Olimpo Informatico

[Khorne]

Non li trova che posso fare?


Ho sbagliato a fare il ripristino? Ma se mi ricapita che mi dà "disk boot failure" che faccio? (Non ho il cd di windows)

[bdoriano]

Mi sa che il ripristino li ha cancellati.
Al limite, rifai un log di hijackthis.

Per il disk boot failure puoi vedere qui.
Io ho sempre avuto esperienza negativa con questo messaggio e preferisco far fare un salvataggio delle cose importanti ed un test approfondito del disco fisso. Il più delle volte è stato necessario sostituire il disco.

[Khorne]

Ok, ora ho messo anche un nuovo firewall, comodo, ma ho un problema, all'inizio va tutto bene, dopo un pò che ho acceso il pc, mi scollega da messenger, skype, e non aggiorna le pagine internet, insomma è come se non fossi connesso, ma se riaccendo il pc rifunziona tutto, fa così anche se metto il firewal su allow all, quindi non credo sia a causa di settaggi del firewall.


Logfile of HijackThis v1.99.1
Scan saved at 15.31.03, on 18/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.5.0\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmi\Comodo\Firewall\CPF.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Opera\Opera.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Yjack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

[Orange]

nel log non vedo nulla di strano...

Scarica SDFIX
- Doppio click su SDFix.exe e il tool andrà ad estrarsi in C:\SDFix
- avvia il sistema in modalità provvisoria
- Apri la cartella SDFix situata in C:\ e fai un doppio click su RunThis.bat per lanciare lo script
- seleziona Y per avviare la pulizia
- Quando te lo chiederà premi un tasto per riavviare (il sistema sarà piu lungo nell'avviarsi perchè lo script eseguirà l'eliminazione dei file trovati)
- Quando apparirà il desktop il tool terminerà il suo lavoro e visualizzerà il messaggio "Finished"
- Premi un tasto per terminare lo script e ricaricare le icone del desktop
- Il log sarà visualizzato automaticamente,altrimenti potrai trovarlo in C:\SDFix\Report.txt
posta qui il log generato

scarica VirIt, aggiornalo e fai lo scan completo
il risultato mettilo sempre qui

[Khorne]

Ho fatto la prima parte(non ancora vir it), ma per il momento volevo dire che mentre ero in modalità provvisoria e dopo aver eseguito runthis.bat, mi è apparso + volte il messaggio di errore: "La cpu ntvdm ha riscontrato un'operazione non valida cs:0000 ip:000b" op:f08b017000" e avevo 2 possibilità o cliccavo su ignora o su chiudi, non sapendo che fare ho cliccato su chiudi, e ha continuato, sarà uscito 30-40 volte quel messaggio, ma chiudendo almeno la percentuale di completamento avanzava.

Questo è il log:

SDFix: Version 1.88

Run by my computer on 18/06/2007 at 19.30

Microsoft Windows XP [Versione 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

Checking C:\WINDOWS\
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\Messenger\\msmsgs.exe"="C:\\Programmi\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programmi\\iTunes\\iTunes.exe"="C:\\Programmi\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programmi\\MSN Messenger\\msncall.exe"="C:\\Programmi\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"="C:\\Programmi\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmi\\MSN Messenger\\livecall.exe"="C:\\Programmi\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Programmi\\Skype\\Phone\\Skype.exe"="C:\\Programmi\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\MSN Messenger\\msncall.exe"="C:\\Programmi\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"="C:\\Programmi\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmi\\MSN Messenger\\livecall.exe"="C:\\Programmi\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------


Listing Files with Hidden Attributes:

C:\Documents and Settings\my computer\Risorse di rete\ftp.cplex.com\Desktop.ini
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Windows Media Player\mplayer2.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\my computer\Desktop\Tesijava\Tesi2\~WRL0004.tmp
C:\Documents and Settings\my computer\Desktop\Tesijava\Tesi2\~WRL3191.tmp
C:\Documents and Settings\my computer\Desktop\TesiPresentazioneCodice\filesvarirelativiallatesi\Presentazione\~WRL1641.tmp
C:\Documents and Settings\my computer\Desktop\TesiPresentazioneCodice\PresentazioneCasalena\~WRL1641.tmp
C:\Documents and Settings\my computer\Documenti\mannino\TESICasalenaGabriele\~WRL1641.tmp

Listing User Accounts:

Account utente per \\MY-8DB2B79A6070

Administrator Guest HelpAssistant
my computer SUPPORT_388945a0
Esecuzione comando riuscita.


Finished

[Khorne]

Ecco il log di virit:

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
18/06/2007 - 19:58:48

[SCANSIONE DEL REGISTRO]
OK

[A:]
BOOT SECTOR: OK


[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]


[E:]


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 111465.
Files Totali: 111465.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
[Hidden Services]
symlcbrd - symlcbrd - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
eeCtrl - Symantec Eraser Control driver - \??\C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys
SPBBCDrv - SPBBCDrv - \??\C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCDrv.sys
SYMTDI - SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS
EraserUtilRebootDrv - EraserUtilRebootDrv - \??\C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
NSCService - Norton Protection Center Service - "C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE"
SAVScan - Symantec AVScan - "C:\Programmi\Norton AntiVirus\SAVScan.exe"
SYMDNS - \SystemRoot\System32\Drivers\SYMDNS.SYS
SymEvent - \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
SYMFW - \SystemRoot\System32\Drivers\SYMFW.SYS
SYMIDS - \SystemRoot\System32\Drivers\SYMIDS.SYS
SYMIDSCO - \??\C:\PROGRA~1\FILECO~1\SYMANT~1\SymcData\IDS-DI~1\20070531.002\symidsco.sys
SYMNDIS - \SystemRoot\System32\Drivers\SYMNDIS.SYS
SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS

OK
--------------------------------------------------------
18/06/2007 - 20:37:56

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 111418.
Files Totali: 111418.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[bdoriano]

Il log di VirIt sembra ok.
Attenzione che adesso hai attivato 2 firewall (Norton e Comodo). E l'unico effetto che ottieni è avere grossi problemi di navigazione in internet (messenger, browser, posta, etc...)
Disabilita uno dei 2.

[Khorne]

Ma non ho il firewall di norton, almeno credo.


Ma per quanto riguarda quellla serie infinita di errori in runthis.bat, sono normali?

[Orange]

[Khorne]

Ecco ha trovato 3 virus 11 file infetti e 2 sospetti.

I problemi che ho riscontrato sono che a volte mi dà errore quando lo spengo dicendo impossibile terminare il programa, l'applicazione non risponde (mi pare){è un po' che non lo fa più, però mi sono preoccupato quando spyware doctor ha trovato 25 infezioni} poi quando mi ha detto disk boot failure, ma nessun problema rilevato quando è acceso.


Ecco il log:

Tuesday, June 19, 2007 1:04:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/06/2007
Kaspersky Anti-Virus database records: 349014

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 119126
Number of viruses found 3
Number of infected objects 11 / 0
Number of suspicious objects 2
Duration of the scan process 01:01:58

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Symantec\HPPAppActivity.log Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Symantec\HPPHomePageActivity.log Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Symantec\LiveUpdate\2007-06-19_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\48D6024F.tif Suspicious: Exploit.Win32.IMG-WMF skipped

C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\529547DE.tif Suspicious: Exploit.Win32.IMG-WMF skipped

C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\5D9A30C0.tmp Infected: Exploit.VBS.Phel.i skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\my computer\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\mealchinloud\hide program type.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\Documents and Settings\my computer\Dati applicazioni\Skype\gabriele.83\call256.dbb Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\Skype\gabriele.83\callmember256.dbb Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\Skype\gabriele.83\chat256.dbb Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\Skype\gabriele.83\chat512.dbb Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\Skype\gabriele.83\chatmember256.dbb Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\Skype\gabriele.83\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\Skype\gabriele.83\chatmsg512.dbb Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\Skype\gabriele.83\chatsync\72\72c4112286ea8075.dat Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\Skype\gabriele.83\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\Skype\gabriele.83\dyncontent\bundle.dat Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\Skype\gabriele.83\index2.dat Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\Skype\gabriele.83\profile4096.dbb Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\Skype\gabriele.83\transfer512.dbb Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\Skype\gabriele.83\user1024.dbb Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\Skype\gabriele.83\user16384.dbb Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\Skype\gabriele.83\voicemail256.dbb Object is locked skipped

C:\Documents and Settings\my computer\Dati applicazioni\Symantec\PendingAlertsQueue.log Object is locked skipped

C:\Documents and Settings\my computer\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\my computer\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\my computer\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\my computer\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\my computer\ntuser.dat Object is locked skipped

C:\Documents and Settings\my computer\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Programmi\Adverts\uninst.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SNDCON.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SNDFW.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Programmi\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Programmi\Norton AntiVirus\AVError.log Object is locked skipped

C:\Programmi\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Programmi\Norton AntiVirus\Savrt\0362NAV~.TMP Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{EEEFC820-F054-4DAF-9B34-BEB7B64155DC}\RP343\A0052522.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\System Volume Information\_restore{EEEFC820-F054-4DAF-9B34-BEB7B64155DC}\RP343\A0052523.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\System Volume Information\_restore{EEEFC820-F054-4DAF-9B34-BEB7B64155DC}\RP343\A0052524.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\System Volume Information\_restore{EEEFC820-F054-4DAF-9B34-BEB7B64155DC}\RP343\A0052525.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\System Volume Information\_restore{EEEFC820-F054-4DAF-9B34-BEB7B64155DC}\RP343\A0052526.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\System Volume Information\_restore{EEEFC820-F054-4DAF-9B34-BEB7B64155DC}\RP343\A0052527.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\System Volume Information\_restore{EEEFC820-F054-4DAF-9B34-BEB7B64155DC}\RP343\A0052528.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\System Volume Information\_restore{EEEFC820-F054-4DAF-9B34-BEB7B64155DC}\RP390\A0059057.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\System Volume Information\_restore{EEEFC820-F054-4DAF-9B34-BEB7B64155DC}\RP420\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[Orange]

allora, vediamo:

[Khorne]

[Orange]

[Khorne]

[bdoriano]

In ogni caso, se lo trovassi, non eseguirlo perchè installerebbe un virus.
Ti consiglio di eliminare la cartella C:\Programmi\Adverts con tutto il suo contenuto.
Per cortesia, verifica la presenza di un programma tipo ActiveX Video Object (o qualcosa di simile).

[Khorne]

Allora ho eliminato la cartella.

Come verifico la presenza di quel programma?




L'ultima volta che ho riavvviato mi è apparso l'errore e sta volta l'ho scritto ecco cosa diceva:

RIQUADRO1:
termine prog-adobe acrobat
Il sisytema non è in grado di chiudere l'applicazione specificata in quanto in attesa di input da parte dell'utente.

RIQUADRO2
dwwin.exe -inizializzazione dll non riuscita

RIQUADRO3
adobe acrobat:acrord32.exe errore nell'applicazione
L'istruzione 0*5b181531 ha fatto riferimento alla memoria 0*00000014 , la memoria non poteva essere read.

[Orange]

disabilita il Dr.Watson o reinstalla Adobe.. non t'allarmare non è grave...

[Khorne]

Bè grazie 1000 allora.