| Autore |
 Discussione  |
|
giaraonline
Senior Member
Città: roma
198 Messaggi |
 Inserito il - 27/01/2009 : 20:46:30
|
ciao ragazzi ciao death
sono di nuovo io, non posso proprio stare lontano da voi!!!
purtropp ho un altro paziente per voi.
il pc in questione e' stato prima contaminato da antivirus 2009, poi qualcos'altro si e' impadronito di lui, togliendogli anche la facolta' di connettersi ad internet, addirittura non riconosce piu neanche il cavo ethernet, nel senso che neppure si accendono le lucine, per il restoil pc sembra funzoare bene, a parte un continuo messaggio di mancanza di antivirus... e di antitrojan. ho provato ad installare spybot, ma non funziona, ho provato a ripristinare ma il ripristino neppure funziona... mi potete aiutare? sicuramente ne sono sicura vi posto immediatamente l'hijack...
htt*://wikisend[.com]/download/643128/hijackthis1.txt
|
Modificato da - death in Data 28/01/2009 08:41:14
|
|
|
death
Moderatore
Città: Pinerolo e dintorni
7791 Messaggi |
Inserito il - 27/01/2009 : 20:54:03
|
Buenas dias, come sempre vedo che mi porti dei bei clienti, ci credo che non si connette, neppure se lo prendi a fucilate ci riesce poveretto, segui la procedura (poi mi fai avere la cittadinanza onoraria e mi trsferisco li a pescare  ) :
scarica Malwarebytes
1.1) lo installi
2.1) lo aggiorni
3.1) fai una scansione scegliendo la modalità completa
4.1) NON eliminare le eventuali minacce che rileva
5.1) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
poi
scarica LopSD.exe
1.2) doppio click su Lop S&D.exe
2.2) scegli il linguaggio
3.2) seleziona l'opzione 1 (ricerca/search)
4.2) attendi la fine della scansione
5.2) Posta il report che troverai in c:\Lop SD con il nome lopR.txt
Posta i report come quello precedente. |
 |
|
|
giaraonline
Senior Member
Città: roma
198 Messaggi |
Inserito il - 27/01/2009 : 22:16:19
|
oh grazie per la tua prontissima risposta... spero che tu stia bene...
le canne sono ingrassate e ben lubrificate, e questa e' una stagione ottima.
comunque tornando al pc
malaware non sono riuscita a installarlo, non mi da nessuna reazione, ho provato piu volte ma niente da fare
mentre qui ti posto il log di lop
htt*://wikisend[.com]/download/504642/lopR1.txt
|
|
|
|
death
Moderatore
Città: Pinerolo e dintorni
7791 Messaggi |
Inserito il - 27/01/2009 : 22:20:38
|
| Buona sera, ero sicuro che malwarebytes non funzionasse, domani mattina ti posto la procedura e cominciamo a rimuoverlo, non usare quel pc e non collegargli pen drive usb o hard disk esterni. |
|
|
|
giaraonline
Senior Member
Città: roma
198 Messaggi |
Inserito il - 27/01/2009 : 22:31:54
|
| aspetta a proposito di questo... credo che la mia pen abbia qualche cosa che non va... che posso fare per decontaminarla? |
|
|
|
death
Moderatore
Città: Pinerolo e dintorni
7791 Messaggi |
Inserito il - 28/01/2009 : 08:40:14
|
Buon giorno, lo so che hai la pen drive infetta, la ripuliamo alla fine, per ora non usarla su nessun pc, se l'hai utilizzata su altri computer è probabile che li hai infettati, ora vediamo di sbloccare questo, segui la procedura:
scarica Avenger
Esegui avenger e nella finestra copia/incolla tutto il testo in rosso:
files to delete:
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At73.job
C:\WINDOWS\Tasks\At74.job
C:\WINDOWS\Tasks\At75.job
C:\WINDOWS\Tasks\At76.job
C:\WINDOWS\Tasks\At77.job
C:\WINDOWS\Tasks\At78.job
C:\WINDOWS\Tasks\At79.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At80.job
C:\WINDOWS\Tasks\At81.job
C:\WINDOWS\Tasks\At82.job
C:\WINDOWS\Tasks\At83.job
C:\WINDOWS\Tasks\At84.job
C:\WINDOWS\Tasks\At85.job
C:\WINDOWS\Tasks\At86.job
C:\WINDOWS\Tasks\At87.job
C:\WINDOWS\Tasks\At88.job
C:\WINDOWS\Tasks\At89.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At90.job
C:\WINDOWS\Tasks\At91.job
C:\WINDOWS\Tasks\At92.job
C:\WINDOWS\Tasks\At93.job
C:\WINDOWS\Tasks\At94.job
C:\WINDOWS\Tasks\At95.job
C:\WINDOWS\Tasks\At96.job
C:\WINDOWS\Tasks\At97.job
C:\WINDOWS\Tasks\At98.job
C:\WINDOWS\Tasks\At99.job
C:\WINDOWS\system32\drivers\TDSServ.sys
C:\WINDOWS\system32\drivers\TDSSpaxt.sys
C:\WINDOWS\system32\TDSSerrors.log
C:\WINDOWS\system32\TDSSservers.dat
C:\WINDOWS\system32\TDSSl.dll
C:\WINDOWS\system32\TDSSlog.
C:\WINDOWS\system32\TDSSmain.dll
C:\WINDOWS\system32\TDSSinit.dll
C:\WINDOWS\system32\TDSSlog.dll
C:\WINDOWS\system32\TDSSadw.dll
C:\WINDOWS\system32\TDSSpopup.dll
C:\WINDOWS\system32\TDSScfum.dll
C:\WINDOWS\system32\TDSSnrsr.dll
C:\WINDOWS\system32\TDSSofxh.dll
C:\WINDOWS\system32\TDSSriqp.dll
C:\WINDOWS\system32\TDSSfxmp.dll
C:\WINDOWS\system32\TDSStkdv.log
C:\WINDOWS\system32\TDSSosvd.dat
C:\WINDOWS\system32\svschost.exe
C:\WINDOWS\system32\svñshost.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\c.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\7.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\7TMP~1.BA
C:\WINDOWS\system32\ootvqjveaixizas.dll
C:\Program Files\Antivirus 2009\av2009.exe
registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV.SYS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_TDSSSERV.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSServ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\TDSSserv.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\TDSSserv.sys\modules
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\TDSSserv.sys\modules
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\TDSSserv.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSServ.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSServ.sys
HKEY_LOCAL_MACHINE\SOFTWARE\TDSS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata
Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato lo trovi in c:\avenger.
poi esegui questa scansione del sistema:
scarica Systemscan
1) disconnetti il pc da internet
2) disattiva l'antivirus
3) esegui systemscan
4) clicca su "Scan Now"
Nota bene: il programma potrebbe essere riconosciuto come un virus visto che è un tool per l'analisi profonda del sistema, si tratta di un "falso positivo" il file non è un virus ed è innocuo per il sistema. Il programma alla fine ti rilascerà un report in formato testo, salvalo con nome e poi postalo, lo stesso report lo trovi all'interno della cartella suspectfile (contenuto in un file zip) che ti verrà creata sul desktop.
|
|
|
|
giaraonline
Senior Member
Città: roma
198 Messaggi |
Inserito il - 28/01/2009 : 14:04:34
|
| eehhhhmmm buon giorno... scusa spiegami un secondo... come faccio a scaricare avenger se non posso collegarmi ad internet e non posso usare la pen? |
|
|
|
death
Moderatore
Città: Pinerolo e dintorni
7791 Messaggi |
Inserito il - 28/01/2009 : 14:05:47
|
| Buon giorno, devi scaricare avenger e systemscan da un altro pc e metterli su un cd, preferisco che non usi pendrive in giro su tutti i pc. |
|
|
|
giaraonline
Senior Member
Città: roma
198 Messaggi |
Inserito il - 28/01/2009 : 16:49:40
|
ti posto i due log
il log di systemscan
htt*://wikisend[.com]/download/522348/reportsys1.txt
questo e' quello di avenger
htt*://wikisend[.com]/download/470348/avenger1.txt
grazie
|
|
|
|
death
Moderatore
Città: Pinerolo e dintorni
7791 Messaggi |
Inserito il - 28/01/2009 : 16:56:26
|
| Buon giorno, avenger ha dato una bella pulita, in serata ti esamino il report di systemscan, sicuramente ci sarà dell'altro da rimuovere...dovrei sculacciarti..non hai messo il segno di spunta su "Automatically disable any rootkits found" quando hai eseguito avenger, per cortesia rieseguilo, anche se non trova i files perchè gia cancellati, mi serve per disabilitare l'infezione, poi ripostami il report di avenger rifatto. |
|
|
|
giaraonline
Senior Member
Città: roma
198 Messaggi |
Inserito il - 28/01/2009 : 17:53:57
|
che stupida... e' vero merito una severa lezione... solo che sono circondata da persone che mi chidono mille cose insieme... non ce la faccio piu... ora li faccio secchi tutti
qui il nuovo report
htt*://wikisend[.com]/download/964634/avenger2.txt |
|
|
|
death
Moderatore
Città: Pinerolo e dintorni
7791 Messaggi |
Inserito il - 28/01/2009 : 18:02:11
|
| Tranquilla, il rootkit è disabilitato, ci aggiorniamo piu' tardi, mi servirà un bel momento per analizzare il report, cerco di fare prima che posso. |
|
|
|
death
Moderatore
Città: Pinerolo e dintorni
7791 Messaggi |
Inserito il - 28/01/2009 : 20:38:53
|
Buona sera.....devo dire che ho digerito cena...avvisa la proprietaria del pc che non è un computer ma una discarica ..allora
1) i files mp3 che ha sparsi nella root, in c:\ per capirci, spostali in una cartella apposita che creerai in "documenti" chiamala come più ti piace, l'importante è che mi sposti tutto quello che nulla ha a che vedere con windows (se non lo fa, dille che con il prossimo avenger le elimino tutti i files musicali  )
2) segui la procedura e non spaventarti, la tua cliente ha vinto il premio del forum..non si è mai visto un avenger così
Citazione:
DISABILITARE SPYBOT S&D - se vedi che è funzionante e se ha l'icona nella barra dell'orologio
Apri spybot, clicca su "mode" e seleziona "advanced mode" , dai yes nella finestrella che si aprirà, clicca sul tastino "tools" in basso a sinistra, nel menù che si apre clicca su "resident" , nel tabellino resident (quello con lo scudo) troverai "resident protection status" rimuovi i flag o segni di spunta da "resident sdhelper" e da "teatimer" , ti si aprirà una finestra di avviso dove ti verranno notificate le modifiche che hai appena fatto, clicca su "allow change" chiudi tutti i menù e chiudi spybot, la stessa operazione dovrai rieseguirla per attivare nuovamente la protezione in tempo reale quando avremo finito.
poi
scarica questo file che ti ho preparato, lo scarichi in c:\ htt*://wikisend[.com]/download/538270/fix.reg
poi
Esegui avenger e nella finestra copia/incolla tutto il testo in rosso:
files to delete:
C:\vm18.exe
C:\WINDOWS\sysexplorer.exe
C:\WINDOWS\reged.exe
C:\WINDOWS\vmreg.dll
C:\WINDOWS\syscert.exe
C:\WINDOWS\spoolsystem.exe
C:\WINDOWS\sys[.com]
C:\WINDOWS\temp\a8c0MBwg.dat
C:\WINDOWS\temp\InvnRbUn.exe
C:\WINDOWS\temp\14B.tmp.exe
C:\WINDOWS\temp\FqHo55CL.exe
C:\WINDOWS\temp\FqHo55CL.dat
C:\WINDOWS\system32\q2s3DRnw.exe
C:\WINDOWS\system32\q2s3DRnw.exe.a_a
C:\WINDOWS\system32\drivers\TDSSpaxt.sys
C:\WINDOWS\system32\TDSSofxh.dll
C:\WINDOWS\system32\TDSSosvd.dat
C:\WINDOWS\system32\TDSSnrsr.dll
C:\WINDOWS\system32\TDSSriqp.dll
C:\WINDOWS\system32\TDSScfub.dll
C:\WINDOWS\system32\TDSSfxmp.dll
C:\WINDOWS\system32\TDSSnmxh.log
C:\WINDOWS\system32\TDSSsbhc.dll
C:\WINDOWS\system32\TDSSpaxt.log
C:\WINDOWS\system32\TDSSoexh.log
C:\DOCUME~1\Owner\LOCALS~1\Temp\TDSS5f9a.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\TDSSb4c4.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\TDSSb5fd.tmp
C:\WINDOWS\tasks\At124.job
C:\WINDOWS\tasks\At148.job
C:\WINDOWS\tasks\At172.job
C:\WINDOWS\tasks\At196.job
C:\WINDOWS\tasks\At220.job
C:\WINDOWS\tasks\At244.job
C:\WINDOWS\tasks\At268.job
C:\WINDOWS\tasks\At292.job
C:\WINDOWS\tasks\At316.job
C:\WINDOWS\tasks\At340.job
C:\WINDOWS\tasks\At364.job
C:\WINDOWS\tasks\At388.job
C:\WINDOWS\tasks\At412.job
C:\WINDOWS\tasks\At436.job
C:\WINDOWS\tasks\At460.job
C:\WINDOWS\tasks\At484.job
C:\WINDOWS\tasks\At100.job
C:\WINDOWS\tasks\At507.job
C:\WINDOWS\tasks\At506.job
C:\WINDOWS\tasks\At508.job
C:\WINDOWS\tasks\At125.job
C:\WINDOWS\tasks\At101.job
C:\WINDOWS\tasks\At269.job
C:\WINDOWS\tasks\At341.job
C:\WINDOWS\tasks\At365.job
C:\WINDOWS\tasks\At245.job
C:\WINDOWS\tasks\At461.job
C:\WINDOWS\tasks\At485.job
C:\WINDOWS\tasks\At389.job
C:\WINDOWS\tasks\At317.job
C:\WINDOWS\tasks\At509.job
C:\WINDOWS\tasks\At437.job
C:\WINDOWS\tasks\At197.job
C:\WINDOWS\tasks\At293.job
C:\WINDOWS\tasks\At413.job
C:\WINDOWS\tasks\At221.job
C:\WINDOWS\tasks\At173.job
C:\WINDOWS\tasks\At174.job
C:\WINDOWS\tasks\At222.job
C:\WINDOWS\tasks\At366.job
C:\WINDOWS\tasks\At270.job
C:\WINDOWS\tasks\At150.job
C:\WINDOWS\tasks\At294.job
C:\WINDOWS\tasks\At318.job
C:\WINDOWS\tasks\At246.job
C:\WINDOWS\tasks\At198.job
C:\WINDOWS\tasks\At126.job
C:\WINDOWS\tasks\At102.job
C:\WINDOWS\tasks\At390.job
C:\WINDOWS\tasks\At342.job
C:\WINDOWS\tasks\At486.job
C:\WINDOWS\tasks\At438.job
C:\WINDOWS\tasks\At510.job
C:\WINDOWS\tasks\At462.job
C:\WINDOWS\tasks\At414.job
C:\WINDOWS\tasks\At149.job
C:\WINDOWS\tasks\At223.job
C:\WINDOWS\tasks\At175.job
C:\WINDOWS\tasks\At343.job
C:\WINDOWS\tasks\At271.job
C:\WINDOWS\tasks\At295.job
C:\WINDOWS\tasks\At103.job
C:\WINDOWS\tasks\At199.job
C:\WINDOWS\tasks\At127.job
C:\WINDOWS\tasks\At319.job
C:\WINDOWS\tasks\At151.job
C:\WINDOWS\tasks\At247.job
C:\WINDOWS\tasks\At463.job
C:\WINDOWS\tasks\At439.job
C:\WINDOWS\tasks\At367.job
C:\WINDOWS\tasks\At415.job
C:\WINDOWS\tasks\At511.job
C:\WINDOWS\tasks\At487.job
C:\WINDOWS\tasks\At391.job
C:\WINDOWS\tasks\At457.job
C:\WINDOWS\tasks\At145.job
C:\WINDOWS\tasks\At313.job
C:\WINDOWS\tasks\At241.job
C:\WINDOWS\tasks\At121.job
C:\WINDOWS\tasks\At409.job
C:\WINDOWS\tasks\At433.job
C:\WINDOWS\tasks\At385.job
C:\WINDOWS\tasks\At337.job
C:\WINDOWS\tasks\At481.job
C:\WINDOWS\tasks\At289.job
C:\WINDOWS\tasks\At265.job
C:\WINDOWS\tasks\At193.job
C:\WINDOWS\tasks\At361.job
C:\WINDOWS\tasks\At217.job
C:\WINDOWS\tasks\At505.job
C:\WINDOWS\tasks\At296.job
C:\WINDOWS\tasks\At248.job
C:\WINDOWS\tasks\At320.job
C:\WINDOWS\tasks\At272.job
C:\WINDOWS\tasks\At200.job
C:\WINDOWS\tasks\At224.job
C:\WINDOWS\tasks\At176.job
C:\WINDOWS\tasks\At104.job
C:\WINDOWS\tasks\At152.job
C:\WINDOWS\tasks\At368.job
C:\WINDOWS\tasks\At344.job
C:\WINDOWS\tasks\At488.job
C:\WINDOWS\tasks\At416.job
C:\WINDOWS\tasks\At392.job
C:\WINDOWS\tasks\At440.job
C:\WINDOWS\tasks\At464.job
C:\WINDOWS\tasks\At512.job
C:\WINDOWS\tasks\At128.job
C:\WINDOWS\tasks\At178.job
C:\WINDOWS\tasks\At226.job
C:\WINDOWS\tasks\At274.job
C:\WINDOWS\tasks\At106.job
C:\WINDOWS\tasks\At298.job
C:\WINDOWS\tasks\At154.job
C:\WINDOWS\tasks\At250.job
C:\WINDOWS\tasks\At130.job
C:\WINDOWS\tasks\At202.job
C:\WINDOWS\tasks\At514.job
C:\WINDOWS\tasks\At322.job
C:\WINDOWS\tasks\At490.job
C:\WINDOWS\tasks\At346.job
C:\WINDOWS\tasks\At370.job
C:\WINDOWS\tasks\At418.job
C:\WINDOWS\tasks\At466.job
C:\WINDOWS\tasks\At394.job
C:\WINDOWS\tasks\At442.job
C:\WINDOWS\tasks\At107.job
C:\WINDOWS\tasks\At131.job
C:\WINDOWS\tasks\At347.job
C:\WINDOWS\tasks\At467.job
C:\WINDOWS\tasks\At155.job
C:\WINDOWS\tasks\At251.job
C:\WINDOWS\tasks\At515.job
C:\WINDOWS\tasks\At419.job
C:\WINDOWS\tasks\At299.job
C:\WINDOWS\tasks\At203.job
C:\WINDOWS\tasks\At491.job
C:\WINDOWS\tasks\At275.job
C:\WINDOWS\tasks\At323.job
C:\WINDOWS\tasks\At179.job
C:\WINDOWS\tasks\At371.job
C:\WINDOWS\tasks\At395.job
C:\WINDOWS\tasks\At443.job
C:\WINDOWS\tasks\At227.job
C:\WINDOWS\tasks\At109.job
C:\WINDOWS\tasks\At277.job
C:\WINDOWS\tasks\At205.job
C:\WINDOWS\tasks\At133.job
C:\WINDOWS\tasks\At229.job
C:\WINDOWS\tasks\At325.job
C:\WINDOWS\tasks\At253.job
C:\WINDOWS\tasks\At301.job
C:\WINDOWS\tasks\At181.job
C:\WINDOWS\tasks\At157.job
C:\WINDOWS\tasks\At445.job
C:\WINDOWS\tasks\At493.job
C:\WINDOWS\tasks\At421.job
C:\WINDOWS\tasks\At517.job
C:\WINDOWS\tasks\At469.job
C:\WINDOWS\tasks\At373.job
C:\WINDOWS\tasks\At397.job
C:\WINDOWS\tasks\At349.job
C:\WINDOWS\tasks\At158.job
C:\WINDOWS\tasks\At182.job
C:\WINDOWS\tasks\At134.job
C:\WINDOWS\tasks\At110.job
C:\WINDOWS\tasks\At446.job
C:\WINDOWS\tasks\At302.job
C:\WINDOWS\tasks\At230.job
C:\WINDOWS\tasks\At398.job
C:\WINDOWS\tasks\At326.job
C:\WINDOWS\tasks\At278.job
C:\WINDOWS\tasks\At422.job
C:\WINDOWS\tasks\At254.job
C:\WINDOWS\tasks\At206.job
C:\WINDOWS\tasks\At374.job
C:\WINDOWS\tasks\At350.job
C:\WINDOWS\tasks\At494.job
C:\WINDOWS\tasks\At470.job
C:\WINDOWS\tasks\At518.job
C:\WINDOWS\tasks\At352.job
C:\WINDOWS\tasks\At256.job
C:\WINDOWS\tasks\At400.job
C:\WINDOWS\tasks\At160.job
C:\WINDOWS\tasks\At184.job
C:\WINDOWS\tasks\At424.job
C:\WINDOWS\tasks\At304.job
C:\WINDOWS\tasks\At280.job
C:\WINDOWS\tasks\At136.job
C:\WINDOWS\tasks\At448.job
C:\WINDOWS\tasks\At232.job
C:\WINDOWS\tasks\At328.job
C:\WINDOWS\tasks\At472.job
C:\WINDOWS\tasks\At112.job
C:\WINDOWS\tasks\At376.job
C:\WINDOWS\tasks\At208.job
C:\WINDOWS\tasks\At520.job
C:\WINDOWS\tasks\At496.job
C:\WINDOWS\tasks\At307.job
C:\WINDOWS\tasks\At163.job
C:\WINDOWS\tasks\At139.job
C:\WINDOWS\tasks\At115.job
C:\WINDOWS\tasks\At211.job
C:\WINDOWS\tasks\At235.job
C:\WINDOWS\tasks\At187.job
C:\WINDOWS\tasks\At283.job
C:\WINDOWS\tasks\At259.job
C:\WINDOWS\tasks\At331.job
C:\WINDOWS\tasks\At403.job
C:\WINDOWS\tasks\At475.job
C:\WINDOWS\tasks\At355.job
C:\WINDOWS\tasks\At427.job
C:\WINDOWS\tasks\At451.job
C:\WINDOWS\tasks\At379.job
C:\WINDOWS\tasks\At523.job
C:\WINDOWS\tasks\At499.job
C:\WINDOWS\tasks\At177.job
C:\WINDOWS\tasks\At225.job
C:\WINDOWS\tasks\At201.job
C:\WINDOWS\tasks\At297.job
C:\WINDOWS\tasks\At273.job
C:\WINDOWS\tasks\At153.job
C:\WINDOWS\tasks\At249.job
C:\WINDOWS\tasks\At129.job
C:\WINDOWS\tasks\At321.job
C:\WINDOWS\tasks\At393.job
C:\WINDOWS\tasks\At465.job
C:\WINDOWS\tasks\At369.job
C:\WINDOWS\tasks\At417.job
C:\WINDOWS\tasks\At441.job
C:\WINDOWS\tasks\At489.job
C:\WINDOWS\tasks\At513.job
C:\WINDOWS\tasks\At345.job
C:\WINDOWS\tasks\At105.job
C:\WINDOWS\tasks\At111.job
C:\WINDOWS\tasks\At159.job
C:\WINDOWS\tasks\At183.job
C:\WINDOWS\tasks\At207.job
C:\WINDOWS\tasks\At255.job
C:\WINDOWS\tasks\At375.job
C:\WINDOWS\tasks\At351.job
C:\WINDOWS\tasks\At279.job
C:\WINDOWS\tasks\At327.job
C:\WINDOWS\tasks\At231.job
C:\WINDOWS\tasks\At303.job
C:\WINDOWS\tasks\At495.job
C:\WINDOWS\tasks\At447.job
C:\WINDOWS\tasks\At471.job
C:\WINDOWS\tasks\At519.job
C:\WINDOWS\tasks\At399.job
C:\WINDOWS\tasks\At423.job
C:\WINDOWS\tasks\At135.job
C:\WINDOWS\tasks\At137.job
C:\WINDOWS\tasks\At185.job
C:\WINDOWS\tasks\At281.job
C:\WINDOWS\tasks\At329.job
C:\WINDOWS\tasks\At209.job
C:\WINDOWS\tasks\At161.job
C:\WINDOWS\tasks\At305.job
C:\WINDOWS\tasks\At353.job
C:\WINDOWS\tasks\At257.job
C:\WINDOWS\tasks\At233.job
C:\WINDOWS\tasks\At401.job
C:\WINDOWS\tasks\At521.job
C:\WINDOWS\tasks\At425.job
C:\WINDOWS\tasks\At377.job
C:\WINDOWS\tasks\At497.job
C:\WINDOWS\tasks\At449.job
C:\WINDOWS\tasks\At473.job
C:\WINDOWS\tasks\At113.job
C:\WINDOWS\tasks\At138.job
C:\WINDOWS\tasks\At162.job
C:\WINDOWS\tasks\At186.job
C:\WINDOWS\tasks\At330.job
C:\WINDOWS\tasks\At210.job
C:\WINDOWS\tasks\At306.job
C:\WINDOWS\tasks\At234.job
C:\WINDOWS\tasks\At282.job
C:\WINDOWS\tasks\At354.job
C:\WINDOWS\tasks\At258.job
C:\WINDOWS\tasks\At378.job
C:\WINDOWS\tasks\At402.job
C:\WINDOWS\tasks\At498.job
C:\WINDOWS\tasks\At522.job
C:\WINDOWS\tasks\At426.job
C:\WINDOWS\tasks\At450.job
C:\WINDOWS\tasks\At474.job
C:\WINDOWS\tasks\At114.job
C:\WINDOWS\tasks\At116.job
C:\WINDOWS\tasks\At140.job
C:\WINDOWS\tasks\At188.job
C:\WINDOWS\tasks\At212.job
C:\WINDOWS\tasks\At284.job
C:\WINDOWS\tasks\At260.job
C:\WINDOWS\tasks\At236.job
C:\WINDOWS\tasks\At308.job
C:\WINDOWS\tasks\At332.job
C:\WINDOWS\tasks\At380.job
C:\WINDOWS\tasks\At404.job
C:\WINDOWS\tasks\At356.job
C:\WINDOWS\tasks\At428.job
C:\WINDOWS\tasks\At476.job
C:\WINDOWS\tasks\At500.job
C:\WINDOWS\tasks\At524.job
C:\WINDOWS\tasks\At452.job
C:\WINDOWS\tasks\At164.job
C:\WINDOWS\tasks\At237.job
C:\WINDOWS\tasks\At189.job
C:\WINDOWS\tasks\At285.job
C:\WINDOWS\tasks\At213.job
C:\WINDOWS\tasks\At309.job
C:\WINDOWS\tasks\At141.job
C:\WINDOWS\tasks\At261.job
C:\WINDOWS\tasks\At165.job
C:\WINDOWS\tasks\At117.job
C:\WINDOWS\tasks\At477.job
C:\WINDOWS\tasks\At333.job
C:\WINDOWS\tasks\At429.job
C:\WINDOWS\tasks\At405.job
C:\WINDOWS\tasks\At501.job
C:\WINDOWS\tasks\At525.job
C:\WINDOWS\tasks\At453.job
C:\WINDOWS\tasks\At357.job
C:\WINDOWS\tasks\At381.job
C:\WINDOWS\tasks\At142.job
C:\WINDOWS\tasks\At334.job
C:\WINDOWS\tasks\At166.job
C:\WINDOWS\tasks\At262.job
C:\WINDOWS\tasks\At358.job
C:\WINDOWS\tasks\At190.job
C:\WINDOWS\tasks\At286.job
C:\WINDOWS\tasks\At118.job
C:\WINDOWS\tasks\At238.job
C:\WINDOWS\tasks\At214.job
C:\WINDOWS\tasks\At310.job
C:\WINDOWS\tasks\At382.job
C:\WINDOWS\tasks\At526.job
C:\WINDOWS\tasks\At454.job
C:\WINDOWS\tasks\At406.job
C:\WINDOWS\tasks\At502.job
C:\WINDOWS\tasks\At430.job
C:\WINDOWS\tasks\At478.job
C:\WINDOWS\tasks\At167.job
C:\WINDOWS\tasks\At191.job
C:\WINDOWS\tasks\At119.job
C:\WINDOWS\tasks\At143.job
C:\WINDOWS\tasks\At239.job
C:\WINDOWS\tasks\At287.job
C:\WINDOWS\tasks\At311.job
C:\WINDOWS\tasks\At215.job
C:\WINDOWS\tasks\At263.job
C:\WINDOWS\tasks\At359.job
C:\WINDOWS\tasks\At335.job
C:\WINDOWS\tasks\At431.job
C:\WINDOWS\tasks\At383.job
C:\WINDOWS\tasks\At407.job
C:\WINDOWS\tasks\At455.job
C:\WINDOWS\tasks\At527.job
C:\WINDOWS\tasks\At503.job
C:\WINDOWS\tasks\At479.job
C:\WINDOWS\tasks\At336.job
C:\WINDOWS\tasks\At240.job
C:\WINDOWS\tasks\At144.job
C:\WINDOWS\tasks\At288.job
C:\WINDOWS\tasks\At120.job
C:\WINDOWS\tasks\At192.job
C:\WINDOWS\tasks\At312.job
C:\WINDOWS\tasks\At168.job
C:\WINDOWS\tasks\At264.job
C:\WINDOWS\tasks\At216.job
C:\WINDOWS\tasks\At528.job
C:\WINDOWS\tasks\At456.job
C:\WINDOWS\tasks\At432.job
C:\WINDOWS\tasks\At480.job
C:\WINDOWS\tasks\At408.job
C:\WINDOWS\tasks\At504.job
C:\WINDOWS\tasks\At384.job
C:\WINDOWS\tasks\At360.job
C:\WINDOWS\tasks\At108.job
C:\WINDOWS\tasks\At228.job
C:\WINDOWS\tasks\At204.job
C:\WINDOWS\tasks\At132.job
C:\WINDOWS\tasks\At276.job
C:\WINDOWS\tasks\At180.job
C:\WINDOWS\tasks\At252.job
C:\WINDOWS\tasks\At156.job
C:\WINDOWS\tasks\At444.job
C:\WINDOWS\tasks\At300.job
C:\WINDOWS\tasks\At396.job
C:\WINDOWS\tasks\At468.job
C:\WINDOWS\tasks\At348.job
C:\WINDOWS\tasks\At420.job
C:\WINDOWS\tasks\At516.job
C:\WINDOWS\tasks\At324.job
C:\WINDOWS\tasks\At372.job
C:\WINDOWS\tasks\At492.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\At169.job
C:\WINDOWS\tasks\At122.job
C:\WINDOWS\tasks\At170.job
C:\WINDOWS\tasks\At266.job
C:\WINDOWS\tasks\At218.job
C:\WINDOWS\tasks\At290.job
C:\WINDOWS\tasks\At194.job
C:\WINDOWS\tasks\At242.job
C:\WINDOWS\tasks\At146.job
C:\WINDOWS\tasks\At458.job
C:\WINDOWS\tasks\At314.job
C:\WINDOWS\tasks\At362.job
C:\WINDOWS\tasks\At434.job
C:\WINDOWS\tasks\At386.job
C:\WINDOWS\tasks\At338.job
C:\WINDOWS\tasks\At410.job
C:\WINDOWS\tasks\At243.job
C:\WINDOWS\tasks\At219.job
C:\WINDOWS\tasks\At291.job
C:\WINDOWS\tasks\At267.job
C:\WINDOWS\tasks\At147.job
C:\WINDOWS\tasks\At123.job
C:\WINDOWS\tasks\At195.job
C:\WINDOWS\tasks\At171.job
C:\WINDOWS\tasks\At315.job
C:\WINDOWS\tasks\At411.job
C:\WINDOWS\tasks\At435.job
C:\WINDOWS\tasks\At459.job
C:\WINDOWS\tasks\At339.job
C:\WINDOWS\tasks\At363.job
C:\WINDOWS\tasks\At387.job
C:\WINDOWS\tasks\At483.job
C:\WINDOWS\tasks\At482.job
folders to delete:
C:\Program Files\Antivirus 2009
registry values to delete:
HKLM\SOFTWARE\Microsoft\windows\currentversion\run | inetsrv
registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVantivirus
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules
programs to launch on reboot:
c:\fix.reg
Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato lo trovi in c:\avenger.
Poi fammi sapere che cosa è questa cartella
10/12/2008 09:43:54 -- 10/12/2008 09:43:54 (DIR) ---- 49 days old -- C:\E__
|
Modificato da - death in data 28/01/2009 21:07:39 |
|
|
|
giaraonline
Senior Member
Città: roma
198 Messaggi |
Inserito il - 29/01/2009 : 03:43:41
|
buona notte e sogni d'oro
ho fatto tutto... almeno credo, il file reg l'ho copiato ma credo che non l'abbia digerito, mi e' uscito un messaggio che diceva píu o meno che non trovava il file reg...
comunque qui ti posto il nuovo avenger
htt*://wikisend[.com]/download/487530/avenger4.txt
scusa ma io quelle cartelle che mi hai chiesto di cercare non le ho trovate...
se puoi darmi un aiutino...
|
|
|
|
death
Moderatore
Città: Pinerolo e dintorni
7791 Messaggi |
Inserito il - 29/01/2009 : 08:44:41
|
Buon giorno, una bella pulizia, per quanto concerne la cartella, prova a visualizzare i files nascosti seguendo questa specchietto:
Citazione:
Windows XP
Tasto destro su Start–>Esplora–>Menù Strumenti–>Opzioni Cartella–>Visualizzazione
-Mettere la spunta a ‘Visualizza tutti i files’ o “Visualizza cartelle e files nascosti”
-Togliere la spunta a ‘Non visualizzare cartelle e files di sistema’ o “Nascondi i files protetti di sistema”
poi scaricati malwarebytes pulito e prova a reinstallarlo e a fare la scansione, ora il pc dovrebbe essere sbloccato, non provare a connetterlo per ora. |
|
|
|
giaraonline
Senior Member
Città: roma
198 Messaggi |
Inserito il - 29/01/2009 : 15:24:48
|
allora buongiorno, almeno per me...
ho fatto quello che dicevi per cercare quella cartella, ma non l'ho trovata comunque
ho installato malaware e quest e' il log
htt*://wikisend[.com]/download/893670/mbam-log-2009-01-29 (10-01-14).txt
che faccio con malaware? gli dico di eliminare quello che ha trovato? |
|
|
|
Discussione |
|
Antivirus 2009 - TDSS
Forum Bloccato
