|
|
Rank: AiutAmico
Iscritto dal : 3/13/2009
Posts: 47
|
Buon giorno a tutti
Su suggerimento dell'utente lumauro vengo ad esporvi il problema che mi fa incaxxare da questa mattina!!
Ieri ho installato nel pc il programma ashampo con il pensiero di poter elimare l'apertura di nuove schede con all'interno pubblicità che mi si aprono di continuo su firefox( già installati avevo avast, attivo all'avvio e ad aware,spybot e ccleaner che faccio girare una volta ogni 1o/15 giorni).
Lancio il programma, tutto ok... anche se non i risolve il problema lo lascio stare, dico magari mi puo' bloccare altre porcherie.
stamattina quando accendo il pc mi dice che un'altro programma diverso da avast vuole partire all'avvio al suo posto, io naturalemente clikko su no e vado avanti epr la mia strada.
Mi accorgo epro che l'icona di avast era sparita dalla try in basso cosi decido di rilanciarlo per farlo ripartire.
NIENTE non parte piu' nessun tipo di programma che possa eliminare virus antivirus rootkit hijackthis ecc ecc
mi esce un errore che mi avverte che questi programmi non sono un'applicazione di Win32 valida.
L'unica cosa che sono riuscito a fare è la scansione online tramite panda e quasto è il risultato :
;***************************************************************************************************************************************
ANALYSIS: 2009-03-13 11:27:38
PROTECTIONS: 0
MALWARE: 15
SUSPECTS: 3
;**************************************************************************************************************************************
Description Version Active Updated
;========================================================================================================
;========================================================================================================
Id Description Type Active Severity Disinfectable Disinfected Location
;========================================================================================================
00132447 adware program Adware No 0 Yes No c:\windows\ss3unstl.exe
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\utente\Cookies\utente@toplist[1].txt
00452892 Java/OpenConnection Virus/Trojan No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\Sun\Java\Deployment\cache\6.0\8\44bb3bc8-3c9f78bb[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\Sun\Java\Deployment\cache\6.0\44\1765956c-4e2afe92[javajava/Java.class]
00452892 Java/OpenConnection Virus/Trojan No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\Sun\Java\Deployment\cache\6.0\24\4a22c818-65173156[javajava/Java.class]
00452915 W32/Bagle.TO.worm Virus/Worm No 1 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\252343.exe
00452915 W32/Bagle.TO.worm Virus/Worm No 1 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\250828.exe
00452915 W32/Bagle.TO.worm Virus/Worm No 1 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\3WC8TN3X\b64_2[1].jpg
00452915 W32/Bagle.TO.worm Virus/Worm No 1 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\HJLQTRYH\b64_2[1].jpg
00452915 W32/Bagle.TO.worm Virus/Worm No 1 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\229734.exe
00452915 W32/Bagle.TO.worm Virus/Worm No 1 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\XVJLDLUK\b64_2[1].jpg
00452915 W32/Bagle.TO.worm Virus/Worm No 1 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\VLCVGNE9\b64_2[2].jpg
00452915 W32/Bagle.TO.worm Virus/Worm No 1 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\VLCVGNE9\b64_2[1].jpg
00452915 W32/Bagle.TO.worm Virus/Worm No 1 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\246578.exe
00452915 W32/Bagle.TO.worm Virus/Worm Yes 2 Yes No C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\224750.exe
00459277 W32/Bagle.RC.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040297.sys
00459277 W32/Bagle.RC.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040086.sys
00459277 W32/Bagle.RC.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0039954.sys
00459277 W32/Bagle.RC.worm Virus/Worm Yes 1 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\srosa2.sys
00459277 W32/Bagle.RC.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040101.sys
00459277 W32/Bagle.RC.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040335.sys
00459277 W32/Bagle.RC.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040356.sys
00583014 Trj/LdPinch.AUE Virus/Trojan No 0 Yes No C:\WINDOWS\system32\drivers\down\188468.exe
01166329 Hacktool/MailBomber.F HackTools No 0 Yes No C:\Documents and Settings\responsabile\Desktop\documenti M\DISEGNI AUTOCAD\aaa\turbine\Turbine_Setup.EXE
02114523 Trj/Alanchum.MV Virus/Trojan No 0 Yes Yes C:\KD\keygen.exe
02388619 Application/Webmediaplayer HackTools No 0 Yes No C:\QooBox\Quarantine\C\Programmi\WebMediaPlayer\WebMediaPlayer.exe.vir
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\399515.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\398765.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\361515.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\m\flec006.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\3WC8TN3X\b64[1].jpg
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\3WC8TN3X\b64[2].jpg
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\262812.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\3WC8TN3X\b64_3[1].jpg
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\3WC8TN3X\b64_3[2].jpg
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\260218.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\HJLQTRYH\b64[2].jpg
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\254546.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\HJLQTRYH\b64_3[1].jpg
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\HJLQTRYH\b64_3[2].jpg
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\HJLQTRYH\b64_3[3].jpg
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\VLCVGNE9\b64[1].jpg
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\245406.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\WINDOWS\system32\mdelk.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\VLCVGNE9\b64_3[1].jpg
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\XVJLDLUK\b64[1].jpg
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\237546.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\XVJLDLUK\b64_3[1].jpg
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\XVJLDLUK\b64_3[2].jpg
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\135687.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\50144046.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040366.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040365.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\111906.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040344.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040343.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040342.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\110859.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040305.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040304.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040303.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\108906.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040132.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040131.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\240140.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040129.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\411421.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\downld\108234.exe
02898934 W32/Bagle.RP.worm Virus/Worm Yes 1 Yes Yes C:\WINDOWS\system32\wintems.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0039968.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\HJLQTRYH\b64[1].jpg
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040088.exe
02898935 W32/Bagle.RC.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040087.sys
02898935 W32/Bagle.RC.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0039955.sys
02898935 W32/Bagle.RC.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040102.sys
02898935 W32/Bagle.RC.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040336.sys
02898935 W32/Bagle.RC.worm Virus/Worm No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\wfsintwq.sys
02898935 W32/Bagle.RC.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040357.sys
02898935 W32/Bagle.RC.worm Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{FD94A837-E8C9-4AAE-8F6F-6EA6E3898508}\RP231\A0040298.sys
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\Programmi\eMule\Incoming\Secret Of The Seven Scrolls 1.0.zip[install_patch.exe]
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Dati applicazioni\wuuqm.exe
03074964 Trj/CI.A Virus/Trojan Yes 0 Yes No C:\Documents and Settings\responsabile\Dati applicazioni\drivers\winupgro.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\Documents and Settings\responsabile\Desktop\secret\install_patch.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\Documents and Settings\responsabile\Dati applicazioni\drivers\winupgro.exe
04881853 Trj/Mitglieder.LZ Virus/Trojan No 1 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\HJLQTRYH\b64_1[2].jpg
04881853 Trj/Mitglieder.LZ Virus/Trojan No 1 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\3WC8TN3X\b64_1[2].jpg
04881853 Trj/Mitglieder.LZ Virus/Trojan No 1 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\3WC8TN3X\b64_1[1].jpg
04881853 Trj/Mitglieder.LZ Virus/Trojan No 1 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\VLCVGNE9\b64_1[1].jpg
04881853 Trj/Mitglieder.LZ Virus/Trojan No 1 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\XVJLDLUK\b64_1[1].jpg
04881853 Trj/Mitglieder.LZ Virus/Trojan No 1 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\HJLQTRYH\b64_1[1].jpg
04886185 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\drivers\down\251406.exe
04889695 Trj/Mitglieder.LZ Virus/Trojan No 1 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\XVJLDLUK\b64_6[1].jpg
04889695 Trj/Mitglieder.LZ Virus/Trojan No 1 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\XVJLDLUK\b64_6[2].jpg
04889695 Trj/Mitglieder.LZ Virus/Trojan No 1 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\HJLQTRYH\b64_6[1].jpg
04889695 Trj/Mitglieder.LZ Virus/Trojan No 1 Yes Yes C:\Documents and Settings\responsabile\Impostazioni locali\Temporary Internet Files\Content.IE5\3WC8TN3X\b64_6[1].jpg
;================================================================================================
Sent Location M�
;================================================================================================\aswRdr.sys M�
No C:\Programmi\Alwil Software\Avast4\Setup\INF\IA64\aswSP.sys M�
No C:\Programmi\Alwil Software\Avast4\Setup\INF\IA64\aswTdi.sys M�
;=====================================================================================================
Id Severity Description M�
;======================================================================================================
;======================================================================================================
Qualche giorno cercai di installare anche avg e mi diede sempre lo stesso errore ma al momento non gli diedi peso!!
cosa poteteconsigliarmi di fare?
grazie anticipatamente
|
|
|
|
|
|
Rank: AiutAmico
Iscritto dal : 8/24/2008
Posts: 4,164
|
ciao probabilmente ti sei preso un bel bagle inutile dirti di disattivare l'antivirus scarica http://dc108.4shared.com/download/75022994/b07bff/FindyKill.exe?tsid=20090209-102651-de3379fbDoppio click sull'icona Findykill per avviare l'installazione: Inserisci la prima spunta per accettare la licenza e prosegui > Suivant Clicca su "Si" per destinare una cartella al programma Clicca su Dèmarrer > Quitter per terminare l'installazione. Cerca l'icona del programma sul desktop o in programmi ed eseguilo Dovrai usare prima il tasto 1 (invio) per la ricerca e successivamente il tanto 2 (invio) per la pulizia. Il report delle operazioni effettuate lo trovarai in C:\FindyKill.txt Allega il rapporto nella tua risposta. Durante la pulizia ci saranno dei riavvii, fa' parte della pulizia quindi e' normale Appena finito, scarica questo programmino... il download lo trovi in fondo alla pagina http://www.zonavirus.com/datos/descargas/95/elibagla.aspvai in provvisoria Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^lancia il programma e spunta '' ELIMINAR FICHEROS AUTOMATICAMENTE'' clicca su EXPLORAR per avviare la scansione quando avra' finito troverai il log in C:\InfoSat.txt. - copiali in blocco note e postalo nel forum
|
|
Rank: AiutAmico
Iscritto dal : 3/13/2009
Posts: 47
|
intato grazie mille per la risposta.  provo ad eseguire quando da te detto... ci risentiamo appena fatto
|
|
Rank: AiutAmico
Iscritto dal : 8/24/2008
Posts: 4,164
|
fai tutto con la massima calma
|
|
Rank: AiutAmico
Iscritto dal : 3/13/2009
Posts: 47
|
ho scaricato
FindyKill.exe
e dopo aver premuto il tasto 1 è partito e non cè stato bisogno di premere 2
mi ha dato subito il log
----------------- FindyKill V4.707 ------------------
* User: responsabile - MICHELE
* Executed from : C:\Programmi\FindyKill
* Update on 06/12/08 by Chiquitine29
* Start at 12:35:48 the 13/03/2009
* Windows XP - Internet Explorer 7.0.5730.11
((((((((((((((((( *** Searching *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\IncrediMail\bin\IMApp.exe
C:\Programmi\Mozilla Firefox\firefox.exe
--------------- [ Infected files / folders ] ----------------
»»»» Presence Files in C:
»»»» Presence Files in C:\WINDOWS
»»»» Presence Files in C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\108234.EXE-1A3116AE.pf
Found ! - C:\WINDOWS\prefetch\108906.EXE-059BCD4C.pf
Found ! - C:\WINDOWS\prefetch\110859.EXE-2CE8C46D.pf
Found ! - C:\WINDOWS\prefetch\111906.EXE-10C67D17.pf
Found ! - C:\WINDOWS\prefetch\135687.EXE-0BAA03DF.pf
Found ! - C:\WINDOWS\prefetch\184312.EXE-2917C787.pf
Found ! - C:\WINDOWS\prefetch\187296.EXE-12684373.pf
Found ! - C:\WINDOWS\prefetch\187453.EXE-1870A789.pf
Found ! - C:\WINDOWS\prefetch\188468.EXE-1147BD77.pf
Found ! - C:\WINDOWS\prefetch\198875.EXE-05D48EF7.pf
Found ! - C:\WINDOWS\prefetch\210578.EXE-393C48E6.pf
Found ! - C:\WINDOWS\prefetch\224750.EXE-05BC6E5A.pf
Found ! - C:\WINDOWS\prefetch\229734.EXE-04CFCB18.pf
Found ! - C:\WINDOWS\prefetch\232171.EXE-13BB900D.pf
Found ! - C:\WINDOWS\prefetch\237546.EXE-22E79452.pf
Found ! - C:\WINDOWS\prefetch\239906.EXE-1C0FFA77.pf
Found ! - C:\WINDOWS\prefetch\240140.EXE-332B6E78.pf
Found ! - C:\WINDOWS\prefetch\245406.EXE-0D5C7E51.pf
Found ! - C:\WINDOWS\prefetch\246578.EXE-1D6E6E9C.pf
Found ! - C:\WINDOWS\prefetch\250125.EXE-3B26EDED.pf
Found ! - C:\WINDOWS\prefetch\250828.EXE-360CCAA3.pf
Found ! - C:\WINDOWS\prefetch\251406.EXE-284B213B.pf
Found ! - C:\WINDOWS\prefetch\252343.EXE-0CADC9E9.pf
Found ! - C:\WINDOWS\prefetch\254546.EXE-00323408.pf
Found ! - C:\WINDOWS\prefetch\254640.EXE-0AABCCE2.pf
Found ! - C:\WINDOWS\prefetch\256171.EXE-210E8DB6.pf
Found ! - C:\WINDOWS\prefetch\260218.EXE-08487BA8.pf
Found ! - C:\WINDOWS\prefetch\262812.EXE-2274E6D1.pf
Found ! - C:\WINDOWS\prefetch\315906.EXE-3265AD7C.pf
Found ! - C:\WINDOWS\prefetch\361515.EXE-17F3BA88.pf
Found ! - C:\WINDOWS\prefetch\398765.EXE-3755FDE3.pf
Found ! - C:\WINDOWS\prefetch\399515.EXE-34CEBFBC.pf
Found ! - C:\WINDOWS\prefetch\411421.EXE-1A3956E9.pf
Found ! - C:\WINDOWS\prefetch\50144046.EXE-231362BC.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-19C5285A.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\Prefetch\INSTALL_PATCH.EXE-2FD874FF.pf
»»»» Presence Files in C:\WINDOWS\system32
Found ! [13/03/2009 09:17] - C:\WINDOWS\system32\wintems.exe
Found ! [13/03/2009 12:18] - C:\WINDOWS\system32\ban_list.txt
»»»» Presence Files in C:\WINDOWS\system32\drivers
»»»» Presence Files in C:\Documents and Settings\responsabile\Dati applicazioni
Found ! [13/03/2009 09:13] - "C:\Documents and Settings\responsabile\Dati applicazioni\m\shared"
Found ! [13/03/2009 11:27] - "C:\Documents and Settings\responsabile\Dati applicazioni\m"
»»»» Presence Files in c:\temp
»»»» Presence Files in C:\Documents and Settings\responsabile\Local Settings\Temporary Internet Files\Content.IE5
Found ! [30/06/2008 14:04] - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
--------------- [ Registry / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
MSConfig=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
--------------- [ Registry / Infected keys ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1417001333-1580818891-1343024091-1130\Software\FFC
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
--------------- [ States / Services ] ----------------
Missing key : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- boot mode not available !!
Missing key : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
- boot mode not available !!
Missing key : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
- boot mode not available !!
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
/!\ Ip6Fw - Type of startup = 4
SharedAccess - Type of startup = 3
wuauserv - Type of startup = 2
/!\ wscsvc - Type of startup = 4
--------------- [ Searching in removable drives ] ----------------
+- Informations :
C: - Unit… fissa
X: - Unit… remota/di rete
Y: - Unit… remota/di rete
+- Presence of files :
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
------------------- ! End of report ! --------------------
|
|
Rank: AiutAmico
Iscritto dal : 8/24/2008
Posts: 4,164
|
l'opzione 1 serve per la ricerca....devi usare l'opzione 2 per la pulizia- esegui anche l'altro programma con calma- ci aggiorniamo tra circa 1 ora
posta i report
|
|
Rank: AiutAmico
Iscritto dal : 3/13/2009
Posts: 47
|
perfetto...
scusami non avevo capito io...
ora riprovo
|
|
Rank: AiutAmico
Iscritto dal : 3/13/2009
Posts: 47
|
intanto mi è partito all'accensione del pc spybot dicendomi che erano in atto importanti modifiche al registo...
io ho risposto NO a tutte le modifiche...saranno state un ventina.
al momento sto riuscendo a scansionare con spybot..
vediamo che cosa mi tira fuori!
|
|
Rank: AiutAmico
Iscritto dal : 8/24/2008
Posts: 4,164
|
Commenta:al momento sto riuscendo a scansionare con spybot..
vediamo che cosa mi tira fuori! non risolvi niente se non usi i programmi che ti ho indicato
|
|
Rank: AiutAmico
Iscritto dal : 3/13/2009
Posts: 47
|
spy bot mi ha trovato il virus assieme ad altri 4....
sembra averlo corretto cmq provvedo a fare l'iter da te consigliatomi
|
|
Rank: AiutAmico
Iscritto dal : 3/13/2009
Posts: 47
|
file log di Findykill
----------------- FindyKill V4.707 ------------------
* User : responsabile - MICHELE
* executed from : C:\Programmi\FindyKill
* Update on 06/12/08 par Chiquitine29
* Start at 14:57:20 the 13/03/2009
* Windows XP - Internet Explorer 7.0.5730.11
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\userinit.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
Deleted ! - C:\WINDOWS\prefetch\108234.EXE-1A3116AE.pf
Deleted ! - C:\WINDOWS\prefetch\108906.EXE-059BCD4C.pf
Deleted ! - C:\WINDOWS\prefetch\110859.EXE-2CE8C46D.pf
Deleted ! - C:\WINDOWS\prefetch\111906.EXE-10C67D17.pf
Deleted ! - C:\WINDOWS\prefetch\135687.EXE-0BAA03DF.pf
Deleted ! - C:\WINDOWS\prefetch\184312.EXE-2917C787.pf
Deleted ! - C:\WINDOWS\prefetch\187296.EXE-12684373.pf
Deleted ! - C:\WINDOWS\prefetch\187453.EXE-1870A789.pf
Deleted ! - C:\WINDOWS\prefetch\188468.EXE-1147BD77.pf
Deleted ! - C:\WINDOWS\prefetch\198875.EXE-05D48EF7.pf
Deleted ! - C:\WINDOWS\prefetch\210578.EXE-393C48E6.pf
Deleted ! - C:\WINDOWS\prefetch\224750.EXE-05BC6E5A.pf
Deleted ! - C:\WINDOWS\prefetch\229734.EXE-04CFCB18.pf
Deleted ! - C:\WINDOWS\prefetch\232171.EXE-13BB900D.pf
Deleted ! - C:\WINDOWS\prefetch\237546.EXE-22E79452.pf
Deleted ! - C:\WINDOWS\prefetch\239906.EXE-1C0FFA77.pf
Deleted ! - C:\WINDOWS\prefetch\240140.EXE-332B6E78.pf
Deleted ! - C:\WINDOWS\prefetch\245406.EXE-0D5C7E51.pf
Deleted ! - C:\WINDOWS\prefetch\246578.EXE-1D6E6E9C.pf
Deleted ! - C:\WINDOWS\prefetch\250125.EXE-3B26EDED.pf
Deleted ! - C:\WINDOWS\prefetch\250828.EXE-360CCAA3.pf
Deleted ! - C:\WINDOWS\prefetch\251406.EXE-284B213B.pf
Deleted ! - C:\WINDOWS\prefetch\252343.EXE-0CADC9E9.pf
Deleted ! - C:\WINDOWS\prefetch\254546.EXE-00323408.pf
Deleted ! - C:\WINDOWS\prefetch\254640.EXE-0AABCCE2.pf
Deleted ! - C:\WINDOWS\prefetch\256171.EXE-210E8DB6.pf
Deleted ! - C:\WINDOWS\prefetch\260218.EXE-08487BA8.pf
Deleted ! - C:\WINDOWS\prefetch\262812.EXE-2274E6D1.pf
Deleted ! - C:\WINDOWS\prefetch\315906.EXE-3265AD7C.pf
Deleted ! - C:\WINDOWS\prefetch\361515.EXE-17F3BA88.pf
Deleted ! - C:\WINDOWS\prefetch\398765.EXE-3755FDE3.pf
Deleted ! - C:\WINDOWS\prefetch\399515.EXE-34CEBFBC.pf
Deleted ! - C:\WINDOWS\prefetch\411421.EXE-1A3956E9.pf
Deleted ! - C:\WINDOWS\prefetch\50144046.EXE-231362BC.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-19C5285A.pf
Deleted ! - C:\WINDOWS\prefetch\INSTALL_PATCH.EXE-2FD874FF.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
»»»» Supression files in C:\WINDOWS\system32
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt
»»»» Supression files in C:\WINDOWS\system32\drivers
»»»» Supression files in C:\Documents and Settings\responsabile\Dati applicazioni
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\24 Hour Time Calculator 1.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Active WebMenu 2.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\ActiveClick 2.0e.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\AllyNova Tree Menu 2.3.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\AVG.anti.spywear.7.5.0.50.+.crak.keygen.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Batch File Modifier 2.3.3024.22810.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Battlefield Vietnam Scrapyard Map.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\BlackMagic Pro Edition 2.84 Key+Serial.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Carnivores Ice Age 1.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Catfood WebCamSaver 2.02.0008.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\CDview 3.5 Cracked.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\CRE Loaded Manager 2.1.2 Build 255 (Key+Serial).zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Digg Digger 1.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Easy Index Generator 3.0.1.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\F-117 Nighthawk Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Fax4Word 1.1.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Fox PSP Video Converter 7.9.4.3.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\FPAPal 1.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Gpredict 0.4.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Halo Combat Evolved Wartorn Cove map.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Heretic II updated demo (full version) 1.06.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\HexDiff 3.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\i-Sound WMA MP3 Recorder Professional 6.72 (Serial).zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Important E-Mail 1.1 [Cracked].zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\IsAdmin 2.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Javascript Newsflash 1.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Koala HTML 1.0.5 (Cracked).zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Licensing .Net Pro 2.5.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Magic Forest Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Magic Mail Monitor 3 2.94 b16.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\MingSoft Image To Video 1.0.1 KeyGen.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\MultiPage Control Center 1.0.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\MySQL 6.0.7 Alpha.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\M²Convert for ZEN 2.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\native radio toolbar for IE 4.5.134.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\NullWriter 1.0.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Ortus Shell Components 2.33.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\OSS MP3 to WAV Decoder 5.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\PageR Enterprise 2.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\pcSuper Scanner 1.1 Build 3.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\PDF Print Pro 1.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\PhotoFeed 1.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Plurker 0.4 Beta.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Pop-Up Menu Creator 5.2 Build 451.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\PrismaticColors Screensaver 1.0 [Serial].zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\ProjectNet Small Team Edition (STE) 2.2.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Purge 2.0.0.338.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\QPaper 1.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Quest Online 5C.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\QuickFill 0.1.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Ruler Opera Widget 1.2.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\SearchView 1.0.8 Patch.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Serials.Nod32.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\SetupDirector 1.0.2419.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Sheets 1.7 [Key].zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\SpyRemover Pro 3.05.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\System Information and Comparison 1.0.0.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\The Elder Scrolls III Morrowind G. I. A. N. T. S. Dragons mod.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\The Simpsons Nokia 128-160 s40v2 6125.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Traction Control 1.06.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Video DVD To iPhone Converter 3.2.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Village Coin 1.4 [Patch].zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\W3Notify 1.01 [Patch].czip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\W3Notify 1.01 [Patch].zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\WebCab Probability and Stat (J2SE Ed.) 3.3.zip
Deleted ! - C:\Documents and Settings\responsabile\Dati applicazioni\m\shared\Your Birthday News 3.0.zip
Deleted ! - "C:\Documents and Settings\responsabile\Dati applicazioni\m\shared"
Deleted ! - "C:\Documents and Settings\responsabile\Dati applicazioni\m"
»»»» Supression files in c:\temp
»»»» Supression files in C:\Documents and Settings\responsabile\Local Settings\Temporary Internet Files\Content.IE5
Deleted ! - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
--------------- [ States / Restarting of services ] ----------------
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Unit… fissa
X: - Unit… remota/di rete
Y: - Unit… remota/di rete
+- deleting files :
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
--------------- [ Searching Cracks / Keygen ] ----------------
C:\Documents and Settings\responsabile\Desktop\mantus\Acca Suite (Primus -Certus - Mantus - Ufficius (only crack) (Ita).exe
C:\Documents and Settings\responsabile\Desktop\mantus\Acca Suite (Primus -Certus - Mantus - Ufficius (Only Crack) (Ita).rar
C:\Documents and Settings\responsabile\Desktop\mantus\Acca Suite [Primus - Termus - Mantus-p - Certus] Crack.doc
C:\Documents and Settings\responsabile\Desktop\mantus\[APP - ITA] ACCA,ufficius,primus,mantus,certus-CRACKS(1).rar
C:\Documents and Settings\responsabile\Desktop\mantus\[APP - ITA] ACCA,ufficius,primus,mantus,certus-CRACKS.rar
C:\Documents and Settings\responsabile\Desktop\mantus\[APPL-ITA] ACCA,ufficius,primus,mantus,certus,edilus-CRACKS.rar
C:\Documents and Settings\responsabile\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\caneschiale@yahoo.it\Sharing Folders\manny_gt@yahoo.it\Suonerie\polyphone_midi_ringtones\M_Tjaikovski-Nut_Cracker.mid
C:\Documents and Settings\All Users\Dati applicazioni\IncrediMail\Data\Sound\tchaikovsky_the_nutcracker.imw
---------------- ! End of report ! ------------------
|
|
Rank: AiutAmico
Iscritto dal : 8/24/2008
Posts: 4,164
|
bene molte infezioni le ha tolte
esegui elibagla come ti ho indicato prima e posta il report
|
|
Rank: AiutAmico
Iscritto dal : 3/13/2009
Posts: 47
|
al momento sono collegato in modalità provvisoria..
dopo aver scaricato elibagla dal tuo link ho provveduto a lanciarlo...
mi fa vedere una piccola schermata iniziale dove non posso effettuare nessun tipo di spunta se non cliccare su ok...
dopo di che sparisce tutto.
|
|
Rank: AiutAmico
Iscritto dal : 3/13/2009
Posts: 47
|
come non detto..
sono riuscito a scaricare l'ultima versione ed ora è partito!!!
|
|
Rank: AiutAmico
Iscritto dal : 3/13/2009
Posts: 47
|
e questo è il log di elibagla
Fri Mar 13 15:14:40 2009
EliBagle v12.34 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Marzo del 2009)
Lista de Acciones (por Acción Directa):
C:\DOCUMENTS AND SETTINGS\RESPONSABILE\DATI APPLICAZIONI\DRIVERS\WINUPGRO.EXE --> Eliminado Bagle.dldr
Fri Mar 13 15:15:02 2009
EliBagle v12.34 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Marzo del 2009)
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%AppData%\Drivers"
Fri Mar 13 15:15:08 2009
EliBagle v12.34 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Marzo del 2009)
Lista de Acciones (por Exploración):
Explorando "C:\"
Nº Total de Directorios: 7723
Nº Total de Ficheros: 82795
Nº de Ficheros Analizados: 15995
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
|
|
Rank: Member
Iscritto dal : 12/27/2004
Posts: 19
|
La cosa che m'incuriosisce per davvero è: ma 'ndo cazz@ li trovano tutti 'sti programmi? :-D
Siete grandi, e lo dico sul serio...
|
|
Rank: AiutAmico
Iscritto dal : 8/24/2008
Posts: 4,164
|
bene e' stato eliminato un altro bagle scarica Ccleaner http://www.filehippo.com/download_ccleaner/1) per il download dell'ultima versione clicca a destra in alto sotto la freccia verde 2) installalo 3) clicca su "avvia pulizia", ripeti il procedimento 2 volte poi scarica Atfcleaner Avvia ATFCleaner.exe con un doppio click 1) seleziona la casella Select All 2) clicca sul pulsante Empty selected 3) aspetta l'avviso Done Cleaning. http://swandog46.geekstogo.com/avenger.ziplo installi e lo lanci Copi e incolli nella finestra: "Input script here" il testo in rosso così come lo vedi scritto: Files to delete:
%SystemDrive%\WINDOWS\system32\drivers\hidr.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys
%SystemDrive%\WINDOWS\system32\wintems.exe
%SystemDrive%\WINDOWS\system32\hldrrr.exe
%SystemDrive%\WINDOWS\system32\trusted.exe
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%UserProfile%\Dati applicazioni\hidires\hidr.exe
%UserProfile%\Dati applicazioni\hidires\rosa.sys
%UserProfile%\Dati applicazioni\m\list.oct
%UserProfile%\Dati applicazioni\m\data.oct
%UserProfile%\Dati applicazioni\m\flec006.exe
%UserProfile%\Dati applicazioni\m\svrlist.oct
%SystemDrive%\system32\re_file.exe
%SystemDrive%\elist.xpt
%UserProfile%\Dati applicazioni\hidires\m_hook.sys
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.ex_
%SystemDrive%\WINDOWS\system32\mdelk.exe
%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%SystemDrive%\WINDOWS\system32\edlm.exe
%SystemDrive%\WINDOWS\system32\edlm2.exe
%SystemDrive%\Windows\system32\ldR64.dll
%SystemDrive%\WINDOWS\system32\german.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys.XXX
%SystemDrive%\WINDOWS\system32\mdelk.exe.XXX
%SystemDrive%\WINDOWS\system32\wintems.exe.XXX
%SystemDrive%\WINDOWS\system32\1.exe
Folders to delete:
%SystemDrive%\WINDOWS\exefqd
%SystemDrive%\WINDOWS\exefnd
%SystemDrive%\WINDOWS\exefld
%UserProfile%\Dati applicazioni\hidires
%UserProfile%\Dati applicazioni\hidn
%UserProfile%\Dati applicazioni\m\shared
%UserProfile%\Dati applicazioni\m
%SystemDrive%\WINDOWS\System32\drivers\down
%SystemDrive%\WINDOWS\system32\drivers\downld
Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
HKLM\SYSTEM\CurrentControlSet\Services\rosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64
Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | drvsyskit
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | german.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | drv_st_key
Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
Drivers to disable:
%SystemDrive%\WINDOWS\system32\drivers\hidr.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe
%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe
Spunta "Automatically disable any rootkits found" clicca sul pulsante "Execute" Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente posta il log di avenger che trovi in c:\
|
|
Rank: Member
Iscritto dal : 12/27/2004
Posts: 19
|
Che fenomeno! Formidabile! :-D
|
|
Rank: AiutAmico
Iscritto dal : 8/24/2008
Posts: 4,164
|
che fenomeno?  sono programmi studiati appunto per l'eliminazione delle infezioni
|
|
|
Guest |
