Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

non riesco a reinstallare nessun antivirus

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

non riesco a reinstallare nessun antivirus

Messaggioda Liliy » mer gen 16, 2008 12:40 pm

Ciao a tutti, sono nuova...Ho avuto un problema con il Norton, l'ho tolto ma adesso non riesco più a reinstallare nessun tipo di antivirus, ogni volta mi dice che non riesce a copiare dei file specifici..in più ogni volta che cerco di aprire una pagina di Internet Explorer si blocca e solo dopo alcuni minuti riesco ad utilizzarla. Come posso fare?
vi copio la scansione con gmer:

GMER 1.0.13.12551 - http://www.gmer.net
Autostart scan 2008-01-16 12:27:04
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
igfxcui@DLLName = igfxsrvc.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile Device /*Apple Mobile Device*/@ = "C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Capture Device Service /*Capture Device Service*/@ = "C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe"
LightScribeService /*LightScribeService Direct Disc Labeling Service*/@ = "C:\Programmi\File comuni\LightScribe\LSSrvc.exe"
SimpTcp /*Servizi semplici TCP/IP*/@ = %SystemRoot%\system32\tcpsvcs.exe
SNMP /*Servizio SNMP*/@ = %SystemRoot%\System32\snmp.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UleadBurningHelper /*Ulead Burning Helper*/@ = C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
Utilità di pianificazione di LiveUpdate automatico /*Utilità di pianificazione di LiveUpdate automatico*/@ = "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Symantec NetDriver MonitorC:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
@IgfxTrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@HotKeysCmdsC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@CmaudioRunDll32 cmicnfg.cpl,CMICtrlWnd = RunDll32 cmicnfg.cpl,CMICtrlWnd
@OmnipageC:\Programmi\ScanSoft\OmniPageSE\opware32.exe = C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
@ISUSPM StartupC:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup = C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
@ISUSScheduler"C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start = "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
@SunJavaUpdateSched"C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" = "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@snpstdC:\WINDOWS\vsnpstd.exe = C:\WINDOWS\vsnpstd.exe
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@DAEMON Tools-1033"C:\Programmi\D-Tools\daemon.exe" -lang 1033 = "C:\Programmi\D-Tools\daemon.exe" -lang 1033
@I downloaded pirated Software from P2P C:\WINDOWS\system32\Sims 2 Pets.exe /*file not found*/ = C:\WINDOWS\system32\Sims 2 Pets.exe /*file not found*/
@Adobe Photo Downloader"C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" = "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
@PCSuiteTrayApplicationC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
@iTunesHelper"C:\Programmi\iTunes\iTunesHelper.exe" = "C:\Programmi\iTunes\iTunesHelper.exe"
RunOnceEx@Flag = 2 /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@swgC:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
@PcSyncC:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/ = C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/
@drvsyskitC:\WINDOWS\system32\drivers\hldrrr.exe = C:\WINDOWS\system32\drivers\hldrrr.exe
@german.exeC:\WINDOWS\system32\wintems.exe = C:\WINDOWS\system32\wintems.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@UPnPMonitor = C:\WINDOWS\system32\upnpui.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Periferiche Plug and Play universali*/C:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\Windows Live\Messenger\fsshext.8.5.1302.1018.dll = C:\Programmi\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{DEE12703-6333-4D4E-8F34-738C4DCC2E04} /*RecordNow! SendToExt*/C:\Programmi\Sonic\RecordNow Deluxe\RecordNow! Deluxe\shlext.dll = C:\Programmi\Sonic\RecordNow Deluxe\RecordNow! Deluxe\shlext.dll
@{73B24247-042E-4EF5-ADC2-42F62E6FD654} /*ICQ Lite Shell Extension*/(null) =
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Autodesk.DWF.ContextMenu@{6C18531F-CA85-45F7-8278-FF33CF0A5964} = C:\Programmi\File comuni\Autodesk shared\dwf common\DWFShellExtension.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{22BF413B-C6D2-4d91-82A9-A0F997BA588C}C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL = C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll = C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll = C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
skype4com@CLSID = C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6428C461-2E6F-422A-8C7E-436DBADF7139} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.1.34 = 192.168.1.34
@NameServer192.168.1.1 = 192.168.1.1
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000004@LibraryPath = C:\WINDOWS\system32\pnrpnsp.dll
000000000005@LibraryPath = C:\WINDOWS\system32\pnrpnsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006@LibraryPath = %SystemRoot%\system32\wshbth.dll

C:\Documents and Settings\Liliy\Menu Avvio\Programmi\Esecuzione automatica = IMVU.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Microsoft Office.lnk = Microsoft Office.lnk
NkbMonitor.exe.lnk = NkbMonitor.exe.lnk
Photo Loader residente.lnk = Photo Loader residente.lnk

---- EOF - GMER 1.0.13 ----
Avatar utente
Liliy
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: mer gen 16, 2008 12:31 pm

Messaggioda crazy.cat » mer gen 16, 2008 1:12 pm

Insisti con Internet explorer e fai la scansione sul sito della kaspersky
http://www.MegaLab.it/forum/viewtopic.p ... 912#282912
Gmer non ci serve a niente.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Liliy » ven gen 18, 2008 10:58 am

dopo ore e ore sono riuscita a fare la scansione, vi allego il file compresso

come devo fare lo script con avenger?
Avatar utente
Liliy
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: mer gen 16, 2008 12:31 pm


Messaggioda crazy.cat » ven gen 18, 2008 11:10 am

copia e incolla il testo del report oppure allegalo in file zip.
Non posso aprire i rar dove mi trovo adesso.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Liliy » ven gen 18, 2008 11:16 am

Scan Statistics
Total number of scanned objects 88140
Number of viruses found 11
Number of infected objects 40
Number of suspicious objects 0
Duration of the scan process 22:36:46

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Symantec\LiveUpdate\2008-01-17_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\Liliy\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Liliy\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Liliy\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Liliy\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Liliy\Impostazioni locali\Temporary Internet Files\Content.IE5\HXPNC7NU\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Liliy\Impostazioni locali\Temporary Internet Files\Content.IE5\IJWR45UD\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Liliy\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Liliy\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Liliy\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Programmi\eMule\Incoming\NOCD Sims 2 Pets crack.exe/irsetup.dat Infected: P2P-Worm.Win32.Padonak.b skipped

C:\Programmi\eMule\Incoming\NOCD Sims 2 Pets crack.exe SetupFactory: infected - 1 skipped

C:\Programmi\eMule\Incoming\Sims 2 Pets crack.exe/irsetup.dat Infected: P2P-Worm.Win32.Padonak.b skipped

C:\Programmi\eMule\Incoming\Sims 2 Pets crack.exe SetupFactory: infected - 1 skipped

C:\Programmi\eMule\Incoming\Win.All Sims 2 Pets crack.exe/irsetup.dat Infected: P2P-Worm.Win32.Padonak.b skipped

C:\Programmi\eMule\Incoming\Win.All Sims 2 Pets crack.exe SetupFactory: infected - 1 skipped

C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.ia skipped

C:\Programmi\LoveDeath4\LOVE and DEATH Script 4.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Programmi\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{3973B84C-A782-4F47-8A53-8AAE86BDFD09}\RP226\A0489304.reg Infected: Trojan-Downloader.Win32.Bagle.hp skipped

C:\System Volume Information\_restore{3973B84C-A782-4F47-8A53-8AAE86BDFD09}\RP226\A0489306.reg Infected: Trojan-Downloader.Win32.Bagle.hp skipped

C:\System Volume Information\_restore{3973B84C-A782-4F47-8A53-8AAE86BDFD09}\RP226\A0489311.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{3973B84C-A782-4F47-8A53-8AAE86BDFD09}\RP226\A0489312.exe Infected: Trojan-Downloader.Win32.Bagle.ia skipped

C:\System Volume Information\_restore{3973B84C-A782-4F47-8A53-8AAE86BDFD09}\RP226\A0489313.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{3973B84C-A782-4F47-8A53-8AAE86BDFD09}\RP226\A0489315.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{3973B84C-A782-4F47-8A53-8AAE86BDFD09}\RP226\A0491308.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{3973B84C-A782-4F47-8A53-8AAE86BDFD09}\RP226\A0491309.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\down\132984.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29131687.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\68296.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\89593.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_210.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

D:\BearShareV6it.exe/WISE0104.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped

D:\BearShareV6it.exe/WISE0104.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped

D:\BearShareV6it.exe/WISE0104.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped

D:\BearShareV6it.exe WiseSFX: infected - 3 skipped

D:\BearShareV6it.exe WiseSFXDropper: infected - 3 skipped

D:\ele\programmi\GothicSoul_script\GothicSoul_script\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped

D:\ele\programmi\mirc\mirc6.03-ITA\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped

D:\ele\programmi\mirc\mirc6.03-ITA.zip/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped

D:\ele\programmi\mirc\mirc6.03-ITA.zip ZIP: infected - 1 skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{4590CA54-7290-4814-8D88-E59967E86AFD}\RP8\A0002621.exe/WISE0036.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

D:\System Volume Information\_restore{4590CA54-7290-4814-8D88-E59967E86AFD}\RP8\A0002621.exe/WISE0037.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

D:\System Volume Information\_restore{4590CA54-7290-4814-8D88-E59967E86AFD}\RP8\A0002621.exe/WISE0038.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

D:\System Volume Information\_restore{4590CA54-7290-4814-8D88-E59967E86AFD}\RP8\A0002621.exe/WISE0040.BIN Infected: Trojan-Downloader.Win32.Agent.avz skipped

D:\System Volume Information\_restore{4590CA54-7290-4814-8D88-E59967E86AFD}\RP8\A0002621.exe/WISE0041.BIN Infected: Trojan-Downloader.Win32.Agent.avz skipped

D:\System Volume Information\_restore{4590CA54-7290-4814-8D88-E59967E86AFD}\RP8\A0002621.exe WiseSFX: infected - 5 skipped

D:\System Volume Information\_restore{4590CA54-7290-4814-8D88-E59967E86AFD}\RP8\A0002621.exe WiseSFXDropper: infected - 5 skipped

Scan process completed.
Avatar utente
Liliy
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: mer gen 16, 2008 12:31 pm

Messaggioda crazy.cat » ven gen 18, 2008 11:31 am

Disattiva il ripristino della configurazione su c:\ ed d:\ poi riavvia il pc
http://www.MegaLab.it/2330

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nel box bianco che si è aperto:

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\hldrrr.ex_
C:\WINDOWS\system32\mdelk.exe
C:\Documents and Settings\Liliy\Impostazioni locali\Temporary Internet Files\Content.IE5\HXPNC7NU\b64_3[1].jpg
C:\Documents and Settings\Liliy\Impostazioni locali\Temporary Internet Files\Content.IE5\IJWR45UD\b64_3[1].jpg
C:\Programmi\eMule\Incoming\Win.All Sims 2 Pets crack.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.ia skipped
D:\BearShareV6it.exe

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\down

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32



Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà e prova a reinstallare subito l'antivirus.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Liliy » ven gen 18, 2008 11:47 am

ok grazie, sembra andare bene ora...come antivirus Avira Antivir Personal Edition è buono? nn vorrei che mi crei problemi con emule e che sia troppo pesante...vorrei evitare di rimettere il Norton Internet Security

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ugdwdeyy

*******************

Script file located at: \??\C:\WINDOWS\sanhaumv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\windows\system32\drivers\hldrrr.exe deleted successfully.


File C:\WINDOWS\system32\drivers\hldrrr.ex_ not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc0000034

File C:\WINDOWS\system32\mdelk.exe deleted successfully.
File C:\Documents and Settings\Liliy\Impostazioni locali\Temporary Internet Files\Content.IE5\HXPNC7NU\b64_3[1].jpg deleted successfully.
File C:\Documents and Settings\Liliy\Impostazioni locali\Temporary Internet Files\Content.IE5\IJWR45UD\b64_3[1].jpg deleted successfully.
File C:\Programmi\eMule\Incoming\Win.All Sims 2 Pets crack.exe deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.
File D:\BearShareV6it.exe deleted successfully.


Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
Liliy
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: mer gen 16, 2008 12:31 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 17 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising