Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

(Risolto)Computer ultrainfestato, +di 90 virus

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

(Risolto)Computer ultrainfestato, +di 90 virus

Messaggioda wolly76 » mar dic 04, 2007 3:20 pm

Ragazzi aiutatemi sto cercando di aiutare un amico col suo pc ma la vedo difficile hijackthis non parte proprio, sono riuscito ad installare antivir e ora vi posto il log.
ditemi che posso fare
ps:crazycat questo è pane per i tuoi denti




AntiVir PersonalEdition Classic
Report file date: martedì 4 dicembre 2007 14:48

Scanning for 960391 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: HP11097152291

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.1.30 1575424 Bytes 30/11/2007 13:33:37
ANTIVIR3.VDF : 7.0.1.42 67072 Bytes 04/12/2007 13:33:37
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 04/12/2007 13:33:38
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: quarantine
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus

Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: martedì 4 dicembre 2007 14:48

Starting search for hidden objects.
An ARK instance is already running.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
Scan process 'AcroTray.exe' - '1' Module(s) have been scanned
Scan process 'SweetIM.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'googlesensor.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '37' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-

11638c3b-275bb6cd.zip
[DETECTION] Contains detection pattern of the Java virus JAVA/ClassLoader.GE
[INFO] The file was moved to '47c95c4e.qua'!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-

7381bf88-59718246.zip
[DETECTION] Contains detection pattern of the Java virus JAVA/ClassLoader.GE
[INFO] The file was moved to '460327a7.qua'!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-

16c2be6f-3bd0f504.zip
[DETECTION] Contains detection pattern of the exploits EXP/ByteVerify.S.1
[INFO] The file was moved to '47855c52.qua'!
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5

\0D6RK96N\drf1189072429[1].htm.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/15102
[INFO] The file was moved to '47bb5cf8.qua'!
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5

\4505EJKD\drf1188554261[1].htm.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/18
[INFO] The file was moved to '47bb5d0b.qua'!
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5

\4505EJKD\drf1188833971[1].htm.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/18
[INFO] The file was moved to '467d38c4.qua'!
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5

\4505EJKD\drf1188920692[1].htm.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/18
[INFO] The file was moved to '47bb5d0d.qua'!
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5

\4P6389QB\drf1189676963[1].htm.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/15102
[INFO] The file was moved to '47bb5d1c.qua'!
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5

\4P6389QB\drf1189769230[1].htm.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/15102
[INFO] The file was moved to '467d38d5.qua'!
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5

\8LER41EF\drf1189512061[1].htm.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/15102
[INFO] The file was moved to '47bb5d3f.qua'!
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5

\8LER41EF\drf1189591328[1].htm.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.mio
[INFO] The file was moved to '467d3888.qua'!
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5

\GLMZW1IJ\drf1188294771[1].htm.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/18
[INFO] The file was moved to '47bb5d4f.qua'!
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5

\GLMZW1IJ\drf1188402318[1].htm.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/18
[INFO] The file was moved to '467d3898.qua'!
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\K92RCPY7

\drf1189165247[1].htm.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/15102
[INFO] The file was moved to '47bb5d62.qua'!
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\K92RCPY7

\drf1189428942[1].htm.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/15102
[INFO] The file was moved to '467d38ab.qua'!
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5

\O5EBC5IJ\drf1187953892[1].htm.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/18
[INFO] The file was moved to '47bb5d8e.qua'!
C:\Programmi\Windows NT\AGD.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ahh.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\AJm.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\AjR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\aMf.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\aOD.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\AoQ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ARE.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\AsI.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\AVA.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\avCrD.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\avXpdk.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\awu.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\AYKQfc.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\bap.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\BCh.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\BCSpfs.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Bcx.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\BdTvEo.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Bhi.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\binyS.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\BLR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\boLX.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\BoUa.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\BpOzPP.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\BuT.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\bzU.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\cAJo.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\cbiK.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\cbKFX.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\CbR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Cck.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\CDi.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ceWQqF.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\CKcO.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\CnBxvL.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\cpX.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\CsF.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Cud.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\cxL.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\DCvRpt.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\deXZZ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\deZJe.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\DFEK.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\dKh.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\dmObfl.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Dqx.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\dvq.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\dwYRP.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\dXr.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\eEAtlP.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\eIa.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\eIS.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ejsik.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\EKR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\emfzm.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\EocKmo.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ePG.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\eqG.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\EQX.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\EUL.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\eWk.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Fbv.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\fDCQ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\FdX.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\FeU.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\FHAuh.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\FHjp.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\fjrkr.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\FMG.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\fSW.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\fvF.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\fWydEI.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Gbi.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\GCq.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\GJySQO.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Gtb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\GWdipP.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\gyb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\GYLSOF.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\GzS.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\GZtiv.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\HbaR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\hCb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\hdT.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\HfH.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\HfT.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\hnK.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\hsA.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\hTttZS.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\hUTvK.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\hVU.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\hvVNj.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\HxHL.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\IAf.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ibgZ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\iEx.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\iexE.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\IFB.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\iGv.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\iHCfF.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ilMD.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\inF.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\INkAvd.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\iNU.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ipH.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\iPslt.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\iQn.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\iUhikP.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Ixq.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\IyhN.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\JdBhx.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\JEB.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\jFkSmR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\jFs.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\jge.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\jJUK.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\JMzRO.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\jPo.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\jRDjc.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\JxJ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\KAh.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\kIA.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Kib.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\KisOg.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\KKi.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\KtsJ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\KuGQ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\KVA.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\lAs.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\LdpWrE.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\lER.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\lfT.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\LiIK.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\LKf.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\LNb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\lnNys.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\LPXAmM.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\lqO.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\lRl.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\lUR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\LxU.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\maH.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\MBiY.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Mef.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\mGqW.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\MgvIiR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\MHh.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\mih.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\mJR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\MLqMjx.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\mMb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\mop.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Moqz.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\MPfaLs.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\mRh.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\MTdPgR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\MUIk.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\MUv.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\MVX.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\mwOHKT.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\mYJ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\MYl.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\mZk.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\NbA.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\nccD.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\NCCH.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ncl.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ndP.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Nfq.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\nIc.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\NKm.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\NkU.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\nLO.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\NLZ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\nmcM.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\nmN.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\nnN.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\NOrn.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\nRMnA.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\NSM.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\NvU.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\nvvo.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\NYX.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\NZD.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\nZL.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\nZPEaf.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\oBc.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\OcR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\OepR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\OHf.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\olGIk.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\oltGM.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ONAXlB.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\onT.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\OqpDPF.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\oQzJb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\osu.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Owb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\OWGhd.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ozO.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ozSIj.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\pAr.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\pAy.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\pdnhh.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\PEsLC.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\PfNoz.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\PGCu.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\pKULK.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\plO.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\pRjR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\pVk.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\PvS.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\PWAsid.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\PxD.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\PZImyj.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\pZXznb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Qbj.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\qcfA.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\QCRsb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Qda.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\QiDCrW.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\qKHW.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\QMJUbX.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\qok.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Qpb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\QPhRj.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\QRl.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\qXIQ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\qYD.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\QZS.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\rarWQE.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\RBPe.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\rCj.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\RdE.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\RfUCW.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\rGK.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\riI.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\RinGo.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\RIs.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\RkV.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\rLg.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\rnsF.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\RqTT.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\RQzyv.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\rrf.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\rsyfs.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\rzc.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\SHf.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\skALUq.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\skMW.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\SOwTS.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\SpJv.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ssb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\staMr.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\StsUK.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\sWervu.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\sWg.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\sWY.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\SxtWc.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Tbn.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\tBr.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\tGBYn.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\tge.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\tGM.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\tjRsE.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\tKj.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\tkN.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\TlM.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\tNVS.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\TOMWx.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\TrHMM.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\tSdEfL.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\TUCX.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\TyCnav.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\tyos.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\tZEkuo.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\uba.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\UfTJEW.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ukT.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\UNmuRq.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\UpC.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\UTG.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\UYDKp.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\uyKfiT.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\UzYAWM.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\vANzF.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\VBK.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\vCU.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\vgm.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\vGuu.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Vij.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\VMZ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\vOn.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\voR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\vQCaUO.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\VrtZOM.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\vtS.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\vtV.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Vtwh.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\VTZ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\vum.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\vVF.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\vwy.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\vyd.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\VyK.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\waFd.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\WbE.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\wdD.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\WEpd.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\WhPwt.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\WkB.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\WkE.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\WoSRcb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\WSgu.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\wTP.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\wvNGpI.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\WWdKlr.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\WxbwFz.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Xai.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\XCELhT.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\XcG.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\XdY.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\xeCbn.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\xee.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\xFK.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\xhmhq.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\XIX.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\XLiR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\XLT.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\xMOg.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\xNc.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\xpPSw.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\XSCIb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\xxsFIJ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\XYR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\XZN.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\yal.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\YcS.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ygc.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\yGo.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\YMB.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\YOr.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\YrVlED.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ySt.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\YuS.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\YvI.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\YvIE.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\yYEj.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\yYHl.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ZCqNa.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Zfb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ZfCi.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\zgA.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ZHu.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ziE.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ZKQgQ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ZkW.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\zlX.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Znz.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ZpM.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\zQb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\zWt.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\zyxqE.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ZZfqwM.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ZZrAK.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\zZyfWE.exe
[WARNING] The file could not be opened!
C:\WINDOWS\1B.tmp
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '47835fdb.qua'!
C:\WINDOWS\2A.tmp
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '47835fda.qua'!
C:\WINDOWS\40.tmp
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '47835fc9.qua'!
C:\WINDOWS\cat_9d_40e0.exe
[DETECTION] Is the Trojan horse TR/Agent.EJ.DLL
[INFO] The file was moved to '47c95ffb.qua'!
C:\WINDOWS\comm.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Beastdoor.IP Backdoor server

programs
[INFO] The file was moved to '47c2600a.qua'!
C:\WINDOWS\fw_304.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47b46013.qua'!
C:\WINDOWS\gcac.exe
[DETECTION] Is the Trojan horse TR/Dldr.Age.29638.A
[INFO] The file was moved to '47b65fff.qua'!
C:\WINDOWS\hosts
[DETECTION] Is the Trojan horse TR/AntiHosts.Gen
[INFO] The file was moved to '47c8600c.qua'!
C:\WINDOWS\sevchost.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.IS.6
[INFO] The file was moved to '47cb6007.qua'!
C:\WINDOWS\bak\gcac.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ZD
[INFO] The file was moved to '47b6606c.qua'!
C:\WINDOWS\bak\__p9hEPQkbj.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ZF.15
[INFO] The file was moved to '47c56068.qua'!
C:\WINDOWS\Downloaded Program Files\61AE622.exe
[DETECTION] Contains code of the DIALER.TR/Spy.12728 virus
[INFO] The file was moved to '47966045.qua'!
C:\WINDOWS\Downloaded Program Files\AUTO_296_N.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.343
[INFO] The file was moved to '47a96069.qua'!
C:\WINDOWS\Downloaded Program Files\AUTO_340N.exe
[DETECTION] Is the Trojan horse TR/Dialer.ON.47
[INFO] The file was moved to '466b2fc2.qua'!
C:\WINDOWS\Downloaded Program Files\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '47b6607e.qua'!
C:\WINDOWS\Downloaded Program Files\gru.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/302519
[INFO] The file was moved to '47ca6087.qua'!
C:\WINDOWS\Downloaded Program Files\sgru.exe
[DETECTION] Is the Trojan horse TR/TZone.A.8
[INFO] The file was moved to '47c7607c.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\61AE622.exe
[DETECTION] Contains code of the DIALER.TR/Spy.12728 virus
[INFO] The file was moved to '47966047.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\AUTO_296_N.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.343
[INFO] The file was moved to '47a9606b.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\AUTO_340N.exe
[DETECTION] Is the Trojan horse TR/Dialer.ON.47
[INFO] The file was moved to '466a355c.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '47b66080.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gru.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/302519
[INFO] The file was moved to '47ca6089.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\sgru.exe
[DETECTION] Is the Trojan horse TR/TZone.A.8
[INFO] The file was moved to '47c7607e.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '467535b1.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '47b66081.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.12\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '467535b2.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.13\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '47b66083.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.14\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '47b66082.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.15\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '467535b3.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.16\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '47b66084.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.17\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '467535b5.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.18\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '467535b4.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.19\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '47b66085.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\AUTO_340N.exe
[DETECTION] Is the Trojan horse TR/Dialer.ON.47
[INFO] The file was moved to '47a9606f.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '467535b6.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\sgru.exe
[DETECTION] Is the Trojan horse TR/TZone.A.8
[INFO] The file was moved to '47c76082.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.20\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '47b66086.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.21\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '467535b7.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.22\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '47b66087.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.23\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '467535b8.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.24\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '47b66089.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.25\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '467535ba.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.26\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '47b66088.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.27\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '467535b9.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.28\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '47b6608a.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.29\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '467535bb.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '47b6608b.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.30\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '467535bc.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '47b6608d.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '467535be.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '47b6608c.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '467535bd.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '47b6608e.qua'!
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\dialere.exe
[DETECTION] Is the Trojan horse TR/Dialer.OG.2
[INFO] The file was moved to '467535bf.qua'!
C:\WINDOWS\system32\aibc.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[INFO] The file was moved to '47b76167.qua'!
C:\WINDOWS\system32\beyr.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.178
[INFO] The file was moved to '47ce6165.qua'!
C:\WINDOWS\system32\bsjabv.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[INFO] The file was moved to '47bf6174.qua'!
C:\WINDOWS\system32\googlesensor.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\gvfpvkrp.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.178
[INFO] The file was moved to '47bb6182.qua'!
C:\WINDOWS\system32\iugyfbp.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.178
[INFO] The file was moved to '47bc6186.qua'!
C:\WINDOWS\system32\jerdbtq.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.178
[INFO] The file was moved to '47c76177.qua'!
C:\WINDOWS\system32\jgsu.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.178
[INFO] The file was moved to '47c86179.qua'!
C:\WINDOWS\system32\lomymev.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[INFO] The file was moved to '47c26184.qua'!
C:\WINDOWS\system32\lxbjp.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.178
[INFO] The file was moved to '47b7618e.qua'!
C:\WINDOWS\system32\qxkbxst.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.178
[INFO] The file was moved to '47c0619b.qua'!
C:\WINDOWS\system32\rpslczdx.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.178
[INFO] The file was moved to '47c86194.qua'!
C:\WINDOWS\system32\sywexd.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[INFO] The file was moved to '47cc61a2.qua'!
C:\WINDOWS\system32\uqkxd.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[INFO] The file was moved to '47c0619c.qua'!
C:\WINDOWS\system32\vbiiftcr.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.178
[INFO] The file was moved to '47be618e.qua'!
C:\WINDOWS\system32\viaa.dll
[DETECTION] Is the Trojan horse TR/Agent.aju.2
[INFO] The file was moved to '47b66196.qua'!
C:\WINDOWS\system32\wcyuqp.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.178
[INFO] The file was moved to '47ce6190.qua'!
C:\WINDOWS\system32\wguwb.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.178
[INFO] The file was moved to '47ca6195.qua'!
C:\WINDOWS\system32\xgesgwyi.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.178
[INFO] The file was moved to '47ba619a.qua'!
C:\WINDOWS\system32\ydysv.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[INFO] The file was moved to '47ce6197.qua'!
C:\WINDOWS\system32\zgefex.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[INFO] The file was moved to '47ba619b.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.msn
[DETECTION] Is the Trojan horse TR/AntiHosts.Gen
[INFO] The file was moved to '47c861b8.qua'!
C:\WINDOWS\Temp\afer1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Age.29638.A
[INFO] The file was moved to '47ba61ed.qua'!
C:\WINDOWS\Temp\bak\afer1.exe
[DETECTION] Is the Trojan horse TR/Agent.XJ.67
[INFO] The file was moved to '47ba61ee.qua'!


End of the scan: martedì 4 dicembre 2007 15:17
Used time: 29:33 min

The scan has been done completely.

3826 Scanning directories
166758 Files were scanned
93 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
93 files were moved to quarantine
0 files were renamed
370 Files cannot be scanned
166665 Files not concerned
1120 Archives were scanned
370 Warnings
0 Notes
Ultima modifica di wolly76 il mer dic 05, 2007 8:25 pm, modificato 1 volta in totale.
"Se le auto funzionassero come i software, si bloccherebbero due volte al giorno senza motivo e l'unica soluzione sarebbe reinstallare il motore"
Avatar utente
wolly76
Senior Member
Senior Member
 
Messaggi: 354
Iscritto il: gio gen 04, 2007 2:54 pm
Località: C:\WINDOWS

Messaggioda ste_95 » mar dic 04, 2007 3:31 pm

Sembra che tutto quello che antivir ha trovato ha eliminato, hai provato a fare partire ora hijackthis?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda Robby78 » mar dic 04, 2007 3:34 pm

vendilo a crazy cat per farci il test antivirus 2008!!
Povera patria! Schiacciata dagli abusi del potere di gente infame, che non sa cos'è il pudore - Franco Battiato
ricordati di pensare! - mia mamma
Avatar utente
Robby78
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3829
Iscritto il: gio gen 08, 2004 5:25 pm
Località: Emilia Romagna


Messaggioda ste_95 » mar dic 04, 2007 3:37 pm

Robby78 ha scritto:vendilo a crazy cat per farci il test antivirus 2008!!


Ma no, crazy ha una riserva segreta di demoni infestanti!! [devil]

[rotolo]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda wolly76 » mar dic 04, 2007 3:38 pm

si ma non ne vuole sapere di partire ho provato anche con gmer caso mai ci fosse qualche rootkit ma anche quet'ultimo non parte.
ho installato ccleaner e gli ho fatto fare un po di pulizia nei file temporanei
poi gli ho fatto fare una passata con asquared ma la situazione non migliora
"Se le auto funzionassero come i software, si bloccherebbero due volte al giorno senza motivo e l'unica soluzione sarebbe reinstallare il motore"
Avatar utente
wolly76
Senior Member
Senior Member
 
Messaggi: 354
Iscritto il: gio gen 04, 2007 2:54 pm
Località: C:\WINDOWS

Messaggioda crazy.cat » mar dic 04, 2007 3:43 pm

ste_95 ha scritto:Ma no, crazy ha una riserva segreta di demoni infestanti!! [devil]

Ormai sono fisso da un cliente dove non arrivano virus.

Prima del prossimo test bisognerà che qualche volontario del forum mi salvi i suoi virus e farmeli avere.

Si vede un rootkit gromozon/linkoptimizer prova ad installare virit e scansionare con quello e poi prova systemscan e comprimi il log che ne esce e lo alleghi alla discussione.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda ste_95 » mar dic 04, 2007 3:45 pm

crazy.cat ha scritto:
ste_95 ha scritto:Ma no, crazy ha una riserva segreta di demoni infestanti!! [devil]

Ormai sono fisso da un cliente dove non arrivano virus.

Prima del prossimo test bisognerà che qualche volontario del forum mi salvi i suoi virus e farmeli avere.


Io tutti quelli che becco dal P2P e simili me li tengo....faremo uno scambio...!

FINE OT
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda wolly76 » mar dic 04, 2007 7:52 pm

Allora,
ho installato virit e facendo la scansione dice di aver rimosso il rootkit.
Ho provato a scaricare systemscan ma appena google me lo trovava nella ricerca la pagina di internet si spegneva....(sto pc mi fa morire dalle risate)
ora provo a scaricarlo a casa e domani quando torno a lavoro provo a fare lo scan ma ho il sospetto che come hijackthis anche questo non partirà.
Tra l'altro lo scan di antivir se lanciato da comando non funziona bisogna programmarlo e lui parte.... [rotfl] [rotfl] [rotfl]
Boh
Aiutatemi plssss ma che ci sono i fantsasmi in questo pc??? [:D] [:D] [:D]
Altra cosa strana:ogni volta che si spegne il computer dice di installare degli aggiornamenti..boh!!!!
"Se le auto funzionassero come i software, si bloccherebbero due volte al giorno senza motivo e l'unica soluzione sarebbe reinstallare il motore"
Avatar utente
wolly76
Senior Member
Senior Member
 
Messaggi: 354
Iscritto il: gio gen 04, 2007 2:54 pm
Località: C:\WINDOWS

Messaggioda Robby78 » mar dic 04, 2007 8:40 pm

dovresti anche cancellare tutti quei file ai quali antivir dice "cannot access" perché sono sicuramente sospetti, e lui non ha potuto eliminarli
Povera patria! Schiacciata dagli abusi del potere di gente infame, che non sa cos'è il pudore - Franco Battiato
ricordati di pensare! - mia mamma
Avatar utente
Robby78
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3829
Iscritto il: gio gen 08, 2004 5:25 pm
Località: Emilia Romagna

Messaggioda ste_95 » mar dic 04, 2007 8:43 pm

Prova a seguire questa guida:

http://www.MegaLab.it/2615
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda wolly76 » mar dic 04, 2007 9:34 pm

ok proverò con la guida.
Che dite se rinomino hijackthis me lo fa partire???
Magari con un log sapreste individuare meglio i problemi.
"Se le auto funzionassero come i software, si bloccherebbero due volte al giorno senza motivo e l'unica soluzione sarebbe reinstallare il motore"
Avatar utente
wolly76
Senior Member
Senior Member
 
Messaggi: 354
Iscritto il: gio gen 04, 2007 2:54 pm
Località: C:\WINDOWS

Messaggioda ste_95 » mar dic 04, 2007 9:41 pm

Puoi provare, ma se il trojan è abbastnza furbo, esegue un'analisi del programma e verifica quale stai mandando in esecuzione, indipendentemente dal nome...
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda wolly76 » mer dic 05, 2007 10:16 am

Aggiungendi i privilegi debug sono riuscito a far partire systemscan, gli date un occhiata per favore???
Aspetto vostre istruzioni
"Se le auto funzionassero come i software, si bloccherebbero due volte al giorno senza motivo e l'unica soluzione sarebbe reinstallare il motore"
Avatar utente
wolly76
Senior Member
Senior Member
 
Messaggi: 354
Iscritto il: gio gen 04, 2007 2:54 pm
Località: C:\WINDOWS

Messaggioda wolly76 » mer dic 05, 2007 12:26 pm

Disabilitando da taskmanager il programma googlesensor sono riuscito a far partire hijackthis posto il log, help me pls...


Logfile of HijackThis v1.99.1
Scan saved at 11.52.40, on 05/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Administrator\Desktop\pcpane\toolsantirootkit\_a_i_g_i_a_c_k_t_h_i_s.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0410/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\__p9hEPQkbj.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\windows\__p9hepqkbj.exe,"c:\windows\system32\googlesensor.exe",
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {0FDDD9AD-533B-42A3-5815-04F155B389D8} - C:\WINDOWS\ayobd1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HDAudio Driver 1.0] C:\WINDOWS\system32\suyukxpn.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: www.adslconnection.name
O15 - Trusted Zone: www.archivio.name
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: *.energy-factor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O15 - Trusted Zone: *.hardfootballbabes.com
O15 - Trusted Zone: www.hastalavista.it
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.otherchance.com
O15 - Trusted Zone: www.pornoaccesso.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.softlab.name
O15 - Trusted Zone: www.superspots.biz
O15 - Trusted Zone: www.xbeta69.com
O15 - Trusted Zone: www.xxx-content.name
O17 - HKLM\System\CCS\Services\Tcpip\..\{01A84781-9D8E-408D-8159-0719622B108A}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{01A84781-9D8E-408D-8159-0719622B108A}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfcoi - igfcoi.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
"Se le auto funzionassero come i software, si bloccherebbero due volte al giorno senza motivo e l'unica soluzione sarebbe reinstallare il motore"
Avatar utente
wolly76
Senior Member
Senior Member
 
Messaggi: 354
Iscritto il: gio gen 04, 2007 2:54 pm
Località: C:\WINDOWS

Messaggioda ste_95 » mer dic 05, 2007 2:18 pm

Già da HiJack di cose se ne vedono e non poche...Allora:

Fixa queste voci:

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\__p9hEPQkbj.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\windows\__p9hepqkbj.exe,"c:\windows\system32\googlesensor.exe",
O2 - BHO: Class - {0FDDD9AD-533B-42A3-5815-04F155B389D8} - C:\WINDOWS\ayobd1.dll (file missing)
O3 - Toolbar: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O15 - Trusted Zone: www.adslconnection.name
O15 - Trusted Zone: www.archivio.name
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: *.energy-factor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O15 - Trusted Zone: *.hardfootballbabes.com
O15 - Trusted Zone: www.hastalavista.it
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.otherchance.com
O15 - Trusted Zone: www.pornoaccesso.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.softlab.name
O15 - Trusted Zone: www.superspots.biz
O15 - Trusted Zone: www.xbeta69.com
O15 - Trusted Zone: www.xxx-content.name
O20 - Winlogon Notify: igfcoi - igfcoi.dll (file missing)

Poi esegui queste istruzioni:

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\WINDOWS\__p9hEPQkbj.exe
C:\windows\__p9hepqkbj.exe
C:\windows\system32\googlesensor.exe
C:\WINDOWS\ayobd1.dll


Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Posta un nuovo log di hijackthis
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda wolly76 » mer dic 05, 2007 3:25 pm

Allora ho eseguito le istruzioni ed ora posto i log, c'è ancora una cosa che non mi è chiara quando apro internet explorer ci mette almeno 2 minuti di orologio per partire dopo di chè va tranquillamente, riusciamo a risolvere anche questo???


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tdpasbjc

*******************

Script file located at: \??\C:\crnrgrsl.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\__p9hEPQkbj.exe not found!
Deletion of file C:\WINDOWS\__p9hEPQkbj.exe failed!

Could not process line:
C:\WINDOWS\__p9hEPQkbj.exe
Status: 0xc0000034



File C:\windows\__p9hepqkbj.exe not found!
Deletion of file C:\windows\__p9hepqkbj.exe failed!

Could not process line:
C:\windows\__p9hepqkbj.exe
Status: 0xc0000034

File C:\windows\system32\googlesensor.exe deleted successfully.


File C:\WINDOWS\ayobd1.dll not found!
Deletion of file C:\WINDOWS\ayobd1.dll failed!

Could not process line:
C:\WINDOWS\ayobd1.dll
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.



Mentre questo è il log di hijackthis:


Logfile of HijackThis v1.99.1
Scan saved at 15.21.40, on 05/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\pcpane\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0410/bl8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HDAudio Driver 1.0] C:\WINDOWS\system32\suyukxpn.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{01A84781-9D8E-408D-8159-0719622B108A}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{08CFA14A-438A-458B-B0C8-048E69102E78}: NameServer = 62.211.69.150 212.48.4.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{01A84781-9D8E-408D-8159-0719622B108A}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
"Se le auto funzionassero come i software, si bloccherebbero due volte al giorno senza motivo e l'unica soluzione sarebbe reinstallare il motore"
Avatar utente
wolly76
Senior Member
Senior Member
 
Messaggi: 354
Iscritto il: gio gen 04, 2007 2:54 pm
Località: C:\WINDOWS

Messaggioda crazy.cat » mer dic 05, 2007 3:38 pm

controlla se hai questo file nel pc
O4 - HKLM\..\Run: [HDAudio Driver 1.0] C:\WINDOWS\system32\suyukxpn.exe
e fallo analizzare sul sito www.virustotal.com e vedi di cosa si tratta
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda ste_95 » mer dic 05, 2007 3:39 pm

Vedo un'altra voce non tanto carina...

Puoi fare scansionare su www.virustotal.com questo file e poi postarne il log:

C:\WINDOWS\system32\suyukxpn.exe
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda wolly76 » mer dic 05, 2007 3:52 pm

Non lo riesco a trovare nè nella cartella system32 nè in ricerca file!!!
Che faccio??
"Se le auto funzionassero come i software, si bloccherebbero due volte al giorno senza motivo e l'unica soluzione sarebbe reinstallare il motore"
Avatar utente
wolly76
Senior Member
Senior Member
 
Messaggi: 354
Iscritto il: gio gen 04, 2007 2:54 pm
Località: C:\WINDOWS

Messaggioda ste_95 » mer dic 05, 2007 3:54 pm

Allora puoi fixare anche questa voce:

O4 - HKLM\..\Run: [HDAudio Driver 1.0] C:\WINDOWS\system32\suyukxpn.exe
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 18 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising