Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

BAGLE O....?

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

BAGLE O....?

Messaggioda KILLERQUEEN87 » lun mar 10, 2008 11:43 am

Salve, circa un mese fa' il mio pc era stato infettato dal virus Bagle, ma fortunatamente grazie alla mia testardaggine ero riuscito ad eliminarlo, ora sorge un'altro problema, quando ieri sono andato ad aprire, il mio antivirus, AVAST per l'appunto, mi dice che avast.exe non è un'applicazione valida.....win32, mi sono detto ok, faccio la scansione sul sito della Kaspersky, ma l'ho lasciato tutta la notte e stamattina trovo che si era bloccato lo scan, ora lo sto rifacendo dal sito della Symantech, e pare che abbia gia' trovato 1treat. Premetto che ho windows Vista Home Premium, quindi aime Avenger non funge, e poi Alibalga se si scrive cosi' [:D] , non mi ha trovato nessun virus Bagle, cosa posso fare? non riesco piu ad utilizzare lpantivirus....Grazie anticipatamente
Se m'offendi te volto le spalle, se me calpesti te scrocio
Avatar utente
KILLERQUEEN87
Aficionado
Aficionado
 
Messaggi: 125
Iscritto il: dom feb 10, 2008 6:57 pm
Località: Viterbo

Messaggioda crazy.cat » lun mar 10, 2008 11:54 am

Avenger adesso funziona anche su vista.
ci serve la scansione su kaspersky, di quella di symantec non ci fidiamo neanche un po.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda KILLERQUEEN87 » lun mar 10, 2008 12:03 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.57.05, on 10/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\BR040286.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Users\Riky87\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Riky87\Desktop\MegaLab.it_HiJack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [german.exe] C:\Windows\system32\wintems.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Program Files\Internet Cleaner\ICleaner.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Program Files\Internet Cleaner\ICleaner.exe (file missing) (HKCU)
O15 - Trusted Zone: http://www.kaspersky.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8874 bytes


Questo e' il log di Hijackthis
Se m'offendi te volto le spalle, se me calpesti te scrocio
Avatar utente
KILLERQUEEN87
Aficionado
Aficionado
 
Messaggi: 125
Iscritto il: dom feb 10, 2008 6:57 pm
Località: Viterbo


Messaggioda crazy.cat » lun mar 10, 2008 12:06 pm

E questo è il bagle
O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\Windows\system32\wintems.exe
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda KILLERQUEEN87 » lun mar 10, 2008 12:07 pm

crazy.cat ha scritto:E questo è il bagle
O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\Windows\system32\wintems.exe


perfetto ora cosa devo fare? [rotfl] sto bas***do infame
Se m'offendi te volto le spalle, se me calpesti te scrocio
Avatar utente
KILLERQUEEN87
Aficionado
Aficionado
 
Messaggi: 125
Iscritto il: dom feb 10, 2008 6:57 pm
Località: Viterbo

Messaggioda crazy.cat » lun mar 10, 2008 12:09 pm

KILLERQUEEN87 ha scritto:perfetto ora cosa devo fare? [rotfl]


crazy.cat ha scritto:ci serve la scansione su kaspersky,
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda KILLERQUEEN87 » lun mar 10, 2008 12:11 pm

crazy.cat ha scritto:
KILLERQUEEN87 ha scritto:perfetto ora cosa devo fare? [rotfl]


crazy.cat ha scritto:ci serve la scansione su kaspersky,


Ok ci riprovo sperando che non si riblocchi, altrimenti cosa debbo fare ? [:)]
Se m'offendi te volto le spalle, se me calpesti te scrocio
Avatar utente
KILLERQUEEN87
Aficionado
Aficionado
 
Messaggi: 125
Iscritto il: dom feb 10, 2008 6:57 pm
Località: Viterbo

Messaggioda KILLERQUEEN87 » mar mar 11, 2008 10:02 am

Allora ragazzi ecco il risultato di Kaspersky, vi dico gia' che Avira mi ha cancellato 4 oggetti dannosi, ma dal report di Kaspersky sono addirittura 7

Codice: Seleziona tutto
-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 martedì 11 marzo 2008 9.56.56
 Operating System: Microsoft Windows Vista Home Edition,  (Build 6000)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 11/03/2008
 Kaspersky Anti-Virus database records: 622618
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   C:\
   D:\
   E:\

Scan Statistics:
   Total number of scanned objects: 74256
   Number of viruses found: 4
   Number of infected objects: 7
   Number of suspicious objects: 0
   Duration of the scan process: 02:47:36

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD   Object is locked   skipped
C:\Boot\BCD.LOG   Object is locked   skipped
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.11   Infected: Trojan-Downloader.Win32.Bagle.jh   skipped
C:\Muestras\SROSA.SYS.Muestra EliBagle v11.11   Infected: Trojan-Downloader.Win32.Bagle.ky   skipped
C:\Muestras\WINTEMS.EXE.Muestra EliBagle v11.11   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\ProgramData\AntiVir PersonalEdition Classic\LOGFILES\AVSCAN-20080311-050324-CBC94CF5.LOG   Object is locked   skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat   Object is locked   skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.30.Crwl   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.30.gthr   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010039.ci   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010039.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010039.wsb   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy568.gthr   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2EFC.tmp   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2EFD.tmp   Object is locked   skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log   Object is locked   skipped
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\CardSpace\CardSpace.db   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\CardSpace\CardSpace.db.shadow   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Feeds Cache\index.dat   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008031120080312\index.dat   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows\UsrClass.dat{953d51b0-db5e-11dc-b6d6-adaed926d0d0}.TM.blf   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows\UsrClass.dat{953d51b0-db5e-11dc-b6d6-adaed926d0d0}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows\UsrClass.dat{953d51b0-db5e-11dc-b6d6-adaed926d0d0}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows Defender\FileTracker\{BBAB7A56-AED8-47B9-95A3-505FEA192650}   Object is locked   skipped
C:\Users\Riky87\AppData\Local\Microsoft\Windows Sidebar\Settings.ini   Object is locked   skipped
C:\Users\Riky87\AppData\Roaming\Microsoft\Windows\Cookies\index.dat   Object is locked   skipped
C:\Users\Riky87\ntuser.dat   Object is locked   skipped
C:\Users\Riky87\ntuser.dat.LOG1   Object is locked   skipped
C:\Users\Riky87\ntuser.dat.LOG2   Object is locked   skipped
C:\Users\Riky87\NTUSER.DAT{953d51ac-db5e-11dc-b6d6-adaed926d0d0}.TM.blf   Object is locked   skipped
C:\Users\Riky87\NTUSER.DAT{953d51ac-db5e-11dc-b6d6-adaed926d0d0}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Users\Riky87\NTUSER.DAT{953d51ac-db5e-11dc-b6d6-adaed926d0d0}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Windows\Debug\PASSWD.LOG   Object is locked   skipped
C:\Windows\Debug\sam.log   Object is locked   skipped
C:\Windows\Debug\WIA\wiatrace.log   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Windows\SoftwareDistribution\EventCache\{01677109-6B5A-4276-92F4-496757E9ABE4}.bin   Object is locked   skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0   Object is locked   skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0   Object is locked   skipped
C:\Windows\System32\catroot2\edb.log   Object is locked   skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb   Object is locked   skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb   Object is locked   skipped
C:\Windows\System32\config\components   Object is locked   skipped
C:\Windows\System32\config\COMPONENTS.LOG1   Object is locked   skipped
C:\Windows\System32\config\COMPONENTS.LOG2   Object is locked   skipped
C:\Windows\System32\config\default   Object is locked   skipped
C:\Windows\System32\config\DEFAULT.LOG1   Object is locked   skipped
C:\Windows\System32\config\DEFAULT.LOG2   Object is locked   skipped
C:\Windows\System32\config\RegBack\COMPONENTS   Object is locked   skipped
C:\Windows\System32\config\RegBack\DEFAULT   Object is locked   skipped
C:\Windows\System32\config\RegBack\SAM   Object is locked   skipped
C:\Windows\System32\config\RegBack\SECURITY   Object is locked   skipped
C:\Windows\System32\config\RegBack\SOFTWARE   Object is locked   skipped
C:\Windows\System32\config\RegBack\SYSTEM   Object is locked   skipped
C:\Windows\System32\config\sam   Object is locked   skipped
C:\Windows\System32\config\SAM.LOG1   Object is locked   skipped
C:\Windows\System32\config\SAM.LOG2   Object is locked   skipped
C:\Windows\System32\config\security   Object is locked   skipped
C:\Windows\System32\config\SECURITY.LOG1   Object is locked   skipped
C:\Windows\System32\config\SECURITY.LOG2   Object is locked   skipped
C:\Windows\System32\config\software   Object is locked   skipped
C:\Windows\System32\config\SOFTWARE.LOG1   Object is locked   skipped
C:\Windows\System32\config\SOFTWARE.LOG2   Object is locked   skipped
C:\Windows\System32\config\system   Object is locked   skipped
C:\Windows\System32\config\SYSTEM.LOG1   Object is locked   skipped
C:\Windows\System32\config\SYSTEM.LOG2   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms   Object is locked   skipped
C:\Windows\System32\drivers\hldrrr.exe.vir   Infected: Trojan-Downloader.Win32.Bagle.jh   skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM   Object is locked   skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl   Object is locked   skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf   Object is locked   skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001   Object is locked   skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002   Object is locked   skipped
C:\Windows\System32\spool\SpoolerETW.etl   Object is locked   skipped
C:\Windows\System32\wbem\repository\INDEX.BTR   Object is locked   skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP   Object is locked   skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP   Object is locked   skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA   Object is locked   skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002   Object is locked   skipped
C:\Windows\System32\wfp\wfpdiag.etl   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Application.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\OSession.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Security.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\System.evtx   Object is locked   skipped
C:\Windows\System32\wintems.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\Windows\Tasks\SCHEDLGU.TXT   Object is locked   skipped
C:\Windows\Temp\TMP00000079709B47C4C3271CE3   Object is locked   skipped
C:\Windows\WindowsUpdate.log   Object is locked   skipped
D:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
D:\Temp\001.part   Object is locked   skipped
D:\Temp\002.part   Object is locked   skipped
D:\Temp\003.part   Object is locked   skipped
D:\Temp\009.part   Object is locked   skipped
D:\Temp\010.part   Object is locked   skipped
D:\Temp\017.part   Object is locked   skipped
D:\Win32.Bagle.AL@mm free removal tool 1.0.zip/Win32.Bagle.AL@mm free removal tool 1.0.exe   Infected: Trojan-Downloader.Win32.Bagle.la   skipped
D:\Win32.Bagle.AL@mm free removal tool 1.0.zip   ZIP: infected - 1   skipped

Scan process completed.


(C:\Windows\System32\drivers\hldrrr.exe.vir Infected: Trojan-Downloader.Win32.Bagle.jh skipped )
e questo? [:D] , ora che devo fare? mi fa utilizzare solo Avira come antivirus
Se m'offendi te volto le spalle, se me calpesti te scrocio
Avatar utente
KILLERQUEEN87
Aficionado
Aficionado
 
Messaggi: 125
Iscritto il: dom feb 10, 2008 6:57 pm
Località: Viterbo

Messaggioda crazy.cat » mar mar 11, 2008 10:09 am

Disattiva il ripristino della configurazione su tutti i dischi poi riavvia il pc
http://www.MegaLab.it/2330

Scarica Avenger nuova versione http://swandog46.geekstogo.com/avenger.zip

Se non dovesse funzionare (Applicazione non valida) utilizza questi
http://www.MegaLab.it/forum/viewtopic.p ... 172#325172

Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\trusted.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\Windows\System32\drivers\hldrrr.exe.vir 
C:\Windows\System32\wintems.exe.vir   
D:\Win32.Bagle.AL@mm free removal tool 1.0.zip

folders to delete:
c:\WINDOWS\system32\drivers\down
C:\Muestras

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Dopo prova a reinstallare subito l'antivirus e cancella la cartella c:\avenger.

Dovrai, quasi sicuramente, riscaricare i file d'installazione dei programmi di sicurezza perché danneggiati dal virus.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda KILLERQUEEN87 » mer mar 12, 2008 12:02 am

Eccomi dopo una giornata lunga e faticosa, allora problema risolto eliminato tutto tranquillamente ora ho reistallato il NOD32 e ho fatto un bel po' di ordine nel pc, grazie mille amico [^] [^]
Se m'offendi te volto le spalle, se me calpesti te scrocio
Avatar utente
KILLERQUEEN87
Aficionado
Aficionado
 
Messaggi: 125
Iscritto il: dom feb 10, 2008 6:57 pm
Località: Viterbo


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 13 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising