AntiVir PersonalEdition Classic
Report file date: mercoledì 26 settembre 2007 15:44
Scanning for 854609 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: SIMONE
Start of the scan: mercoledì 26 settembre 2007 15:44
Starting search for hidden objects.
'48581' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WISPTIS.EXE' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'livecall.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'CTSched.exe' - '1' Module(s) have been scanned
Scan process 'V0230Mon.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'EOUWiz.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process '1XConfig.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'OProtSvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '36' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Simo\Desktop\SmitfraudFix.exe
[0] Archive type: RAR SFX (self extracting)
SmitfraudFix\Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
SmitfraudFix\restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[INFO] A backup was created as '47636373.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\Simo\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\vwozbzoh.default\Cache\63329BDCd01
[0] Archive type: RAR SFX (self extracting)
SmitfraudFix\Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
SmitfraudFix\restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[INFO] A backup was created as '472d64fb.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Programmi\Creative\Creative Live! Cam\Live! Cam Doodling\kbhdll.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47626754.qua'!
C:\System Volume Information\_restore{52D5D9D7-5155-47BA-81DE-ABA7DBF5EAA7}\RP114\A0016259.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '472a6c29.qua'!
End of the scan: mercoledì 26 settembre 2007 17:15
Used time: 1:30:48 min
The scan has been done completely.
4274 Scanning directories
292616 Files were scanned
4 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
2 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
292612 Files not concerned
1697 Archives were scanned
1 Warnings
0 Notes
48581 Objects were scanned with rootkit scan
0 Hidden objects were found
Il fatto è che ogni volta la scansione arriva a 99.8%, dopo si ferma in quel punto x molto tempo, almeno un terzo dell'intera scansione, e sembra ripetere sempre un circolo attorno al file PR58.tmp localizzato in Programmi-Windows_Temp. Pesa 1.44 Gb.
Poi la scansione finisce, mettendoci quasi 1 ora e mezza (settato comunque al massimo..)
Insomma leggendo i file che analizza nella scansione mi compare il nome del programma che scaricai, ma cio' è strano siccome lo eliminai del tutto!
Difatti, se provo a digitarlo in Cerca, volendo eliminare manualmente ogni sorta di sua traccia, non mi trova nulla...
Cosa posso fare??
Aiutatemi!!