Sono nuovo del forum e dato che mi sono imbattuto anche io in un simpatico "rootkit" ho deciso di chiedere un vostro preziosissimo supporto.
Vi allego il log di HJ e dell'online scanner di KAV:
------------------ HJ-------------------
Logfile of HijackThis v1.99.1
Scan saved at 10.21.36, on 31/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Acronis\TrueImageWorkstation\TimounterMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\DU Meter\DUMeter.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\K9\K9.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\DU Meter\DUMeterSvc.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\No-IP\DUC20.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\UltraVNC\WinVNC.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\LoveDreamer\Desktop\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Programmi\Creative SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [DU Meter] C:\Programmi\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Startup: Launch K9.lnk = C:\Programmi\K9\K9.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8882443468
O17 - HKLM\System\CCS\Services\Tcpip\..\{058D4079-20AF-44CD-9BD4-BFEDFC556EC6}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{058D4079-20AF-44CD-9BD4-BFEDFC556EC6}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{058D4079-20AF-44CD-9BD4-BFEDFC556EC6}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Programmi\DU Meter\DUMeterSvc.exe
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Programmi\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Update Center (Windows Update Center) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmi\UltraVNC\WinVNC.exe" -service (file missing)
----------------------------- KAV --------------------------------
Monday, December 31, 2007 10:01:08 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/12/2007
Kaspersky Anti-Virus database records: 500579
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
H:\
I:\
Scan Statistics
Total number of scanned objects 75054
Number of viruses found 23
Number of infected objects 57
Number of suspicious objects 0
Duration of the scan process 01:51:50
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Hagel Technologies\DU Meter\DUMeter.sqb Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LoveDreamer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LoveDreamer\Dati applicazioni\K9\Emails\DB\debug.txt Object is locked skipped
C:\Documents and Settings\LoveDreamer\Dati applicazioni\K9\Emails\DB\ProxyLog.txt Object is locked skipped
C:\Documents and Settings\LoveDreamer\Dati applicazioni\K9\Emails\DB\sessions.txt Object is locked skipped
C:\Documents and Settings\LoveDreamer\Desktop\Documenti LoveDreamer\Impostazioni locali\Temp\stdmemio.sys Infected: Rootkit.Win32.Small.b skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Cronologia\History.IE5\MSHist012007123120080101\index.dat Object is locked skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\LoveDreamer\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LoveDreamer\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LoveDreamer\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LoveDreamer\UserData\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\FreePOPs\log.txt Object is locked skipped
C:\Programmi\FreePOPs\stderr.txt Object is locked skipped
C:\Programmi\FreePOPs\stdout.txt Object is locked skipped
C:\Programmi\No-IP\Service.log Object is locked skipped
C:\Programmi\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\Programmi\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
C:\Programmi\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_528.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\Archivio\Programmi\Comunication\UltraVNC-102-Setup.exe/file04 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
D:\Archivio\Programmi\Comunication\UltraVNC-102-Setup.exe/file05 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
D:\Archivio\Programmi\Comunication\UltraVNC-102-Setup.exe/file34 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
D:\Archivio\Programmi\Comunication\UltraVNC-102-Setup.exe Inno: infected - 3 skipped
D:\Archivio\Programmi\Copy\Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE.rar/Setup/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Archivio\Programmi\Copy\Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE.rar/Setup/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Archivio\Programmi\Copy\Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE.rar/Setup/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Archivio\Programmi\Copy\Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE.rar RAR: infected - 3 skipped
D:\Archivio\Programmi\Internet\Chat\BDevil5.exe/bdevil.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.602 skipped
D:\Archivio\Programmi\Internet\Chat\BDevil5.exe Vise: infected - 1 skipped
D:\Archivio\Programmi\Internet\Chat\mIRC_v6.12.zip/mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
D:\Archivio\Programmi\Internet\Chat\mIRC_v6.12.zip/mirc612.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
D:\Archivio\Programmi\Internet\Chat\mIRC_v6.12.zip ZIP: infected - 2 skipped
D:\Archivio\Programmi\iPod\Data Doctor Recovery Ipod 2.0.1.5.zip/Data Doctor Recovery iPod 2.0.1.5.exe Infected: Email-Worm.Win32.Bagle.hp skipped
D:\Archivio\Programmi\iPod\Data Doctor Recovery Ipod 2.0.1.5.zip ZIP: infected - 1 skipped
D:\Archivio\Programmi\Mix\Programas Exclusivos Para Dj (Dss Dj 5.0, Mixvibes, Soundforge, Goldwave, Tracktor E Outros).rar/Programas exclusivos para DJ/PCDJ Silver Mixmaster/PCDJ Silver Mixmaster.exe Infected: not-a-virus:AdWare.Win32.TimeSink.d skipped
D:\Archivio\Programmi\Mix\Programas Exclusivos Para Dj (Dss Dj 5.0, Mixvibes, Soundforge, Goldwave, Tracktor E Outros).rar RAR: infected - 1 skipped
D:\Archivio\Programmi\Passwords Tools\Advanced Password Recovery - (Ace,Excel,Pdf,Zip,Icq,Rar,Access,Office,Outlook).rar/AdvPassw/Advanced Rar Password Recovery v1.11/DISTINCT.RAR/setup.exe/WISE0039.BIN Infected: not-a-virus:PSWTool.Win32.OEPass.b skipped
D:\Archivio\Programmi\Passwords Tools\Advanced Password Recovery - (Ace,Excel,Pdf,Zip,Icq,Rar,Access,Office,Outlook).rar/AdvPassw/Advanced Rar Password Recovery v1.11/DISTINCT.RAR/setup.exe Infected: not-a-virus:PSWTool.Win32.OEPass.b skipped
D:\Archivio\Programmi\Passwords Tools\Advanced Password Recovery - (Ace,Excel,Pdf,Zip,Icq,Rar,Access,Office,Outlook).rar/AdvPassw/Advanced Rar Password Recovery v1.11/DISTINCT.RAR Infected: not-a-virus:PSWTool.Win32.OEPass.b skipped
D:\Archivio\Programmi\Passwords Tools\Advanced Password Recovery - (Ace,Excel,Pdf,Zip,Icq,Rar,Access,Office,Outlook).rar RAR: infected - 3 skipped
D:\Archivio\Programmi\Sistema\RevelationV2.zip/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
D:\Archivio\Programmi\Sistema\RevelationV2.zip/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
D:\Archivio\Programmi\Sistema\RevelationV2.zip/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
D:\Archivio\Programmi\Sistema\RevelationV2.zip ZIP: infected - 3 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Realtime Spy/realtimespysetup.exe/RTS.exe Infected: Trojan-Downloader.Win32.SpyAgent.a skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Realtime Spy/realtimespysetup.exe/RTSConfig.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.g skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Realtime Spy/realtimespysetup.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.g skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spy Agent v4.3/SpyAgent4.exe/SystemSA32.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.b skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spy Agent v4.3/SpyAgent4.exe/Deploy.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.43302 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spy Agent v4.3/SpyAgent4.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.43302 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/SpyAnywhere v2.12/fullspyanywhere.exe/NoServer.exe Infected: not-a-virus:RemoteAdmin.Win32.SpyAnywhere.e skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/SpyAnywhere v2.12/fullspyanywhere.exe Infected: not-a-virus:RemoteAdmin.Win32.SpyAnywhere.e skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Security 2003/SW2003.exe/SpyAgent4.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.44103 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Security 2003/SW2003.exe/Deploy.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.43302 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Security 2003/SW2003.exe/SystemSA32.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.44103 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Security 2003/SW2003.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.44103 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/SpyTech NetVizor v4.00.04/NVClientInstallTrial.exe/SystemSA32N.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.c skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/SpyTech NetVizor v4.00.04/NVClientInstallTrial.exe/NTInvisible.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.44103 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/SpyTech NetVizor v4.00.04/NVClientInstallTrial.exe/svchost.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.d skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/SpyTech NetVizor v4.00.04/NVClientInstallTrial.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.d skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/SpyTech NetVizor v4.00.04/NVViewerInstall.exe/sbrowse.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.50003 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/SpyTech NetVizor v4.00.04/NVViewerInstall.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.50003 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe/SystemSA32.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.g skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe/Deploy.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.h skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe/NoStealth.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.60006 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe/YahooDLL.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.f skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe/sbrowse.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.g skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe/NTInvisible.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.44103 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe/driver-setup.exe Infected: Trojan.Win32.Pakes skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe/svchost.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.50003 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar/SpyTech/Spytech Spyagent 5.35/SpyAgent5FULL.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.50003 skipped
D:\Archivio\Programmi\Spy\Spy Agent.rar RAR: infected - 27 skipped
Scan process completed.
----------------------------------------------------------------------
Non fate troppo caso a tutti gli altri "virus" rilevati. Quelli sono "innoqui"!
Io direi che le voci interessanti sono quelle che ho evidenziato in grassetto.
Il comportamento è sempre il medesimo del Bagle.
- Disinstallazione dell'antivirus
- Impossibilità di reinstallazione di qualsiasi sw. per la sicurezza
- Windows Installer che va in loop dando l'errore 1304 "errore permessi"
Premetto che ho già tentato di esegiure un bel po' di script con The Avenger" da voi postati ma senza esito
Vi prego di farmi avere uno script che mi permetta di eliminare questo bastar***!!!!
Grazie 1000 per l'aiuto che sono sicurissimo non esiterete a darmi.
Ciao ciao a tutti