| Precedente :: Successivo |
| Autore |
Messaggio |
silvestra
Mortale devoto
Registrato: 21/08/06 01:37
Messaggi: 8
|
 Inviato: 21 Ago 2006 08:20 Oggetto: Eliminato linkoptimizer altri trojan |
 |
|
Spybot trova citofarera e sfonditalia elimina ma tornano
Virit trova Lpt9.cjc su sistem32 che non riesco a trovare per eliminare
Logfile of HijackThis v1.99.1
Scan saved at 1.31.09, on 21/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS1\Temp\ncfb2.exe
C:\WINDOWS1\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS1\system32\wuauclt.exe
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\tatiana\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [ncfb2.exe] C:\WINDOWS1\Temp\ncfb2.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesit.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155389971978
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC475813-951E-45ED-BE53-F5D76C7176F0}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SysYse - Unknown owner - \\?\C:\Programmi\File comuni\System\aux.exe (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
Quali devo eliminare? Io pensavo questi:
Norton e Symantec perchè non più in uso:
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O4 - HKLM\..\Run: [ncfb2.exe] C:\WINDOWS1\Temp\ncfb2.exe
questo è quello che elimino e ritrovo la cartella
O23 - Service: SysYse - Unknown owner - \\?\C:\Programmi\File comuni\System\aux.exe (file missing)
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} -
(no file)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
grazie anticipatamente per la aiuto  |
|
| Top |
|
 |
argenta3
Comune mortale
Registrato: 18/08/06 19:50
Messaggi: 4
|
| Inviato: 21 Ago 2006 15:32 Oggetto: |
|
|
| Per me ti è rimasto il rootkit, leggi il post " Importante: Eliminazione di win32 Trojan Agent / LinkOptimizer" , avevo un problema moto simile e a me è stato molto utile. 8) |
|
| Top |
|
|
chemicalbit
Dio maturo
Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
|
| Inviato: 27 Ago 2006 10:02 Oggetto: riporto dalla discussione "Help" |
|
|
Messaggio postato presumo per errore in Sicurezza e privacy -> Help,
Inviato: 27 Ago 2006 01:43 Oggetto: Help
Lo riporto qui: | silvestra ha scritto: | Ho eliminato diverse voci volevo fare l'ultima scansione per vedere se è a posto il pc ma non riesco a far partire Kaspersky e bitdefender è un bel po' che la pagina è bianca e sta girando in attesa...di www.bitdefender.com, deve farlo o si è piantata la pagina? Altre soluzioni... per controllare Gmer quando lo lancio è già due volte che mi apre una schermata blu che non faccio a tempo a leggere e mi spegne il pc ... Mi sa che ha ragione mio nipote una piallata e via  |
|
|
| Top |
|
|
chemicalbit
Dio maturo
Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
|
| Inviato: 27 Ago 2006 10:06 Oggetto: Re: riporto dalla discussione "Help" |
|
|
| silvestra ha scritto: | | Ho eliminato diverse voci |
Cioè?
con HijackThis?
| silvestra ha scritto: | | volevo fare l'ultima scansione per vedere se è a posto il pc ma non riesco a far partire Kaspersky |
Che errore ti dà?
Che versione usi?
Lo esegui da modalità provvisoria o normale?
| silvestra ha scritto: | | e bitdefender è un bel po' che la pagina è bianca e sta girando in attesa...di www.bitdefender.com, deve farlo o si è piantata la pagina? |
Alcuni virus bloccano -apposta- l'accesso a siti di antivirus o altri siti "utili" alla loro disinfestaizone (upgrade di windows, ecc.).
Prova per priam cosa a fare una bella controllata completa e accurata coi vari antivirus e antispyware che hai, preferibilmente partendo da modalità provvisoria.
| silvestra ha scritto: | | Altre soluzioni... per controllare Gmer quando lo lancio è già due volte che mi apre una schermata blu |
Cos'è Gmer? |
|
| Top |
|
|
silvestra
Mortale devoto
Registrato: 21/08/06 01:37
Messaggi: 8
|
| Inviato: 27 Ago 2006 10:32 Oggetto: |
|
|
Grazie chemical sono un po' imbranata ma mi sono incaponita e voglio vedere di uscirne fuori Bitdefender è partito ho scoperto che non va su Mozilla  Allora ho seguito tutte le dritte di holifay
Gmer lo consigliava lei non so che cos'è ma mi faceva chiudere di botto il pc con una schermata di errore
Ieri dovevo buttare la cartella di avenger dopo ma mi rimaneva aperta per questo
C:\Avenger\LPT9.CJC
La situazione ora è questa:
Logfile of HijackThis v1.99.1
Scan saved at 10.03.42, on 27/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS1\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS1\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS1\system32\wscntfy.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\tatiana\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesit.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155389971978
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC475813-951E-45ED-BE53-F5D76C7176F0}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: RIALPFF - Sysinternals - www.sysinternals.com - C:\DOCUME~2\tatiana\IMPOST~1\Temp\RIALPFF.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
BitDefender Online Scanner
Scan report generated at: Sun, Aug 27, 2006 - 04:09:01
Scan path: A:\;C:\;E:\;
Statistics
Time
02:00:40
Files
153872
Folders
4325
Boot Sectors
2
Archives
2357
Packed Files
7849
Results
Identified Viruses
2
Infected Files
2
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
1
Engines Info
Virus Definitions
450953
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
39
Unpack plugins
5
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Avenger\LPT9.CJC
Infected with: Trojan.RKDice.A
C:\Avenger\LPT9.CJC
Disinfection failed
C:\Avenger\LPT9.CJC
Delete failed
C:\WINDOWS1\system32\bhaa.dll.bak
Infected with: Trojan.Omaakcount.A
C:\WINDOWS1\system32\bhaa.dll.bak
Disinfection failed
C:\WINDOWS1\system32\bhaa.dll.bak
Deleted
La modalità provvisoria non posso usarla perchè al boot parte la schermata ma non mi fa muovere con le frecce
e ora che faccio?  ancora non ho capito perchè visto che funzionano per altre cose
comunque era quello online, il pc non l'ho ancora riavviato aspetto nuove dritte  grazie ancora |
|
| Top |
|
|
silvestra
Mortale devoto
Registrato: 21/08/06 01:37
Messaggi: 8
|
| Inviato: 27 Ago 2006 14:48 Oggetto: |
|
|
Ho fatto anche la scansione online di kaspersky e questo è il risultato mi ero dimenticata di averlo lanciato ed ho girato in alcune pagine su mozilla 
questo è il risultato non ho capito se li ha eliminati o devo eliminarli io 
Sunday, August 27, 2006 1:51:45 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/08/2006
Kaspersky Anti-Virus database records: 218668
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
E:\
Scan Statistics
Total number of scanned objects 42999
Number of viruses found 8
Number of infected objects 19 / 0
Number of suspicious objects 0
Duration of the scan process 01:52:35
Infected Object Name Virus Name Last Action
C:\WINDOWS\SYSTEM\smuommy.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\femxy.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\bdesecureinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
C:\WINDOWS\SYSTEM\hwslow.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\wekyeexu.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\cqigb.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\IEGuard.dll Infected: not-a-virus:AdWare.Win32.AdPromo.a skipped
C:\WINDOWS\SYSTEM\rbfv.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\vqnupp.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\ofti.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\rvjok.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\yrjxbeyg.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\prodhhv.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\BDE\Cache\bdeclean.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.30170 skipped
C:\WINDOWS\BDE\b3dsetup.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1100 skipped
C:\WINDOWS\BDE\bdeclean.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.30170 skipped
C:\WINDOWS\BDE\bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
C:\Programmi\File comuni\SYSTEM\aux.exe Object is locked skipped
C:\Programmi\MediaLoads\v1\ML.exe Infected: not-a-virus:AdWare.Win32.DownloadWare skipped
C:\Avenger\LPT9.CJC Object is locked skipped
C:\VEXPLITE\VIRITMON.LOG Object is locked skipped
C:\VEXPLITE\tatiana\reg.dat Object is locked skipped
C:\VEXPLITE\reg_ecc.dat Object is locked skipped
C:\WINDOWS1\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS1\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS1\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS1\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS1\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS1\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS1\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS1\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS1\system32\config\SECURITY Object is locked skipped
C:\WINDOWS1\system32\config\SAM Object is locked skipped
C:\WINDOWS1\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS1\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS1\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS1\system32\config\Paramete.evt Object is locked skipped
C:\WINDOWS1\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS1\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS1\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS1\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS1\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS1\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS1\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS1\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS1\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS1\system32\h323log.txt Object is locked skipped
C:\WINDOWS1\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS1\wiadebug.log Object is locked skipped
C:\WINDOWS1\Sti_Trace.log Object is locked skipped
C:\WINDOWS1\wiaservc.log Object is locked skipped
C:\WINDOWS1\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS1\SchedLgU.Txt Object is locked skipped
C:\WINDOWS1\WindowsUpdate.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\tatiana\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tatiana\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tatiana\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\tatiana\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\tatiana\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\z1wma18w.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\tatiana\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\z1wma18w.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\tatiana\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\z1wma18w.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\tatiana\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\z1wma18w.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\tatiana\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\tatiana\Dati applicazioni\Mozilla\Firefox\Profiles\z1wma18w.default\parent.lock Object is locked skipped
C:\Documents and Settings\tatiana\Dati applicazioni\Mozilla\Firefox\Profiles\z1wma18w.default\cert8.db Object is locked skipped
C:\Documents and Settings\tatiana\Dati applicazioni\Mozilla\Firefox\Profiles\z1wma18w.default\key3.db Object is locked skipped
C:\Documents and Settings\tatiana\Dati applicazioni\Mozilla\Firefox\Profiles\z1wma18w.default\history.dat Object is locked skipped
C:\Documents and Settings\tatiana\Dati applicazioni\Mozilla\Firefox\Profiles\z1wma18w.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\tatiana\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\tatiana\ntuser.dat Object is locked skipped
C:\System Volume Information\_restore{89924319-2E18-40AB-B368-F026AA243BC2}\RP3\A0001229.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{89924319-2E18-40AB-B368-F026AA243BC2}\RP6\change.log Object is locked skipped
Scan process completed.
Uffa non ne posso proprio più alla fine formatto stasera |
|
| Top |
|
|
ioSOLOio
Amministratore
Registrato: 12/09/03 19:01
Messaggi: 16342
Residenza: in un sacco di...acqua
|
| Inviato: 27 Ago 2006 16:06 Oggetto: |
|
|
Il log di HijackThis appare pulito.
Kasperscky ha trovato infetti alcuni files...se non sai se sono stati eliminati, prova banalmente a cercarli...risiedono in SYSTEM che è una cartella nascosta presente nella cartella WINDOWS...abilita la visualizzazione dei files nascosti o di sistema [se non sai come: in una cartella scegliere Strumenti -> Opzioni Cartella -> Visualizzazione -> metti il segno di spunta a Visualizza cartelle e file nascosti quindi salva l'impostazione] |
|
| Top |
|
|
silvestra
Mortale devoto
Registrato: 21/08/06 01:37
Messaggi: 8
|
| Inviato: 28 Ago 2006 12:00 Oggetto: Sono a questo punto |
|
|
La situazione è questa
RootkitReveal trova questo
HKLM\S-1-5-21-1757981266-1563985344-1957994488-1003\RemoteAccess\InternetProfile 13/08/06 8.54 7 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-1757981266-1563985344-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum\Implementing 27/08/06 21.15 124 bytes Data mismatch between Windows API and
raw hive data.
HKLM\S-1-5-21-1757981266-1563985344-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum\Implementing 27/08/06 21.15 60 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard\License* 16/07/05 11.23 0 bytes Key name contains embedded nulls (*)
non so se devo passarlo ad avenger
Logfile of HijackThis v1.99.1
Scan saved at 11.36.34, on 28/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS1\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS1\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS1\system32\NOTEPAD.exe
C:\Documents and Settings\tatiana\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesit.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155389971978
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC475813-951E-45ED-BE53-F5D76C7176F0}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: RIALPFF - Sysinternals - www.sysinternals.com - C:\DOCUME~2\tatiana\IMPOST~1\Temp\RIALPFF.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
VirIT eXplorer Lite Log
SCANSIONE DELLA MEMORIA
OK
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
15/08/2006 - 12:01:04
[SCANSIONE DEL REGISTRO]
OK
[A:]
BOOT SECTOR: OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\WINDOWS1\Temp\ncfb1.exe Infetto da Trojan.Win32.Agent.ADM
* * * RIMOSSO * * *
C:\Downloads\TheDaVinciCode_Setup-dm[1].exe Possibile variante da Adware.Trymedia.A
[E:]
Chiavi Registro infette: 0.
Files Infetti: 2.
Files Sospetti: 0.
Files Analizzati: 58830.
Files Totali: 58830.
Chiavi Registro rimosse: 0.
Virus Rimossi: 1.
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
15/08/2006 - 12:43:16
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
15/08/2006 - 14:59:21
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\System Volume Information\_restore{89924319-2E18-40AB-B368-F026AA243BC2}\RP1\A0000018.exe Possibile variante da Adware.Trymedia.A
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 57897.
Files Totali: 57897.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
15/08/2006 - 16:37:10
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
15/08/2006 - 17:10:04
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
15/08/2006 - 18:24:13
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
15/08/2006 - 18:44:51
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
15/08/2006 - 19:02:43
[SCANSIONE DEL REGISTRO]
OK
[C:]
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
15/08/2006 - 19:46:14
[SCANSIONE DEL REGISTRO]
OK
[C:]
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
15/08/2006 - 21:21:22
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
15/08/2006 - 22:00:52
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 53082.
Files Totali: 53082.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
16/08/2006 - 07:44:54
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 1182.
Files Totali: 1182.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
17/08/2006 - 08:51:07
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
18/08/2006 - 09:07:32
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
19/08/2006 - 09:52:59
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\WINDOWS1\Temp\ncfb1.exe Infetto da Trojan.Win32.Agent.ADM
* * * RIMOSSO * * *
C:\WINDOWS1\Temp\ncfb2.exe Possibile variante da TrojanDownld.Win32.TinyBar
C:\WINDOWS1\10.tmp Infetto da BHO.Agent.BC
* * * RIMOSSO * * *
C:\WINDOWS1\13.tmp Infetto da BHO.Agent.BC
* * * RIMOSSO * * *
C:\Documents and Settings\tatiana\Desktop\Nuova cartella (3)\backups\backup-20060815-213613-355.dll Infetto da BHO.Agent.BC
* * * RIMOSSO * * *
Chiavi Registro infette: 0.
Files Infetti: 5.
Files Sospetti: 0.
Files Analizzati: 60614.
Files Totali: 60614.
Chiavi Registro rimosse: 0.
Virus Rimossi: 4.
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
20/08/2006 - 21:35:30
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\WINDOWS1\Temp\ncfb2.exe Possibile variante da TrojanDownld.Win32.TinyBar
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 66818.
Files Totali: 66818.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
24/08/2006 - 00:23:05
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\WINDOWS1\Temp\ncfb2.exe Infetto da Trojan.Win32.Agent.ADM
* * * RIMOSSO * * *
C:\Documents and Settings\tatiana\Documenti\Nuova cartella (2)\Monkey island 3\MONKEY3_1\NEW\NEW\DIRECTX\DRIVERS\ITN\AZT16C.DRV Possibile variante da Backdoor.SdBot.KR
C:\Documents and Settings\tatiana\Documenti\Nuova cartella (2)\Monkey island 3\MONKEY3_1\NEW\NEW\DIRECTX\DRIVERS\USA\AZT16C.DRV Possibile variante da Backdoor.SdBot.KR
C:\Documents and Settings\tatiana\Documenti\Nuova cartella (2)\Monkey island 3\DIRECTX\DRIVERS\ITN\AZT16C.DRV Possibile variante da Backdoor.SdBot.KR
C:\Documents and Settings\tatiana\Documenti\Nuova cartella (2)\Monkey island 3\DIRECTX\DRIVERS\USA\AZT16C.DRV Possibile variante da Backdoor.SdBot.KR
Chiavi Registro infette: 0.
Files Infetti: 5.
Files Sospetti: 0.
Files Analizzati: 54789.
Files Totali: 54789.
Chiavi Registro rimosse: 0.
Virus Rimossi: 1.
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
27/08/2006 - 12:01:24
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 85.
Files Totali: 85.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
28/08/2006 - 10:42:22
[SCANSIONE DEL REGISTRO]
OK
[A:]
BOOT SECTOR: OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\AutoPatcher\tools\Hotfix Cleaner.exe Possibile variante da Backdoor.IRCBot.W
[E:]
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 39887.
Files Totali: 39887.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
KASPERSKY ONLINE SCANNER REPORT
Monday, August 28, 2006 6:52:03 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 28/08/2006
Kaspersky Anti-Virus database records: 218757
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
E:\
Scan Statistics
Total number of scanned objects 39859
Number of viruses found 7
Number of infected objects 18 / 0
Number of suspicious objects 0
Duration of the scan process 01:37:37
Infected Object Name Virus Name Last Action
C:\WINDOWS\SYSTEM\smuommy.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\femxy.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\bdesecureinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
C:\WINDOWS\SYSTEM\hwslow.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\wekyeexu.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\cqigb.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\IEGuard.dll Infected: not-a-virus:AdWare.Win32.AdPromo.a skipped
C:\WINDOWS\SYSTEM\rbfv.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\vqnupp.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\ofti.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\rvjok.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\yrjxbeyg.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\SYSTEM\prodhhv.dll Infected: Backdoor.Win32.SubSeven.213 skipped
C:\WINDOWS\BDE\Cache\bdeclean.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.30170 skipped
C:\WINDOWS\BDE\b3dsetup.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1100 skipped
C:\WINDOWS\BDE\bdeclean.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.30170 skipped
C:\WINDOWS\BDE\bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
C:\Programmi\MediaLoads\v1\ML.exe Infected: not-a-virus:AdWare.Win32.DownloadWare skipped
C:\VEXPLITE\VIRITMON.LOG Object is locked skipped
C:\VEXPLITE\tatiana\reg.dat Object is locked skipped
C:\VEXPLITE\reg_ecc.dat Object is locked skipped
C:\WINDOWS1\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS1\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS1\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS1\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS1\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS1\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS1\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS1\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS1\system32\config\SECURITY Object is locked skipped
C:\WINDOWS1\system32\config\SAM Object is locked skipped
C:\WINDOWS1\system32\config\Paramete.evt Object is locked skipped
C:\WINDOWS1\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS1\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS1\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS1\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS1\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS1\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS1\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS1\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS1\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS1\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS1\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS1\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS1\system32\h323log.txt Object is locked skipped
C:\WINDOWS1\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS1\wiadebug.log Object is locked skipped
C:\WINDOWS1\Sti_Trace.log Object is locked skipped
C:\WINDOWS1\wiaservc.log Object is locked skipped
C:\WINDOWS1\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS1\SchedLgU.Txt Object is locked skipped
C:\WINDOWS1\WindowsUpdate.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\tatiana\Impostazioni locali\Cronologia\History.IE5\MSHist012006082820060829\index.dat Object is locked skipped
C:\Documents and Settings\tatiana\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tatiana\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tatiana\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\tatiana\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\tatiana\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\tatiana\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\tatiana\UserData\index.dat Object is locked skipped
C:\Documents and Settings\tatiana\ntuser.dat Object is locked skipped
C:\System Volume Information\_restore{89924319-2E18-40AB-B368-F026AA243BC2}\RP2\change.log Object is locked skipped
Scan process completed.
In documenti e setting ho una cartella con questo nome TVxYieR|IRg
ci deve essere?
ualche dritta per dirmi a che punto sono? Mi sembra di andare avanti e tornare indietro mi ha trovato delle cartelle di programmi che avevo cestinato ed eliminato tipo Monkey. Cosa devo fare con tutti sti passaggi non ci capisco più nulla  |
|
| Top |
|
|
chemicalbit
Dio maturo
Registrato: 01/04/05 18:59
Messaggi: 18597
Residenza: Milano
|
| Inviato: 28 Ago 2006 12:31 Oggetto: |
 |
|
una piccola cortesia:
se devi psotare così tanti log,
postali un po' in un messaggio e un po' in un messaggio seguente che spedisci subito dopo.
(messaggi troppo lunghi potrebebro causare problemi al forum. Ed è anche più difficile leggerli.) |
|
| Top |
|
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
