www.MegaLab.it

[PinkGlitter]

Allora facciamo un'altra cosina... il mio ragazzo ha il mio stesso pc
Sony Vaio CR21S
ha anche lui Windows Vista (che era già preinstallato nei pc)
potrei fare i Cd di ripristino dal suo pc e formattare...
Credo sia la soluzione più sbrigativa, mi sono scocciata abbastanza :(
potrei mettere però direttamente XP una volta che formatto?
ho ovviamente il Cd di Windows XP originale me l'avevano dato per il pc fisso.
l'unico problema è che non homai formattato il pc ed ho un po' il timore di non ritrovare più i driver di cose come la webcam, il microfono (entrambi integrati al pc) ecc.
ciao ciao

ps sisi...davvvero sicuro questo Vista

[crazy.cat]

potrei mettere però direttamente XP una volta che formatto?

E' difficile che ti prenda il vecchio seriale come valido e te lo attivi, questo non posso garantitelo, però sembra ci sia la possibilità di tornare a xp e avere i driver
http://support.vaio.sony.it/os/xp/downg ... it_IT_cons

Puoi fare un tentativo, male che vada rimetti vista.

[PinkGlitter]

uhm vediamo un po' che dicono lì...anche se ti giuro che sto perdendo le speranze di sistemare la situazione a breve :( se riesci a trovare qualcosina comunque fammi sapere per favore!

[ste_95]

Te lo metto sul teorico, poi se vuoi ti do tutte le informazioni:

Il mitico crazy.cat ha scoperto il modo di eliminarlo da vista, però è piuttosto macchinoso:

E' necessario scansionare online con kaspersky per scoprire i file infetti, quindi avere il MegaLabCD e avviare elibagla. Al successivo riavvio eseguire una pulizia approfondita con CCleaner.

[PinkGlitter]

non so se sono capace di farlo...magari se qualcuno ha la pazienza di seguirmi passo per passo... io vi ringrazio anticipatamente di cuore. ciao ciao

[ste_95]

Si, il procedimento è solo particolarmente lungo, ma non è troppo complicato...

Allora, ci stai?

[crazy.cat]

non so se sono capace di farlo...magari se qualcuno ha la pazienza di seguirmi passo per passo... io vi ringrazio anticipatamente di cuore. ciao ciao

Leggi i messaggi privati.
Se hai problemi a seguire le istruzioni ne parliamo qui.

[PinkGlitter]

Ok ho letto e proverò a farlo,
Intanto ho riavviato kaspersky per scannerizzare l'intero Pc quindi non resta altro che aspettare, per sicurezza una volta terminato lo scan riporto qui il log in modo che possiate indicarmi che file eliminare. ciao

[PinkGlitter]

Dopo un fallito scan arrivato al 72% (causa riavvio improvviso del pc ) questo è quanto è saltato fuori dal 3° e spero definitivo scanner con kasperksy, potete indicarmi la strada per eliminare questo virus tanto ostinato (guarda i file infetti sono aumentati vertiginosamente...):

Thursday, January 17, 2008 7:40:54 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/01/2008
Kaspersky Anti-Virus database records: 512631
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics
Total number of scanned objects 94022
Number of viruses found 5
Number of infected objects 53
Number of suspicious objects 0
Duration of the scan process 15:55:08

Infected Object Name Virus Name Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\Jasc Software Inc\Animation Shop 3\register.exe Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU539B.txt Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.79.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.79.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf5762.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf5773.tmp Object is locked skipped
C:\ProgramData\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Ivana\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Ivana\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Ivana\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011620080117\index.dat Object is locked skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AX957S7\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AX957S7\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AX957S7\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AX957S7\b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27EA3900\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27EA3900\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JFQ8SUX\b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JFQ8SUX\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2THBIF25\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2THBIF25\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2THBIF25\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2THBIF25\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXDJ53B9\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXDJ53B9\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXDJ53B9\logo[1].gif Object is locked skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPF7UTZQ\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RK8AO56X\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYY0LQ9Q\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\UsrClass.dat{6de2e154-4b12-11dc-8a3a-0013a9f0adfc}.TM.blf Object is locked skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\UsrClass.dat{6de2e154-4b12-11dc-8a3a-0013a9f0adfc}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\UsrClass.dat{6de2e154-4b12-11dc-8a3a-0013a9f0adfc}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Ivana\AppData\Local\Mozilla\Firefox\Profiles\eg7ov5c2.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Ivana\AppData\Local\Mozilla\Firefox\Profiles\eg7ov5c2.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Ivana\AppData\Local\Mozilla\Firefox\Profiles\eg7ov5c2.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Ivana\AppData\Local\Mozilla\Firefox\Profiles\eg7ov5c2.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Ivana\AppData\Local\Temp\mirc63.exe/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\Users\Ivana\AppData\Local\Temp\mirc63.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\Users\Ivana\AppData\Local\Temp\mirc63.exe NSIS: infected - 2 skipped
C:\Users\Ivana\AppData\Local\Temp\~DF8C24.tmp Object is locked skipped
C:\Users\Ivana\AppData\Local\Temp\~DF8C35.tmp Object is locked skipped
C:\Users\Ivana\AppData\Local\Temp\~DF8FF8.tmp Object is locked skipped
C:\Users\Ivana\AppData\Local\Temp\~DFC0FD.tmp Object is locked skipped
C:\Users\Ivana\AppData\Local\Temp\~DFC107.tmp Object is locked skipped
C:\Users\Ivana\AppData\Local\Temp\~DFC77E.tmp Object is locked skipped
C:\Users\Ivana\AppData\Local\Temp\~DFC78A.tmp Object is locked skipped
C:\Users\Ivana\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\eg7ov5c2.default\cert8.db Object is locked skipped
C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\eg7ov5c2.default\formhistory.dat Object is locked skipped
C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\eg7ov5c2.default\history.dat Object is locked skipped
C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\eg7ov5c2.default\key3.db Object is locked skipped
C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\eg7ov5c2.default\parent.lock Object is locked skipped
C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\eg7ov5c2.default\search.sqlite Object is locked skipped
C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\eg7ov5c2.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\Ivana\Documents\File ricevuti\mirc63.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\Users\Ivana\Documents\File ricevuti\mirc63.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\Users\Ivana\Documents\File ricevuti\mirc63.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\Users\Ivana\Documents\File ricevuti\mirc63.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\Users\Ivana\Documents\File ricevuti\mirc63.exe NSIS: infected - 4 skipped
C:\Users\Ivana\NTUSER.DAT Object is locked skipped
C:\Users\Ivana\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Ivana\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Ivana\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Ivana\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Ivana\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ehome\mcupdate.exe Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\down\14569276.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\14615406.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\14617792.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\14625904.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\14660006.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\14674265.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\14708959.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\14716666.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\14747445.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\29139723.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\29218753.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\29234696.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\29249547.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\29264555.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\29298890.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\29329077.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\41761.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\43831476.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\43888619.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\43904359.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\44382.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\45895.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\58460703.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\58485492.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\77158.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\87539274.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\down\95285.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\ivireg.ivr Object is locked skipped
C:\Windows\System32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.16386_none_c6660fc3aee34dc4\mcupdate.exe Object is locked skipped
Scan process completed.


Aspetto vostre indicazioni per procedere come precedentemente mi è stato indicato per PM sperando di riuscirci
ps mi sono accorta che ho tanti file infetti (ahimè) nella cartella system32 non è che anche eliminando il virus resto fregata perché elimino file importanti?

[crazy.cat]

Le istruzioni adesso le trovi scritte bene qui
http://www.MegaLab.it/2657/6

Nessuno dei file infetti che vedi è importante, quindi cancella pure senza problemi.

Se trovi questi file li cancelli, non è detto che ci siano tutti
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\trusted.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe

Tutti questi file li puoi rimuovere al riavvio del pc usando ccleaner.
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AX957S7\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AX957S7\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AX957S7\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AX957S7\b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27EA3900\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27EA3900\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JFQ8SUX\b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JFQ8SUX\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2THBIF25\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2THBIF25\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2THBIF25\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2THBIF25\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXDJ53B9\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXDJ53B9\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPF7UTZQ\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RK8AO56X\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\Ivana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYY0LQ9Q\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

questa cartella deve essere cancellata completamente con tutti i suoi file exe che ci sono all'interno.
C:\WINDOWS\system32\drivers\down

E queste sono le due chiavi di registro da eliminare
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

[PinkGlitter]

Oh no mi sa che sono stata disattenta :/ ho fatto la scansione con kaskersky senza prima disattiva il ripristino della configurazione devo rifare la scansione prima di procedere?

[ste_95]

Non ce n'è bisogno, disabilitalo invece prima di iniziare la rimozione

[PinkGlitter]

Installato MegaLab CD Utility scaricato dal link fornitomi in questa discussione poi dove devo andare di preciso? ci sono varie cartelle :/ scusate l'ignoraza ma non so dove mettere mani, aspetto direttive per procedere, ciao e scusate

[crazy.cat]

Installato MegaLab CD Utility scaricato dal link fornitomi in questa discussione poi dove devo andare di preciso? ci sono varie cartelle :/ scusate l'ignoraza ma non so dove mettere mani, aspetto direttive per procedere, ciao e scusate

Devi leggerti l'articolo su come creare il cd finale.
(hai modo di procurarti da un amico un cd di Windows xp?)

[PinkGlitter]

Ho creato l'iso seguendo il processo di creazione cd di MegaLab, ora però sono bloccata e non so come procedere, si accettano consigli...

[PinkGlitter]

niente consigli? scusate se scrivo 2 messaggi di seguito ma il mio post sta cadendo nel dimenticatoio...cerco di riportarlo un po' più in vista.

[crazy.cat]

Non avevo visto la tua risposta.
L'iso deve essere masterizzata sul cd e poi avvii il pc con il cd rom
dal cd esegui le operazioni descritte nell'articolo di pulizia file e chiavi di registro