Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Sto lottando da giorni con Bagle! (..e sto perdendo) RISOLTO

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Sto lottando da giorni con Bagle! (..e sto perdendo) RISOLTO

Messaggioda Sate » dom gen 20, 2008 9:06 am

Ciao a tutti,

ho scoperto questo forum cercando su internet le soluzioni al mio problema.. e visto la disponibilità nell'aiutare chi è in difficoltà, vi posto il mio problema:

mi sono accorto di avere il computer infetto (lanciando un eseguibile preso da emule...)

ho seguito la guida per bagle e ho lanciato kaspersky online e sucessivamente ho inserito le voci dei file infetti nello script da inserire in avast.
Naturalmente ho prima disabilitato il ripristino automatico di Winxp.

KASPERSKY ONLINE SCANNER REPORTKASPERSKY ONLINE SCANNER REPORT
Saturday, January 19, 2008 9:24:24 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build
2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/01/2008
Kaspersky Anti-Virus database records: 523903


Scan Settings
Scan using the following antivirus databaseextended
Scan Archivestrue
Scan Mail Basestrue

Scan TargetMy Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics
Total number of scanned objects135395
Number of viruses found6
Number of infected objects17
Number of suspicious objects0
Duration of the scan process01:48:25

Infected Object NameVirus NameLast Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped

E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked
skipped

E:\Documents and Settings\LocalService\Impostazioni
locali\Cronologia\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Impostazioni locali\Dati
applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\LocalService\Impostazioni locali\Dati
applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\LocalService\Impostazioni locali\Temporary
Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped


E:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked
skipped

E:\Documents and Settings\NetworkService\Impostazioni locali\Dati
applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\NetworkService\Impostazioni locali\Dati
applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked
skipped

E:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked
skipped

E:\Documents and Settings\Stefano\Cookies\index.dat Object is locked
skipped

E:\Documents and Settings\Stefano\Desktop\WGA Patcher Permanent
Kit-1-1-2007\WGA Patcher Permanent
Kit-1-1-2007\keyfinder.exe/data.rar/officekey.exe Infected:
not-a-virus:PSWTool.Win32.RAS.a skipped

E:\Documents and Settings\Stefano\Desktop\WGA Patcher Permanent
Kit-1-1-2007\WGA Patcher Permanent Kit-1-1-2007\keyfinder.exe/data.rar
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

E:\Documents and Settings\Stefano\Desktop\WGA Patcher Permanent
Kit-1-1-2007\WGA Patcher Permanent Kit-1-1-2007\keyfinder.exe RarSFX:
infected - 2 skipped

E:\Documents and Settings\Stefano\Desktop\WGA Patcher Permanent
Kit-1-1-2007.rar/WGA Patcher Permanent
Kit-1-1-2007/keyfinder.exe/data.rar/officekey.exe Infected:
not-a-virus:PSWTool.Win32.RAS.a skipped

E:\Documents and Settings\Stefano\Desktop\WGA Patcher Permanent
Kit-1-1-2007.rar/WGA Patcher Permanent Kit-1-1-2007/keyfinder.exe/data.rar
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

E:\Documents and Settings\Stefano\Desktop\WGA Patcher Permanent
Kit-1-1-2007.rar/WGA Patcher Permanent Kit-1-1-2007/keyfinder.exe
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

E:\Documents and Settings\Stefano\Desktop\WGA Patcher Permanent
Kit-1-1-2007.rar RAR: infected - 3 skipped

E:\Documents and Settings\Stefano\Impostazioni
locali\Cronologia\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\Stefano\Impostazioni locali\Dati
applicazioni\Ahead\Nero Home\bl.db Object is locked skipped

E:\Documents and Settings\Stefano\Impostazioni locali\Dati
applicazioni\Ahead\Nero Home\is2.db Object is locked skipped

E:\Documents and Settings\Stefano\Impostazioni locali\Dati
applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\Stefano\Impostazioni locali\Dati
applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\Stefano\Impostazioni locali\Temporary Internet
Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is
locked skipped

E:\Documents and Settings\Stefano\Impostazioni locali\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\Stefano\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\Stefano\ntuser.dat.LOG Object is locked skipped

E:\Documents and
Settings\Stefano\Pavark\RKCL_SEND\02CD138C7C8B6BA35DE34E14EC6B4C8F.fil
Infected: Trojan-Downloader.Win32.Bagle.ii skipped

E:\Documents and
Settings\Stefano\Pavark\RKCL_SEND\607897A67948E794AD5399673FF0E5D6.fil
Infected: Trojan-Downloader.Win32.Bagle.ii skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped

E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

E:\WINDOWS\SchedLgU.Txt Object is locked skipped

E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
skipped

E:\WINDOWS\Sti_Trace.log Object is locked skipped

E:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

E:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

E:\WINDOWS\system32\CnxDslWz.log Object is locked skipped

E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\default Object is locked skipped

E:\WINDOWS\system32\config\default.LOG Object is locked skipped

E:\WINDOWS\system32\config\Internet.evt Object is locked skipped

E:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

E:\WINDOWS\system32\config\OSession.evt Object is locked skipped

E:\WINDOWS\system32\config\SAM Object is locked skipped

E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\SECURITY Object is locked skipped

E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

E:\WINDOWS\system32\config\software Object is locked skipped

E:\WINDOWS\system32\config\software.LOG Object is locked skipped

E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\system Object is locked skipped

E:\WINDOWS\system32\config\system.LOG Object is locked skipped

E:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

E:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

E:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped

E:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped

E:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

E:\WINDOWS\system32\h323log.txt Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked
skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked
skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked
skipped

E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
skipped

E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked
skipped

E:\WINDOWS\wiadebug.log Object is locked skipped

E:\WINDOWS\wiaservc.log Object is locked skipped

E:\WINDOWS\WindowsUpdate.log Object is locked skipped

H:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped

I:\Helium.Music.Manager.2007.0.0.5505.WinALL-NoPE.zip/setup/Helium_MM_2007(5505)_setup.exe/data.rar/iexplorehk.dll
Infected: not-a-virus:Monitor.Win32.Perflogger.163 skipped

I:\Helium.Music.Manager.2007.0.0.5505.WinALL-NoPE.zip/setup/Helium_MM_2007(5505)_setup.exe/data.rar/iexplore.exe
Infected: not-a-virus:Monitor.Win32.Perflogger.ad skipped

I:\Helium.Music.Manager.2007.0.0.5505.WinALL-NoPE.zip/setup/Helium_MM_2007(5505)_setup.exe/data.rar/rinst.exe
Infected: not-a-virus:Monitor.Win32.Perflogger.bx skipped

I:\Helium.Music.Manager.2007.0.0.5505.WinALL-NoPE.zip/setup/Helium_MM_2007(5505)_setup.exe/data.rar
Infected: not-a-virus:Monitor.Win32.Perflogger.bx skipped

I:\Helium.Music.Manager.2007.0.0.5505.WinALL-NoPE.zip/setup/Helium_MM_2007(5505)_setup.exe
Infected: not-a-virus:Monitor.Win32.Perflogger.bx skipped

I:\Helium.Music.Manager.2007.0.0.5505.WinALL-NoPE.zip ZIP: infected - 5
skipped

I:\Share\mspass-ITA.zip/mspass/mspass.exe Infected:
not-a-virus:PSWTool.Win32.Messen.e skipped

I:\Share\mspass-ITA.zip ZIP: infected - 1 skipped

I:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped

Scan process completed.


e questo è lo script usato:
Files to delete:
e:\WINDOWS\system32\drivers\hidr.exe
e:\WINDOWS\system32\drivers\srosa.sys
e:\WINDOWS\system32\wintems.exe
e:\WINDOWS\system32\hldrrr.exe
e:\WINDOWS\system32\trusted.exe
e:\WINDOWS\system32\drivers\pci32.sys
e:\WINDOWS\system32\drivers\hldrrr.exe
E:\Documents and Settings\Stefano\Desktop\WGA Patcher Permanent Kit-1-1-2007\WGA Patcher Permanent Kit-1-1-2007\keyfinder.exe/data.rar/officekey.exe
E:\Documents and Settings\Stefano\Desktop\WGA Patcher Permanent Kit-1-1-2007\WGA Patcher Permanent Kit-1-1-2007\keyfinder.exe/data.rar
E:\Documents and Settings\Stefano\Desktop\WGA Patcher Permanent Kit-1-1-2007\WGA Patcher Permanent Kit-1-1-2007\keyfinder.exe
E:\Documents and Settings\Stefano\Desktop\WGA Patcher Permanent Kit-1-1-2007.rar/WGA Patcher Permanent Kit-1-1-2007/keyfinder.exe/data.rar/officekey.exe
E:\Documents and Settings\Stefano\Desktop\WGA Patcher Permanent Kit-1-1-2007.rar/WGA Patcher Permanent Kit-1-1-2007/keyfinder.exe/data.rar
E:\Documents and Settings\Stefano\Desktop\WGA Patcher Permanent Kit-1-1-2007.rar/WGA Patcher Permanent Kit-1-1-2007/keyfinder.exe
E:\Documents and Settings\Stefano\Desktop\WGA Patcher Permanent Kit-1-1-2007.rar
E:\Documents and Settings\Stefano\Pavark\RKCL_SEND\02CD138C7C8B6BA35DE34E14EC6B4C8F.fil
E:\Documents and Settings\Stefano\Pavark\RKCL_SEND\607897A67948E794AD5399673FF0E5D6.fil

folders to delete:
e:\WINDOWS\exefnd
e:\WINDOWS\exefld
e:\WINDOWS\system32\drivers\down

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32


al riavvio del pc, era di nuovo infetto!

ieri sera ora ho fatto un'altra scansione:
KASPERSKY ONLINE SCANNER REPORTKASPERSKY ONLINE SCANNER REPORT
Sunday, January 20, 2008 1:47:50 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build
2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/01/2008
Kaspersky Anti-Virus database records: 524076


Scan Settings
Scan using the following antivirus databaseextended
Scan Archivestrue
Scan Mail Basestrue

Scan TargetMy Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics
Total number of scanned objects136372
Number of viruses found6
Number of infected objects15
Number of suspicious objects0
Duration of the scan process01:49:53

Infected Object NameVirus NameLast Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped

E:\avenger\backup-19.01.2008-22.00.24,09.zip/avenger/02CD138C7C8B6BA35DE34E14EC6B4C8F.fil
Infected: Trojan-Downloader.Win32.Bagle.ii skipped

E:\avenger\backup-19.01.2008-22.00.24,09.zip/avenger/607897A67948E794AD5399673FF0E5D6.fil
Infected: Trojan-Downloader.Win32.Bagle.ii skipped

E:\avenger\backup-19.01.2008-22.00.24,09.zip ZIP: infected - 2 skipped

E:\avenger\backup-19.01.2008-22.57.08,26.zip/avenger/keyfinder.exe/data.rar/officekey.exe
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

E:\avenger\backup-19.01.2008-22.57.08,26.zip/avenger/keyfinder.exe/data.rar
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

E:\avenger\backup-19.01.2008-22.57.08,26.zip/avenger/keyfinder.exe
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

E:\avenger\backup-19.01.2008-22.57.08,26.zip ZIP: infected - 3 skipped

E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked
skipped

E:\Documents and Settings\LocalService\Impostazioni
locali\Cronologia\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Impostazioni locali\Dati
applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\LocalService\Impostazioni locali\Dati
applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\LocalService\Impostazioni locali\Temporary
Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped


E:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked
skipped

E:\Documents and Settings\NetworkService\Impostazioni locali\Dati
applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\NetworkService\Impostazioni locali\Dati
applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked
skipped

E:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked
skipped

E:\Documents and Settings\Stefano\Cookies\index.dat Object is locked
skipped

E:\Documents and Settings\Stefano\Impostazioni
locali\Cronologia\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\Stefano\Impostazioni
locali\Cronologia\History.IE5\MSHist012008011920080120\index.dat Object is
locked skipped

E:\Documents and Settings\Stefano\Impostazioni locali\Dati
applicazioni\Ahead\Nero Home\bl.db Object is locked skipped

E:\Documents and Settings\Stefano\Impostazioni locali\Dati
applicazioni\Ahead\Nero Home\is2.db Object is locked skipped

E:\Documents and Settings\Stefano\Impostazioni locali\Dati
applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped

E:\Documents and Settings\Stefano\Impostazioni locali\Dati
applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\Stefano\Impostazioni locali\Dati
applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\Stefano\Impostazioni locali\Temporary Internet
Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is
locked skipped

E:\Documents and Settings\Stefano\Impostazioni locali\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\Stefano\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\Stefano\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\Stefano\UserData\index.dat Object is locked
skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped

E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

E:\WINDOWS\SchedLgU.Txt Object is locked skipped

E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
skipped

E:\WINDOWS\Sti_Trace.log Object is locked skipped

E:\WINDOWS\system32\CnxDslWz.log Object is locked skipped

E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\default Object is locked skipped

E:\WINDOWS\system32\config\default.LOG Object is locked skipped

E:\WINDOWS\system32\config\Internet.evt Object is locked skipped

E:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

E:\WINDOWS\system32\config\OSession.evt Object is locked skipped

E:\WINDOWS\system32\config\SAM Object is locked skipped

E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\SECURITY Object is locked skipped

E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

E:\WINDOWS\system32\config\software Object is locked skipped

E:\WINDOWS\system32\config\software.LOG Object is locked skipped

E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

E:\WINDOWS\system32\config\system Object is locked skipped

E:\WINDOWS\system32\config\system.LOG Object is locked skipped

E:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

E:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

E:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped

E:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped

E:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

E:\WINDOWS\system32\h323log.txt Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked
skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked
skipped

E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked
skipped

E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
skipped

E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked
skipped

E:\WINDOWS\wiadebug.log Object is locked skipped

E:\WINDOWS\wiaservc.log Object is locked skipped

E:\WINDOWS\WindowsUpdate.log Object is locked skipped

H:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped

I:\Helium.Music.Manager.2007.0.0.5505.WinALL-NoPE.zip/setup/Helium_MM_2007(5505)_setup.exe/data.rar/iexplorehk.dll
Infected: not-a-virus:Monitor.Win32.Perflogger.163 skipped

I:\Helium.Music.Manager.2007.0.0.5505.WinALL-NoPE.zip/setup/Helium_MM_2007(5505)_setup.exe/data.rar/iexplore.exe
Infected: not-a-virus:Monitor.Win32.Perflogger.ad skipped

I:\Helium.Music.Manager.2007.0.0.5505.WinALL-NoPE.zip/setup/Helium_MM_2007(5505)_setup.exe/data.rar/rinst.exe
Infected: not-a-virus:Monitor.Win32.Perflogger.bx skipped

I:\Helium.Music.Manager.2007.0.0.5505.WinALL-NoPE.zip/setup/Helium_MM_2007(5505)_setup.exe/data.rar
Infected: not-a-virus:Monitor.Win32.Perflogger.bx skipped

I:\Helium.Music.Manager.2007.0.0.5505.WinALL-NoPE.zip/setup/Helium_MM_2007(5505)_setup.exe
Infected: not-a-virus:Monitor.Win32.Perflogger.bx skipped

I:\Helium.Music.Manager.2007.0.0.5505.WinALL-NoPE.zip ZIP: infected - 5
skipped

I:\Share\mspass-ITA.zip/mspass/mspass.exe Infected:
not-a-virus:PSWTool.Win32.Messen.e skipped

I:\Share\mspass-ITA.zip ZIP: infected - 1 skipped

I:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped

Scan process completed.


potete aiutarmi con lo script di avenger? sbaglio qualcosa?

Grazie mille
Ultima modifica di Sate il dom gen 20, 2008 7:37 pm, modificato 1 volta in totale.
Avatar utente
Sate
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: dom gen 20, 2008 8:34 am
Top

Messaggioda crazy.cat » dom gen 20, 2008 9:14 am

Nei dischi C:\ e D:\ cosa hai?

L'unica cosa che non avevi messo nello script è questa
E:\WINDOWS\system32\mdelk.exe

Se ti riferisci alla cartella E:\avenger la puoi cancellare senza problemi.

Sei riuscito a reinstallare l'antivirus?
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda Sate » dom gen 20, 2008 9:17 am

nel C sono foto e nel D ci sono Mp3..


non no sono riuscito a reinstallare nessun antivirus
.. dopo la seconda scansione dei Kav online, non ho fatto nessuno script perché credo di non essere capace [nonono]

e poi, dalla seconda scansione sembrerebbe andare tutto bene.. mi rileva (e non so perché) Helium che ho installato da molto tempo e dovrebbe essere ok (ma non ho problemi a rimuore) e il backup della rimozione precedente..
Avatar utente
Sate
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: dom gen 20, 2008 8:34 am
Top
Top

Messaggioda crazy.cat » dom gen 20, 2008 11:02 am

Prova questo script, al riavvio esce un txt postane il contenuto del file qui nella discussione, poi prova anche a renstallare un antivirus.

Codice: Seleziona tutto
Files to delete:
E:\WINDOWS\system32\drivers\hidr.exe
E:\WINDOWS\system32\drivers\srosa.sys
E:\WINDOWS\system32\wintems.exe
E:\WINDOWS\system32\trusted.exe
E:\WINDOWS\system32\drivers\pci32.sys
E:\windows\system32\drivers\hldrrr.exe
E:\WINDOWS\system32\mdelk.exe

folders to delete:
E:\WINDOWS\system32\drivers\down

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda Sate » dom gen 20, 2008 12:49 pm

Ho fatto.. e qua sotto c'è il report..

ma non riesco ancora ad installare l'antivirus!

non so più davvero dove sbattere la testa! [acc2]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bqyiuufe

*******************

Script file located at: \??\E:\WINDOWS\lhilwbmx.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at E:\Avenger

*******************

Beginning to process script file:



File E:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file E:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
E:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034



File E:\WINDOWS\system32\drivers\srosa.sys not found!
Deletion of file E:\WINDOWS\system32\drivers\srosa.sys failed!

Could not process line:
E:\WINDOWS\system32\drivers\srosa.sys
Status: 0xc0000034



File E:\WINDOWS\system32\wintems.exe not found!
Deletion of file E:\WINDOWS\system32\wintems.exe failed!

Could not process line:
E:\WINDOWS\system32\wintems.exe
Status: 0xc0000034



File E:\WINDOWS\system32\trusted.exe not found!
Deletion of file E:\WINDOWS\system32\trusted.exe failed!

Could not process line:
E:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File E:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file E:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
E:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034



File E:\windows\system32\drivers\hldrrr.exe not found!
Deletion of file E:\windows\system32\drivers\hldrrr.exe failed!

Could not process line:
E:\windows\system32\drivers\hldrrr.exe
Status: 0xc0000034



File E:\WINDOWS\system32\mdelk.exe not found!
Deletion of file E:\WINDOWS\system32\mdelk.exe failed!

