Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

chiedo aiuto per virus bagle!!

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

chiedo aiuto per virus bagle!!

Messaggioda David78 » lun mar 03, 2008 7:04 pm

salve a tutti

ho un problema con un bagle che non riesco ad eliminare
non vorrei formattare il pc.
vi riporto il log kasperky
se qualcuno puo' aiutarmi ne sarei grato


KASPERSKY ONLINE SCANNER REPORT
Monday, March 03, 2008 6:40:07 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/03/2008
Kaspersky Anti-Virus database records: 594132


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 48354
Number of viruses found 8
Number of infected objects 65
Number of suspicious objects 0
Duration of the scan process 02:08:14

Infected Object Name Virus Name Last Action
C:\Avenger\backup-22.02.2008-20.37.37,51.zip/avenger/temp/ASHeuristic/mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\Avenger\backup-22.02.2008-20.37.37,51.zip ZIP: infected - 1 skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/down-ren-129/102296.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/down-ren-129/113015.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/down-ren-129/14560718.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/down-ren-129/14567875.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/down-ren-129/14573484.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/down-ren-129/29158109.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/down-ren-129/42906.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/down-ren-129/43740281.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/down-ren-129/47734.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/down-ren-129/55703.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/down-ren-129/58237281.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/down-ren-129/58261750.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/down-ren-129/70421.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/down-ren-129/70796.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/down-ren-129/82687.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/hldrrr.exe-ren-129 Infected: Trojan-Downloader.Win32.Bagle.hi skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/srosa.sys-ren-128 Infected: Trojan-Downloader.Win32.Bagle.iq skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/temp/ASHeuristic/mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip/avenger/wintems.exe-ren-128 Infected: Email-Worm.Win32.Bagle.of skipped

C:\Avenger\backup-22.02.2008-20.49.57,25.zip ZIP: infected - 19 skipped

C:\Avenger\backup-22.02.2008-21.11.18,56.zip/avenger/temp/ASHeuristic/mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\Avenger\backup-22.02.2008-21.11.18,56.zip ZIP: infected - 1 skipped

C:\Avenger\backup.zip/avenger/temp/ASHeuristic/mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\Avenger\backup.zip ZIP: infected - 1 skipped

C:\Avenger\temp\ASHeuristic\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\call256.dbb Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\callmember256.dbb Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\dyncontent\bundle.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\index2.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\profile256.dbb Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\user1024.dbb Object is locked skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Cronologia\History.IE5\MSHist012008030320080304\index.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temp\eraseme_73348.exe Infected: Backdoor.Win32.SdBot.cxo skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_1[2].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_31[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_31[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_31[4].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[2].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[3].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[4].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[5].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[6].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_31[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_31[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_1[2].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_31[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_31[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_31[4].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\UJZID8OV\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\UJZID8OV\b64_1[2].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\UJZID8OV\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\UJZID8OV\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\UJZID8OV\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Amministratore\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Amministratore\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.hi skipped

C:\Programmi\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.hi skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\NTSpool.exe Infected: Backdoor.Win32.SdBot.cxo skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

E:\programmini\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

E:\programmini\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

E:\programmini\mirc621.exe NSIS: infected - 2 skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


ho disattivato il ripristino automatico
da qui non so piu che fare
vi chiedo cortesemente di aiutarmi
vi ringrazio per il tempo speso
a presto
AsR
Avatar utente
David78
Neo Iscritto
Neo Iscritto
 
Messaggi: 8
Iscritto il: ven feb 22, 2008 4:35 pm

Messaggioda ste_95 » lun mar 03, 2008 7:12 pm

Disabilita il ripristino configurazione di sistema.

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\Avenger\backup-22.02.2008-20.37.37,51.zip
C:\Avenger\backup-22.02.2008-20.49.57,25.zip
C:\Avenger\backup-22.02.2008-21.11.18,56.zip
C:\Avenger\backup.zip
C:\Avenger\temp\ASHeuristic\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Amministratore\Impostazioni locali\Temp\eraseme_73348.exe
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_1[1].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_1[2].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_2[1].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_2[2].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_31[2].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_31[3].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_31[4].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[1].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[2].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[3].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[4].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[5].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[6].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_31[1].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_31[2].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_31[3].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_1[1].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_1[2].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_2[1].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_2[2].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_31[1].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_31[2].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_31[3].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_31[4].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\UJZID8OV\b64_1[1].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\UJZID8OV\b64_1[2].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\UJZID8OV\b64_2[1].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\UJZID8OV\b64_2[2].jpg
C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\UJZID8OV\b64_31[1].jpg
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Folders to delete:
C:\WINDOWS\system32\drivers\down

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Riscarica gli installer dei programmi di sicurezza e prova a reinstallare un antivirus.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda David78 » lun mar 03, 2008 10:35 pm

grazie mille per l'aiuto

ti riporto il log di avenger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xbwiowkt

*******************

Script file located at: \??\C:\WINDOWS\vbuqofhn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.


File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034

File C:\windows\system32\drivers\hldrrr.exe deleted successfully.


File C:\WINDOWS\system32\mdelk.exe not found!
Deletion of file C:\WINDOWS\system32\mdelk.exe failed!

Could not process line:
C:\WINDOWS\system32\mdelk.exe
Status: 0xc0000034

File C:\Avenger\backup-22.02.2008-20.37.37,51.zip deleted successfully.
File C:\Avenger\backup-22.02.2008-20.49.57,25.zip deleted successfully.
File C:\Avenger\backup-22.02.2008-21.11.18,56.zip deleted successfully.
File C:\Avenger\backup.zip deleted successfully.


File C:\Avenger\temp\ASHeuristic\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped not found!
Deletion of file C:\Avenger\temp\ASHeuristic\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped failed!

Could not process line:
C:\Avenger\temp\ASHeuristic\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
Status: 0xc0000034

File C:\Documents and Settings\Amministratore\Impostazioni locali\Temp\eraseme_73348.exe deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_1[2].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_2[1].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_2[2].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_31[2].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_31[3].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\G9QJO5MR\b64_31[4].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[2].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[3].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[4].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[5].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_1[6].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_31[2].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\IAKUVWXG\b64_31[3].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_1[2].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_2[1].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_2[2].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_31[2].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_31[3].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\M36DMXSN\b64_31[4].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\UJZID8OV\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\UJZID8OV\b64_1[2].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\UJZID8OV\b64_2[1].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\UJZID8OV\b64_2[2].jpg deleted successfully.
File C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\UJZID8OV\b64_31[1].jpg deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.
Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
AsR
Avatar utente
David78
Neo Iscritto
Neo Iscritto
 
Messaggi: 8
Iscritto il: ven feb 22, 2008 4:35 pm


Messaggioda ste_95 » mar mar 04, 2008 7:21 am

Scusami, c'era un errore, esegui ancora questo:

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\Avenger\temp\ASHeuristic\mdelk.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Folders to delete:
C:\WINDOWS\system32\drivers\down

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda David78 » mar mar 04, 2008 7:31 pm

ho fatto come mi hai detto,riporto il log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ndbhusmq

*******************

Script file located at: \??\C:\WINDOWS\vugtxsjc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\srosa.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\srosa.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\srosa.sys
Status: 0xc0000034



File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034



File C:\windows\system32\drivers\hldrrr.exe not found!
Deletion of file C:\windows\system32\drivers\hldrrr.exe failed!

Could not process line:
C:\windows\system32\drivers\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\mdelk.exe not found!
Deletion of file C:\WINDOWS\system32\mdelk.exe failed!

Could not process line:
C:\WINDOWS\system32\mdelk.exe
Status: 0xc0000034



Could not open file C:\Avenger\temp\ASHeuristic\mdelk.exe for deletion
Deletion of file C:\Avenger\temp\ASHeuristic\mdelk.exe failed!

Could not process line:
C:\Avenger\temp\ASHeuristic\mdelk.exe
Status: 0xc000003a



File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe not found!
Deletion of file C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe failed!

Could not process line:
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Status: 0xc0000034



Folder C:\WINDOWS\system32\drivers\down not found!
Deletion of folder C:\WINDOWS\system32\drivers\down failed!

Could not process line:
C:\WINDOWS\system32\drivers\down
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
AsR
Avatar utente
David78
Neo Iscritto
Neo Iscritto
 
Messaggi: 8
Iscritto il: ven feb 22, 2008 4:35 pm

Messaggioda ste_95 » mar mar 04, 2008 8:18 pm

Elimina manualmente la cartella C:\Avenger e prova a reinstallare un antivirus.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda David78 » mar mar 04, 2008 8:53 pm

ho eliminato la cartella C:\Avenger e finalmente mi fa installare un antivirus!!!
lode a te!
grazie ancora!
AsR
Avatar utente
David78
Neo Iscritto
Neo Iscritto
 
Messaggi: 8
Iscritto il: ven feb 22, 2008 4:35 pm

Messaggioda ste_95 » mar mar 04, 2008 8:54 pm

Ripristina anche la modalità provvisoria utilizzando questo file.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda David78 » mar mar 04, 2008 11:43 pm

ho utilizzato il safeboot e la modalita' provvisoria non va'...

mi installa gli antivirus.
ho fatto una scanzione online con kasperky ed ecco il report:


KASPERSKY ONLINE SCANNER REPORT
Tuesday, March 04, 2008 11:40:11 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/03/2008
Kaspersky Anti-Virus database records: 596605


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 48912
Number of viruses found 2
Number of infected objects 5
Number of suspicious objects 0
Duration of the scan process 00:38:03

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Amministratore\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\call256.dbb Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\callmember256.dbb Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\dyncontent\bundle.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\index2.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\profile256.dbb Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\user1024.dbb Object is locked skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Cronologia\History.IE5\MSHist012008030420080305\index.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Amministratore\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Amministratore\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Amministratore\UserData\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Programmi\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\NTSpool.exe Infected: Backdoor.Win32.SdBot.cxo skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

E:\Programmi\eMule\Temp\001.part Object is locked skipped

E:\Programmi\eMule\Temp\003.part Object is locked skipped

E:\Programmi\eMule\Temp\004.part Object is locked skipped

E:\Programmi\eMule\Temp\005.part Object is locked skipped

E:\Programmi\eMule\Temp\006.part Object is locked skipped

E:\Programmi\eMule\Temp\007.part Object is locked skipped

E:\Programmi\eMule\Temp\008.part Object is locked skipped

E:\Programmi\eMule\Temp\010.part Object is locked skipped

E:\Programmi\eMule\Temp\011.part Object is locked skipped

E:\Programmi\eMule\Temp\012.part Object is locked skipped

E:\Programmi\eMule\Temp\013.part Object is locked skipped

E:\Programmi\eMule\Temp\014.part Object is locked skipped

E:\Programmi\eMule\Temp\017.part Object is locked skipped

E:\Programmi\eMule\Temp\018.part Object is locked skipped

E:\Programmi\eMule\Temp\019.part Object is locked skipped

E:\Programmi\eMule\Temp\020.part Object is locked skipped

E:\Programmi\eMule\Temp\021.part Object is locked skipped

E:\Programmi\eMule\Temp\022.part Object is locked skipped

E:\Programmi\eMule\Temp\023.part Object is locked skipped

E:\Programmi\eMule\Temp\025.part Object is locked skipped

E:\Programmi\eMule\Temp\026.part Object is locked skipped

E:\Programmi\eMule\Temp\027.part Object is locked skipped

E:\Programmi\eMule\Temp\030.part Object is locked skipped

E:\Programmi\eMule\Temp\031.part Object is locked skipped

E:\Programmi\eMule\Temp\032.part Object is locked skipped

E:\Programmi\eMule\Temp\033.part Object is locked skipped

E:\Programmi\eMule\Temp\034.part Object is locked skipped

E:\Programmi\eMule\Temp\038.part Object is locked skipped

E:\Programmi\eMule\Temp\050.part Object is locked skipped

E:\Programmi\eMule\Temp\054.part Object is locked skipped

E:\Programmi\eMule\Temp\070.part Object is locked skipped

E:\programmini\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

E:\programmini\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

E:\programmini\mirc621.exe NSIS: infected - 2 skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

help!!!
AsR
Avatar utente
David78
Neo Iscritto
Neo Iscritto
 
Messaggi: 8
Iscritto il: ven feb 22, 2008 4:35 pm

Messaggioda ste_95 » mer mar 05, 2008 6:51 am

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\System32\WinSecure.exe
C:\WINDOWS\System32\NTSpool.exe


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda David78 » mer mar 05, 2008 5:24 pm

ecco il log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\evtjlgty

*******************

Script file located at: \??\C:\WINDOWS\jdmjtpr^.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\System32\WinSecure.exe not found!
Deletion of file C:\WINDOWS\System32\WinSecure.exe failed!

Could not process line:
C:\WINDOWS\System32\WinSecure.exe
Status: 0xc0000034

File C:\WINDOWS\System32\NTSpool.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


adesso riprovo con kaspersky online scanner
poi incollo il report
a dopo
AsR
Avatar utente
David78
Neo Iscritto
Neo Iscritto
 
Messaggi: 8
Iscritto il: ven feb 22, 2008 4:35 pm

Messaggioda ste_95 » mer mar 05, 2008 6:17 pm

Hai ancora problemi?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda David78 » gio mar 06, 2008 1:57 am

la modalita provvisoria funziona ma ho ancora problemi
ecco il report kaspersky

KASPERSKY ONLINE SCANNER REPORT
Thursday, March 06, 2008 1:52:04 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/03/2008
Kaspersky Anti-Virus database records: 600224


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 49510
Number of viruses found 2
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 00:51:18

Infected Object Name Virus Name Last Action
C:\avenger\backup.zip/avenger/NTSpool.exe Infected: Backdoor.Win32.SdBot.cxo skipped

C:\avenger\backup.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Amministratore\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\call256.dbb Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\callmember256.dbb Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\dyncontent\bundle.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\index2.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\profile256.dbb Object is locked skipped

C:\Documents and Settings\Amministratore\Dati applicazioni\Skype\daddo.manu\user1024.dbb Object is locked skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Cronologia\History.IE5\MSHist012008030520080306\index.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Amministratore\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Amministratore\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Amministratore\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temp\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Programmi\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_4e4.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

E:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

E:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

E:\Programmi\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

E:\Programmi\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

E:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

E:\Programmi\Alwil Software\Avast4\DATA\report\Protezione residente.txt Object is locked skipped

E:\Programmi\eMule\Temp\003.part Object is locked skipped

E:\Programmi\eMule\Temp\004.part Object is locked skipped

E:\Programmi\eMule\Temp\005.part Object is locked skipped

E:\Programmi\eMule\Temp\006.part Object is locked skipped

E:\Programmi\eMule\Temp\007.part Object is locked skipped

E:\Programmi\eMule\Temp\008.part Object is locked skipped

E:\Programmi\eMule\Temp\010.part Object is locked skipped

E:\Programmi\eMule\Temp\011.part Object is locked skipped

E:\Programmi\eMule\Temp\012.part Object is locked skipped

E:\Programmi\eMule\Temp\013.part Object is locked skipped

E:\Programmi\eMule\Temp\014.part Object is locked skipped

E:\Programmi\eMule\Temp\017.part Object is locked skipped

E:\Programmi\eMule\Temp\018.part Object is locked skipped

E:\Programmi\eMule\Temp\019.part Object is locked skipped

E:\Programmi\eMule\Temp\020.part Object is locked skipped

E:\Programmi\eMule\Temp\021.part Object is locked skipped

E:\Programmi\eMule\Temp\022.part Object is locked skipped

E:\Programmi\eMule\Temp\023.part Object is locked skipped

E:\Programmi\eMule\Temp\025.part Object is locked skipped

E:\Programmi\eMule\Temp\026.part Object is locked skipped

E:\Programmi\eMule\Temp\027.part Object is locked skipped

E:\Programmi\eMule\Temp\030.part Object is locked skipped

E:\Programmi\eMule\Temp\031.part Object is locked skipped

E:\Programmi\eMule\Temp\032.part Object is locked skipped

E:\Programmi\eMule\Temp\033.part Object is locked skipped

E:\Programmi\eMule\Temp\034.part Object is locked skipped

E:\Programmi\eMule\Temp\038.part Object is locked skipped

E:\Programmi\eMule\Temp\050.part Object is locked skipped

E:\Programmi\eMule\Temp\054.part Object is locked skipped

E:\Programmi\eMule\Temp\070.part Object is locked skipped

E:\programmini\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

E:\programmini\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

E:\programmini\mirc621.exe NSIS: infected - 2 skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


non avevo cancellato la cartella c:\avenger
adesso riparto con la scanzione
AsR
Avatar utente
David78
Neo Iscritto
Neo Iscritto
 
Messaggi: 8
Iscritto il: ven feb 22, 2008 4:35 pm

Messaggioda ste_95 » gio mar 06, 2008 6:42 am

Oltre ai backup di Avenger che devi cancellare non c'è altro [;)]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda David78 » gio mar 06, 2008 4:41 pm

sembra tornato tutto alla perfeZZione!!!
non so come ringraziarti

con stima [applauso]
AsR
Avatar utente
David78
Neo Iscritto
Neo Iscritto
 
Messaggi: 8
Iscritto il: ven feb 22, 2008 4:35 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 11 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising