Condividi:        

Non valido per Win32

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Re: Non valido per Win32

Postdi Luke57 » 09/03/08 15:51

Ciao, da quel sito di hosting si scarica la versione vecchia del programma quindi:
avvia avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento
Ti si apre una finestra "View/edit script"

copiaci e incollaci il mio script

Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi ok e poi yes.
Il pc dovrebbe riavviarsi da solo, se così non fosse riavvialo manualmente.
Allega poi il log generato da avenger, lo trovi in C:\avenger.txt è un file di testo.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Sponsor
 

Re: Non valido per Win32

Postdi carlox » 09/03/08 16:16

Ok...quando il pc si è riavviato è apparsa una finestra nera C:\WINDOWS\system32\cmd.exe che ha caricato tutto un fardello di cose... è normale?

Inoltre è apparso un avviso che dice: Impossibile trovare il file "C\WINDOWS\Media\csrss.exe. Verificare che il nome e il percorso del file siano corretti e ritentare. Per cercare un file fare click sul pulsante Start, quindi scegliere Trova.

é grave?

Questo è invece il log che ha generato Avenger:


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ekwnuyms

*******************

Script file located at: \??\C:\Program Files\isdfoayj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\System32\mdelk.exe deleted successfully.
File C:\Documents and Settings\nino\Documenti\Musica\emule\Jfilm\Jfilm - Script 3.exe deleted successfully.
File C:\Programmi\AskTBar\bar\1.bin\A5POPSWT.DLL deleted successfully.
File C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL deleted successfully.
File C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe deleted successfully.
File C:\Programmi\Live_TV\tbLive.dll deleted successfully.
File C:\WINDOWS\Media\csrss.exe deleted successfully.
File C:\WINDOWS\out.exe deleted successfully.


Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Folder C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5 deleted successfully.


Folder C:\Documents and Settings\nino\Dati applicazioni\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-14c13a85 ZIP not found!
Deletion of folder C:\Documents and Settings\nino\Dati applicazioni\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-14c13a85 ZIP failed!

Could not process line:
C:\Documents and Settings\nino\Dati applicazioni\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-14c13a85 ZIP
Status: 0xc0000034



Error: C:\Documents and Settings\nino\Documenti\Musica\emule\Jfilm\Jfilm - Script 3.zip is not a folder! It may instead be a file.
Deletion of folder C:\Documents and Settings\nino\Documenti\Musica\emule\Jfilm\Jfilm - Script 3.zip failed!

Could not process line:
C:\Documents and Settings\nino\Documenti\Musica\emule\Jfilm\Jfilm - Script 3.zip
Status: 0xc0000103

Folder C:\Documents and Settings\nino\Impostazioni locali\Temp deleted successfully.
Folder C:\Programmi\eMule\Temp deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.
carlox
Newbie
 
Post: 7
Iscritto il: 08/03/08 15:01

Re: Non valido per Win32

Postdi Luke57 » 09/03/08 16:32

Ciao, è andato tutto ok, ti ha eliminato i file presenti e le voci di registro immesse dal bagle. Prova a riutilizzare i programmi di sicurezza, mi sa che dovrai reistallare l'antivirus perchè, di solito, l'infezione corrompe l'eseguibile.

per sicurezza vai qui:
http://www.zonavirus.com/datos/descarga ... ibagla.asp
scarica elibagla in fondo alla pagina e fai una scansione. Viene rilasciato un report in C:\infosat.txt, semmai postane il contenuto.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Non valido per Win32

Postdi carlox » 09/03/08 16:54

Bene, davvero, non so come ringraziarti :) :) :) :) :)
Ho fatto quello che mi hai consigliato con elibagla e questo è il report

JFILM - SCRIPT 3.ZIP -> Bagle.dldr


Credo non sia nulla di grave, inoltre ho fatto una scansione con Antivir che, adesso, funziona di nuovo.

Grazie ancora
carlox
Newbie
 
Post: 7
Iscritto il: 08/03/08 15:01

Re: Non valido per Win32

Postdi carlox » 09/03/08 16:57

Scusami...

il report di elibagla:


Sun Mar 09 16:35:24 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"

Sun Mar 09 16:35:32 2008
EliBagle v11.11 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Documents and Settings\nino\Documenti\Musica\emule\Jfilm\JFILM - SCRIPT 3.ZIP --> Eliminado Bagle.dldr

Nº Total de Directorios: 6174
Nº Total de Ficheros: 67031
Nº de Ficheros Analizados: 9449
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1
carlox
Newbie
 
Post: 7
Iscritto il: 08/03/08 15:01

Re: Non valido per Win32

Postdi Luke57 » 10/03/08 08:38

Ciao, tutto ok.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Non valido per Win32

Postdi charmedangel » 16/03/08 04:14

Per la 2° volta ho ribeccato questo virus.
Mi potete dire il "codice" da usare con avenger?
Ecco il rapporto da kaspersky:

Scan Statistics
Total number of scanned objects 55284
Number of viruses found 3
Number of infected objects 7
Number of suspicious objects 0
Duration of the scan process 00:38:11

Infected Object Name Virus Name Last Action
C:\avenger\backup.zip/avenger/b64_1[1].jpg Infected: Trojan.Win32.Pakes.ciw skipped

C:\avenger\backup.zip/avenger/b64_1[1].jpg-ren-168 Infected: Trojan.Win32.Pakes.ciw skipped

C:\avenger\backup.zip/avenger/b64_2[1].jpg-ren-163 Infected: Trojan.Win32.Pakes.bwy skipped

C:\avenger\backup.zip ZIP: infected - 3 skipped

C:\Documents and Settings\-Andrea-\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\-Andrea-\Documenti\Le mie Conversazioni\marzo 2008\luciefrench@hotmail.it.html Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\anastacialin@hotmail.it\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\anastacialin@hotmail.it\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\anastacialin@hotmail.it\SharingMetadata\Working\database_D634_2489_3424_6EA5\dfsr.db Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\anastacialin@hotmail.it\SharingMetadata\Working\database_D634_2489_3424_6EA5\fsr.log Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\anastacialin@hotmail.it\SharingMetadata\Working\database_D634_2489_3424_6EA5\fsrtmp.log Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\anastacialin@hotmail.it\SharingMetadata\Working\database_D634_2489_3424_6EA5\tmp.edb Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\anastacialin@hotmail.it\real\members.stg Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\anastacialin@hotmail.it\shadow\members.stg Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Temp\~DF1BDF.tmp Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Temp\~DF1CCC.tmp Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Temp\~DF8EBD.tmp Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Temp\~DF919F.tmp Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Temp\~DFA139.tmp Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Temp\~DFA142.tmp Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\-Andrea-\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\-Andrea-\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\-Andrea-\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Programmi\eMule\Incoming\- NERO BURNING ROM 7.8.5.0 ita +Cr.(ultimissimo).rar/NERO 7.8.5.0 ita/Nero 7.8.5.0 ita.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\Programmi\eMule\Incoming\- NERO BURNING ROM 7.8.5.0 ita +Cr.(ultimissimo).rar/NERO 7.8.5.0 ita/Nero 7.8.5.0 ita.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\Programmi\eMule\Incoming\- NERO BURNING ROM 7.8.5.0 ita +Cr.(ultimissimo).rar RAR: infected - 2 skipped

C:\Programmi\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped

C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped

C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped

C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped

C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\Temp Emule\002.part Object is locked skipped

D:\Temp Emule\003.part Object is locked skipped

D:\Temp Emule\004.part Object is locked skipped

D:\Temp Emule\005.part Object is locked skipped

D:\Temp Emule\006.part Object is locked skipped

D:\Temp Emule\007.part Object is locked skipped

D:\Temp Emule\008.part Object is locked skipped

D:\Temp Emule\010.part Object is locked skipped

D:\Temp Emule\012.part Object is locked skipped

D:\Temp Emule\017.part Object is locked skipped

D:\Temp Emule\018.part Object is locked skipped

D:\Temp Emule\019.part Object is locked skipped

D:\Temp Emule\020.part Object is locked skipped

D:\Temp Emule\021.part Object is locked skipped

D:\Temp Emule\023.part Object is locked skipped

D:\Temp Emule\024.part Object is locked skipped

D:\Temp Emule\025.part Object is locked skipped

D:\Temp Emule\026.part Object is locked skipped

D:\Temp Emule\027.part Object is locked skipped

Scan process completed.
Avatar utente
charmedangel
Utente Senior
 
Post: 110
Iscritto il: 05/06/07 13:49

Re: Non valido per Win32

Postdi Luke57 » 17/03/08 09:54

Ciao, dal report non si nota il bagle, vai qui:
http://www.zonavirus.com/datos/descarga ... ibagla.asp
scarica elibagla in fondo alla pagina, fai una scansione e posta il report che troverai in C:\infosat.txt
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Non valido per Win32

Postdi Gek89 » 23/03/08 11:20

Salve ragazzi sono nuovo..
e leggendo questa sezione mi sono inbatuto nello stesso problema, io ho fatto la scansione con
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 23, 2008 10:43:50 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/03/2008
Kaspersky Anti-Virus database records: 591287
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\MAUROM~1\IMPOST~1\Temp\

Scan Statistics:
Total number of scanned objects: 21192
Number of viruses found: 2
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 02:46:12

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890859_0$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\1.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wi1.exe Infected: Trojan-Proxy.Win32.Mitglieder.gen skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

Ho utilizzato anche avanger ma senza risultati... che devo fare..??
Saluti
Grazie mille..
Gek89
Newbie
 
Post: 2
Iscritto il: 23/03/08 11:11

Re: Non valido per Win32

Postdi Gek89 » 23/03/08 14:34

Questo è il resoconto di avanger..

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mujfimau

*******************

Script file located at: \??\C:\vlsmknmd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Nn funziona però..!!
Saluti
Gek89
Newbie
 
Post: 2
Iscritto il: 23/03/08 11:11

Re: Non valido per Win32

Postdi Luke57 » 23/03/08 18:46

Ciao, la scansione va fatta su tutto il computer (my computer, non solo sulle aree critiche come hai fatto tu, poi segala solo le infezioni senza eliminarle, a quello dobbiamo pensarci dopo)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Non valido per Win32

Postdi rackbelt » 30/05/08 22:34

io ho lo stesso problema ed ho trovato dei virus con la scansione on line di kaspersky adesso ve la riporto
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\luigi\Application Data\Microsoft\Forms\RefEdit.exd Object is locked skipped
C:\Documents and Settings\luigi\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Adobe\Acrobat\6.0\AcroForm\MRUFormsList Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Adobe\Acrobat\6.0\Collab\OfflineDocs Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Adobe\Acrobat\6.0\Collab\Reviews Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Adobe\Acrobat\6.0\TMGrpPrm.sav Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Adobe\Acrobat\6.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Excel\Excel10.xlb Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Avvia il browser Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Avvia Microsoft Outlook.lnk Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Mostra Desktop.scf Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Media Player\00028439.wpl Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Modelli\Normal.dot Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Office\Excel10.pip Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Office\File recenti\1.LNK Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Office\File recenti\EUROTOOL.LNK Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Office\File recenti\index.dat Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Office\File recenti\Libreria.LNK Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Office\File recenti\Modelli.LNK Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Office\File recenti\REGISTRO INFERMIERISTICO.LNK Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Office\MSO1040.acl Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Office\MSOut10.pip Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Office\Publis10.pip Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Office\VB10.pip Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Office\Word10.pip Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Outlook\Outlook.FAV Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\luigi\Dati applicazioni\Sun\Java\Deployment\deployment.properties Object is locked skipped
C:\Documents and Settings\luigi\Desktop\Calcolatrice.lnk Object is locked skipped
C:\Documents and Settings\luigi\Desktop\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\luigi\Desktop\Recovery-Info.lnk Object is locked skipped
C:\Documents and Settings\luigi\Desktop\WordPad.lnk Object is locked skipped
C:\Documents and Settings\luigi\Documenti\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Documenti\Immagini\Desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Documenti\Immagini\Immagini campione.lnk Object is locked skipped
C:\Documents and Settings\luigi\Documenti\Musica\Desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Documenti\Musica\Musica campione.lnk Object is locked skipped
C:\Documents and Settings\luigi\dotNetFx.log Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Cronologia\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Cronologia\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Cronologia\History.IE5\MSHist012007071220070713\index.dat Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Cronologia\History.IE5\MSHist012007071320070714\index.dat Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Dati applicazioni\IconCache.db Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Dati applicazioni\Microsoft\FORMS\FRMCACHE.DAT Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Dati applicazioni\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Dati applicazioni\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Dati applicazioni\Microsoft\Outlook\extend.dat Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Dati applicazioni\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Dati applicazioni\{7148F0A6-6813-11D6-A77B-00B0D0142050}\1040.MST Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Dati applicazioni\{7148F0A6-6813-11D6-A77B-00B0D0142050}\Java 2 Runtime Environment, SE v1.4.2_05.msi Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\IMTEB.xml Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\IMTEC.xml Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\IMTED.xml Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\jusched.log Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\MPCD6.tmp Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\MSIc6daf.LOG Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\offcln10.log Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\Office XP Media Content Setup(0001).txt Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\Office XP Media Content Setup(0001)_Task(0001).txt Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\Office XP Media Content Setup(0002).txt Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\Office XP Media Content Setup(0002)_Task(0001).txt Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\Office XP Professional Setup(0001).txt Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\Office XP Professional Setup(0001)_Task(0001).txt Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\Office XP Professional Setup(0002).txt Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\Office XP Professional Setup(0002)_Task(0001).txt Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\Publisher 2002 Setup(0001).txt Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\Publisher 2002 Setup(0001)_Task(0001).txt Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\VBE\MSForms.exd Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\VBE\RefEdit.exd Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\~14B.tmp Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temp\~DF45F4.tmp Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\8DER4PIJ\arrow_green_mousedown[1].bmp Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\8DER4PIJ\Behaviors[1].css Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\8DER4PIJ\Common[1].js Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\8DER4PIJ\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\8DER4PIJ\desktop_icon_01[1].bmp Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\8DER4PIJ\endnode[1].gif Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\8DER4PIJ\firstpage[1].htm Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\8DER4PIJ\MiniNavBar[1].htm Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\8DER4PIJ\shared[1].css Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\8DER4PIJ\shared[2].css Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\8DER4PIJ\shared[3].css Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\8DER4PIJ\shared[4].css Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\8DER4PIJ\SubSite[1].htm Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\93AMB184\arrow_green_normal[1].bmp Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\93AMB184\collapsed[1].gif Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\93AMB184\Common[1].js Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\93AMB184\Context[1].htm Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\93AMB184\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\93AMB184\desktop_icon_03[1].bmp Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\93AMB184\HHWRAPPER[1].htm Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\93AMB184\Homepage__DESKTOP[1].js Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\93AMB184\Homepage__SHARED[1].js Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\93AMB184\Layout[1].css Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\93AMB184\wrapperparam[1].js Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\C9QNCP6B\arrow_green_normal_shadow[1].bmp Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\C9QNCP6B\Common[1].js Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\C9QNCP6B\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\C9QNCP6B\desktop_icon_02[1].bmp Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\C9QNCP6B\helpdoc[1].gif Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\C9QNCP6B\MiniNavBar[1].xml Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\C9QNCP6B\NavBar[1].xml Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\C9QNCP6B\Search[1].htm Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\C9QNCP6B\shared[1].css Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\C9QNCP6B\shared[2].css Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\C9QNCP6B\watermark_300x[1].bmp Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\G56ZG5MR\arrow_green_mouseover[1].bmp Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\G56ZG5MR\blank[1].htm Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\G56ZG5MR\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\G56ZG5MR\desktop_icon_04[1].bmp Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\G56ZG5MR\HomePage[1].htm Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\G56ZG5MR\logo[1].bmp Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\G56ZG5MR\NavBar[1].htm Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\G56ZG5MR\shared[1].css Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\G56ZG5MR\shared[1].js Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\G56ZG5MR\shared[2].css Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\langpackSetup.log Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Accessori\Accesso facilitato\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Accessori\Accesso facilitato\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Accessori\Accesso facilitato\Tastiera su schermo.lnk Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Accessori\Accesso facilitato\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Accessori\Blocco note.lnk Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Accessori\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Accessori\Esplora risorse.lnk Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Accessori\Presentazione di Windows XP.lnk Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Accessori\Prompt dei comandi.lnk Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Accessori\Rubrica.lnk Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Accessori\Sincronizza.lnk Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Accessori\Svago\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Accessori\Svago\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Accessori\Verifica guidata compatibilità programmi.lnk Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Assistenza remota.lnk Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\luigi\Menu Avvio\Programmi\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\luigi\Modelli\amipro.sam Object is locked skipped
C:\Documents and Settings\luigi\Modelli\excel.xls Object is locked skipped
C:\Documents and Settings\luigi\Modelli\excel4.xls Object is locked skipped
C:\Documents and Settings\luigi\Modelli\lotus.wk4 Object is locked skipped
C:\Documents and Settings\luigi\Modelli\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\luigi\Modelli\presenta.shw Object is locked skipped
C:\Documents and Settings\luigi\Modelli\quattro.wb2 Object is locked skipped
C:\Documents and Settings\luigi\Modelli\sndrec.wav Object is locked skipped
C:\Documents and Settings\luigi\Modelli\winword.doc Object is locked skipped
C:\Documents and Settings\luigi\Modelli\winword2.doc Object is locked skipped
C:\Documents and Settings\luigi\Modelli\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\luigi\Modelli\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\luigi\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\luigi\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\luigi\ntuser.ini Object is locked skipped
C:\Documents and Settings\luigi\Preferiti\Collegamenti\HotMail gratuita.url Object is locked skipped
C:\Documents and Settings\luigi\Preferiti\Collegamenti\Personalizzazione collegamenti.url Object is locked skipped
C:\Documents and Settings\luigi\Preferiti\Collegamenti\Windows.url Object is locked skipped
C:\Documents and Settings\luigi\Preferiti\Collegamenti\WindowsMedia.url Object is locked skipped
C:\Documents and Settings\luigi\Preferiti\Desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Preferiti\Guida stazioni radio.url Object is locked skipped
C:\Documents and Settings\luigi\Preferiti\Microsoft bCentral.url Object is locked skipped
C:\Documents and Settings\luigi\Preferiti\MSN.com.url Object is locked skipped
C:\Documents and Settings\luigi\Recent\1.lnk Object is locked skipped
C:\Documents and Settings\luigi\Recent\AddOn.lnk Object is locked skipped
C:\Documents and Settings\luigi\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\Recent\Recovery-Info.lnk Object is locked skipped
C:\Documents and Settings\luigi\Recent\REGISTRO INFERMIERISTICO.lnk Object is locked skipped
C:\Documents and Settings\luigi\SendTo\Cartella compressa.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\luigi\SendTo\Desktop (crea collegamento).DeskLink Object is locked skipped
C:\Documents and Settings\luigi\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\luigi\SendTo\Destinatario posta.MAPIMail Object is locked skipped
C:\Documents and Settings\luigi\SendTo\Documenti.mydocs Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\PIPPO\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Cronologia\History.IE5\MSHist012008053020080531\index.dat Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\raffaelecaracciolo@yahoo.it\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\raffaelecaracciolo@yahoo.it\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\raffaelecaracciolo@yahoo.it\SharingMetadata\Working\database_B428_766_2807_26C8\dfsr.db Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\raffaelecaracciolo@yahoo.it\SharingMetadata\Working\database_B428_766_2807_26C8\fsr.log Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\raffaelecaracciolo@yahoo.it\SharingMetadata\Working\database_B428_766_2807_26C8\fsrtmp.log Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\raffaelecaracciolo@yahoo.it\SharingMetadata\Working\database_B428_766_2807_26C8\tmp.edb Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\raffaelecaracciolo@yahoo.it\real\members.stg Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\raffaelecaracciolo@yahoo.it\shadow\members.stg Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\j5rhdyfi.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\j5rhdyfi.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\j5rhdyfi.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\j5rhdyfi.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Temp\~DF1899.tmp Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Temp\~DF18A6.tmp Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Temp\~DF7952.tmp Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Temp\~DF795D.tmp Object is locked skipped
C:\Documents and Settings\PIPPO\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\PIPPO\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\PIPPO\ntuser.dat.LOG Object is locked skipped
C:\Programmi\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe Infected: Trojan-Downloader.Win32.Bagle.qv skipped
C:\RECYCLER\S-1-5-21-746137067-1275210071-1801674531-1004\Dc1.lnk Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\2aa8f55e8af02052cea14cdae13ee2d9\sp2gdr\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\2aa8f55e8af02052cea14cdae13ee2d9\sp2qfe\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\a514f3026154c5be0e6900e5f0b39396\sp2gdr\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\a514f3026154c5be0e6900e5f0b39396\sp2qfe\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.qv skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.

come devo agire?
rackbelt
Newbie
 
Post: 7
Iscritto il: 30/05/08 16:44

Re: Non valido per Win32

Postdi Luke57 » 31/05/08 08:23

Ciao, vai qui:
http://www.mediafire.com/?xyyeet1bzdm
scarica il file .zip all'interno del quale si trova la versione di avenger modificata (dal tuo report non si capisce quale versione di windows hai, mannaggia).
chiudi programmi e applicazioni, avvia avenger.exe, lascia solo selezionara l'opzione"scan for rootkis"
nello spazio bianco copia e incolla questo script:

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

Folders to delete:
C:\WINDOWS\system32\drivers\downld
%UserProfile%\Dati Applicazioni\m
C:\WINDOWS\system32\drivers\down
C:\Documents and Settings\PIPPO\Impostazioni locali\Temporary Internet Files\Content.IE5
C:\Documents and Settings\PIPPO\Impostazioni locali\Temp
C:\windows\temp
C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5
C:\Documents and Settings\luigi\Impostazioni locali\Temp
Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA


Premi il tasto Execute (se non succede niente, ripeti il comando più volte, altrimenti cancella e riscrivi manualemnte il primo rigo:
files to delete:)

Il computer dovrebbe riavviarsi, se non lo facesse riavvialo tu manualmente.
Al riavvio vai qui:
http://www.zonavirus.com/datos/descarga ... ibagla.asp
scarica elibagla in fondo alla pagina.
aprilo, spunta l'opzione "eliminar ficheros automaticamente", clicca su explorar.
Posta i due report rilasciati: C:\avenger.txt e C:\infosat.txt.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Non valido per Win32

Postdi rackbelt » 31/05/08 09:04

faccio tutto alla lettera ma quando faccio exegute mi da 3 errori :
Error:Invalid Script
Error: Can't Open file 'C:\Avenger.txt
Error: Could Not log error messages to file

cmq ho xp sp2
rackbelt
Newbie
 
Post: 7
Iscritto il: 30/05/08 16:44

Re: Non valido per Win32

Postdi rackbelt » 31/05/08 09:45

per sicurezza ho fatto uno scan anche con HiJackthis ekkola:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.43.37, on 31/05/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\PIPPO\IMPOST~1\Temp\Rar$EX54.657\MegaLab.it_H_i_J_a_C_k_T_h_I_s.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5927 bytes

Cmq Con Avenger Come Faccio?
rackbelt
Newbie
 
Post: 7
Iscritto il: 30/05/08 16:44

Re: Non valido per Win32

Postdi Luke57 » 31/05/08 10:13

Ciao, hai scaricato la versione vecchia di avenger, se hai xp va bene lo stesso.
Clicca su input script manually, Clicca sulla lente d'ingrandimento

Aprire la finestra "View/edit script"
All'interno del box bianco, copia ed incolla il codice del mio post,
Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondere Yes due volte
Il pc si riavvia da solo, se no riavvia manualmente.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Non valido per Win32

Postdi rackbelt » 31/05/08 10:18

tutte queste cose nn ci sono....penso sia la nuova versione...infatti c'é exegute e non done
rackbelt
Newbie
 
Post: 7
Iscritto il: 30/05/08 16:44

Re: Non valido per Win32

Postdi Luke57 » 31/05/08 10:52

Ciao, allora lascia perdere questa versione di avenger, vai qui:
http://www.mediafire.com/?3c93tgzyvcm
c'è la versione vecchia, esegui la procedura come ti ho suggerito nel post precedente.
Hijackthis con il bagle non serve a niente.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Non valido per Win32

Postdi rackbelt » 31/05/08 11:00

Grz 1000 Ekko Il Risultato Di Avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mlwhgkow

*******************

Script file located at: \??\C:\WINDOWS\rootjqwv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.


File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\hldrrr.exe deleted successfully.


File C:\WINDOWS\system32\mdelk.exe not found!
Deletion of file C:\WINDOWS\system32\mdelk.exe failed!

Could not process line:
C:\WINDOWS\system32\mdelk.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\mdelk.exe deleted successfully.
File C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe deleted successfully.
Folder C:\WINDOWS\system32\drivers\downld deleted successfully.


Folder C:\Documents and Settings\PIPPO\Dati Applicazioni\m not found!
Deletion of folder C:\Documents and Settings\PIPPO\Dati Applicazioni\m failed!

Could not process line:
C:\Documents and Settings\PIPPO\Dati Applicazioni\m
Status: 0xc0000034



Folder C:\WINDOWS\system32\drivers\down not found!
Deletion of folder C:\WINDOWS\system32\drivers\down failed!

Could not process line:
C:\WINDOWS\system32\drivers\down
Status: 0xc0000034

Folder C:\Documents and Settings\PIPPO\Impostazioni locali\Temporary Internet Files\Content.IE5 deleted successfully.
Folder C:\Documents and Settings\PIPPO\Impostazioni locali\Temp deleted successfully.
Folder C:\windows\temp deleted successfully.
Folder C:\Documents and Settings\luigi\Impostazioni locali\Temporary Internet Files\Content.IE5 deleted successfully.
Folder C:\Documents and Settings\luigi\Impostazioni locali\Temp deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
rackbelt
Newbie
 
Post: 7
Iscritto il: 30/05/08 16:44

Re: Non valido per Win32

Postdi Luke57 » 31/05/08 11:06

Ciao, esegui anche lo scan con elibagla.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "Non valido per Win32":


Chi c’è in linea

Visitano il forum: Nessuno e 28 ospiti