Could not process line:
E:\WINDOWS\system32\mdelk.exe
Status: 0xc0000034



Folder E:\WINDOWS\system32\drivers\down not found!
Deletion of folder E:\WINDOWS\system32\drivers\down failed!

Could not process line:
E:\WINDOWS\system32\drivers\down
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
Sate
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: dom gen 20, 2008 8:34 am
Top

Messaggioda crazy.cat » dom gen 20, 2008 1:06 pm

Che antivirus non riesci a reinstallare?
Hai provato ad installarne un altro qualsiasi?

O hai preso un bagle nuovo, o c'è dell'altro.

Prova a fare un scansione con gmer e vedi se ti segnala qualche attività rootkit appena lo apri.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda Sate » dom gen 20, 2008 1:51 pm

L'antivirus che non riesco ad installare è il kaspersky. Ora sto scaricando la versine prova di Panda.. ma sono sicuro al 99% che il problema non è l'antivirus ma è che sono ancora infetto!
Anche l'anti malware di Microsoft mi trova sempre qualcosa.. e mi avvisa gentilmente che "sono stati trovati virus e parzialmente rimossi"

Gmer non l'ho mai usato.
Questo è quello che mi viene fuori nel tab rootkit. Non ci capisco un gran che...


GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2008-01-20 13:48:17
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\E:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\E:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\E:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation

Code \??\E:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\E:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 86FCE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 86FCE1E8

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F312FDB0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F312FFA0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F312FFA0] klif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F71460F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F71460F0] kl1.sys

---- Threads - GMER 1.0.13 ----

Thread 4:360 86D80020
Thread 4:364 86D5FD00
Thread 4:368 86D5FD00
Thread 4:372 86D36430
Thread 4:376 86D36430
Thread 4:380 86D36430
Thread 4:660 86D5FD00
Thread 4:804 86D5FD00
Thread 4:1032 86D5FD00

---- EOF - GMER 1.0.13 ----
Avatar utente
Sate
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: dom gen 20, 2008 8:34 am
Top

Messaggioda crazy.cat » dom gen 20, 2008 3:37 pm

Sate ha scritto:L'antivirus che non riesco ad installare è il kaspersky.

Se panda funziona, prova ad usare il pulitore delle installazione di kaspersky
http://support.kaspersky.com/downloads/ ... emover.zip
Magari è rimasta qualche chiave che ne impedisce la reinstallazione

Anche l'anti malware di Microsoft mi trova sempre qualcosa.. e mi avvisa gentilmente che "sono stati trovati virus e parzialmente rimossi"

Cosa trova?

Gmer è pulito, il rootkit non sembra più esserci.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda Sate » dom gen 20, 2008 4:37 pm

ha funzionato!!!

sono riuscito ad installare il Kaspersky, l'ho aggiornato, riavviato ed è ancora li!!!
adesso ho fatto partire una (lunghissima) scansione!!

Grazie mille, spero di avere risolto!

Ne approfitto per chiederti un'altra domanda:

firefox non mi mostra più i segnalibri nonostante ci siano ancora nel mio hd.. come posso fare? ho come l'impressione che abbia creato qualcosa come un nuovo utente....
Avatar utente
Sate
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: dom gen 20, 2008 8:34 am
Top

Messaggioda crazy.cat » dom gen 20, 2008 4:54 pm

cerca il file bookmarks.html e vedi se lo trovi in qualche altro profilo.
Vengono anche salvati all'interno della cartella bookmarkbackups nel tuo profilo di firefox, vengono rinominati in base al giorno del salvataggio ma puoi sempre recuperarlo e sovrascriverlo al file attuale.
Con firefox chiuso.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda Sate » dom gen 20, 2008 6:30 pm

risolto ancora!

davvero grazie mille, spero che la scansione sia ok!
ma penso proprio che tu mi abbia risolto tutti i problemi!
Avatar utente
Sate
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: dom gen 20, 2008 8:34 am
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 36 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising