a parte eim.exe gli altri mi sembrano reisdui
usa avenger.exe, come hai già fatto tempo fa, con questo script
files to delete:
C:\WINDOWS\TEMP\7.tmp
C:\WINDOWS\winlogon.exe
C:\DOCUME~1\michela\IMPOST~1\Temp\ZSUB.exe
C:\WINDOWS\system32\eim.exe
registry keys to delete:
HKLM\system\currentcontrolset\services\LogCrd
HKLM\system\currentcontrolset\services\Windows Kernel Services
HKLM\system\currentcontrolset\services\ZSUB
Pensi di avere un file infetto? Invialo a SuspectFile
Grazie mille molto gentile Holifay!
ci provo!!
Mikiss
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\kemuctiy
*******************
Script file located at: \??\C:\WINDOWS\ogtcguay.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\TEMP\7.tmp not found!
Deletion of file C:\WINDOWS\TEMP\7.tmp failed!
Could not process line:
C:\WINDOWS\TEMP\7.tmp
Status: 0xc0000034
File C:\WINDOWS\winlogon.exe not found!
Deletion of file C:\WINDOWS\winlogon.exe failed!
Could not process line:
C:\WINDOWS\winlogon.exe
Status: 0xc0000034
File C:\DOCUME~1\michela\IMPOST~1\Temp\ZSUB.exe not found!
Deletion of file C:\DOCUME~1\michela\IMPOST~1\Temp\ZSUB.exe failed!
Could not process line:
C:\DOCUME~1\michela\IMPOST~1\Temp\ZSUB.exe
Status: 0xc0000034
File C:\WINDOWS\system32\eim.exe deleted successfully.
Registry key HKLM\system\currentcontrolset\services\LogCrd deleted successfully.
Registry key HKLM\system\currentcontrolset\services\Windows Kernel Services deleted successfully.
Registry key HKLM\system\currentcontrolset\services\ZSUB deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Mikiss
spero di essere a posto cosi!!
La nuova scansione on line di Norton mi dice:
Virus Status: Safe!
No viruses were detected in memory.
Mikiss
Permessi di invio
Rispondi quotando