Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

ROOTKIT INVADENTE E FASTIDIOSO!!!

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

ROOTKIT INVADENTE E FASTIDIOSO!!!

Messaggioda suntleone » gio gen 17, 2008 10:45 pm

Rootkit invadente e coriaceo!!!

Non riesco ad installare nessun antivirus, vorrei mettere sul mio sistema kaspersky ma i bagles presenti me lo impediscono ed ora sono senza protezione.
Per capire che succede nel sistema non ho molte risorse a parte una scansione fatta con gmere e Hijackthis che posto.
Neanche la scansione on line di kaspersky sembra possibile cosa posso fare?
Qualcuno può aiutarmi dandomi uno script per avenger?
Grazie anticipatamente
----------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23.32.22, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Programmi\Analog Devices\Core\smax4pnp.exe
H:\Programmi\Analog Devices\SoundMAX\Smax4.exe
H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE
H:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
H:\Programmi\QuickTime\qttask.exe
H:\Programmi\Multimedia Card Reader\shwicon2k.exe
H:\Programmi\D-Tools\daemon.exe
H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Programmi\CyberLink\Shared Files\RichVideo.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\svchost.exe
H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
H:\Programmi\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
H:\Programmi\iPod\bin\iPodService.exe
H:\WINDOWS\System32\svchost.exe
H:\Programmi\UltraVNC\winvnc.exe
H:\WINDOWS\explorer.exe
H:\Programmi\Mozilla Firefox\firefox.exe
H:\Documents and Settings\enrico\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 210.14.129.6 www.myfilmcodeclive.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MouseGest - {112AB43D-32C4-3B21-53BA-13A46743BC34} - H:\WINDOWS\system32\mousegex.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - J:\PROGRA~1\OFFICE~1\Office12\GRA8E1~1.DLL
O2 - BHO: Web Mon - {7428F943-BC4F-4A39-3B43-AB433C523B34} - H:\WINDOWS\system32\WebMon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - H:\Programmi\NavExcel\NavHelper\v2.0.4b\NHelper.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - H:\Programmi\NavExcel Search Toolbar\NavExcelBar.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - H:\Programmi\NavExcel Search Toolbar\NavExcelBar.dll
O4 - HKLM\..\Run: [nTrayFw] H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "H:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [RemoteControl] H:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] H:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "J:\Programmi\office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Soundlibs] H:\WINDOWS\soundlib.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] H:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [drvsyskit] H:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [NBJ] "H:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [german.exe] H:\WINDOWS\system32\wintems.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = J:\Programmi\office 2007\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = H:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = H:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = H:\Programmi\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://J:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - J:\PROGRA~1\OFFICE~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - H:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - H:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - H:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: repeater_service - - H:\Programmi\UltraVNC\repeater.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - H:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - H:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8306 bytes
Avatar utente
suntleone
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: mer gen 09, 2008 9:55 pm

Re: ROOTKIT INVADENTE E FASTIDIOSO!!!

Messaggioda spitfire10 » gio gen 17, 2008 11:17 pm

Ciao, dai "sintomi" è colpa di Bagle. Devi fare la scansione on-line con Kasperski. Se leggi un po' di post sull'argomento presenti su questo forum, riuscirai tranquillamente a risolvere il problema. Di script per avenger ne trovi diversi pubblicati sui post che ti dicevo, resta da capire se possono esserti utili. Per la scansione ti colleghi giusto il tempo per avviarla e poi ti disconnetti, quando sarai in possesso del report lo pubblichi qui e gli amici del forum ti forniranno lo script necessario.
Buon lavoro!
Avatar utente
spitfire10
Senior Member
Senior Member
 
Messaggi: 307
Iscritto il: dom ott 07, 2007 5:26 pm
Località: GORIZIA

Re: ROOTKIT INVADENTE E FASTIDIOSO!!!

Messaggioda crazy.cat » ven gen 18, 2008 7:36 am

suntleone ha scritto:Neanche la scansione on line di kaspersky sembra possibile cosa posso fare?

perché non è possibile?
Senza la scansione online non sappiamo dove si trovano i virus e i log generici, o preparati per altri, sono inutili per te.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


ROOTKIT FASTIDIOSO!!!

Messaggioda suntleone » lun gen 21, 2008 8:29 am

Eccomi finalmente;
Ringrazio per le vs esortazioni ad insistere nella giusta procedura: intendo la scansione on line del sistema.
Chiedo scusa ma l'impossibilita' a scaricare il files kaspersky virus scan derivava da firefox che era settato per non farlo, mentre io pensavo fosse un ulteriore inibizione dovuto a qualche virus.
Bando alle ciance vi posterei il report risultante nella speranza sia esaustivo:>--------------------------------------------><<<-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, January 21, 2008 8:21:55 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/01/2008
Kaspersky Anti-Virus database records: 525024
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
I:\
J:\
M:\

Scan Statistics:
Total number of scanned objects: 143115
Number of viruses found: 24
Number of infected objects: 151
Number of suspicious objects: 0
Duration of the scan process: 06:04:05

Infected Object Name / Virus Name / Last Action
C:\Knight.exe Infected: Worm.Win32.AutoRun.aul skipped
E:\disco ext\disco ext\ANTIVIRUS\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
E:\disco ext\disco ext\BACKUP\Documents and Settings\op\Desktop\ANTIVIRUS\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
E:\incoming 06-07\Incoming\masterizzare\Copytodvd v4.0.0.38b Winall Incl Crack-Te.rar/copytodvd4_setup.exe Infected: Trojan-Dropper.Win32.Agent.agp skipped
E:\incoming 06-07\Incoming\masterizzare\Copytodvd v4.0.0.38b Winall Incl Crack-Te.rar RAR: infected - 1 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP124\change.log Object is locked skipped
E:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP35\A0002642.exe Infected: Trojan.Win32.Delf.ys skipped
E:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP35\A0002643.exe Infected: Trojan.Win32.Delf.ys skipped
E:\System Volume Information\_restore{C807392C-9673-4262-B878-02EFEC1ADA5F}\RP35\A0002644.exe Infected: Trojan.Win32.Delf.ys skipped
H:\Documents and Settings\enrico\Cookies\index.dat Object is locked skipped
H:\Documents and Settings\enrico\Desktop\burn4free_setup.exe/data0007/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
H:\Documents and Settings\enrico\Desktop\burn4free_setup.exe/data0007/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
H:\Documents and Settings\enrico\Desktop\burn4free_setup.exe/data0007/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
H:\Documents and Settings\enrico\Desktop\burn4free_setup.exe/data0007/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
H:\Documents and Settings\enrico\Desktop\burn4free_setup.exe/data0007/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
H:\Documents and Settings\enrico\Desktop\burn4free_setup.exe/data0007 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
H:\Documents and Settings\enrico\Desktop\burn4free_setup.exe Inno: infected - 6 skipped
H:\Documents and Settings\enrico\Desktop\disegno\AGRSMMSG.exe Infected: Trojan-Downloader.Win32.Bagle.gh skipped
H:\Documents and Settings\enrico\Desktop\disegno\Any DWG to PDF Converter 2008.zip/Any DWG to PDF Converter 2008.exe Infected: Trojan-Downloader.Win32.Bagle.gh skipped
H:\Documents and Settings\enrico\Desktop\disegno\Any DWG to PDF Converter 2008.zip ZIP: infected - 1 skipped
H:\Documents and Settings\enrico\Desktop\disegno\Power Render 6.zip/Power Render 6.exe Infected: Trojan-Downloader.Win32.Bagle.gh skipped
H:\Documents and Settings\enrico\Desktop\disegno\Power Render 6.zip ZIP: infected - 1 skipped
H:\Documents and Settings\enrico\Desktop\ISOBurn 1.0.10.0.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
H:\Documents and Settings\enrico\Desktop\ultravnc\ultravnc 102 bin\UltraVNC-102-Bin(2).zip/vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
H:\Documents and Settings\enrico\Desktop\ultravnc\ultravnc 102 bin\UltraVNC-102-Bin(2).zip/vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
H:\Documents and Settings\enrico\Desktop\ultravnc\ultravnc 102 bin\UltraVNC-102-Bin(2).zip/winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
H:\Documents and Settings\enrico\Desktop\ultravnc\ultravnc 102 bin\UltraVNC-102-Bin(2).zip ZIP: infected - 3 skipped
H:\Documents and Settings\enrico\Desktop\ultravnc\ultravnc 102 bin\uvnc bin\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
H:\Documents and Settings\enrico\Desktop\ultravnc\ultravnc 102 bin\uvnc bin\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
H:\Documents and Settings\enrico\Desktop\ultravnc\ultravnc 102 bin\uvnc bin\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
H:\Documents and Settings\enrico\Desktop\ultravnc\ultravnc 102 viewer\UltraVNC-Viewer-102.zip/vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
H:\Documents and Settings\enrico\Desktop\ultravnc\ultravnc 102 viewer\UltraVNC-Viewer-102.zip ZIP: infected - 1 skipped
H:\Documents and Settings\enrico\Desktop\ultravnc\ultravnc 102 viewer\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
H:\Documents and Settings\enrico\Desktop\ultravnc\ultravnc bin\UltraVNC-102-Bin.zip/vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
H:\Documents and Settings\enrico\Desktop\ultravnc\ultravnc bin\UltraVNC-102-Bin.zip/vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
H:\Documents and Settings\enrico\Desktop\ultravnc\ultravnc bin\UltraVNC-102-Bin.zip/winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
H:\Documents and Settings\enrico\Desktop\ultravnc\ultravnc bin\UltraVNC-102-Bin.zip ZIP: infected - 3 skipped
H:\Documents and Settings\enrico\Desktop\ultravnc\ultravnc bin\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
H:\Documents and Settings\enrico\Desktop\ultravnc\ultravnc bin\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
H:\Documents and Settings\enrico\Desktop\ultravnc\ultravnc bin\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
H:\Documents and Settings\enrico\Desktop\UltraVNC-102-Setup.exe/file04 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
H:\Documents and Settings\enrico\Desktop\UltraVNC-102-Setup.exe/file05 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
H:\Documents and Settings\enrico\Desktop\UltraVNC-102-Setup.exe/file34 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
H:\Documents and Settings\enrico\Desktop\UltraVNC-102-Setup.exe Inno: infected - 3 skipped
H:\Documents and Settings\enrico\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
H:\Documents and Settings\enrico\Impostazioni locali\Cronologia\History.IE5\MSHist012008012020080121\index.dat Object is locked skipped
H:\Documents and Settings\enrico\Impostazioni locali\Dati applicazioni\ApplicationHistory\ENCWCSVR.EXE.94b81567.ini.inuse Object is locked skipped
H:\Documents and Settings\enrico\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
H:\Documents and Settings\enrico\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
H:\Documents and Settings\enrico\Impostazioni locali\Temp\Perflib_Perfdata_26c.dat Object is locked skipped
H:\Documents and Settings\enrico\Impostazioni locali\Temp\~DF43AE.tmp Object is locked skipped
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\2123AXKT\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\2123AXKT\b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\2123AXKT\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\p0[1].dat/data0000.bin Infected: Trojan-Downloader.Win32.Agent.fan skipped
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\p0[1].dat EmbeddedEXE: infected - 1 skipped
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\p0[1].dat Exe32Pack: infected - 1 skipped
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\4FQZ49G3\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\4FQZ49G3\b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\4FQZ49G3\b64_3[2].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\IDERMLIR\b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\IDERMLIR\b64_3[2].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
H:\Documents and Settings\enrico\NTUSER.DAT Object is locked skipped
H:\Documents and Settings\enrico\ntuser.dat.LOG Object is locked skipped
H:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
H:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
H:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
H:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
H:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
H:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
H:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
H:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
H:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
H:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
H:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
H:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
H:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
H:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
H:\Programmi\NavExcel\NavHelper\v2.0.4b\NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
H:\Programmi\NavExcel\NavHelper\v2.0.4b\NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
H:\Programmi\NavExcel\NavHelper\v2.0.4b\NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
H:\Programmi\NavExcel\NavHelper\v2.0.4b\v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
H:\Programmi\NavExcel\NavHelper\v2.0.4b\v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
H:\Programmi\NavExcel\NavHelper\v2.0.4b\v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
H:\Programmi\NavExcel\NavHelper\v2.0.4b\v2.0.4b.cab CAB: infected - 3 skipped
H:\Programmi\NavExcel Search Toolbar\NavExcelBar.dll Infected: not-a-virus:AdWare.Win32.NavExcel.o skipped
H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
H:\Programmi\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
H:\Programmi\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
H:\Programmi\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP100\A0020823.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP107\A0021601.dll Infected: Trojan-Downloader.Win32.Agent.dto skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP107\A0021602.exe Infected: Trojan-Downloader.Win32.Agent.hhv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP108\A0021635.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP108\A0021636.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP109\A0021644.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP109\A0021645.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP110\A0021657.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP110\A0021672.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP110\A0021673.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP111\A0021683.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP112\A0021699.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP112\A0021700.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP113\A0021714.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP114\A0021721.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP114\A0021722.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP114\A0021727.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP116\A0021736.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP116\A0021767.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP117\A0021801.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP120\A0022162.exe Infected: Trojan.Win32.Pakes.bwy skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP121\A0022214.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP121\A0022220.reg Infected: Trojan-Downloader.Win32.Bagle.hp skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP121\A0022221.reg Infected: Trojan-Downloader.Win32.Bagle.hp skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP121\A0022227.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP122\A0022260.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP122\A0022261.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP123\A0022275.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP123\A0022276.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP123\A0022277.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP123\A0022282.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP124\A0022295.dll Infected: Trojan-Downloader.Win32.Agent.fan skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP124\A0022302.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP124\change.log Object is locked skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP95\A0018546.exe Infected: Trojan-Downloader.Win32.Agent.fas skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP97\A0019562.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP97\A0019803.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP97\A0019810.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP98\A0020810.sys Infected: Trojan-Downloader.Win32.Bagle.hv skipped
H:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
H:\WINDOWS\Installer\{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}\PQBoot.exe Object is locked skipped
H:\WINDOWS\Knight.exe Infected: Worm.Win32.AutoRun.aul skipped
H:\WINDOWS\nxstinst.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
H:\WINDOWS\remover.dll Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
H:\WINDOWS\SchedLgU.Txt Object is locked skipped
H:\WINDOWS\soundlib.exe Infected: Trojan-Downloader.Win32.Agent.hhv skipped
H:\WINDOWS\Sti_Trace.log Object is locked skipped
H:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
H:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
H:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\default Object is locked skipped
H:\WINDOWS\system32\config\default.LOG Object is locked skipped
H:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
H:\WINDOWS\system32\config\OSession.evt Object is locked skipped
H:\WINDOWS\system32\config\SAM Object is locked skipped
H:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
H:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\SECURITY Object is locked skipped
H:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
H:\WINDOWS\system32\config\software Object is locked skipped
H:\WINDOWS\system32\config\software.LOG Object is locked skipped
H:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
H:\WINDOWS\system32\config\system Object is locked skipped
H:\WINDOWS\system32\config\system.LOG Object is locked skipped
H:\WINDOWS\system32\drivers\down\1292031.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\1305312.exe Infected: Trojan.Win32.Pakes.bwy skipped
H:\WINDOWS\system32\drivers\down\1305859.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\133671.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\1383015.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\1383062.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\1384531.exe Infected: Trojan.Win32.Pakes.bwy skipped
H:\WINDOWS\system32\drivers\down\1385593.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\1385609.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\14452796.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\14453578.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\14458578.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\14458734.exe Infected: Trojan.Win32.Pakes.bwy skipped
H:\WINDOWS\system32\drivers\down\14459125.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\14536406.exe Infected: Email-Worm.Win32.Bagle.of skipped
H:\WINDOWS\system32\drivers\down\149390.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\1937687.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\1974312.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\28854468.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\28854984.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\434046.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\43703.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\438359.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\45015.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\46843.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\49171.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\49546.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\54078.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\54125.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\55296.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\56390.exe Infected: Trojan.Win32.Pakes.bwy skipped
H:\WINDOWS\system32\drivers\down\56906.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\59406.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\64031.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\64093.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\66468.exe Infected: Trojan.Win32.Pakes.bwy skipped
H:\WINDOWS\system32\drivers\down\68015.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
H:\WINDOWS\system32\drivers\down\76781.exe Infected: Trojan.Win32.Pakes.bwy skipped
H:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
H:\WINDOWS\system32\h323log.txt Object is locked skipped
H:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
H:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
H:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
H:\WINDOWS\system32\WebMon.dll Infected: Trojan-Downloader.Win32.Agent.fan skipped
H:\WINDOWS\system32\WebMons.dll Infected: Trojan-Downloader.Win32.Agent.fan skipped
H:\WINDOWS\wiadebug.log Object is locked skipped
H:\WINDOWS\wiaservc.log Object is locked skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
M:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
M:\System Volume Information\_restore{9074D24A-B895-43DD-A5B5-961DA40A5EA3}\RP124\change.log Object is locked skipped

Scan process completed.

---------------------------------------------------------
Vi ringrazio dell'attenzione e spero a presto.
Avatar utente
suntleone
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: mer gen 09, 2008 9:55 pm

Messaggioda crazy.cat » lun gen 21, 2008 10:24 am

Disattiva il ripristino della configurazione su tutti i dischi poi riavvia il pc
http://www.MegaLab.it/2330

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nel box bianco che si è aperto:

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\hldrrr.ex_
C:\WINDOWS\system32\mdelk.exe
C:\Knight.exe
E:\incoming 06-07\Incoming\masterizzare\Copytodvd v4.0.0.38b Winall Incl Crack-Te.rar
H:\Documents and Settings\enrico\Desktop\burn4free_setup.exe
H:\Documents and Settings\enrico\Desktop\disegno\AGRSMMSG.exe
H:\Documents and Settings\enrico\Desktop\disegno\Any DWG to PDF Converter 2008.zip
H:\Documents and Settings\enrico\Desktop\disegno\Power Render 6.zip
H:\Documents and Settings\enrico\Desktop\ISOBurn 1.0.10.0.exe
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\2123AXKT\b64_2[1].jpg
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\2123AXKT\b64_3[1].jpg
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\2123AXKT\b64_3[2].jpg
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_1[1].jpg
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_2[1].jpg
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_2[2].jpg
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\p0[1].dat
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\4FQZ49G3\b64_1[1].jpg
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\4FQZ49G3\b64_3[1].jpg
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\4FQZ49G3\b64_3[2].jpg
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\IDERMLIR\b64_3[1].jpg
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\IDERMLIR\b64_3[2].jpg
H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
H:\WINDOWS\Knight.exe
H:\WINDOWS\nxstinst.exe
H:\WINDOWS\remover.dll
H:\WINDOWS\soundlib.exe
H:\WINDOWS\system32\WebMon.dll
H:\WINDOWS\system32\WebMons.dll

folders to delete:
H:\WINDOWS\exefnd
H:\WINDOWS\exefld
H:\WINDOWS\system32\drivers\down
H:\Programmi\NavExcel Search Toolbar
H:\Programmi\NavExcel

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32



Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà e prova a reinstallare subito l'antivirus.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Rootkit coriaceo

Messaggioda suntleone » lun gen 21, 2008 9:30 pm

Crazy cat, grazie per l'attenzione.
Dunque ho eseguito lo script con avenger dopo aver riavviato disabilitando il ripristino di sistema.
allego il report, ma considera che l'installazione di kaspersky è ancora negata( errore 1304).--------------------------<>>>
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bydpodov

*******************

Script file located at: \??\H:\bkcdcfh^.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at H:\Avenger

*******************

Beginning to process script file:



Could not open file C:\WINDOWS\system32\drivers\hidr.exe for deletion
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc000003a



Could not open file C:\WINDOWS\system32\drivers\srosa.sys for deletion
Deletion of file C:\WINDOWS\system32\drivers\srosa.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\srosa.sys
Status: 0xc000003a



Could not open file C:\WINDOWS\system32\wintems.exe for deletion
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc000003a



Could not open file C:\WINDOWS\system32\hldrrr.exe for deletion
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc000003a



Could not open file C:\WINDOWS\system32\trusted.exe for deletion
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc000003a



Could not open file C:\WINDOWS\system32\drivers\pci32.sys for deletion
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc000003a



Could not open file C:\windows\system32\drivers\hldrrr.exe for deletion
Deletion of file C:\windows\system32\drivers\hldrrr.exe failed!

Could not process line:
C:\windows\system32\drivers\hldrrr.exe
Status: 0xc000003a



Could not open file C:\WINDOWS\system32\drivers\hldrrr.ex_ for deletion
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc000003a



Could not open file C:\WINDOWS\system32\mdelk.exe for deletion
Deletion of file C:\WINDOWS\system32\mdelk.exe failed!

Could not process line:
C:\WINDOWS\system32\mdelk.exe
Status: 0xc000003a



Could not open file C:\Knight.exe for deletion
Deletion of file C:\Knight.exe failed!

Could not process line:
C:\Knight.exe
Status: 0xc000003a



Could not open file E:\incoming 06-07\Incoming\masterizzare\Copytodvd v4.0.0.38b Winall Incl Crack-Te.rar for deletion
Deletion of file E:\incoming 06-07\Incoming\masterizzare\Copytodvd v4.0.0.38b Winall Incl Crack-Te.rar failed!

Could not process line:
E:\incoming 06-07\Incoming\masterizzare\Copytodvd v4.0.0.38b Winall Incl Crack-Te.rar
Status: 0xc000003a

File H:\Documents and Settings\enrico\Desktop\burn4free_setup.exe deleted successfully.
File H:\Documents and Settings\enrico\Desktop\disegno\AGRSMMSG.exe deleted successfully.
File H:\Documents and Settings\enrico\Desktop\disegno\Any DWG to PDF Converter 2008.zip deleted successfully.
File H:\Documents and Settings\enrico\Desktop\disegno\Power Render 6.zip deleted successfully.
File H:\Documents and Settings\enrico\Desktop\ISOBurn 1.0.10.0.exe deleted successfully.
File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\2123AXKT\b64_2[1].jpg deleted successfully.
File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\2123AXKT\b64_3[1].jpg deleted successfully.
File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\2123AXKT\b64_3[2].jpg deleted successfully.
File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_1[1].jpg deleted successfully.
File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_2[1].jpg deleted successfully.
File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_2[2].jpg deleted successfully.
File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\p0[1].dat deleted successfully.
File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\4FQZ49G3\b64_1[1].jpg deleted successfully.
File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\4FQZ49G3\b64_3[1].jpg deleted successfully.
File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\4FQZ49G3\b64_3[2].jpg deleted successfully.
File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\IDERMLIR\b64_3[1].jpg deleted successfully.
File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\IDERMLIR\b64_3[2].jpg deleted successfully.
File H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe deleted successfully.
File H:\WINDOWS\Knight.exe deleted successfully.
File H:\WINDOWS\nxstinst.exe deleted successfully.
File H:\WINDOWS\remover.dll deleted successfully.
File H:\WINDOWS\soundlib.exe deleted successfully.
File H:\WINDOWS\system32\WebMon.dll deleted successfully.
File H:\WINDOWS\system32\WebMons.dll deleted successfully.


Folder H:\WINDOWS\exefnd not found!
Deletion of folder H:\WINDOWS\exefnd failed!

Could not process line:
H:\WINDOWS\exefnd
Status: 0xc0000034



Folder H:\WINDOWS\exefld not found!
Deletion of folder H:\WINDOWS\exefld failed!

Could not process line:
H:\WINDOWS\exefld
Status: 0xc0000034

Folder H:\WINDOWS\system32\drivers\down deleted successfully.
Folder H:\Programmi\NavExcel Search Toolbar deleted successfully.
Folder H:\Programmi\NavExcel deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


Ancora grazie
A presto
Avatar utente
suntleone
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: mer gen 09, 2008 9:55 pm

Messaggioda ste_95 » lun gen 21, 2008 9:32 pm

Riprova con lo script, perché non tutto è andato a buon fine.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

rootkit coriaceo2

Messaggioda suntleone » lun gen 21, 2008 10:02 pm

Sembra tutto così difficile!
[cry+]
Allora mi sono accorto anch'io che qualcosa sia andato storto!
Ho per questo rilanciato lo script.
ma ho notato(forse non centra nulla oppure è normale) che il flag sulla casella del disattiva ripristino sistema pur rispondendo si a tutte le esortazioni a non farlo non la ritrovo ne nella medesima sessione e neanche dopo aver riavviato. [8D] ..........................................................................................
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qckyholy

*******************

Script file located at: \??\H:\dxtqcewi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at H:\Avenger

*******************

Beginning to process script file:



Could not open file C:\WINDOWS\system32\drivers\hidr.exe for deletion
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc000003a



Could not open file C:\WINDOWS\system32\drivers\srosa.sys for deletion
Deletion of file C:\WINDOWS\system32\drivers\srosa.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\srosa.sys
Status: 0xc000003a



Could not open file C:\WINDOWS\system32\wintems.exe for deletion
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc000003a



Could not open file C:\WINDOWS\system32\hldrrr.exe for deletion
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc000003a



Could not open file C:\WINDOWS\system32\trusted.exe for deletion
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc000003a



Could not open file C:\WINDOWS\system32\drivers\pci32.sys for deletion
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc000003a



Could not open file C:\windows\system32\drivers\hldrrr.exe for deletion
Deletion of file C:\windows\system32\drivers\hldrrr.exe failed!

Could not process line:
C:\windows\system32\drivers\hldrrr.exe
Status: 0xc000003a



Could not open file C:\WINDOWS\system32\drivers\hldrrr.ex_ for deletion
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc000003a



Could not open file C:\WINDOWS\system32\mdelk.exe for deletion
Deletion of file C:\WINDOWS\system32\mdelk.exe failed!

Could not process line:
C:\WINDOWS\system32\mdelk.exe
Status: 0xc000003a



Could not open file C:\Knight.exe for deletion
Deletion of file C:\Knight.exe failed!

Could not process line:
C:\Knight.exe
Status: 0xc000003a



Could not open file E:\incoming 06-07\Incoming\masterizzare\Copytodvd v4.0.0.38b Winall Incl Crack-Te.rar for deletion
Deletion of file E:\incoming 06-07\Incoming\masterizzare\Copytodvd v4.0.0.38b Winall Incl Crack-Te.rar failed!

Could not process line:
E:\incoming 06-07\Incoming\masterizzare\Copytodvd v4.0.0.38b Winall Incl Crack-Te.rar
Status: 0xc000003a



File H:\Documents and Settings\enrico\Desktop\burn4free_setup.exe not found!
Deletion of file H:\Documents and Settings\enrico\Desktop\burn4free_setup.exe failed!

Could not process line:
H:\Documents and Settings\enrico\Desktop\burn4free_setup.exe
Status: 0xc0000034



File H:\Documents and Settings\enrico\Desktop\disegno\AGRSMMSG.exe not found!
Deletion of file H:\Documents and Settings\enrico\Desktop\disegno\AGRSMMSG.exe failed!

Could not process line:
H:\Documents and Settings\enrico\Desktop\disegno\AGRSMMSG.exe
Status: 0xc0000034



File H:\Documents and Settings\enrico\Desktop\disegno\Any DWG to PDF Converter 2008.zip not found!
Deletion of file H:\Documents and Settings\enrico\Desktop\disegno\Any DWG to PDF Converter 2008.zip failed!

Could not process line:
H:\Documents and Settings\enrico\Desktop\disegno\Any DWG to PDF Converter 2008.zip
Status: 0xc0000034



File H:\Documents and Settings\enrico\Desktop\disegno\Power Render 6.zip not found!
Deletion of file H:\Documents and Settings\enrico\Desktop\disegno\Power Render 6.zip failed!

Could not process line:
H:\Documents and Settings\enrico\Desktop\disegno\Power Render 6.zip
Status: 0xc0000034



File H:\Documents and Settings\enrico\Desktop\ISOBurn 1.0.10.0.exe not found!
Deletion of file H:\Documents and Settings\enrico\Desktop\ISOBurn 1.0.10.0.exe failed!

Could not process line:
H:\Documents and Settings\enrico\Desktop\ISOBurn 1.0.10.0.exe
Status: 0xc0000034



File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\2123AXKT\b64_2[1].jpg not found!
Deletion of file H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\2123AXKT\b64_2[1].jpg failed!

Could not process line:
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\2123AXKT\b64_2[1].jpg
Status: 0xc0000034

File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\2123AXKT\b64_3[1].jpg deleted successfully.


File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\2123AXKT\b64_3[2].jpg not found!
Deletion of file H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\2123AXKT\b64_3[2].jpg failed!

Could not process line:
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\2123AXKT\b64_3[2].jpg
Status: 0xc0000034



File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_1[1].jpg not found!
Deletion of file H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_1[1].jpg failed!

Could not process line:
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_1[1].jpg
Status: 0xc0000034



File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_2[1].jpg not found!
Deletion of file H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_2[1].jpg failed!

Could not process line:
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_2[1].jpg
Status: 0xc0000034



File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_2[2].jpg not found!
Deletion of file H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_2[2].jpg failed!

Could not process line:
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\b64_2[2].jpg
Status: 0xc0000034



File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\p0[1].dat not found!
Deletion of file H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\p0[1].dat failed!

Could not process line:
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\27OT0VWV\p0[1].dat
Status: 0xc0000034

File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\4FQZ49G3\b64_1[1].jpg deleted successfully.


File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\4FQZ49G3\b64_3[1].jpg not found!
Deletion of file H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\4FQZ49G3\b64_3[1].jpg failed!

Could not process line:
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\4FQZ49G3\b64_3[1].jpg
Status: 0xc0000034



File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\4FQZ49G3\b64_3[2].jpg not found!
Deletion of file H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\4FQZ49G3\b64_3[2].jpg failed!

Could not process line:
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\4FQZ49G3\b64_3[2].jpg
Status: 0xc0000034

File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\IDERMLIR\b64_3[1].jpg deleted successfully.


File H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\IDERMLIR\b64_3[2].jpg not found!
Deletion of file H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\IDERMLIR\b64_3[2].jpg failed!

Could not process line:
H:\Documents and Settings\enrico\Impostazioni locali\Temporary Internet Files\Content.IE5\IDERMLIR\b64_3[2].jpg
Status: 0xc0000034



File H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe not found!
Deletion of file H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe failed!

Could not process line:
H:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
Status: 0xc0000034



File H:\WINDOWS\Knight.exe not found!
Deletion of file H:\WINDOWS\Knight.exe failed!

Could not process line:
H:\WINDOWS\Knight.exe
Status: 0xc0000034



File H:\WINDOWS\nxstinst.exe not found!
Deletion of file H:\WINDOWS\nxstinst.exe failed!

Could not process line:
H:\WINDOWS\nxstinst.exe
Status: 0xc0000034



File H:\WINDOWS\remover.dll not found!
Deletion of file H:\WINDOWS\remover.dll failed!

Could not process line:
H:\WINDOWS\remover.dll
Status: 0xc0000034



File H:\WINDOWS\soundlib.exe not found!
Deletion of file H:\WINDOWS\soundlib.exe failed!

Could not process line:
H:\WINDOWS\soundlib.exe
Status: 0xc0000034



File H:\WINDOWS\system32\WebMon.dll not found!
Deletion of file H:\WINDOWS\system32\WebMon.dll failed!

Could not process line:
H:\WINDOWS\system32\WebMon.dll
Status: 0xc0000034



File H:\WINDOWS\system32\WebMons.dll not found!
Deletion of file H:\WINDOWS\system32\WebMons.dll failed!

Could not process line:
H:\WINDOWS\system32\WebMons.dll
Status: 0xc0000034



Folder H:\WINDOWS\exefnd not found!
Deletion of folder H:\WINDOWS\exefnd failed!

Could not process line:
H:\WINDOWS\exefnd
Status: 0xc0000034



Folder H:\WINDOWS\exefld not found!
Deletion of folder H:\WINDOWS\exefld failed!

Could not process line:
H:\WINDOWS\exefld
Status: 0xc0000034

Folder H:\WINDOWS\system32\drivers\down deleted successfully.


Folder H:\Programmi\NavExcel Search Toolbar not found!
Deletion of folder H:\Programmi\NavExcel Search Toolbar failed!

Could not process line:
H:\Programmi\NavExcel Search Toolbar
Status: 0xc0000034



Folder H:\Programmi\NavExcel not found!
Deletion of folder H:\Programmi\NavExcel failed!

Could not process line:
H:\Programmi\NavExcel
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
---------------------------------------------------------------
Kaspersky non si installa(errore 1304),
Grazie ancora comunque a tutti
Avatar utente
suntleone
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: mer gen 09, 2008 9:55 pm

Messaggioda Guya » mar gen 22, 2008 12:27 am

Per poter rimuovere il ripristino conf. di sistema,
io solitamente avvio il pc con Erd Commander 2007.

Questo da la possibilità di rimuovere file dai dischi, senza caricare widows.
Visualizza anche il file di registro e ne fa modificare le chiavi.

Permette di entrare nelle cartelle "System Volume Information"
(dove risiedono i file di ripristino) e cancellarne il contenuto.


Mi ha risolto molti problemi e recuperatyo sempre il sistema.
Avatar utente
Guya
Aficionado
Aficionado
 
Messaggi: 140
Iscritto il: mar ott 07, 2003 1:50 pm
Località: Lombardia

Messaggioda ste_95 » mar gen 22, 2008 7:08 am

Lo script non è comunque andato a buon fine. Apri GMER, portati nella sezione rootkit e killa i processi inerenti al Trojan. Quindi portati nella scheda processes e fai lo stesso.
Disabilita il ripristino configurazione di sistema e riprova con Avenger.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

rootkit arduo, too it!

Messaggioda suntleone » mar gen 22, 2008 9:03 pm

Ciao STE -95
Ho eseguito tutte le tue istruzioni ma senza successo.
sono allo stess punto di partenza. [cry+]
Ho deciso [devil] formatto!
Grazie ancora
A presto [V]
Avatar utente
suntleone
Neo Iscritto
Neo Iscritto
 
Messaggi: 16
Iscritto il: mer gen 09, 2008 9:55 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising