Olimpo Informatico

[clio]

Ciao a tutti, ho trovato per caso il forum navigando in cerca d'aiuto.
Da un po' di tempo il mio PC è notevolmente rallentato, ho fatto la scansione con norton che dice che è tutto OK.
Vi allego il Log sperando nel vostro aiuto e che non ci sia niente di grave.

Grazie a tutti in anticipo
Ciao

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18.15.52, on 03/07/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton Internet Security\ISSVC.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\cbpopw.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\j2re1.4.2_09\bin\jusched.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\FreeLan SuperG Wireless LAN Utility\WLANPRO.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\RVS\WCOM\SYSTEM\ccui.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\RVS\WCOM\SYSTEM\ccsrv.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\HiJackThis_v2\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.libero.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Libero
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - BHO' - (no file)
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
O2 - BHO: MSX - {037CE595-57CB-4EB5-9775-97BC112F3BB3} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2170AE22-BED6-4BD8-8A30-775F233B45C0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Programmi\Web Accelerator\components\NOWImaging.dll (file missing)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Site Update Watcher - {A853979C-2A9A-4ACB-8975-5740A7E26CB4} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE Agent - {CC56A1F3-9B83-45FF-8CB6-D58959492F0F} - (no file)
O3 - Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [CallBumping] cbpopw.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SlipStream] "C:\Programmi\SlipStream Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\j2re1.4.2_14\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\RunOnce: [CommCenter] "C:\Programmi\RVS\WCOM\SYSTEM\ccui.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: FreeLan Super G Wireless LAN Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Reg.lnk = ?
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O15 - Trusted Zone: *.http://www.master69.biz
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.yeak.net
O16 - DPF: {04365000-DFC6-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Quercia) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kQrc.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.manidifata.it/CFIDE/classes/CFJava.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\\MAIN.MHT!http://207.44.186.186/b/online.chm::/on-line.exe
O16 - DPF: {10F76067-C352-473B-94C9-5EE691429C48} (VBRunTimeInstaller.Bait) - http://agentsetup.paginebianche.virgilio.it/PBCab/VBRunTimeInstaller.CAB
O16 - DPF: {13083D70-37BD-11D4-B315-00508B6D3B87} (/Quercia TLQJ 2000-QF24) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kQF.cab
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//qwduaju//hsmgxko//zvgfujk//irkqpg//arct.chm::/painter.exe
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD LT 2002 Ita\InstFred.ocx
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {2A5C1DD0-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Other) - https://cbi.tecmarket.it/common/TlqJ2kOth.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {5140EE10-DFC4-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Image) - https://cbi.tecmarket.it/ibbj/it/TlqJ2kImg.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/293c60ef7999b4c3cc05/netzip/RdxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093617972562
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD LT 2002 Ita\AcDcToday.ocx
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://agentsetup.paginebianche.virgilio.it/PBCab/msxml4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
O16 - DPF: {9389EFC0-3B78-482E-9974-6A365C571126} (/Quercia TLQJ 2000-TabF24) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kTabF.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD LT 2002 Ita\InstBanr.ocx
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) - https://trials.endeavors.com/autodesk/acad2005emea/clientdownloads/OTAI.CAB
O16 - DPF: {B1738950-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-QCbi) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kQCb.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CB572CC0-E5F9-11D3-B2C1-00105AE309D0} (/Quercia TLQJ 2000-QData) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kQDt.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD LT 2002 Ita\AcPreview.ocx
O16 - DPF: {FA6B2C55-F067-4895-A0D0-536168798883} - http://agentsetup.paginebianche.virgilio.it/PBCab/install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F67C398C-A573-44B0-98D3-6411933AC308}: NameServer = 193.70.152.15 193.70.152.25
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: ICQ Update Service (ICQUPD) - Unknown owner - C:\WINDOWS\system32\kpsf.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmi\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RVS Installer (RVSINST) - RVS Datentechnik GmbH, München - C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/IMPOST~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 15193 bytes

[bdoriano]

Ciao clio,
Avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:

[bdoriano]

Dimenticavo:
- disattiva il ripristino configurazione di sistema
- fai girare anche questo.

[clio]

OK fatto tutto, questo è il nuovo log.
Grazie mille per l'aiuto


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15.01.02, on 04/07/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton Internet Security\ISSVC.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\downlo~1\zpiw\zbwgj9.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\cbpopw.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\j2re1.4.2_14\bin\jusched.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\FreeLan SuperG Wireless LAN Utility\WLANPRO.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\RVS\WCOM\SYSTEM\CCUI.EXE
C:\Programmi\RVS\WCOM\SYSTEM\ccsrv.exe
C:\Programmi\Messenger\msmsgs.exe
C:\HiJackThis_v2\HiJackThis_v2.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Symantec Shared\AdBlocking\NSMdtr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.libero.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Libero
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [CallBumping] cbpopw.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SlipStream] "C:\Programmi\SlipStream Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\j2re1.4.2_14\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\RunOnce: [CommCenter] "C:\Programmi\RVS\WCOM\SYSTEM\ccui.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: FreeLan Super G Wireless LAN Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Reg.lnk = ?
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O15 - Trusted Zone: *.http://www.master69.biz
O16 - DPF: {04365000-DFC6-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Quercia) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kQrc.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.manidifata.it/CFIDE/classes/CFJava.cab
O16 - DPF: {10F76067-C352-473B-94C9-5EE691429C48} (VBRunTimeInstaller.Bait) - http://agentsetup.paginebianche.virgilio.it/PBCab/VBRunTimeInstaller.CAB
O16 - DPF: {13083D70-37BD-11D4-B315-00508B6D3B87} (/Quercia TLQJ 2000-QF24) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kQF.cab
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD LT 2002 Ita\InstFred.ocx
O16 - DPF: {2A5C1DD0-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Other) - https://cbi.tecmarket.it/common/TlqJ2kOth.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {5140EE10-DFC4-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Image) - https://cbi.tecmarket.it/ibbj/it/TlqJ2kImg.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/293c60ef7999b4c3cc05/netzip/RdxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093617972562
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD LT 2002 Ita\AcDcToday.ocx
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://agentsetup.paginebianche.virgilio.it/PBCab/msxml4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
O16 - DPF: {9389EFC0-3B78-482E-9974-6A365C571126} (/Quercia TLQJ 2000-TabF24) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kTabF.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD LT 2002 Ita\InstBanr.ocx
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) - https://trials.endeavors.com/autodesk/acad2005emea/clientdownloads/OTAI.CAB
O16 - DPF: {B1738950-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-QCbi) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kQCb.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CB572CC0-E5F9-11D3-B2C1-00105AE309D0} (/Quercia TLQJ 2000-QData) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kQDt.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD LT 2002 Ita\AcPreview.ocx
O16 - DPF: {FA6B2C55-F067-4895-A0D0-536168798883} - http://agentsetup.paginebianche.virgilio.it/PBCab/install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F67C398C-A573-44B0-98D3-6411933AC308}: NameServer = 193.70.152.15 193.70.152.25
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: ICQ Update Service (ICQUPD) - Unknown owner - C:\WINDOWS\system32\kpsf.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmi\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RVS Installer (RVSINST) - RVS Datentechnik GmbH, München - C:\Programmi\RVS\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/IMPOST~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 13749 bytes

[bdoriano]

Con hijackthis fixa queste voci:

[clio]

Solo una curiosità:
cbi.tecmarket.it è il sito di una banca (o qualcosa di simile), giusto?

Sì esatto, crea problemi? Domattina faccio tutto (è il PC che uso al lavoro).
grazie mille

[bdoriano]

No, nessun problema. Era solo una curiosità.

[clio]

Ok fixato.
Ho riavviato il PC e Norton mi ha trovato dei virus, precisamente:
BLOODHOUND.EXPLOIT.6 nel file C:\HiJackThis_v2\backups\backup-20070704-143348-313

MHTMLRedir.exploit nel file C:\HiJackThis_v2\backups\backup-20070704-143348-602

MHTMLRedir.exploit nel file C:\HiJackThis_v2\backups\backup-20070704-143348-616

per tutti e tre norton dice "impossibile riparare il file - Accesso negato al file", il PC è lentissimo...

Aiuto!!!!

Mi dimenticavo: durante l'accensione il PC dice qualcosa di incomprensibile

[whitesquall]

Per quel (poco) che ne so alcuni antivirus considerano come virus i backup di HiJackThis mentre in realtà non lo sono... Ci dovrebbe essere scritto da qualche parte nelle schermate di HiJackThis...

[Orange]

mi domando dov'era Norton prima?
i virus da lui trovati sono quelli eliminati con HJT (infatti si trovano nella cartella backup di HiJack). per liberartene basta svuotare la cartella in questione

per la lentezza invece facciamo quest'altro controllo. segui le indicazioni e metti qui i links richiesti.

[whitesquall]

[clio]

Ho svuotato la cartella, adesso Norton mi ha trovato il virus MHTMLREDIR.EXPLOIT nella cartella Temporary Internet files così l'ho svuotata.

Per il PC che parla durante l'accensione cosa può essere?

Appena ho 2 minuti faccio il resto.
Intanto grazie mille

[Orange]

ma parla proprio? (in questo caso saresti la prima "vittima" accertata)
oppure ti esce un messaggio che non riesci a leggere? (una bella differenza)

[clio]

Si parla con voce femminile, sembra in inglese ma di preciso non so perchè sono solo 2 o 3 parole e tra l'altro non so l'inglese. A dire la verità è un po di tempo che fa così ma non gli ho mai dato importanza visto che Norton non trovava niente e il PC è sempre andato bene.

"Vittima"...?! E' qualcosa di grave??

[Orange]

hai visto la discussione che ti ho linkato?
comunque tranquilla, non è il tuo caso. quello parla con una voce maschile (l'ho sentito ) e pronuncia ben più di 2 parole...

fai quelle scansioni con Gmer, così vediamo di che si tratta.

[bdoriano]

Ciao clio,
hai fatto le operazioni indicate da Orange?
Stavo riguardando il tuo ultimo log e mi è saltata all'occhio questa riga:

[clio]

[Orange]

passiamo alle maniere forti, allora:
scrica VirIt, installalo, aggiornalo (importante) e fai lo scan completo.
dopo collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.

metti qui entrambi i risultati (VirIt e Kaspersky)

[clio]

Scusate il ritardo ma per impegni di lavoro sono riuscita a terminare tutto solo oggi. Ecco i due log:

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
09/07/2007 - 19:12:43

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\WINDOWS\Downloaded Program Files\zpiw\zbwgj9.exe Infetto da Trojan.Win32.Dialer.J
* * * RIMOSSO * * *
C:\WINDOWS\system32\NfNkPPSHoH.dll Infetto da BHO.MyIEHelper.F
* * * RIMOSSO * * *
C:\WINDOWS\system32\pLWidSgAJT.dll Infetto da BHO.MyIEHelper.C
* * * RIMOSSO * * *
C:\WINDOWS\system32\tyIBYGeu.dll Infetto da BHO.MyIEHelper.A
* * * RIMOSSO * * *
C:\WINDOWS\system32\WqRSYFcg.dll Infetto da BHO.MyIEHelper.A
* * * RIMOSSO * * *
C:\WINDOWS\system32\xEJdIVS.dll Infetto da BHO.MyIEHelper.A
* * * RIMOSSO * * *
C:\WINDOWS\system32\YvwlckQ.dll Infetto da BHO.MyIEHelper.C
* * * RIMOSSO * * *

Chiavi Registro infette: 0.
Files Infetti: 7.
Files Sospetti: 0.
Files Analizzati: 192493.
Files Totali: 192493.
Chiavi Registro rimosse: 0.
Virus Rimossi: 7.

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 11, 2007 5:46:38 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/07/2007
Kaspersky Anti-Virus database records: 361110
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 193682
Number of viruses found: 1
Number of infected objects: 2 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:30:35

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Cronologia\History.IE5\MSHist012007071120070712\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\ApplicationHistory\hpqimzone.exe.fd734169.ini.inuse Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\Perflib_Perfdata_e74.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF1200.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF1224.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF4EB3.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF5025.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFAEA0.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Support\MPLog-06292007-171100.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\LiveUpdate\2007-07-11_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\AntiSpam\Log\SPAM.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SNDCON.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SNDFW.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPStart.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPStop.log Object is locked skipped
C:\Programmi\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Programmi\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Programmi\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{821D8897-C80A-4F11-8C67-E7E1DF13DB4F}\RP3\A0003113.dll Infected: Trojan.Win32.Dialer.co skipped
C:\System Volume Information\_restore{821D8897-C80A-4F11-8C67-E7E1DF13DB4F}\RP3\A0003117.dll Infected: Trojan.Win32.Dialer.co skipped
C:\System Volume Information\_restore{821D8897-C80A-4F11-8C67-E7E1DF13DB4F}\RP5\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{945A927B-A9BD-4D0F-8758-0E7F96AA062E}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.