Olimpo Informatico

[f_champ182]

Ciao, ho formattato il pc da poco e ora mi ritrovo con altri problemi.

Due giorni fa avevo questo tipo di virus trojan sys.exe (e non solo questo!) che mi aveva rilevato Avira nel disco locale E. Quando pensavo di averlo eliminato, all'accensione del pc mi compariva di nuovo l'avviso del virus, accompagnato da altre segnalazioni!

Inoltre ho scaricato active virus shield: prima che formattassi il computer mi aveva eliminato qualunque trojan o virus pur non essendo abilitato. Stavolta però non mi fa correggere i problemi individuati dalla scansione perchè non riesce ad eseguire gli aggiornamenti (mentre l'altra volta gli aveva fatti stranamente anche se come si vede in internet non offre più protezione perchè disabilitato). Comunque un problema dopo il primo attacco di virus è che non mi fa piu aprire i dischi normalmente cliccando sull'icone e compare questo link

Come dicevo la scansione di active virus shield invece mi ha rilevato AdWare.Win32 My Web Search ed ora il disco locale E sembra del tutto danneggiato perchè non mi fa eliminare i file all'interno e nemmeno spostarli al suo interno. Ho provato allora a spostare i file principali in un altro disco per formattarlo: sembrava che funzionasse invece dopo tipo 2 file trasferiti, al terzo trasferimento si blocca il pc. Tuttavia posso aprire i file all'interno del disco ma non posso eliminarli o trasferirli.

Infine ho provato a scaricare altri programmi che mi riuscissero a eliminare questo Adware:
SuperAntiSpyware
RegistryBooster 2
Spybot

Adesso ho scaricato Spyware Doctor e Ccleaner e quest'ultimo non so se mi puo servire e tra l'altro nn lo so usare.
Ora mi ha completato la scansione di Kapersky e mi ha trovato questo Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_1f0.dat Object is locked skipped

C:\WINDOWS\Temp\~DFE669.tmp Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\flaC4.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\flaC5.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\flaC6.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\flaC7.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\flaC8.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\flaC9.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\flaCA.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\flaCB.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\flaD2.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\flaD3.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\hpodvd09.log Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\NERO14777\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\DOCUME~1\user\IMPOST~1\Temp\~DF205.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\~DF6B18.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\~DF6B74.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\~DFA671.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\~DFA785.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\~DFAE88.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\~DFB098.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\~DFE298.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\~DFE561.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\~DFE638.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\~DFE786.tmp Object is locked skipped

C:\DOCUME~1\user\IMPOST~1\Temp\~DFE8A0.tmp Object is locked skipped

Il problema del disco danneggiato rimane e ora su ogni cartella di questo c'è qualche file con la scritta in blu..che può essere sta cosa?!?!

Aiutatemi perchè le ho provate tutte (o quasi) se serve vi posto il log di hijackthis anche se non ho capito tanto come funziona.

[Sante62]

Ciao f_champ182 e benvenuto...

Intanto fai un pò di pulizie generiche con questi:
CCleaner;
Combofix;
Virit;
Hijackthis;

Ricordati tra l'altro che trasferendo i file da un disco all'altro trasferisci anche quelli dei virus...

[f_champ182]

wow ha funzionato!ora funziona regolarmente!soltanto è che ora non so se l'adware è ancora presente..inoltre dopo la scansione con combofix ho notato questo
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\WINDOWS\autorun.inf
C:\WINDOWS\system32\AutoRun.inf
D:\Autorun.inf
E:\Autorun.inf

mi devo preoccupare?

infine non ho capito che ci devo fare con il log di hijackthis? mi spieghi come funziona? grazie tante

[Sante62]

[f_champ182]

ComboFix 08-06-05.3 - user 2008-06-05 22.26.05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.526 [GMT 2:00]
Eseguito da: C:\Documents and Settings\user\Documenti\My Completed Downloads\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\WINDOWS\autorun.inf
C:\WINDOWS\system32\AutoRun.inf
D:\Autorun.inf
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2008-05-05 al 2008-06-05 )))))))))))))))))))))))))))))))))))
.

2008-06-05 11:20 . 2008-06-05 11:20 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-06-05 11:20 . 2008-06-05 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-06-05 10:44 . 2008-06-05 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-06-04 23:58 . 2008-06-04 23:58 <DIR> d-------- C:\Programmi\Yahoo!
2008-06-04 23:58 . 2008-06-04 23:58 <DIR> d-------- C:\Programmi\CCleaner
2008-06-04 22:27 . 2008-06-04 22:27 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\SUPERAntiSpyware.com
2008-06-04 22:27 . 2008-06-04 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-06-04 22:26 . 2008-06-04 22:26 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-06-04 22:21 . 2008-06-04 22:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-04 22:21 . 2008-06-04 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-06-04 16:02 . 2008-06-04 16:02 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\InstallShield
2008-06-04 14:48 . 2008-06-04 16:29 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-03 21:01 . 2008-06-03 21:02 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\HP
2008-06-03 20:36 . 2008-06-03 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\HP
2008-06-03 20:26 . 2008-06-03 20:33 <DIR> d-------- C:\Programmi\File comuni\HP
2008-06-03 20:24 . 2008-06-03 20:24 <DIR> d-------- C:\Programmi\Hewlett-Packard
2008-06-03 20:23 . 2008-06-03 20:23 <DIR> d-------- C:\Programmi\File comuni\Hewlett-Packard
2008-06-03 20:20 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.1
2008-05-31 14:59 . 2008-05-31 14:59 <DIR> d-------- C:\Programmi\Trend Micro
2008-05-31 14:26 . 2008-05-31 14:26 <DIR> d-------- C:\Programmi\Uniblue
2008-05-31 14:26 . 2008-05-31 14:26 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Uniblue
2008-05-30 16:38 . 2007-03-06 17:30 140 -rahs---- C:\WINDOWS\system\Autorun.inf
2008-05-28 16:49 . 2008-05-28 16:49 376 --a------ C:\WINDOWS\ODBC.INI
2008-05-28 16:48 . 2008-05-28 16:48 <DIR> d-------- C:\WINDOWS\ShellNew
2008-05-28 16:48 . 2008-05-28 16:48 <DIR> d-------- C:\Programmi\Microsoft ActiveSync
2008-05-28 16:42 . 2008-05-28 16:42 <DIR> d-------- C:\Programmi\Microsoft SQL Server
2008-05-28 11:51 . 2008-02-26 13:48 297,984 --------- C:\WINDOWS\system32\dllcache\msctf.dll
2008-05-23 20:06 . 2008-05-23 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Adobe Systems
2008-05-23 20:01 . 2008-05-23 20:01 <DIR> d-------- C:\Programmi\File comuni\Adobe Systems Shared
2008-05-23 18:51 . 2008-05-23 18:51 <DIR> d-------- C:\Programmi\File comuni\DirectX
2008-05-23 16:27 . 2008-05-23 16:27 <DIR> d-------- C:\Programmi\HP
2008-05-23 16:14 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-23 16:14 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-05-23 16:14 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-05-23 16:14 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-05-23 16:14 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-23 16:14 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-23 16:14 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-05-23 15:47 . 2006-04-13 03:04 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-05-23 15:46 . 2006-01-04 10:12 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2008-05-23 15:46 . 2006-04-13 03:04 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-05-23 15:46 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2008-05-23 15:46 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-23 15:41 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-23 15:41 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-23 15:40 . 2008-06-03 19:52 122,632 --------- C:\WINDOWS\hpoins11.dat.temp
2008-05-23 15:40 . 2006-05-06 02:21 11,634 --------- C:\WINDOWS\hpomdl11.dat.temp
2008-05-23 15:34 . 2008-06-03 21:01 123,167 --a------ C:\WINDOWS\hpoins11.dat
2008-05-21 20:04 . 2008-05-21 20:04 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\teamspeak2
2008-05-17 14:25 . 2008-06-05 12:45 <DIR> d-------- C:\VivoxLogs
2008-05-16 20:23 . 2008-06-05 11:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-16 20:23 . 2008-05-16 20:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-16 20:22 . 2008-05-16 20:22 <DIR> d-------- C:\Programmi\iTunes
2008-05-16 20:22 . 2008-05-16 20:22 <DIR> d-------- C:\Programmi\iPod
2008-05-16 20:22 . 2008-05-16 20:22 <DIR> d-------- C:\Programmi\Bonjour
2008-05-16 20:22 . 2008-05-25 18:46 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Apple Computer
2008-05-16 20:21 . 2008-05-16 20:21 <DIR> d-------- C:\Programmi\QuickTime
2008-05-16 20:21 . 2008-05-16 20:21 <DIR> d-------- C:\Programmi\Apple Software Update
2008-05-16 20:21 . 2008-05-16 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-05-16 20:20 . 2008-05-16 20:20 <DIR> d-------- C:\Programmi\File comuni\Apple
2008-05-16 20:20 . 2008-05-16 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-05-11 11:27 . 2008-05-11 11:27 <DIR> d-------- C:\Programmi\InterVideo
2008-05-11 11:27 . 2008-05-11 11:27 <DIR> d-------- C:\Programmi\File comuni\InterVideo
2008-05-11 11:27 . 2002-11-21 10:57 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-05-11 11:27 . 2002-11-21 10:57 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-05-11 11:27 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-05-11 11:27 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-05-11 11:27 . 2002-11-21 10:57 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-05-11 11:27 . 2003-09-10 23:36 21,060 --------- C:\WINDOWS\system32\drivers\iviaspi.sys
2008-05-11 11:27 . 2002-11-21 10:57 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-05-11 11:06 . 2008-05-11 11:06 <DIR> d-------- C:\Programmi\Guitar Pro 5
2008-05-11 10:26 . 2008-06-05 22:19 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\OpenOffice.org2
2008-05-11 10:20 . 2008-06-05 20:32 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-11 09:25 . 2008-05-11 09:25 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-05-11 00:35 . 2008-05-11 00:35 <DIR> d-------- C:\WINDOWS\Sun
2008-05-10 21:33 . 2008-05-10 21:33 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-10 21:33 . 2008-06-05 16:54 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-10 21:33 . 2008-05-10 21:33 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-05-10 21:33 . 2008-06-05 16:54 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-10 21:22 . 2008-05-18 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-05-10 21:19 . 2005-06-28 21:05 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-10 21:19 . 2005-06-29 07:41 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-05-10 21:19 . 2005-06-10 22:59 95,617 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-05-10 21:19 . 2005-05-10 02:47 5,396 -ra------ C:\WINDOWS\system32\atifglpf.xml
2008-05-10 21:08 . 2008-05-10 21:08 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2008-05-10 21:05 . 2008-05-11 14:26 <DIR> d-------- C:\Documents and Settings\user\Contacts
2008-05-10 21:04 . 2008-05-16 20:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-10 21:02 . 2008-05-10 21:04 <DIR> d-------- C:\Programmi\Windows Live
2008-05-10 21:02 . 2008-05-10 21:04 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-05-10 21:02 . 2008-05-10 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-05-10 20:52 . 2008-05-10 20:56 <DIR> d-------- C:\Programmi\DAP
2008-05-10 20:52 . 2008-06-05 22:10 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-05-10 20:52 . 2008-05-10 20:52 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-05-10 20:52 . 2008-05-10 20:52 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-05-10 20:52 . 2008-05-10 20:52 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-05-10 20:43 . 2008-06-03 20:34 10 --a------ C:\WINDOWS\WININIT.INI
2008-05-10 20:28 . 2008-05-10 20:28 <DIR> d-------- C:\WINDOWS\Motive
2008-05-10 20:28 . 2008-05-10 20:28 <DIR> d-------- C:\Programmi\Pirelli
2008-05-10 20:28 . 2008-05-10 20:28 <DIR> d-------- C:\Programmi\Motive
2008-05-10 20:28 . 2008-05-10 20:28 <DIR> d-------- C:\Programmi\Common Files
2008-05-10 20:28 . 2004-10-05 18:41 52,864 --a------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2008-05-10 20:28 . 2004-10-05 18:41 25,984 --a------ C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-05-10 20:27 . 2008-05-10 20:27 <DIR> d-------- C:\Programmi\Telecom Italia
2008-05-10 20:27 . 2008-05-10 20:28 <DIR> d-------- C:\Programmi\Alice ti aiuta
2008-05-10 20:21 . 2008-05-10 20:21 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Talkback
2008-05-10 20:11 . 2001-08-30 20:41 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-10 20:11 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-09 09:30 . 2008-03-20 09:57 1,845,888 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-05-09 09:30 . 2008-02-20 08:52 282,624 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2008-05-09 09:30 . 2008-02-20 07:33 148,992 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-05-09 09:30 . 2008-02-20 07:33 45,568 --------- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-05-08 18:52 . 2008-05-08 18:52 <DIR> d-------- C:\Programmi\OpenOffice.org 2.4
2008-05-08 18:51 . 2008-05-08 19:56 <DIR> d-------- C:\Programmi\Java
2008-05-08 18:51 . 2008-05-08 18:51 <DIR> d-------- C:\Programmi\File comuni\Java
2008-05-08 18:51 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-08 18:44 . 2008-05-08 18:44 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\CyberLink
2008-05-08 18:44 . 2008-05-08 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2008-05-08 18:43 . 2008-05-08 18:44 <DIR> d-------- C:\Programmi\CyberLink
2008-05-08 18:42 . 2008-05-08 18:45 <DIR> d-------- C:\Programmi\VIA
2008-05-08 18:42 . 2008-06-05 11:13 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\TeraCopy
2008-05-08 18:42 . 2005-04-13 18:54 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2008-05-08 18:41 . 2008-06-04 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-05-08 18:40 . 2008-05-08 18:40 <DIR> d-------- C:\Programmi\VistaCodecPack
2008-05-08 18:40 . 2008-05-23 20:02 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-05-08 18:39 . 2008-05-08 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\VistaCodecs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 18:04 --------- d-----w C:\Programmi\Unlocker
2008-05-10 18:33 --------- d-----w C:\Programmi\AskTBar
2008-05-10 18:27 155,995 ----a-w C:\WINDOWS\java\Packages\W7HNRNXN.ZIP
2008-05-08 17:47 --------- d-----w C:\Programmi\NeroInstall.bak
2008-05-08 17:45 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Nero
2008-05-08 17:44 --------- d-----w C:\Programmi\File comuni\Nero
2008-05-08 17:43 --------- d-----w C:\Programmi\Nero
2008-05-08 17:43 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-05-08 15:34 --------- d-----w C:\Programmi\TeraCopy
2008-05-08 15:31 89 ----a-w C:\WINDOWS\system32\config\systemprofile\Del1956.bat
2008-05-08 15:31 89 ----a-w C:\Documents and Settings\Default User\Del1956.bat
2008-05-08 15:30 --------- d-----w C:\Programmi\Reference Assemblies
2008-05-08 15:30 --------- d-----w C:\Programmi\MSBuild
2008-05-08 15:25 --------- d-----w C:\Programmi\Servizi in linea
2008-05-08 15:23 --------- d-----w C:\Programmi\Glass Toasts
2008-05-08 15:21 --------- d-----w C:\Programmi\Windows Sidebar
2008-05-08 15:19 --------- d-----w C:\Programmi\Alky for Applications
2008-05-08 15:18 --------- d-----w C:\Programmi\Windows Media Connect 2
2008-05-04 10:28 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-04-12 05:41 180,224 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-04-12 05:30 765,952 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 183,072 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 07:57 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-06 16:29 966,656 ----a-w C:\WINDOWS\system32\VSFilter.dll
.

------- Sigcheck -------

2008-02-12 17:41 360832 ea3d7525f41beb321c3f6e2162277e92 C:\WINDOWS\system32\drivers\tcpip.sys

2008-02-12 23:52 544256 e6f62282ebaa63ba07fa2dc7198b8d0d C:\WINDOWS\system32\winlogon.exe

2008-02-14 01:51 2188672 9b388c12525902a931a12f1fdb7cfdff C:\WINDOWS\system32\ntoskrnl.exe

2008-02-14 01:09 1619968 bf01c54364118dcd1a9077436aada1a4 C:\WINDOWS\explorer.exe

2008-02-12 23:49 25088 40de117b6ccfc031d2dc8b73d82020cf C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 23:49 25088]
"LClock"="C:\Programmi\LClock\LClock.exe" [2004-09-19 20:27 65536]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"Uniblue RegistryBooster 2"="C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 12:22 1923352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"UnlockerAssistant"="C:\Programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
"RemoteControl8"="C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-02-18 18:33 77824]
"PDVD8LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"BDRegion"="C:\Programmi\Cyberlink\Shared Files\brs.exe" [2007-11-14 23:10 91432]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05 344064]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HP Software Update"="D:\Stampanti\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-02-12 23:49 25088]
"Sidebar"="C:\Programmi\Windows Sidebar\sidebar.exe" [2007-08-29 22:24 1233408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2008-03-01 14:34 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\user\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Glass2k.lnk - C:\Programmi\Glass2k\Glass2k.exe [2008-05-08 18:08:05 56325]
TrueTransparency.lnk - C:\Programmi\TrueTransparency\TrueTransparency.exe [2008-05-08 18:08:08 133120]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Glass Toasts.lnk - C:\Programmi\Glass Toasts\glasstoast.exe [2008-05-08 17:22:24 860160]
HP Digital Imaging Monitor.lnk - D:\Stampanti\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
InterVideo WinCinema Manager.lnk - C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-05-11 11:27:42 200704]
Microsoft Office.lnk - E:\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Service Manager.lnk - C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 01:03:20 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\SuperAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\SuperAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\SuperAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
backup=C:\WINDOWS\pss\Alice ti aiuta.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-05-10 20:52 4376328 C:\Programmi\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 17:49]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Programmi\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

*Newly Created Service* - CATCHME
*Newly Created Service* - PNKBSTRK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-16 18:21:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 22:29:05
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Programmi\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\klogon.dll
.
Ora fine scansione: 2008-06-05 22.31.34
ComboFix-quarantined-files.txt 2008-06-05 20:30:31

7 Directory 27,290,951,680 byte disponibili
10 Directory 28,185,632,768 byte disponibili

282 --- E O F --- 2008-06-04 22:11:02

questo è il log di combofix..con questi log si puo pure vedere se il virus è ancora presente?se serve posto anche quello di hijackthis però grazie al tuo aiuto sembra che il pc nn ha problemi

[Sante62]

Combofix riconosce una moltitudine di malware, ma non proprio tutti, quindi fai il log di Hijackthis e VirIT...

Dobbiamo essere sicuri che non c'è nient'altro.

[f_champ182]

questo è di virit

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
NSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
06/06/2008 - 17:39:01

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 5522.
Files Totali: 5522.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
06/06/2008 - 17:44:42

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL Infetto da BHO.Ask.A
* * * RIMOSSO * * *

Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 40753.
Files Totali: 40753.
Chiavi Registro rimosse: 0.
Virus Rimossi: 1.

--------------------------------------------------------
06/06/2008 - 17:57:42

[SCANSIONE DEL REGISTRO]
OK

[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

D:\System Volume Information\_restore{7A3165A3-4FCE-4960-A6D9-A1E93AC5B7CD}\RP38\A0011340.exe Infetto da Trojan.Win32.Maury.A
* * * RIMOSSO * * *

Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 27822.
Files Totali: 27822.
Chiavi Registro rimosse: 0.
Virus Rimossi: 1.

--------------------------------------------------------
06/06/2008 - 18:01:43

[SCANSIONE DEL REGISTRO]
OK

[E:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 73992.
Files Totali: 73992.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.


questo è di hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.10.11, on 06/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Programmi\Cyberlink\Shared Files\brs.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\iTunes\iTunesHelper.exe
D:\Stampanti\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\LClock\LClock.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Glass Toasts\glasstoast.exe
D:\Stampanti\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\TrueTransparency\TrueTransparency.exe
D:\Stampanti\Digital Imaging\bin\hpqSTE08.exe
C:\VEXPLITE\viritexp.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programmi\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [RemoteControl8] C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programmi\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [BDRegion] C:\Programmi\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Stampanti\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Programmi\Windows Sidebar\sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Glass2k.lnk = C:\Programmi\Glass2k\Glass2k.exe
O4 - Startup: TrueTransparency.lnk = C:\Programmi\TrueTransparency\TrueTransparency.exe
O4 - Global Startup: Glass Toasts.lnk = C:\Programmi\Glass Toasts\glasstoast.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Stampanti\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C88401EF-661E-4A57-9363-00E44D15A779}: NameServer = 85.37.17.57 85.38.28.80
O20 - Winlogon Notify: !SASWinLogon - D:\SuperAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 9091 bytes


virit mi ha trovato due virus e da come scritto nel log gli ha rimossi..perchè gli altri antivirus come avira non gli ha rimossi?grazie ancora! comunque il log di HijackThis che dice?questo programma posta solo il log ma non rimuove da solo i malware

[Sante62]

Non tutti gli antivirus riescono a identificare i vari virus per questo se ne utilizza più di uno quando si tratta di ripulire il PC;

resta il fatto però che Avira è un buon antivirus e nel PC se ne può installare solo uno attivo in tempo reale;

Adesso disattiva il ripristino di sistema e avvia il PC in modalità provvisoria;
avvia Hijackthis, seleziona queste righe e clicca poi su fix Cheched:

[f_champ182]

ho fatto come mi hai detto mettendo in modalità provvisoria e avviando hijackthis; poi ho eliminato le righe che mi hai scritto


Citazione:
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programmi\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

e ho rifatto il log che è questo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.33.15, on 07/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Programmi\Cyberlink\Shared Files\brs.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\iTunes\iTunesHelper.exe
D:\Stampanti\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\LClock\LClock.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Glass Toasts\glasstoast.exe
D:\Stampanti\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmi\TrueTransparency\TrueTransparency.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\iPod\bin\iPodService.exe
D:\Stampanti\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
E:\eMule\emule.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [RemoteControl8] C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programmi\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [BDRegion] C:\Programmi\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Stampanti\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Programmi\Windows Sidebar\sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Glass2k.lnk = C:\Programmi\Glass2k\Glass2k.exe
O4 - Startup: TrueTransparency.lnk = C:\Programmi\TrueTransparency\TrueTransparency.exe
O4 - Global Startup: Glass Toasts.lnk = C:\Programmi\Glass Toasts\glasstoast.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Stampanti\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C88401EF-661E-4A57-9363-00E44D15A779}: NameServer = 85.37.17.57 85.38.28.80
O20 - Winlogon Notify: !SASWinLogon - D:\SuperAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 9131 bytes

la seconda parte ovvero quella di System Scan mi ha dato questo (dopo essere andato su FreeFileHosting)

07_06_2008_15_26_report.zip

a proposito posso riattivare "ripristino di configurazione del sistema"?che serviva quell'opzione?grazie ancora!

[Sante62]

Aspetta a riattivare il ripristino;

Serve a non riprendere l'infezione in caso di ripristino del sistema ad una data precedente;

Il log di Systemscan non presenta cose strane;

adesso collegati a Kaspersky online scanner e procedi con la scansione estesa del PC.

[f_champ182]

scusa se rispondo ora, la scansione con kapersky lo fatta solo oggi e mi ha segnalato ancora la presenza del adware citato nel primo messaggio, ecco il log

Scan Settings
Scan using the following antivirus database extended
Scan Archives false
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 146558
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 00:32:42

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\CyberLink\BDNAV\BRF.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\user\Dati applicazioni\Microsoft\Internet Explorer\UserData\index.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Cronologia\History.IE5\MSHist012008060220080609\index.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Cronologia\History.IE5\MSHist012008060920080610\index.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\bl.db Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\is2.db Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temp\~DF9566.tmp Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temp\~DF956B.tmp Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\V8V0LJHS\BurstingInteractionsPipe[2].htm Object is locked skipped

C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\user\NTUSER.DAT.LOG Object is locked skipped

C:\Programmi\AskTBar\bar\1.bin\A5POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped

C:\Programmi\Microsoft SQL Server\MSSQL\Data\master.mdf Object is locked skipped

C:\Programmi\Microsoft SQL Server\MSSQL\Data\mastlog.ldf Object is locked skipped

C:\Programmi\Microsoft SQL Server\MSSQL\Data\model.mdf Object is locked skipped

C:\Programmi\Microsoft SQL Server\MSSQL\Data\modellog.ldf Object is locked skipped

C:\Programmi\Microsoft SQL Server\MSSQL\Data\tempdb.mdf Object is locked skipped

C:\Programmi\Microsoft SQL Server\MSSQL\Data\templog.ldf Object is locked skipped

C:\Programmi\Microsoft SQL Server\MSSQL\LOG\ERRORLOG Object is locked skipped

C:\Programmi\Nero\Nero8\Nero BackItUp\BIU2.txt Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{2FA3EDCA-C76E-4856-A5A6-906CB71F36D7}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_5f8.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

[Sante62]

OK, quel programma lo puoi cancellare da installazione applicazioni;

se non compare in installazione applicazioni lo cancelli manualmente seguendone il percorso dalla modalità provvisoria...