Olimpo Informatico

seby.panto · Eroe in grazia degli dei Registrato: 13/03/08 00:40 Messaggi: 91

ciao ragazzi nn sono proprio nuovo del forum, mi avete già aiutato a risolvere un grosso problema con virtumonde...ancora una volta grazie...
Ora nn scrivo per il mio pc ma per quello della mia raga che è o almen sembra essere affetta da swizzor. Qualcuno sa darmi una mano...??

Sante62 · Inviato: 02 Apr 2008 18:19 Oggetto:

Ciao seby.panto Ciao

Sembra oppure è affetto da swizzor?

Avete provato a fare le scansioni con i vostri antivirus e/o antispyware; non rilevano nulla?

Intanto facciamo un pò di pulizia....

Scarica Virit
Aggiornalo mediante l'icona della parabola posta nella barra in alto e fagli fare la scansione completa del PC.
Fai in modo che rimuova automaticamente i file infetti trovati.
Non dimenticare di disattivare momentaneamente il tuo antivirus.
Incolla poi quì il risultato;

Lancia Combofix seguendo le istruzioni di questa discussione;

Alla fine, posta un log di Hijackthis

seby.panto · Inviato: 02 Apr 2008 23:11 Oggetto:

ciao sante... sempre tu il mio salvatore!!ho fatto quanto richiesto , eccoti i log di combofix:

ComboFix 08-04-02.1 - Chiara 2008-04-02 23.03.43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.596 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Chiara\Desktop\SWIZZOR\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-03-02 al 2008-04-02 )))))))))))))))))))))))))))))))))))
.

2008-04-02 22:51 . 2008-04-02 22:51 <DIR> d-------- C:\Programmi\CCleaner
2008-04-02 22:42 . 2008-04-02 22:54 <DIR> d-------- C:\QUARANTENA_VIRIT
2008-04-02 22:19 . 2008-04-02 22:42 <DIR> d-------- C:\VEXPLITE
2008-04-02 22:19 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-03-30 21:22 . 2008-03-30 21:22 <DIR> d-------- C:\Programmi\Trans That Joy
2008-03-30 21:22 . 2008-04-02 13:47 <DIR> d-------- C:\Documents and Settings\Chiara\Dati applicazioni\Trans That Joy
2008-03-30 21:22 . 2008-04-02 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\close poke frag ooze
2008-03-19 20:34 . 2008-03-19 20:34 268 --ah----- C:\sqmdata05.sqm
2008-03-19 20:34 . 2008-03-19 20:34 244 --ah----- C:\sqmnoopt05.sqm
2008-03-19 13:24 . 2008-03-19 13:24 268 --ah----- C:\sqmdata04.sqm
2008-03-19 13:24 . 2008-03-19 13:24 244 --ah----- C:\sqmnoopt04.sqm
2008-03-15 17:49 . 2008-03-15 17:49 268 --ah----- C:\sqmdata03.sqm
2008-03-15 17:49 . 2008-03-15 17:49 244 --ah----- C:\sqmnoopt03.sqm
2008-03-15 11:24 . 2008-03-15 11:24 <DIR> d-------- C:\Documents and Settings\Chiara\Dati applicazioni\EPSON

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 11:47 --------- d-----w C:\Programmi\Circle Developement
2008-04-02 11:00 --------- d-----w C:\Documents and Settings\Chiara\Dati applicazioni\AVG7
2008-04-02 10:53 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-03-30 19:22 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-03-26 18:36 --------- d-----w C:\Documents and Settings\Chiara\Dati applicazioni\FrostWire
2008-02-20 20:23 --------- d-----w C:\Programmi\iTunes
2008-02-20 20:23 --------- d-----w C:\Programmi\iPod
2008-02-20 20:23 --------- d-----w C:\Documents and Settings\Chiara\Dati applicazioni\Apple Computer
2008-02-20 20:22 --------- d-----w C:\Programmi\QuickTime
2008-02-20 20:22 --------- d-----w C:\Programmi\Bonjour
2008-02-20 20:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-02-20 20:21 --------- d-----w C:\Programmi\File comuni\Apple
2008-02-20 20:21 --------- d-----w C:\Programmi\Apple Software Update
2008-02-20 20:21 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-02-19 19:14 --------- d-----w C:\Programmi\VideoLAN
2008-02-19 18:59 --------- d-----w C:\Documents and Settings\Chiara\Dati applicazioni\vlc
2008-02-18 10:56 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-02-18 10:54 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-02-18 10:50 --------- d-----w C:\Programmi\Windows Live
2008-02-10 18:16 --------- d-----w C:\Documents and Settings\Chiara\Dati applicazioni\AdobeUM
2008-02-10 18:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-02-04 16:21 --------- d-----w C:\Programmi\acrobat 7.0
2008-02-04 16:11 --------- d-----w C:\Documents and Settings\Chiara\Dati applicazioni\Lavasoft
2008-02-04 14:52 --------- d-----w C:\Documents and Settings\Admin\Dati applicazioni\Yahoo!
2008-02-04 10:56 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-02-04 08:38 --------- d-----w C:\Programmi\FrostWire
2008-02-03 19:12 --------- d-----w C:\Programmi\Java
2008-02-03 18:49 --------- d-----w C:\Programmi\File comuni\Java
2008-02-03 18:48 --------- d-----w C:\Programmi\AskSBar
2008-02-02 11:52 --------- d-----w C:\Documents and Settings\Chiara\Dati applicazioni\Yahoo!
2008-02-02 11:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-02-02 11:06 --------- d-----w C:\Programmi\Yahoo!
2008-02-02 11:06 --------- d-----w C:\Programmi\File comuni\ACD Systems
2008-02-02 11:06 --------- d-----w C:\Programmi\ACD Systems
2008-02-02 11:06 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ACD Systems
2008-01-31 17:23 284 ----a-w C:\Documents and Settings\Chiara\Dati applicazioni\ViewerApp.dat
2008-01-25 15:33 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-25 10:18 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-25 10:18 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-18 20:19 607,744 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-01-09 14:25 16,859,648 ----a-w C:\WINDOWS\RTHDCPL.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL" [ ]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Close Bias"="C:\DOCUME~1\Chiara\DATIAP~1\TRANST~1\2mags.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-25 12:22 579072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16:25 16859648 C:\WINDOWS\RTHDCPL.exe]
"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 04:00 98304]
"Device Detector"="DevDetect.exe" []
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-04-02 22:20 245760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-25 12:22 219136]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-25 13:28:48 113664]
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2008-01-25 12:16:10 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-12-07 12:13]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 18:49]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-12-07 12:10]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-04-02 22:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7483d0af-d00e-11dc-8913-001a92197ab2}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-02 21:00:00 C:\WINDOWS\Tasks\A5E6EE2D91816A79.job"
- c:\docume~1\chiara\datiap~1\transt~1\Deaf Regs Second.exe
"2008-02-20 20:21:54 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-04-02 19:07:00 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 23:05:07
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-04-02 23.06.28
ComboFix-quarantined-files.txt 2008-04-02 21:06:21
13 Directory 16,189,558,784 byte disponibili
17 Directory 16,178,425,856 byte disponibili
.
2008-03-11 20:26:25 --- E O F ---

Questo è invece il log di hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.08.05, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programmi\File comuni\ACD Systems\EN\DevDetect.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Chiara\Desktop\SWIZZOR\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neroogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O5 "LPT1:" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Close Bias] C:\DOCUME~1\Chiara\DATIAP~1\TRANST~1\2mags.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{965DAF96-0E40-4DED-A74F-270351ABF299}: NameServer = 192.167.96.200,212.216.112.112
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 7864 bytes

Sante62 · Inviato: 03 Apr 2008 00:25 Oggetto:

OK, aspetto il log di Virit...

Avvia Hijackthis, seleziona queste righe se presenti e clicca fix Checked:

seby.panto · Inviato: 03 Apr 2008 19:30 Oggetto:

ecco il nuovo log di virit:

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
02/04/2008 - 22:24:31

[SCANSIONE DEL REGISTRO]
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} Infetto da BHO.Ask.D
* * * RIMOSSO * * *

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL Infetto da BHO.Ask.D
Il file sarà spostato nella cartella di quarantena.
C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL Infetto da BHO.ASK.C
* * * RIMOSSO * * *

Chiavi Registro infette: 1.
Files Infetti: 2.
Files Sospetti: 0.
Files Analizzati: 71552.
Files Totali: 71552.
Chiavi Registro rimosse: 1.
Virus Rimossi: 1.

Adesso puoi RIAVVIARE il computer per spostare il file nella cartella di quarantena.
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
02/04/2008 - 22:55:44

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 5394.
Files Totali: 5394.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
03/04/2008 - 19:13:00

[SCANSIONE DEL REGISTRO]
OK

[A:]
BOOT SECTOR: OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\QUARANTENA_VIRIT\ASKSBAR.DLL Infetto da BHO.Ask.D
* * * RIMOSSO * * *

[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

[F:]
BOOT SECTOR: OK

[G:]
BOOT SECTOR: OK

[H:]
BOOT SECTOR: OK

[I:]

[J:]

[K:]
BOOT SECTOR: OK

Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 49833.
Files Totali: 49833.
Chiavi Registro rimosse: 0.
Virus Rimossi: 1.

seby.panto · Inviato: 03 Apr 2008 19:35 Oggetto:

questo è il log di hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.33.51, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programmi\File comuni\ACD Systems\EN\DevDetect.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chiara\Desktop\SWIZZOR\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neroogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O5 "LPT1:" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{965DAF96-0E40-4DED-A74F-270351ABF299}: NameServer = 192.167.96.200,212.216.112.112
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 7714 bytes

seby.panto · Inviato: 03 Apr 2008 19:53 Oggetto:

questo è il link di system scan:

[URL="http://www.freefilehosting.net/files/3ehda"]report142.txt[/URL]

Sante62 · Inviato: 04 Apr 2008 00:15 Oggetto:

Bene, i logs sembrano a posto...

tranne il fatto che ci sono siti aggiunti al file hosts appartenenti pare al virus CID;

scarica Norman Malware Cleaner
disattiva il ripristino di sistema e avvia il PC in modalità provvisoria
Avvia Norman Malware Cleaner.
Viene generato un log sul desktop chiamandolo NFix_2008-01-gg_hh-mm-ss.log, alla fine della scansione postalo qui.

Adesso collegati a Kaspersky online scanner
Quando sta scaricando i file necessari, disattiva momentaneamente l'antivirus. Non appena inizia la scansione del PC disconnettiti da internet.
Alla fine carica il risultato su www.freefilehosting.net, riportando quì il link che ti viene assegnato come indicato quì;

Metti un firewall scegliendone uno mediante questa discussione.

seby.panto · Inviato: 04 Apr 2008 21:43 Oggetto:

ecco il log di normal malware:

Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/04/03 19:04:14

Norman Scanner Engine Version: 5.92.04
Nvcbin.def Version: 5.92.00, Date: 2008/04/03 19:04:14, Variants: 1489241

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2
Logged on user: SFAMENI_LOGULLO\Chiara

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed hosts entry: 127.0.0.1 bin.errorprotector.com
Removed hosts entry: 127.0.0.1 br.errorsafe.com
Removed hosts entry: 127.0.0.1 br.winantivirus.com
Removed hosts entry: 127.0.0.1 br.winfixer.com
Removed hosts entry: 127.0.0.1 cdn.drivecleaner.com
Removed hosts entry: 127.0.0.1 cdn.errorsafe.com
Removed hosts entry: 127.0.0.1 cdn.winsoftware.com
Removed hosts entry: 127.0.0.1 de.errorsafe.com
Removed hosts entry: 127.0.0.1 de.winantivirus.com
Removed hosts entry: 127.0.0.1 download.cdn.drivecleaner.com
Removed hosts entry: 127.0.0.1 download.cdn.errorsafe.com
Removed hosts entry: 127.0.0.1 download.cdn.winsoftware.com
Removed hosts entry: 127.0.0.1 download.errorsafe.com
Removed hosts entry: 127.0.0.1 download.systemdoctor.com
Removed hosts entry: 127.0.0.1 download.winantispyware.com
Removed hosts entry: 127.0.0.1 download.windrivecleaner.com
Removed hosts entry: 127.0.0.1 download.winfixer.com
Removed hosts entry: 127.0.0.1 drivecleaner.com
Removed hosts entry: 127.0.0.1 dynamique.drivecleaner.com
Removed hosts entry: 127.0.0.1 errorprotector.com
Removed hosts entry: 127.0.0.1 errorsafe.com
Removed hosts entry: 127.0.0.1 es.winantivirus.com
Removed hosts entry: 127.0.0.1 fr.winantivirus.com
Removed hosts entry: 127.0.0.1 fr.winfixer.com
Removed hosts entry: 127.0.0.1 go.drivecleaner.com
Removed hosts entry: 127.0.0.1 go.errorsafe.com
Removed hosts entry: 127.0.0.1 go.winantispyware.com
Removed hosts entry: 127.0.0.1 go.winantivirus.com
Removed hosts entry: 127.0.0.1 hk.winantivirus.com
Removed hosts entry: 127.0.0.1 instlog.errorsafe.com
Removed hosts entry: 127.0.0.1 instlog.winantivirus.com
Removed hosts entry: 127.0.0.1 instlog.winfixer.com
Removed hosts entry: 127.0.0.1 jsp.drivecleaner.com
Removed hosts entry: 127.0.0.1 kb.errorsafe.com
Removed hosts entry: 127.0.0.1 kb.winantivirus.com
Removed hosts entry: 127.0.0.1 nl.errorsafe.com
Removed hosts entry: 127.0.0.1 se.errorsafe.com
Removed hosts entry: 127.0.0.1 secure.drivecleaner.com
Removed hosts entry: 127.0.0.1 secure.errorsafe.com
Removed hosts entry: 127.0.0.1 secure.winantispam.com
Removed hosts entry: 127.0.0.1 secure.winantispy.com
Removed hosts entry: 127.0.0.1 secure.winantivirus.com
Removed hosts entry: 127.0.0.1 support.winantivirus.com
Removed hosts entry: 127.0.0.1 trial.updates.winsoftware.com
Removed hosts entry: 127.0.0.1 ulog.winantivirus.com
Removed hosts entry: 127.0.0.1 utils.errorsafe.com
Removed hosts entry: 127.0.0.1 utils.winantivirus.com
Removed hosts entry: 127.0.0.1 utils.winfixer.com
Removed hosts entry: 127.0.0.1 winantispyware.com
Removed hosts entry: 127.0.0.1 winantivirus.com
Removed hosts entry: 127.0.0.1 winfixer.com
Removed hosts entry: 127.0.0.1 winfixer2006.com
Removed hosts entry: 127.0.0.1 winsoftware.com
Removed hosts entry: 127.0.0.1 www.drivecleaner.com
Removed hosts entry: 127.0.0.1 www.errorprotector.com
Removed hosts entry: 127.0.0.1 www.errorsafe.com
Removed hosts entry: 127.0.0.1 www.systemdoctor.com
Removed hosts entry: 127.0.0.1 www.utils.winfixer.com
Removed hosts entry: 127.0.0.1 www.win-anti-virus-pro.com
Removed hosts entry: 127.0.0.1 www.win-virus-pro.com
Removed hosts entry: 127.0.0.1 www.winantispam.com
Removed hosts entry: 127.0.0.1 www.winantispy.com
Removed hosts entry: 127.0.0.1 www.winantispyware.com
Removed hosts entry: 127.0.0.1 www.winantivirus.com
Removed hosts entry: 127.0.0.1 www.winantiviruspro.com
Removed hosts entry: 127.0.0.1 www.windrivecleaner.com
Removed hosts entry: 127.0.0.1 www.windrivesafe.com
Removed hosts entry: 127.0.0.1 www.winfixer.com
Removed hosts entry: 127.0.0.1 www.winfixer2006.com
Removed hosts entry: 127.0.0.1 www.winsoftware.com

Scan started: 04/04/2008 14:09:38

Scanning running processes and process memory...

Number of processes/threads found: 488
Number of processes/threads scanned: 488
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 12s

Scanning file system...

Scanning: C:\*.*

C:\Documents and Settings\Admin\Documenti\Sigmaplot\EATSS31.EXE (Infected with W32/Smalltroj.CLTB)
Deleted file

C:\Documents and Settings\Admin\Documenti\WGA remover\wga17360.rar/RR (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Admin\Documenti\WGA remover\Windows.Genuine.Advantage.Validation.v1.7.36.0.CRACKED-ETH0.zip/wga17360.rar/RR (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Chiara\Documenti\WGA remover\wga17360.rar/RR (Error whilst scanning file: I/O Error)

C:\Documents and Settings\Chiara\Documenti\WGA remover\Windows.Genuine.Advantage.Validation.v1.7.36.0.CRACKED-ETH0.zip/wga17360.rar/RR (Error whilst scanning file: I/O Error)

C:\Programmi\SigmaStat\Stat3\EATSS31.EXE (Infected with W32/Smalltroj.CLTB)
Deleted file

Scanning: D:\*.*

D:\Documenti\WGA remover\wga17360.rar/RR (Error whilst scanning file: I/O Error)

D:\Documenti\WGA remover\Windows.Genuine.Advantage.Validation.v1.7.36.0.CRACKED-ETH0.zip/wga17360.rar/RR (Error whilst scanning file: I/O Error)

Scanning: c:\System Volume Information\*.*

Running post-scan cleanup routine:

Number of files found: 95196
Number of archives unpacked: 382
Number of files scanned: 95170
Number of files not scanned: 26
Number of files skipped due to exclude list: 0
Number of infected files found: 2
Number of infected files repaired/deleted: 2
Number of infections removed: 2
Total scanning time: 38m 21s

seby.panto · Inviato: 04 Apr 2008 22:37 Oggetto:

questo è il link di kaspersky...

[URL="http://www.freefilehosting.net/files/3ej0h"]kaspersky39.html[/URL]

Sante62 · Inviato: 05 Apr 2008 09:42 Oggetto:

Bene, il log è pulito, elimina solamente questo file indicato in grassetto:

seby.panto · Inviato: 05 Apr 2008 10:52 Oggetto:

ok sante62... grazie mille, come al solito hai risolto tuti i miei problemi...

Alla prossima...ciao

Sante62 · Inviato: 05 Apr 2008 19:40 Oggetto: