Home News Guide Hardware Download Forum Glossario

Condividi:        

Altra rogna per Luke 57

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

Altra rogna per Luke 57

Postdi milan » 22/02/08 18:56

Caro Luke non so se ti ricordi, ma in passato ti ho fatto penare per quei 10 virus che si erano annidiati nel mio pc.
Mi sa che uno si sia nascosto molto bene ed ora e' saltato fuori.
Premetto che ho seguito i consigli del post di Piercing riguardo la cura delle scansioni e aggiornamenti del Norton e ad-aware evidentemente non tutto questo non e' stato sufficente.
Ti posto il report del Kaspersky (1 virus 10 infezioni) se vuoi gentilmente dargli un'occhiata, poi ho gia' pronto avenger nell'eventualita' tu avessi gli script adatti per il mio caso.
Ti ringrazio anticipatamente per l'eventuale aiuto possibile.

H:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Works\Portfolio\Insieme1.wsb Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\Common Client\settings.dat Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\LiveUpdate\2008-02-22_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\LiveUpdate\Log.LiveUpdate Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBConfig.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBDebug.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBDetect.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBNotify.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBRefr.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBSetDev.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBStHash.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBValid.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\SPPolicy.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\SPStart.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\SPStop.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SRTSP\SrtETmp\F4631F89.TMP Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

H:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped

H:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

H:\Documents and Settings\Campi\Cookies\index.dat Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Cronologia\History.IE5\MSHist012008022220080223\index.dat Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Dati applicazioni\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\20exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\21exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\26exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\34exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\35exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\39exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\49exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\51exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\54exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\57exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\59exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\65exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\68exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\71exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\77exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\79exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\86exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\93exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\97exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\9exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\~DF7251.tmp Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\~DF726A.tmp Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

H:\Documents and Settings\Campi\NTUSER.DAT Object is locked skipped

H:\Documents and Settings\Campi\ntuser.dat.LOG Object is locked skipped

H:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

H:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

H:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

H:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

H:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

H:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

H:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

H:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

H:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

H:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

H:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

H:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

H:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

H:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\NFWEVT.LOG Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\SNDALRT.log Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\SNDCON.log Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\SNDDBG.log Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\SNDFW.log Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\SNDIDS.log Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\SNDSYS.log Object is locked skipped

H:\Programmi\Norton AntiVirus\AVApp.log Object is locked skipped

H:\Programmi\Norton AntiVirus\AVError.log Object is locked skipped

H:\Programmi\Norton AntiVirus\AVVirus.log Object is locked skipped

H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

H:\System Volume Information\_restore{36CDCF7F-B98F-4F56-8BFC-780058BDA502}\RP19\change.log Object is locked skipped

H:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

H:\WINDOWS\SchedLgU.Txt Object is locked skipped

H:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

H:\WINDOWS\Sti_Trace.log Object is locked skipped

H:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

H:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

H:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

H:\WINDOWS\system32\config\default Object is locked skipped

H:\WINDOWS\system32\config\default.LOG Object is locked skipped

H:\WINDOWS\system32\config\Internet.evt Object is locked skipped

H:\WINDOWS\system32\config\Paramete.evt Object is locked skipped

H:\WINDOWS\system32\config\SAM Object is locked skipped

H:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

H:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

H:\WINDOWS\system32\config\SECURITY Object is locked skipped

H:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

H:\WINDOWS\system32\config\software Object is locked skipped

H:\WINDOWS\system32\config\software.LOG Object is locked skipped

H:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

H:\WINDOWS\system32\config\system Object is locked skipped

H:\WINDOWS\system32\config\system.LOG Object is locked skipped

H:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

H:\WINDOWS\system32\h323log.txt Object is locked skipped

H:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

H:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

H:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

H:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

H:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

H:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

H:\WINDOWS\wiadebug.log Object is locked skipped

H:\WINDOWS\wiaservc.log Object is locked skipped

H:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed
milan
Utente Junior
 
Post: 44
Iscritto il: 23/01/08 19:24
Top
Sponsor
 

Re: Altra rogna per Luke 57

Postdi Luke57 » 22/02/08 19:22

Ciao, sembrano infetti solamente i file temporanei, scarica questi programmi,

Ccleaner http://www.pc-facile.com/download/pulizia/ccleaner/
(cerca l'ultima versione)
ATF Cleaner http://www.atribune.org/ccount/click.php?id=1

2) Installa Ccleaner (deseleziona l'opzione per installare la barra di yahoo, se non la vuoi), avvialo, premi opzioni>avanzate, togli la spunta a "elimine file temp di windows solo se più vecchi di 48 ore", seleziona "Analizza" e poi clicca su "Avvia cleaner".

3) Avvia ATF Cleaner, seleziona "Select all" e poi premi "Empty selected". Aspetta il messaggio "done cleaning"!
Ripeti la stessa operazione per le schede Firefox ed Opera (se li hai).
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top

Re: Altra rogna per Luke 57

Postdi milan » 22/02/08 23:15

Grazie Luke 57 effettivamente controllando il report ho avuto la sensazione anch'io che vi siano solo le 20 infezioni, il fatto e' che la scansione Kaspersky mi segnala anche un virus.
Mentre sto scrivendo questa risposta ho il pc che si mangia le parole e questo mi da la sensazione che il virus sia ancora presente, e soprattutto sia bello tosto e camaleontico.
Appena finisco la nuova scansione ti posto dinuovo il report.
Tante grazie.
milan
Utente Junior
 
Post: 44
Iscritto il: 23/01/08 19:24
Top

Re: Altra rogna per Luke 57

Postdi milan » 23/02/08 11:31

Ecco il report dell'altra scansione

Total number of scanned objects 63149
Number of viruses found 1
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 01:32:16

Infected Object Name Virus Name Last Action
H:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Works\Portfolio\Insieme1.wsb Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\Common Client\settings.dat Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\LiveUpdate\2008-02-23_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBConfig.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBDebug.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBDetect.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBNotify.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBRefr.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBSetDev.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBStHash.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\BBValid.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\SPPolicy.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\SPStart.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SPBBC\SPStop.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SRTSP\SrtETmp\083D50BD.TMP Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SRTSP\SrtETmp\41EAF7C5.TMP Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

H:\Documents and Settings\All Users\Dati applicazioni\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

H:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped

H:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

H:\Documents and Settings\Campi\Cookies\index.dat Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Cronologia\History.IE5\MSHist012008022320080224\index.dat Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Dati applicazioni\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\41exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\52exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\6exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\70exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\75exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\86exhmrgas5.exe Infected: Trojan.Win32.Zapchast.es skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\~DFF12B.tmp Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temp\~DFF144.tmp Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

H:\Documents and Settings\Campi\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

H:\Documents and Settings\Campi\NTUSER.DAT Object is locked skipped

H:\Documents and Settings\Campi\ntuser.dat.LOG Object is locked skipped

H:\Documents and Settings\Campi\UserData\index.dat Object is locked skipped

H:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

H:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

H:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

H:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

H:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

H:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

H:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

H:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

H:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

H:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

H:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

H:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

H:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

H:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\NFWEVT.LOG Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\SNDALRT.log Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\SNDCON.log Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\SNDDBG.log Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\SNDFW.log Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\SNDIDS.log Object is locked skipped

H:\Programmi\File comuni\Symantec Shared\SNDSYS.log Object is locked skipped

H:\Programmi\Norton AntiVirus\AVApp.log Object is locked skipped

H:\Programmi\Norton AntiVirus\AVError.log Object is locked skipped

H:\Programmi\Norton AntiVirus\AVVirus.log Object is locked skipped

H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

H:\System Volume Information\_restore{36CDCF7F-B98F-4F56-8BFC-780058BDA502}\RP20\change.log Object is locked skipped

H:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

H:\WINDOWS\SchedLgU.Txt Object is locked skipped

H:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped

H:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped

H:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped

H:\WINDOWS\SoftwareDistribution\EventCache\{8A40F75D-000C-4298-9081-5C67822E75E8}.bin Object is locked skipped

H:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

H:\WINDOWS\Sti_Trace.log Object is locked skipped

H:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

H:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

H:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

H:\WINDOWS\system32\config\default Object is locked skipped

H:\WINDOWS\system32\config\default.LOG Object is locked skipped

H:\WINDOWS\system32\config\Internet.evt Object is locked skipped

H:\WINDOWS\system32\config\Paramete.evt Object is locked skipped

H:\WINDOWS\system32\config\SAM Object is locked skipped

H:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

H:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

H:\WINDOWS\system32\config\SECURITY Object is locked skipped

H:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

H:\WINDOWS\system32\config\software Object is locked skipped

H:\WINDOWS\system32\config\software.LOG Object is locked skipped

H:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

H:\WINDOWS\system32\config\system Object is locked skipped

H:\WINDOWS\system32\config\system.LOG Object is locked skipped

H:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

H:\WINDOWS\system32\h323log.txt Object is locked skipped

H:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

H:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

H:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

H:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

H:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

H:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

H:\WINDOWS\wiadebug.log Object is locked skipped

H:\WINDOWS\wiaservc.log Object is locked skipped

H:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
milan
Utente Junior
 
Post: 44
Iscritto il: 23/01/08 19:24
Top

Re: Altra rogna per Luke 57

Postdi milan » 24/02/08 02:14

Luke57 ha scritto:Ciao, sembrano infetti solamente i file temporanei, scarica questi programmi,

Ccleaner http://www.pc-facile.com/download/pulizia/ccleaner/
(cerca l'ultima versione)
ATF Cleaner http://www.atribune.org/ccount/click.php?id=1

2) Installa Ccleaner (deseleziona l'opzione per installare la barra di yahoo, se non la vuoi), avvialo, premi opzioni>avanzate, togli la spunta a "elimine file temp di windows solo se più vecchi di 48 ore", seleziona "Analizza" e poi clicca su "Avvia cleaner".

3) Avvia ATF Cleaner, seleziona "Select all" e poi premi "Empty selected". Aspetta il messaggio "done cleaning"!
Ripeti la stessa operazione per le schede Firefox ed Opera (se li hai).

Questo e' il trojan che non sono riuscito a rimuovere, che faccio?
Hkey-local.machine\softwa...ersion\run\devenv H:windows\system\smvss.exe
milan
Utente Junior
 
Post: 44
Iscritto il: 23/01/08 19:24
Top

Re: Altra rogna per Luke 57

Postdi Luke57 » 24/02/08 10:33

Ciao, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte seguenti:

files to delete:
H:windows\system\smvss.exe

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | devenv


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi ok e poi yes.
Il pc dovrebbe riavviarsi da solo, se così non fosse riavvialo manualmente.
Allega poi il log generato da avenger, lo trovi in C:\avenger.txt è un file di testo.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top

Re: Altra rogna per Luke 57

Postdi milan » 24/02/08 11:27

Grazie Luke, ho seguito alla lettera la tua solita procedura molto efficace, questa volta non ho trovato il file che avevo postato, probabilmente nelle scansioni con alcuni programmi di disinfezione l'ho eliminato senza accorgermene.
Comunque mi sono reso conto che il mio Norton non e' un antivirus molto efficace, perche' non sempre mi rileva quello che altri fanno.
Sarei orientato ad acquistare il Kaspersky con il quale ho l'impressione di sentirmi piu' protetto.
Tu cosa ne pensi?
milan
Utente Junior
 
Post: 44
Iscritto il: 23/01/08 19:24
Top
Rispondi al post

Torna a Sicurezza e Privacy


Topic correlati a "Altra rogna per Luke 57":

Inserimento valore di una cella in testo di altra cella
Autore: Ricky0185 		Forum: Applicazioni Office Windows
Risposte: 7
Pixabay: Tasto dx/Apri immagine in un'altra scheda
Autore: franco11 		Forum: Software Windows
Risposte: 7
Ordinare 2° colonna, collegata ad un' altra gia' ordinata.
Autore: nelson1331 		Forum: Applicazioni Office Windows
Risposte: 6
Inibire attivazione macro se altra/e macro non eseguita/e
Autore: Ricky0185 		Forum: Applicazioni Office Windows
Risposte: 3
Trasferire Programmi da una Minisd ad un'altra
Autore: ik8ozv 		Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 41 ospiti