antivirus tutti ko

lukino.81

antivirus tutti ko

Ragazzi vi prego spiegatemi cosa succede. Il mio antivirus è scomparso e non riesco a farne partire nessun altro, cosa è successo?
L'errore è applicazione Win 32 non valida.

wolf.otakar

Ciao lukino_81 e benvenuto nel forum GT!

@lukino_81 said:

.....cosa è successo?

Ti sei beccato, una delle varianti del virus bagle!

Intanto, disattiva il ripristino configurazioni di sistema:

**Start **--> programmi --> accessori --> utilita' di sistema --> ripristino configurazioni di sistema --> impostazioni ripristino configurazioni di sistema --> Disattiva ripristinoScarica, elibagla cliccando su *"descargar elibagla 11.21" *in basso.

Avvia il tool di rimozione; terminata la scansione allega qui nel forum il log presente in C:\InfoSat.txt!

lukino.81

ok adesso ci provo

lukino.81

cacchio anche explorer mi da problemi si blocca di continuo adesso provo in modalità provvisoria

lukino.81

Mon Apr 07 17:24:01 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.

Lista de Acciones (por Acción Directa):
Mon Apr 07 17:24:07 2008
EliBagle v11.21 (c)2008 S.G.H. / Satinfo S.L.

Lista de Acciones (por Exploración):
Explorando Unidad
Nº Total de Directorios: 15845
Nº Total de Ficheros: 140287
Nº de Ficheros Analizados: 14939
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

ecco il risultato della scansione l'ho dovuta fare in modalità provvisoria
ma alcuni file non riusciva ad accedere adesso cosa devo fare?

grazie per il tempo che mi state dedicando

wolf.otakar

Ciao lukino_81,

ora, effettua una scansione online con kaspersky; il risultato di scansione "log" caricalo nel forum, tramite la funzione allegati!

lukino.81

ok adesso lo faccio nel frattempo ti posto il risultato della scansione effettuata con gmer ho letto qualche altra discussione e magari può essere utile

GMER 1.0.14.14205 -
Rootkit scan 2008-04-07 17:48:56
Windows 6.0.6000

---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x8FCA68AA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x8FCA67C8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x8FCA683C]
---- Kernel code sections - GMER 1.0.14 ----
? System32\Drivers\spzv.sys Impossibile trovare il file specificato. !
.text USBPORT.SYS!DllUnload 8D63AFEB 5 Bytes JMP 86739370
.text alt17bgm.SYS 8F39C000 22 Bytes [ 1A, 72, 3A, 82, 04, 71, 3A, ... ]
.text alt17bgm.SYS 8F39C017 27 Bytes [ 00, 99, 07, 68, 80, A4, 05, ... ]
.text alt17bgm.SYS 8F39C033 39 Bytes [ 82, F3, 89, 07, 82, 83, 8A, ... ]
.text alt17bgm.SYS 8F39C05B 6 Bytes [ 82, 50, 18, 08, 82, A2 ]
.text alt17bgm.SYS 8F39C062 84 Bytes [ 08, 82, 40, 68, 05, 82, 8C, ... ]
.text ...
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!DialogBoxIndirectParamW 75F914EA 5 Bytes JMP 71B417EF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!MessageBoxExA 75FA570D 5 Bytes JMP 71B41736 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!DialogBoxParamA 75FA65BF 5 Bytes JMP 71B417B4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!MessageBoxIndirectW 75FAF1B3 5 Bytes JMP 719D16B6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!DialogBoxParamW 75FB129F 5 Bytes JMP 719AF301 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!DialogBoxIndirectParamA 75FD29C9 5 Bytes JMP 71B4182A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!MessageBoxIndirectA 75FDFACF 5 Bytes JMP 71B41770 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!MessageBoxExW 75FDFBC9 5 Bytes JMP 71B416FC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [81F026D2] \SystemRoot\System32\Drivers\spzv.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [81F02040] \SystemRoot\System32\Drivers\spzv.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [81F027FC] \SystemRoot\System32\Drivers\spzv.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [81F020BE] \SystemRoot\System32\Drivers\spzv.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [81F0213C] \SystemRoot\System32\Drivers\spzv.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [81F12048] \SystemRoot\System32\Drivers\spzv.sys
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortNotification] F73BFF33
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortWritePortUchar] B85F0B75
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortWritePortUlong] FFFFFFFE
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 08C25D5E
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 5D8B5300
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortGetScatterGatherList] 74DF3B0C
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortReadPortUchar] 01FB8311
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortStallExecution] 5F5B0C74
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortGetParentBusType] FFFFFEB8
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortRequestCallback] C25D5EFF
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7E390008
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortGetUnCachedExtension] C7077524
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortCompleteRequest] A1642446
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 7E398F3A
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] C7077528
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortMoveMemory] A1902846
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortReadPortUshort] 468B8F3A
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 244E8B2C
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7468016A
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortInitialize] 500000FA
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortGetDeviceBase] C73BD1FF
IAT \SystemRoot\System32\Drivers\alt17bgm.SYS[ataport.SYS!AtaPortDeviceStateChange] 5F5B0C75
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\Windows\system32\services.exe[636] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00170002
IAT C:\Windows\system32\services.exe[636] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00170000
IAT C:\Windows\Explorer.EXE[1864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F2FE0C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73EFC53D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73EEA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73EECBEF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73EE8AAA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73EFDAB8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73EE7D8D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73EE7CF4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73EE6A4E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73F7BE7C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73F08A5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73EE90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73EF2248] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73EF2273] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73EF7724] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73EF7546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1864] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73F2861D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 8512B1F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dinamico/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF dinamico/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 851261F8
Device \Driver\usbuhci \Device\USBPDO-0 867141F8
Device \Driver\usbuhci \Device\USBPDO-1 867141F8
Device \Driver\netbt \Device\NetBT_Tcpip_{00AC1073-8C19-4C51-A27A-6594414F87D7} 888E4260
Device \Driver\usbehci \Device\USBPDO-2 867131F8
Device \Driver\usbuhci \Device\USBPDO-3 867141F8
Device \Driver\usbuhci \Device\USBPDO-4 867141F8
Device \Driver\usbuhci \Device\USBPDO-5 867141F8
Device \Driver\netbt \Device\NetBT_Tcpip_{EF744B15-1C46-4C28-99CC-9D0C27191EEE} 888E4260
Device \Driver\usbehci \Device\USBPDO-6 867131F8
Device \Driver\volmgr \Device\HarddiskVolume1 851261F8
Device \Driver\PCI_PNP6392 \Device\00000058 spzv.sys
Device \Driver\volmgr \Device\HarddiskVolume2 851261F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8512A1F8
Device \Driver\atapi \Device\Ide\IdePort0 8512A1F8
Device \Driver\atapi \Device\Ide\IdePort1 8512A1F8
Device \Driver\volmgr \Device\HarddiskVolume3 851261F8
Device \Driver\volmgr \Device\HarddiskVolume4 851261F8
Device \Driver\netbt \Device\NetBt_Wins_Export 888E4260
Device \Driver\Smb \Device\NetbiosSmb 875F31F8
Device \Driver\iScsiPrt \Device\RaidPort0 867B11F8
Device \Driver\usbuhci \Device\USBFDO-0 867141F8
Device \Driver\usbuhci \Device\USBFDO-1 867141F8
Device \Driver\sptd \Device\3012124405 spzv.sys
Device \Driver\usbehci \Device\USBFDO-2 867131F8
Device \Driver\usbuhci \Device\USBFDO-3 867141F8
Device \Driver\usbuhci \Device\USBFDO-4 867141F8
Device \Driver\usbuhci \Device\USBFDO-5 867141F8
Device \Driver\usbehci \Device\USBFDO-6 867131F8
Device \Driver\alt17bgm \Device\Scsi\alt17bgm1Port4Path0Target0Lun0 867661F8
Device \Driver\alt17bgm \Device\Scsi\alt17bgm1 867661F8
Device \FileSystem\cdfs \Cdfs A47BE500
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x98 0xB5 0xF1 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x41 0x14 0x16 0x73 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0x5E 0x38 0x4B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x98 0xB5 0xF1 0x58 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x41 0x14 0x16 0x73 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0x5E 0x38 0x4B ...
---- EOF - GMER 1.0.14 ----

wolf.otakar

@lukino_81 said:

....ok adesso lo faccio

Lukino,

usa la funzione ***allegati ***per caricare i log nel forum!

lukino.81

ok scusa ma per la scansione con kaspersky ci vuole un bel pò di tempo avevo già provato a farla in precedenza ma mi si era bloccato ora ci stò riprovando

lukino.81

ecco la scansione di gmer in allegato

lukino.81

wolf nel frattempo che finisce la scansione (è al 28 % ancora:o) ti volevo chiedere ma come è possibile aver preso questo virus se avevo antivir installato e attivo?

lukino.81

ecco il risultato wof w ora cosa dovrei fare?

wolf.otakar

@lukino_81 said:

ecco il risultato wof w ora cosa dovrei fare?

Mi raccomando, disattiva prima il ripristino configurazioni di sistema.

Ora, scarica avenger!

Effettua un copia/incolla di questo script nel riquadro bianco "input script here" di avenger:

                          Files to delete:

C:\Muestras\HLDRRR.EXE
C:\Muestras\WINTEMS.EXE
C:\Users\luca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RY4V3ZTV\b64_3[1].jpg
C:\Users\luca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RY4V3ZTV\b64_3[2].jpg
C:\Users\luca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RY4V3ZTV\b64_3[3].jpg
C:\Windows\System32\drivers\downld\59157841.exe
C:\Windows\System32\drivers\downld\629651.exe
C:\Windows\System32\drivers\downld\629744.exe
C:\Windows\System32\drivers\downld\630119.exe
C:\Windows\System32\drivers\mdelk.exe
C:\Windows\System32\mdelk.exe
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys

folders to delete:
c:\WINDOWS\system32\drivers\down

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA - elimina la spunta su: scan for rootkit "in basso a sinistra"
- premi su execute
- rispondi SI alle richieste

• il pc, dovrebbe riavviarsi;
• allega qui nel forum, il log di avenger!

lukino.81

eccolo ma sembra che nn è cambiato niente

lukino.81

anzi no adesso sono riuscito ad installare antivir finalmente
ho fatto una pulizia con ccleaner ed atf cleaner adesso aggiorno antivirus installo il firewall riattivo il centro sicurezza pc che era disabilitato e poi qualche altro consiglio?
comunque grazie siete stati davvero veloci nel rispondere e molto in gamba penso che diventerò un visitatore assiduo di questo sito complimenti

wolf.otakar

Ciao lukino,

posta un log con hijackthis!

lukino.81

ciao wolf ecco il log!!! che significa?

wolf.otakar

Ciao lukino_81,

rieffettua la scansione "in modalita' provvisoria" con EliBagle, attivando la funzione "Eliminar Ficheros Automaticamente" che trovi in basso; allega poi il log nel forum!

Scarica Ad-Aware e SuperAntiSpyware; aggiornali e scansiona il pc!

lukino.81

ciao wolf scusa se non ti ho risposto prima ma sono stato fuori per lavoro comunque ecco il log che mi hai chiesto
in oltre il computer presenta un altro problema,in pratica la wireless non parte più ed effettuando la diagnostica mi dice avviare servizio wireless di windows ma non me lo fà fare cosa devo fare? grazie in anticipo della risposta

wolf.otakar

@lukino_81 said:

.....in pratica la wireless non parte più ed effettuando la diagnostica mi dice avviare servizio wireless di windows ma non me lo fà fare cosa devo fare?

Ciao lukino_81,

scompatta il file che ho allegato, sul desktop, ed avvialo; conferma le modifiche e riavvia il pc!