Ho riacceso il mio desktop dopo molto tempo (circa 1 anno), il tempo di dargli un'occhiata e sistemarlo che ho beccato un worm , avevo kaspersky non aggiornato e con licensa scaduto, non è riuscito a fare nulla, mi dava 3 file .exe uno probabilmente su acr32.exe , avevo la 6.0 molto vecchia, e due file exe in c:\doc...\users ecc ecc.exe

Mi ha installato un'utility di scan e bloccato tutto il pc, non ho più la yzdock nè i programmi, nulla scomparso tutto, tempo che mi abbia cancellato tutto, non ci posso credere che me l'abbiano fatta!

Non ho ravviato ma chiuso subito il pc, ho provato subito con Kav rescue disk e con Avira disk ma non mi leggono l'hd dell'os che ho in raid 0 su serial ata!

Il 1 problema è quindi far leggere il serial ata raid 0 dell'os a un disco di ripristino!

Non ho voglia di far partire l'ìos, potrebbe prendermi lo scoramento, avevo una config fatta davvero bene e non ho voglia di perderla quindi tenterò il tutto per tutto per recuperare e fixare il virus!

Vi chiedo come aiuto come poter far partire un tool su raid0 serial ata!

thx mille spero mi aiutiate

Me l'han fatta grossa 'sti bastardi

Mi sono beccato il system fix :stordita: :help: :help: :help:

Ciao, se è system fix segui questa guida:http://www.hwupgrade.it/forum/showthread.php?t=1789446

Grazie, avevo trovato trojan killer ma costa 29€....

quei prog. li ho tutti, speriamo di risolvere



Trojan Killer [ Christmas Edition ] v.2.1.1.3
Report file date: 15/12/2011 20.52.46

Scanning for 476874 virus strains and unwanted programs.

Licensed: UNREGISTERED
Windows version: Microsoft Windows XP (version 5.1)
Username: Kis
Computer name: MAD-6JPCCQLT6YH

Starting the file scan:

Hijack.NoDesktop - fixed
Hijack.DisableTaskMgr - fixed
Hijack.DisableTaskMgr - fixed
Startup collected
BHO plugins collected
Service collected
ActiveX collected
Files collected
Scanning process...
----- %systemroot%\system32\msjava.dll ---- ActiveX
Threat
Microsoft VM


----- C:\Documents and Settings\Kis\Menu Avvio\Programmi\system fix\system fix.lnk ---- General
Rogue.SystemFix
MD5: 52478FF55B29DF5433E0221625DE5286:860
EP: 00
SEC:


----- C:\Documents and Settings\All Users\Dati applicazioni\23jrkOHMbdDCpE.exe ---- General
Rogue.SystemFix
MD5: CB9A77D964DA4C662C8A7021BE8546D8:351368
RIC: C6C09AC432E1E1F93F80EEC3BDD09BA7:15032
EP: 55 8B EC 6A FF 68 10 51 40 00 68 D4 28 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 5C 50 40 00 33 D2 8A D4 89 15 C0 48 48 00 8B C8 81 E1 FF 00 00 00 89 0D BC
SEC:
.text:60000020:14CC07C9B59FAA2D0DA79618E611DAE7:14336
.rdata:40000040:E245C4B52A1608CC1BACC318C3A5B805:3584
.data:C0000040:79A74DAEC4BEF3BC24C4B8136AE23955:4608
ukl:C0000040:5A7994A9D64B8AC5CF2A4F5E8898F630:201216
qplsnf:C0000040:DDF2EC9D57F74589E81CF4A0F253838F:103936
.rsrc:40000040:80C7C6B5F9C72CA8452983C19C7D8418:17408
.reloc:42000040:B49F3750FA66959BBE08726500967336:4096


----- C:\Documents and Settings\Kis\Menu Avvio\Programmi\system fix\uninstall system fix.lnk ---- General
Rogue.SystemFix
MD5: 1C1B1D013B4CA513E6DBA968D6FEBB4F:932
EP: 00
SEC:


----- C:\Documents and Settings\All Users\Dati applicazioni\23jrkOHMbdDCpE.exe ---- General
Rogue.SystemFix
MD5: CB9A77D964DA4C662C8A7021BE8546D8:351368
RIC: C6C09AC432E1E1F93F80EEC3BDD09BA7:15032
EP: 55 8B EC 6A FF 68 10 51 40 00 68 D4 28 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 5C 50 40 00 33 D2 8A D4 89 15 C0 48 48 00 8B C8 81 E1 FF 00 00 00 89 0D BC
SEC:
.text:60000020:14CC07C9B59FAA2D0DA79618E611DAE7:14336
.rdata:40000040:E245C4B52A1608CC1BACC318C3A5B805:3584
.data:C0000040:79A74DAEC4BEF3BC24C4B8136AE23955:4608
ukl:C0000040:5A7994A9D64B8AC5CF2A4F5E8898F630:201216
qplsnf:C0000040:DDF2EC9D57F74589E81CF4A0F253838F:103936
.rsrc:40000040:80C7C6B5F9C72CA8452983C19C7D8418:17408
.reloc:42000040:B49F3750FA66959BBE08726500967336:4096


----- C:\Documents and Settings\Kis\Desktop\system fix.lnk ---- General
fakeOptimizer.x.SystemFix
MD5: 2934FB338B591EBDEB503F898FF75634:848
EP: 00
SEC:


----- C:\Documents and Settings\All Users\Dati applicazioni\23jrkOHMbdDCpE.exe ---- General
fakeOptimizer.x.SystemFix
MD5: CB9A77D964DA4C662C8A7021BE8546D8:351368
RIC: C6C09AC432E1E1F93F80EEC3BDD09BA7:15032
EP: 55 8B EC 6A FF 68 10 51 40 00 68 D4 28 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 5C 50 40 00 33 D2 8A D4 89 15 C0 48 48 00 8B C8 81 E1 FF 00 00 00 89 0D BC
SEC:
.text:60000020:14CC07C9B59FAA2D0DA79618E611DAE7:14336
.rdata:40000040:E245C4B52A1608CC1BACC318C3A5B805:3584
.data:C0000040:79A74DAEC4BEF3BC24C4B8136AE23955:4608
ukl:C0000040:5A7994A9D64B8AC5CF2A4F5E8898F630:201216
qplsnf:C0000040:DDF2EC9D57F74589E81CF4A0F253838F:103936
.rsrc:40000040:80C7C6B5F9C72CA8452983C19C7D8418:17408
.reloc:42000040:B49F3750FA66959BBE08726500967336:4096


----- C:\Documents and Settings\Kis\Dati applicazioni\microsoft\internet explorer\quick launch\system fix.lnk ---- General
Rogue.Win32g.SystemFix
MD5: 147322EB78168219D89D62E5E7578F7C:866
EP: 00
SEC:


----- C:\Documents and Settings\All Users\Dati applicazioni\23jrkOHMbdDCpE.exe ---- General
Rogue.Win32g.SystemFix
MD5: CB9A77D964DA4C662C8A7021BE8546D8:351368
RIC: C6C09AC432E1E1F93F80EEC3BDD09BA7:15032
EP: 55 8B EC 6A FF 68 10 51 40 00 68 D4 28 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 5C 50 40 00 33 D2 8A D4 89 15 C0 48 48 00 8B C8 81 E1 FF 00 00 00 89 0D BC
SEC:
.text:60000020:14CC07C9B59FAA2D0DA79618E611DAE7:14336
.rdata:40000040:E245C4B52A1608CC1BACC318C3A5B805:3584
.data:C0000040:79A74DAEC4BEF3BC24C4B8136AE23955:4608
ukl:C0000040:5A7994A9D64B8AC5CF2A4F5E8898F630:201216
qplsnf:C0000040:DDF2EC9D57F74589E81CF4A0F253838F:103936
.rsrc:40000040:80C7C6B5F9C72CA8452983C19C7D8418:17408
.reloc:42000040:B49F3750FA66959BBE08726500967336:4096


----- C:\WINDOWS\System32\txpui.dll ---- General
Packed.SVKP
MD5: 2328B5715AD062277C96F7BB39384F65:107520
EP: 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 9D 42 43 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E
SEC:
:C0000040:9149681EFDB3BC85672F641DB5EC9CE3:28672
:C0000040:4172F7268F1710F70947BE0F22F5C544:4096
:C0000040:1FC5AA2B8EB89CC6316C5A5D2328558A:4096
:C0000040:8EF2FF3AFE01CF9DDA28D1A23CEEFDDE:4096
.selo:C0000040:5667E8758AFD8F87FEE43BB276B268EC:65536


----- C:\Documents and Settings\Kis\Menu Avvio\Programmi\Benchmark\AquaMark3\AquaMark3.lnk ---- General
Packed.SVKP
MD5: C4BE8A1F1309C8B83B1B08030C8D26F2:669
EP: 00
SEC:


----- C:\Documents and Settings\Kis\Menu Avvio\Programmi\Codec\DivX\DivX Player\DivX Player.lnk ---- General
Mal/Packer!se2
MD5: 3CF659D7590173192414A2FE30A13AE5:785
EP: 00
SEC:


----- C:\Documents and Settings\Kis\Menu Avvio\Programmi\NNscript.lnk ---- General
Trojan.Win32!L
MD5: 7ED83EC1A3D6B01A9485D2298812FD3C:630
EP: 00
SEC:


----- C:\Documents and Settings\Kis\Menu Avvio\Programmi\Utility\Tweak-XP Pro 3\Tweak-XP Pro 3.lnk ---- General
Packed.SVKP
MD5: 48DBC353CEB99AA2E4EBCD3B06B0BC5A:1704
EP: 00
SEC:


----- C:\Programmi\AquaMark3\aquamark.exe ---- General
Packed.SVKP
ProdVer: 3.00
FileVer: 3.00
Name : AquaMark
Company: Massive Development GmbH
NAC: 215C78624D266FACF6A538B65266D541:32
MD5: 9E5F46D20823CB05C60E0720ED75EAC8:4125696
RIC: 25D28099FF518EF88BA243867BFD266B:3600
EP: 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 9D 42 43 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E
SEC:
:C0000040:93C5ADD9375DE02E6A2BAF8914C6FE6D:3457024
:C0000040:C069B093B75614974C811F5A286DA351:331776
:C0000040:510EC50467CBF6BB46EAC64AE024D926:266240
:C0000040:FD40D3916937B059DAAA5EC28E67C24C:8192
.aqua:C0000040:33DCC447F51CC50A0E8B4CC80DD636F4:61440


----- C:\Programmi\DivX\DivX Player\DivX Player.exe ---- General
Mal/Packer!se2
MD5: 7BC32831EAB6F44B64466A7A6CBC5161:2358784
EP: 68 01 90 99 00 E8 01 00 00 00 C3 C3 0D A1 6B 91 A9 57 0E 76 43 7A 24 EA 2A F5 20 40 F7 53 5F 24 49 43 FD A4 DF F3 62 87 53 60 32 E1 43 2A 09 4B A6 73 1E 97 E1 B2 1E 31 65 5B 4A FF 4B 21 18 2B C3
SEC:
:C0000040:6D39DC95C8A68696A650876C48930C75:1412608
:C0000040:63E0563546368E12D2BF28564C42B97E:418816
:C0000040:2E74E44DAA46F549BAB5729B8A5DC58C:82432
.rsrc:C0000040:D36E775ED8FC3A595E2C5845E41E0041:291840
.data:C0000040:AC659960A0C65F81C6A5B6EDDB424DF7:152064
.adata:C0000040:00000000000000000000000000000000:0


----- C:\Programmi\ICQ\DataFiles\externals.exe ---- General
Mal/Fraud!se488
MD5: E99873D205B61C696716720BCBD0CFD0:9848
EP: 55 8B EC 6A FF 68 C8 20 40 00 68 10 1F 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 68 53 56 57 89 65 E8 33 DB 89 5D FC 6A 02 FF 15 A8 20 40 00 59 83 0D 54 32 40 00 FF 83 0D 58 32 40 00
SEC:
.text:60000020:BD2312A1096266511DF61BCEB19B98B6:4096
.rdata:40000040:779145A1DB8912239C17F7629AA9E7D0:1536
.data:C0000040:123C2D61DB451122E9B80CF65F059909:512


----- C:\Programmi\NNScript\mirc.exe ---- General
Trojan.Win32!L
ProdVer: 6.12
FileVer: 6.12
Name : mIRC
Company: mIRC Co. Ltd.
NAC: 18D9C6D655F7E4BD67665C78FD7B0629:17
MD5: 8DBD2AF735ABC63AD1A1C60D415A5758:1867776
RIC: C2784DD6AC8B8E8D02FEE19149DD6EBA:1040
EP: 6A 60 68 88 16 58 00 E8 27 75 00 00 BF 94 00 00 00 8B C7 E8 3B E3 FF FF 89 65 E8 8B F4 89 3E 56 FF 15 40 41 57 00 8B 4E 10 89 0D 90 1D 5B 00 8B 46 04 A3 9C 1D 5B 00 8B 56 08 89 15 A0 1D 5B 00 8B
SEC:
.text:60000020:F6483426BCA736D5AB27CDE1B4D63B5B:1519616
.rdata:40000040:3D06DD617E11F4E8F6EB46576657FEAB:86016
.data:C0000040:03FD13CA97CD8D144966C0E418CCC9BF:16384
.rsrc:40000040:C963DC3646BA0FC23E3F2E15278CD846:241664


----- C:\Programmi\NNScript\script\dlls\popups.dll ---- General
not-a-virus
MD5: 485A3AEBD984B1460CB27BDD97DDAC88:22528
EP: 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6 75 09 83 3D 20 7F 00 10 00 EB 26 83 FE 01 74 05 83 FE 02 75 22 A1 30 7F 00 10 85 C0 74 09 57 56 53 FF D0 85 C0 74 0C 57 56 53 E8 15 FF FF FF 85
SEC:
.text:60000020:77A55B69A2BFEA575600024AED31BDAC:16896
.rdata:40000040:2B5C5A6EC2C34C529CCF93BD184BA71B:2048
.data:C0000040:0CFBF2DE794D140BA08AEE8420950DFB:1024
.reloc:42000040:58EEEAE87B8DB8CA1DC954AC00246720:1536


----- C:\Programmi\NNScript\script\kte\Kte.dll ---- General
MotherboardMonitor
MD5: 73FF6259948E6A6FFE088958415A758E:61440
EP: 55 8B EC 8B 45 08 C7 05 30 01 01 10 00 00 00 00 A3 38 01 01 10 FF 15 E0 C0 00 10 68 02 7F 00 00 6A 00 A3 3C 01 01 10 FF 15 DC C0 00 10 A3 34 01 01 10 B8 01 00 00 00 5D C2 0C 00 90 90 90 90 90 55
SEC:
.text:60000020:87D02C4F19C729F68BD5552C25E6CE47:42496
.rdata:40000040:F9332EF3EB658053AD309FDDEFD4FF39:7168
.data:C0000040:0F4C92EBA6F1D690BDB9206D5220AE16:8704
.reloc:42000040:BCAA85336F61B9FF6E7EC316C18901B7:2048


----- C:\Programmi\NNScript\script\mdx\MDX.DLL ---- General
not-a-virus
ProdVer: 0.91b
FileVer: 0.91b
Name : mIRC Dialog eXtension (MDX)
Company: DragonZap
NAC: 8FC5D3CA3764FFFB0DBAC230128711CE:36
MD5: 901479FCE8B78F9030C20A8F7A236E25:42496
EP: 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6 75 09 83 3D 54 B2 00 10 00 EB 26 83 FE 01 74 05 83 FE 02 75 22 A1 5C B2 00 10 85 C0 74 09 57 56 53 FF D0 85 C0 74 0C 57 56 53 E8 15 FF FF FF 85
SEC:
.text:60000020:9C2C27E27BF68DB920CD95EA867E3F87:30208
.rdata:40000040:FEEA5A9818BC9735C0AC7642A87A42E0:3584
.data:C0000040:7475CFB96809D00A45B1C999A3967032:2048
.rsrc:40000040:0651AA252F29B2B1E0D91AE4FE20894C:3072
.reloc:42000040:44A5BB78C4CE109E6DEF4B4EB53FDA1F:2560


----- C:\Programmi\Tweak-XP Pro 3\tweak-xp.exe ---- General
Packed.SVKP
ProdVer: 3.00.0002
FileVer: 3.00.0002
Name : Tweak-XP™ Pro
Company: Totalidea Software, Germany, New Zealand
NAC: 3866F2866E23EF95297B4B446793581C:53
MD5: E641BAD0F873231D488EF7E0E5EB5C81:1061888
RIC: 760B504641510529136FB95761839CA1:25064
EP: 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 9D 42 43 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E
SEC:
:C0000040:B17CCAB551F330043C9366C3C48E837B:950272
:C0000040:00000000000000000000000000000000:0
:C0000040:3BFC548B82515B010A411F4A4662CE19:45056
.selo:C0000040:F80E5ABE40D250A87C0500C2AD583FD4:65536


Scan completed!

Scan result: 19 detected items
Scan completed in: Scan completed in 11 minute(s) 43 sec.
Files were scanned: 10793

Segui il suggerimento di Riku http://www.hwupgrade.it/forum/showpost.php?p=36554912&postcount=3 chiudo onde evitare doppione.