Ciao a tutti sono Aumas,un nuovo iscritto!!!
Ho un problema sul mio pc!
Da qualche tempo mi da un errore di Generic Host Process for Win32 service.
Hijackthis mi da un file da eliminare, ma dopo fixato(si dice cosi???!!)me lo ripresenta....non riesco a cancellarlo.
Con avgfree,trovo dei virus in system32,ma non so se eliminarli,e se li tolgo poi mi ritornano!!
Come posso fare???Avete qualche soluzione??!!
Grazie mille
PS:il file che trova hijackthis dovrebbe essere mssrv32.exeVVoVe:
Posta il log di HijackThis, poi scrivi i nome ed i percorsi dei virus che avg ti elimina.
Ciao ecco il log.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main .exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
c:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Valeriano\Desktop\HiJackThis\HijackThis.e xe
C:\Programmi\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=hom e
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301. 7164\swg.dll
O2 - BHO: AcroIEHelper - {F3CFA533-7680-4943-A863-B8216390E847} - C:\WINDOWS\system32\AcroIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [PMCS] "C:\Programmi\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Mai n.exe" -host -clearDebug
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
La maggior parte dei virus si trova in c:\WINDOWS\system32\ ma sono molti, e non capisco come riesco a beccarli.
Ad esempio:vedxga4m1et4.exe
vedxga5me3.exe
kernelwind32.exe
dllh8jkd1q5.exe
dllh8jkd1q7.exe
dllh8jkd1q6.exe
ecc...
Per eliminare quella riga con hijackthis, fai così:
start-->esegui-->ora copia incolla una alla volta questi due comandi:
sc stop msupdate (invio)
sc delete msupdate (invio)
E poi dopo aver fatto questo fixala (se c'è ancora):
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
Scarica avenger
clicca su input script manually e poi sulla lente di ingrandimento.
nello spazio bianco inserisci con copia incolla questo:
files to delete:
c:\windows\system32\mssrv32.exe
c:\windows\system32\vedxga4m1et4.exe
c:\windows\system32\vedxga5me3.exe
c:\windows\system32\kernelwind32.exe
c:\windows\system32\dllh8jkd1q5.exe
c:\windows\system32\dllh8jkd1q7.exe
c:\windows\system32\dllh8jkd1q6.exe
clicca su done.
poi sul semaforo con luce verde
due volte si, il pc si riavviera' e al ritorno posta il log di avenger (C:/avenger.txt).
Poi fai qualche sansione con una antivirus on-line (tipo kaspersky) e posta il log della scansione.
Eccomi,
con hijackthis,quel problema è stato risolto, ,non mi appare più la voce0 023-service ecc..
Poi ho seguito le tue istruzioni con avenger, ma mi da degli errori,sono saltato allora a Kaspersky ed ecco il log:
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Dati applicazioni\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Valeriano\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Valeriano\Dati applicazioni\AVG7\l_000223.log Object is locked skipped
C:\Documents and Settings\Valeriano\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Valeriano\Impostazioni locali\Cronologia\History.IE5\MSHist01200711162007 1117\index.dat Object is locked skipped
C:\Documents and Settings\Valeriano\Impostazioni locali\Dati applicazioni\ApplicationHistory\PMC.Service.Main.e xe.fd205a0a.ini.inuse Object is locked skipped
C:\Documents and Settings\Valeriano\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Valeriano\Impostazioni locali\Temp\$3FA60F69.t$m Object is locked skipped
C:\Documents and Settings\Valeriano\Impostazioni locali\Temp\Perflib_Perfdata_74c.dat Object is locked skipped
C:\Documents and Settings\Valeriano\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Valeriano\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Valeriano\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-11-16.13-20-16.log Object is locked skipped
C:\Programmi\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\master.mdf Object is locked skipped
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\mastlog.ldf Object is locked skipped
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\model.mdf Object is locked skipped
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\modellog.ldf Object is locked skipped
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_GlobalCo ntext.mdf Object is locked skipped
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_GlobalCo ntext_log.LDF Object is locked skipped
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_PMC.mdf Object is locked skipped
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_PMC_log. LDF Object is locked skipped
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\tempdb.mdf Object is locked skipped
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\templog.ldf Object is locked skipped
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\LOG\ERRORLOG Object is locked skipped
C:\Programmi\Trisnap Technologies\SSI\SysEnforce.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP11\A0001117.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP23\A0003460.dll Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP23\A0003461.exe Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP23\A0003732.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP24\A0003829.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP27\A0004335.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP36\A0012884.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP36\A0012885.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP41\A0016737.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP43\A0017001.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP45\A0017259.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP45\A0019357.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP45\A0019358.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP45\A0019359.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP45\A0019360.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP46\A0019414.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP48\A0020751.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP49\A0020836.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP49\A0020855.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP49\A0020863.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP49\A0020874.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP49\A0020910.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP49\A0020918.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP50\A0020932.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP50\A0020964.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP50\A0021055.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP50\A0021061.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP50\A0021069.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP50\A0021084.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP50\A0021090.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP51\A0021147.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021178.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021208.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021216.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021222.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021230.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021251.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021252.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021444.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021445.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021450.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021452.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021456.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021458.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021459.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021460.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021461.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021462.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021463.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021464.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021466.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021469.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021473.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021475.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021476.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021477.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021478.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021479.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021480.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021481.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021483.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021486.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021493.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021504.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021507.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021508.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021509.exe Object is locked
skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021510.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021511.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021514.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021517.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021522.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021526.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021533.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021543.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021564.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021574.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021583.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021599.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021621.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021622.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021623.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021624.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021625.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021626.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021627.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021630.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021632.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021633.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021634.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021635.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021636.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021637.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021638.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021668.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021677.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021686.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021695.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021704.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021714.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021721.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021731.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021780.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021807.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021814.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021821.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021830.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021839.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021846.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021865.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021867.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP52\A0021868.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP53\A0021954.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP53\A0021969.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP53\A0022002.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP53\A0022027.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP53\A0022036.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP53\A0022045.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP53\A0022061.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP53\A0022153.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP53\A0022213.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP53\A0022242.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP53\A0022269.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP53\A0022527.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP53\A0022528.exe Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP53\A0022593.dll Object is locked skipped
C:\System Volume Information\_restore{AFCA8F4E-BCC2-4556-B0AC-B9054F500C4C}\RP53\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\AcroIEHelper.dll Infected: Trojan.Win32.LinkReplacer.b skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\mssrv32.exe Infected: Trojan-Downloader.Win32.Small.fyn skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_218.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\Valeriano\SETUP Software\Programmazione\Toolbook\Asymetrix ToolBook Instructor 2004 v8.9 keygen.zip/keygen.exe Infected: Trojan.Win32.Agent.acw skipped
D:\Valeriano\SETUP Software\Programmazione\Toolbook\Asymetrix ToolBook Instructor 2004 v8.9 keygen.zip ZIP: infected - 1 skipped
D:\Valeriano\SETUP Software\Programmazione\Toolbook\ToolBook.Instruct or.2004.v8.9.WinALL.Incl.[k]eymaker-CORE.zip/keygen.exe Infected: Trojan.Win32.Agent.acw skipped
D:\Valeriano\SETUP Software\Programmazione\Toolbook\ToolBook.Instruct or.2004.v8.9.WinALL.Incl.[k]eymaker-CORE.zip ZIP: infected - 1 skipped
D:\Valeriano\SETUP Software\Sistema\Radmin 2.1.rar/Radmin 2.1/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
D:\Valeriano\SETUP Software\Sistema\Radmin 2.1.rar/Radmin 2.1/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
D:\Valeriano\SETUP Software\Sistema\Radmin 2.1.rar/Radmin 2.1/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
D:\Valeriano\SETUP Software\Sistema\Radmin 2.1.rar/Radmin 2.1/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
D:\Valeriano\SETUP Software\Sistema\Radmin 2.1.rar/Radmin 2.1/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
D:\Valeriano\SETUP Software\Sistema\Radmin 2.1.rar RAR: infected - 5 skipped
D:\Valeriano\SETUP Software\Sistema\Windows XP\Windows XPE (ISO)\Windows Xp Prof Sp2 Livecd Ita,Con Acrobat Reader,Ad-Aware,Clamwin Antivirus,Firefox,Paragon Hard.iso/??/?????? Infected: not-a-virus:RiskTool.Win32.HideExec.b skipped
D:\Valeriano\SETUP Software\Sistema\Windows XP\Windows XPE (ISO)\Windows Xp Prof Sp2 Livecd Ita,Con Acrobat Reader,Ad-Aware,Clamwin Antivirus,Firefox,Paragon Hard.iso ISO image: infected - 1 skipped
SCUSA MA ERA TROPPO LUNGO E PIU' DI TOT CARATTERI NON ME LI FACEVA INSERIRE!
GRAZIE
Con avenger, clicca su input script manually e poi sulla lente di ingrandimento.
Nello spazio bianco inserisci con copia incolla tutta la parte colorata in rosso:
files to delete:
C:\Programmi\DAEMON Tools\SetupDTSB.exe
C:\WINDOWS\system32\AcroIEHelper.dll
clicca su done.
poi sul semaforo con luce verde
due volte si, il pc si riavviera' e al ritorno posta il log di avenger (C:/avenger.txt).
Se ti da errore dimmi che errore ti da.
Permessi di invio
Rispondi quotando