shell Restart
[01/16/2008, 16:57:35] - Terminating Process: EXPLORER.EXE
[01/16/2008, 16:57:35] - Suspending the NT Session Manager System Service
[01/16/2008, 16:57:35] - Terminating Windows NT Logon/Logoff Manager
[01/16/2008, 16:57:36] - Re-enabling Automatic Shell Restart
[01/16/2008, 16:57:36] - File to disable: C:\WINDOWS\system32\hyutszrf.dll
[01/16/2008, 16:57:36] - Renaming C:\WINDOWS\system32\hyutszrf.dll -> C:\WINDOWS\system32\hyutszrf.dll.vir
[01/16/2008, 16:57:36] - File successfully renamed!
[01/16/2008, 16:57:36] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[01/16/2008, 16:57:36] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[01/16/2008, 16:57:36] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
[01/16/2008, 16:57:36] - Deleting ATLEvents/MSEvents Registry entries
[01/16/2008, 16:57:36] - Removing HKLM\...\Winlogon\Notify\hyutszrf
[01/16/2008, 16:57:36] - Searching for Browser Helper Objects:
[01/16/2008, 16:57:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/16/2008, 16:57:36] - BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[01/16/2008, 16:57:36] - BHO 3: {2C9C06A0-E32D-4585-AB40-176DD72259C3} ()
[01/16/2008, 16:57:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/16/2008, 16:57:36] - Checking for HKLM\...\Winlogon\Notify\ddcya
[01/16/2008, 16:57:36] - Key not found: HKLM\...\Winlogon\Notify\ddcya, continuing.
[01/16/2008, 16:57:36] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/16/2008, 16:57:36] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/16/2008, 16:57:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/16/2008, 16:57:36] - No filename found. Continuing.
[01/16/2008, 16:57:36] - BHO 6: {8A406068-D45C-40B9-A096-38AC717FB608} (CBHOBJObj Object)
[01/16/2008, 16:57:36] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[01/16/2008, 16:57:36] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/16/2008, 16:57:36] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[01/16/2008, 16:57:36] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/16/2008, 16:57:36] - BHO 11: {dbd9c38e-4ad1-4ab8-a7b4-b13282939059} ()
[01/16/2008, 16:57:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/16/2008, 16:57:36] - Checking for HKLM\...\Winlogon\Notify\mpvpdjmk
[01/16/2008, 16:57:36] - Key not found: HKLM\...\Winlogon\Notify\mpvpdjmk, continuing.
[01/16/2008, 16:57:36] - BHO 12: {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} (BrowsingAdvisor)
[01/16/2008, 16:57:36] - BHO 13: {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} ()
[01/16/2008, 16:57:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/16/2008, 16:57:36] - Checking for HKLM\...\Winlogon\Notify\urqqrom
[01/16/2008, 16:57:36] - Key not found: HKLM\...\Winlogon\Notify\urqqrom, continuing.
[01/16/2008, 16:57:36] - Finished Searching Browser Helper Objects
[01/16/2008, 16:57:36] - Finishing up...
[01/16/2008, 16:57:36] - A restart is needed.
[01/16/2008, 16:57:47] - Attempting to Restart via STOP error (Blue Screen!)
Avatar utente
pucioletta
Aficionado
Aficionado
 
Messaggi: 28
Iscritto il: mar gen 15, 2008 4:58 pm
Top

Messaggioda ste_95 » mer gen 16, 2008 5:10 pm

Installati la versione trial di kaspersky e fai una scansione con lui, elimina ciò che rileva.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda pucioletta » mer gen 16, 2008 5:21 pm

ho cantato troppo presto vittoria: seppur di meno rispetto a prima, compare ancora qualche pop-up.

Sto scaricando la versione trial di KASPERKSY ANTIVIRUS , va bene questa? C'erano altre 2 possibilità di prova tra cui poter scegliere, mi è sembrata la più indicata per intuito.
VUNDOFIX mi sta trovando ancora qualche trojan, stoppo e lascio fare tutto a kaspersky?

grazie ancora
Avatar utente
pucioletta
Aficionado
Aficionado
 
Messaggi: 28
Iscritto il: mar gen 15, 2008 4:58 pm
Top

Messaggioda ste_95 » mer gen 16, 2008 5:32 pm

Kaspersky dovrebbe risollevare non di poco la situazione [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda crazy.cat » mer gen 16, 2008 5:56 pm

pucioletta ha scritto:Prima avevo NOD32.

Sicuramente settato male visto il disastro che avevi nel tuo pc.
O lo setti per bene seguendo questa guida
http://www.MegaLab.it/2775
Oppure per sei mesi passi a questo visto che è ancora in offerta gratuita
http://www.MegaLab.it/1740

Hai installato un firewall?


Se avessi avuto il tuo pc sotto mano mi avrebbe fatto felice ed avrei incrementato la mia raccolta di vermicelli.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda pucioletta » mer gen 16, 2008 6:09 pm

ragazzi help mettetevi d'accordo! Ormai NOD non c'è piu, su suggerimento di STE95 ho scaricato la versione trial di KASPERSKY, non va bene?

Se è migliore quella che mi ha detto crazycat, oltretutto vale x 6 mesi , ancora meglio [^]

Cosa mi conviene fare? Per ora kaspersky ANTIVIRUS sta effettuando la scansione, ma nn mancano quelle voci stridule di avvertimento virus [devil]

uffi sono sempre in agguato.
crazycat allora cosa mi consigli?
Avatar utente
pucioletta
Aficionado
Aficionado
 
Messaggi: 28
Iscritto il: mar gen 15, 2008 4:58 pm
Top
Prossimo
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 24 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising