Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Email-Worm.Win32.Runouce.b
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
sabatino
Eroe
Eroe


Registrato: 12/06/06 15:47
Messaggi: 72
MessaggioInviato: 02 Lug 2007 22:46    Oggetto: Email-Worm.Win32.Runouce.b Rispondi citando
La prima scansione di a-squared fatta sul computer mi ha rilevato quanto segue

a-squared Free - Version 3.0
Last update: 02/07/2007 21.08.12

Impostazioni scansione:

Oggetti: Memoria, Tracce, Cookies, C:\
Archivio scansioni: On
Scientifico: On
ADS Scan: On

Scansione avviata: 02/07/2007 22.01.04

c:\programmi\kazaa rilevati: Trace.Directory.KaZaA
c:\programmi\kazaa\my shared folder rilevati: Trace.Directory.KaZaA
c:\programmi\kazaa\my shared folder\kazaa300_en.exe rilevati: Trace.File.KaZaA
Key: HKEY_USERS\S-1-5-21-1969762298-1083517408-2681842239-1006\software\kazaa rilevati: Trace.Registry.KaZaA
Value: HKEY_USERS\S-1-5-21-1969762298-1083517408-2681842239-1006\software\kazaa --> tmp rilevati: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b0 rilevati: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b0seconds rilevati: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b1 rilevati: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> b rilevati: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> time rilevati: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b0 rilevati: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b0seconds rilevati: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b1 rilevati: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\cloudload --> sharedir rilevati: Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo rilevati: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo --> kazaanet rilevati: Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa\localcontent rilevati: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> databasedir rilevati: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\localcontent --> downloaddir rilevati: Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa rilevati: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa --> listenport rilevati: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa --> tmp rilevati: Trace.Registry.KaZaA
Value: HKEY_USERS\S-1-5-21-1969762298-1083517408-2681842239-1006\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName rilevati: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_USERS\S-1-5-21-1969762298-1083517408-2681842239-1006\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL rilevati: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> WatchDog rilevati: Trace.Registry.WatchDog v8.5
Key: HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} rilevati: Trace.Registry.WhenU.SaveNow
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} rilevati: Trace.Registry.WhenU.SaveNow
Key: HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid rilevati: Trace.Registry.WhenU.SaveNow
Key: HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid rilevati: Trace.Registry.WhenU.SaveNow
Key: HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver rilevati: Trace.Registry.WhenU.SaveNow
c:\programmi\kazaa\my shared folder\skypesetup.exe rilevati: Trace.File.Kazaa
Value: HKEY_USERS\S-1-5-21-1969762298-1083517408-2681842239-1006\Software\Kazaa\Advanced --> Status rilevati: Trace.Registry.Kazaa
Value: HKEY_USERS\S-1-5-21-1969762298-1083517408-2681842239-1006\Software\Kazaa\Settings --> Date rilevati: Trace.Registry.Kazaa
Value: HKEY_USERS\S-1-5-21-1969762298-1083517408-2681842239-1006\Software\Kazaa\Settings --> UseCount rilevati: Trace.Registry.Kazaa
Value: HKEY_USERS\S-1-5-21-1969762298-1083517408-2681842239-1006\Software\Kazaa\Transfer --> NoUploadLimitWhenIdle rilevati: Trace.Registry.Kazaa
C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\4od49wn3.default\cookies.txt:11 rilevati: Trace.TrackingCookie
C:\Documents and Settings\utente\Desktop\EvID4226Patch223d-en.zip/EvID4226Patch.exe rilevati: Email-Worm.Win32.Runouce.b

Scansionati

Files: 6122
Tracce: 271720
Cookies: 33
Processi: 48

Rilevato

Files: 1
Tracce: 35
Cookies: 1
Processi: 0
Chiavi registro: 0

Fine scansione: 02/07/2007 22.25.03
Tempo scansione: 0.23.59

Eliminarli A-squared non ci riesce mentre Trend-Micro Housecall cui mi sono sempre affidato per la rimozione di file sospetti non li rileva affatto. Provato anche con Spybot e Spyware Terminator ma neanche questi ultimi li rilevano. Proverò al più presto a fare una scansione con Avg e Kaspersky, ma non spero nulla. Mi preoccupa L'Email Worm, sul quale non sono riuscito a trovare nessuna informazione. Inutile dire "Help me"

Grazie
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 02 Lug 2007 23:20    Oggetto: Rispondi citando
Ciao.

Quando hai fatto le scansioni che hai detto, a prescindere dall'esito
dai un'occhiata quì:-

http://forum.zeusnews.com/viewtopic.php?t=23440
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 03 Lug 2007 08:52    Oggetto: Rispondi citando
Ciao sabatino, Ciao
Più che l'email worm, a me preoccupano:
- WhenU (DA DISINSTALLARE!!!)
- MyWebSearch (DA DISINSTALLARE!!!)
- KaZaa (che è famoso per portarsi appresso spyware e adware a gogò)

L'email worm, al momento, è contenuto in un file ZIP e, così, non è pericoloso.
Se lo scopo è quello di aumentare le connessioni di XP, ti consiglio di usare XP-Antispy

Per il resto, segui le indicazioni di Sante62.

PS: se vuoi, puoi presentarti qui
Top
Profilo Invia messaggio privato
sabatino
Eroe
Eroe


Registrato: 12/06/06 15:47
Messaggi: 72
MessaggioInviato: 03 Lug 2007 10:50    Oggetto: Rispondi citando
E' questo il problema. WhenU Mywebsearch e Kazaa li ho disinstallati, ma da tempo e , a guardare i risultati delle altre scansioni, sembrava che me ne fossi liberato. Ora provo a fare la scansione con Kaspersky
Top
Profilo Invia messaggio privato
sabatino
Eroe
Eroe


Registrato: 12/06/06 15:47
Messaggi: 72
MessaggioInviato: 03 Lug 2007 10:55    Oggetto: Rispondi citando
Questo è il log di Hijackthis, che io faccio analizzare di tanto in tanto su hijackthis.de (e non mi sottolinea nulla di pericoloso)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10.53.19, on 03/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\bcmntray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\HPQ\Shared\hpqwmi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\PROGRA~1\SPYWAR~1\SPYWAR~1.EXE
C:\Documents and Settings\utente\Documenti\software\Hijackthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C01C8D1-27E3-4773-B6E6-4AC107EA4EA4}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\Shared\hpqwmi.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9981 bytes
Top
Profilo Invia messaggio privato
sabatino
Eroe
Eroe


Registrato: 12/06/06 15:47
Messaggi: 72
MessaggioInviato: 03 Lug 2007 15:30    Oggetto: Rispondi citando
Avg non mi trova nulla. Kaspersky Idem. Questo il risultato

KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 03, 2007 3:27:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/07/2007
Kaspersky Anti-Virus database records: 335122
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 51161
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 01:29:38

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\utente\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\4od49wn3.default\cert8.db Object is locked skipped
C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\4od49wn3.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\4od49wn3.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\4od49wn3.default\history.dat Object is locked skipped
C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\4od49wn3.default\key3.db Object is locked skipped
C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\4od49wn3.default\parent.lock Object is locked skipped
C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\4od49wn3.default\search.sqlite Object is locked skipped
C:\Documents and Settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\4od49wn3.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\utente\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\4od49wn3.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\4od49wn3.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\4od49wn3.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\4od49wn3.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\utente\Impostazioni locali\Temp\Perflib_Perfdata_ce0.dat Object is locked skipped
C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\utente\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\utente\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\NX6125.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{45ED0AC3-5D16-434C-BC04-C2AEB5DA3FD9}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Credenti.evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\ZLT07377.TMP Object is locked skipped
C:\WINDOWS\temp\ZLT0737a.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.


Attendo istruzioni
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 03 Lug 2007 16:00    Oggetto: Rispondi citando
forse al tuo PC serve solo una ripulita generale... Rolling Eyes
puoi usare CCleaner e/o ATF Cleaner per liberarti dai cookies e files temporanei e Eusing Free Registry Cleaner per ripulire il registro.
Top
Profilo Invia messaggio privato
sabatino
Eroe
Eroe


Registrato: 12/06/06 15:47
Messaggi: 72
MessaggioInviato: 03 Lug 2007 19:03    Oggetto: Rispondi citando
CCleaner lo uso regolarmente. Provo a pulire il registro con quel software
Top
Profilo Invia messaggio privato
sabatino
Eroe
Eroe


Registrato: 12/06/06 15:47
Messaggi: 72
MessaggioInviato: 03 Lug 2007 20:09    Oggetto: Rispondi
A quanto pare l'email-worm è scomparso. Restano però quei cookie Mywebsearch e wathcdog
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi