Olimpo Informatico

klaus124 · Inviato: 12 Nov 2007 14:31 Oggetto: log hijackthis

da 2 giorni ho il pc che si pianta per 4-5 secondi poi si sblocca e questo lo fa con le pagine web con l'apertura di cartelle e anche con il menù apri con....ho scansionato con avira e non mi ha rilevato nulla ewido online 3 tracking cookie ma di rischio basso gmer nulla di che da cosa può avvenire questo rallentamento eccessivo? vi allego il Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.22.24, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\OO Software\Defrag Professional\oodcnt.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\StarModem\StarModem USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SmartDefrag] "C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programmi\ERUNT\AUTOBACK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mukka1989.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165010330765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://gio101089.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.nanoscan.com/as/v1/cabs/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
grazie x le risposte

bdoriano · Inviato: 12 Nov 2007 14:37 Oggetto:

Ciao klaus124, Ciao

hijackthis non rileva nulla di particolare, se dici che anche gmer non rileva nulla posso pensare che sia un problema non derivato dalla presenza di malware.
Puoi provare a:
- cancellare i files temporanei con ATF-Cleaner
- ripulire il file di registro
- deframmentare il disco

klaus124 · Inviato: 12 Nov 2007 16:28 Oggetto:

faccio pulizia con atf, reg supreme,e O&O defrag ma oltre cosa posso fare? sono un pò contrario a formattare solo in casi disperati e non mi sembra questo il caso, grazie per esserti interessato se puoi dammi qualche altra dritta.

bdoriano · Inviato: 12 Nov 2007 18:45 Oggetto:

Magari un problema del disco?
Hai provato a fare una scansione del disco:
Clicca Start
Clicca Esegui...
Digita:

klaus124 · Inviato: 12 Nov 2007 21:02 Oggetto:

sto rifacendo la scansione con gmer e ora ha trovato qualcosa come finisce ti posto il log grazie

klaus124 · Inviato: 12 Nov 2007 21:48 Oggetto:

ti spiego cosa è successo mentre rifacevo la scansione con gmer improvvisamente è andato via tutto il desktop solo gmer è rimasto ha terminato la sua opera e ha trovato questo in C:\windows\sistem32\zshp1018.exe ( ****HIDDEN****) tasto destro e kill process ho sbagliato? il file di cui sopra fa parte della stampante che è installata ora non più.............. sto rifacendo la scansione ecco i risultati GMER 1.0.12.12011 - http://www.gmer.net

edit by bdoriano:
log rimosso perché incompleto

klaus124 · Inviato: 12 Nov 2007 21:52 Oggetto:

il resto GMER 1.0.12.12011 - http://www.gmer.net

edit by bdoriano:
log rimosso perché incompleto.

klaus124 · Inviato: 12 Nov 2007 21:55 Oggetto:

si vede che sono poco pratico scusatemi...... dimmi se tutto va bene grazie

ste_95 · Inviato: 12 Nov 2007 22:30 Oggetto:

bdoriano · Inviato: 12 Nov 2007 22:44 Oggetto:

Fai le scansioni con GMER e posta i logs su FreeFileHosting come indicato qui.

edit:
la versione di gmer che usi è "vecchia",

MajorGeeks

C:\WINDOWS\gmer_uninstall.cmd

klaus124 · Inviato: 13 Nov 2007 10:10 Oggetto:

log gmer 1.txt avenger33.txt eccoli tutti i risultati vanno bene?

ste_95 · Inviato: 13 Nov 2007 13:53 Oggetto:

va bene, direi vada bene...puoi postare il log anche della sezione autostart?

klaus124 · Inviato: 13 Nov 2007 14:08 Oggetto:

è all'interno del log gmer tutti insieme..... grazie

ste_95 · Inviato: 13 Nov 2007 14:42 Oggetto:

tutto pulito...confermi?

klaus124 · Inviato: 13 Nov 2007 17:19 Oggetto:

si mi pare che vada un pochino meglio ti ringrazio tanto anzi vi ringrazio tanto

bdoriano · Inviato: 13 Nov 2007 17:55 Oggetto:

Se vuoi, per sicurezza, collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

klaus124 · Inviato: 19 Nov 2007 10:08 Oggetto:

ho fatto la scansione con l'antivirus e non ha trovato nulla poi ho scansionato con smitfraufix e non so leggere in maniera tecnica il log te lo posto grazieSmitFraudFix v2.253

Scan done at 9.43.39,96, 19/11/2007
Run from C:\Documents and Settings\io.IO-E05FD2476A1D\Desktop\Nuova cartella\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Comodo\Firewall\CPF.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\io.IO-E05FD2476A1D

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\io.IO-E05FD2476A1D\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\IO9767~1.IO-\PREFER~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmi

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: StarModem USB Network Adapter
DNS Server Search Order: 10.0.0.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CE39293E-349E-401E-85C9-6D249AB1C61B}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CE39293E-349E-401E-85C9-6D249AB1C61B}: DhcpNameServer=193.70.152.15 193.70.152.25
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CE39293E-349E-401E-85C9-6D249AB1C61B}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CE39293E-349E-401E-85C9-6D249AB1C61B}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=193.70.152.15 193.70.152.25
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

domanda devo cancellare quelle chiavi tramite il pulitore del programma?

bdoriano · Inviato: 19 Nov 2007 10:17 Oggetto:

SmitFraudFix non ha trovato nulla.
Viene segnalato un problema con il file HOSTS che sembra "corrotto".

Scarica Hoster e scompattalo in una sua cartella.
Avvia Hoster
clicca su "Restore Microsoft's Original Hosts File"
clicca su "Make Host Read Only"
e chiudilo

klaus124 · Inviato: 19 Nov 2007 12:24 Oggetto:

mi esce una finestra con scritto ERROR: cannot create file C:\windows\sistem32\DRIVERS\ETC\hosts che devo fare? scusami se sono petulante...

klaus124 · Inviato: 19 Nov 2007 13:02 Oggetto:

ho scansionato con avira e ti posto il report

AntiVir PersonalEdition Classic
Report file date: lunedì 19 novembre 2007 11:53

Scanning for 933735 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: IO-

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/07 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/07 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/07 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/07 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/07 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/07 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/07 14:26:55
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/07 12:52:09
ANTIVIR3.VDF : 7.0.0.229 115200 Bytes 19/11/07 08:04:35
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 12/11/07 12:52:13
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/07 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/07 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/07 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/07 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/07 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/07 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/07 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/07 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/07 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/07 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lunedì 19 novembre 2007 11:53

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'cpf.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'oodag.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
22 processes with 22 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '20' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\io.IO-E05FD2476A1D\desktop\masterizzare\System.Cleaner.v5.52.150.WinALL.Cracked-BRD.rar
[0] Archive type: RAR
--> System.Cleaner.v5.52.150.WinALL.Cracked-BRD\brdsc552.zip
[1] Archive type: ZIP
--> brdsc552.rar
[2] Archive type: RAR
--> crack\Patch.exe
[DETECTION] Is the Trojan horse TR/Agent.VW.33
[INFO] The file was moved to '47b46c1d.qua'!
Begin scan in 'D:\'
D:\pagefile.sys
[WARNING] The file could not be opened!

End of the scan: lunedì 19 novembre 2007 12:48
Used time: 55:49 min

The scan has been done completely.

5635 Scanning directories
315568 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
315567 Files not concerned
1291 Archives were scanned
2 Warnings
8 Notes