da Sem93 » lun lug 13, 2009 5:22 pm
Trovato,si è creato dopo la scansione.
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\sources\OEM\Recovery\User\Recovery.exe
C:\Documents and Settings\Samuele\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Samuele\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Samuele\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Samuele\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
--------------- [ Infected files / folders ] ----------------
»»»» Presence Files in C:
»»»» Presence Files in C:\WINDOWS
»»»» Presence Files in C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\109281.EXE-191456EA.pf
Found ! - C:\WINDOWS\prefetch\82265.EXE-037C9C52.pf
Found ! - C:\WINDOWS\prefetch\90390.EXE-1D69DFC3.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-0B3D78B6.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
»»»» Presence Files in C:\WINDOWS\system32
Found ! [13/07/2009 18.20] - C:\WINDOWS\system32\mdelk.exe
Found ! [13/07/2009 18.20] - C:\WINDOWS\system32\wintems.exe
»»»» Presence Files in C:\WINDOWS\system32\drivers
»»»» Presence Files in C:\Documents and Settings\Samuele\Dati applicazioni
Found ! [13/07/2009 18.19] - "C:\Documents and Settings\Samuele\Dati applicazioni\m\flec006.exe"
Found ! [13/07/2009 18.20] - "C:\Documents and Settings\Samuele\Dati applicazioni\m\list.oct"
Found ! [13/07/2009 18.13] - "C:\Documents and Settings\Samuele\Dati applicazioni\m\shared"
Found ! [13/07/2009 18.20] - "C:\Documents and Settings\Samuele\Dati applicazioni\m"
»»»» Presence Files in C:\DOCUME~1\Samuele\IMPOST~1\Temp
»»»» Presence Files in C:\Documents and Settings\Samuele\Local Settings\Temporary Internet Files\Content.IE5
Found ! [30/06/2009 10.38] - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
Found ! [13/07/2009 01.16] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\2E8KWSAZ\b64[1].jpg
Found ! [13/07/2009 10.40] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\2E8KWSAZ\b64[2].jpg
Found ! [13/07/2009 14.56] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\2E8KWSAZ\b64_1[1].jpg
Found ! [13/07/2009 01.16] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\2E8KWSAZ\b64_3[1].jpg
Found ! [13/07/2009 01.25] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\2E8KWSAZ\b64_3[2].jpg
Found ! [13/07/2009 10.47] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\2E8KWSAZ\b64_3[3].jpg
Found ! [13/07/2009 14.51] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\2E8KWSAZ\b64_3[4].jpg
Found ! [13/07/2009 10.42] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\CGZIJL78\b64[1].jpg
Found ! [13/07/2009 18.21] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\CGZIJL78\b64[2].jpg
Found ! [13/07/2009 14.51] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\CGZIJL78\b64_1[1].jpg
Found ! [13/07/2009 01.18] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\CGZIJL78\b64_3[1].jpg
Found ! [13/07/2009 01.21] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\CGZIJL78\b64_3[2].jpg
Found ! [13/07/2009 10.40] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\CGZIJL78\b64_3[3].jpg
Found ! [13/07/2009 14.53] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\CGZIJL78\b64_3[4].jpg
Found ! [13/07/2009 10.47] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\CGZIJL78\b64_6[1].jpg
Found ! [13/07/2009 14.56] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\CGZIJL78\b64_6[2].jpg
Found ! [13/07/2009 01.18] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\CWZ1MRYV\b64[1].jpg
Found ! [13/07/2009 01.16] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\CWZ1MRYV\b64_3[1].jpg
Found ! [13/07/2009 10.42] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\CWZ1MRYV\b64_3[2].jpg
Found ! [13/07/2009 18.21] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\CWZ1MRYV\b64_3[3].jpg
Found ! [13/07/2009 14.51] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\TON3EYK9\b64[1].jpg
Found ! [13/07/2009 18.19] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\TON3EYK9\b64[2].jpg
Found ! [13/07/2009 01.16] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\TON3EYK9\b64_1[1].jpg
Found ! [13/07/2009 01.21] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\TON3EYK9\b64_1[2].jpg
Found ! [13/07/2009 10.40] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\TON3EYK9\b64_1[3].jpg
Found ! [13/07/2009 10.48] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\TON3EYK9\b64_1[4].jpg
Found ! [13/07/2009 18.19] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\TON3EYK9\b64_1[5].jpg
Found ! [13/07/2009 10.40] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\TON3EYK9\b64_3[1].jpg
Found ! [13/07/2009 14.56] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\TON3EYK9\b64_3[2].jpg
Found ! [13/07/2009 01.21] - C:\Documents and Settings\Samuele\Impostazioni locali\Temporary Internet Files\Content.IE5\TON3EYK9\b64_6[1].jpg
--------------- [ Registry / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
OlidataRecovery=c:\sources\OEM\Recovery\User\Recovery.exe 120
Skype="C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
Google Update="C:\Documents and Settings\Samuele\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
msnmsgr="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
IgfxTray=C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
Persistence=C:\WINDOWS\system32\igfxpers.exe
RTHDCPL=RTHDCPL.EXE
Alcmtr=ALCMTR.EXE
Adobe Reader Speed Launcher="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NeroFilterCheck=C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
UnlockerAssistant=C:\Programmi\Unlocker\UnlockerAssistant.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\key_generator]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registry / Infected keys ] ----------------
Found ! - HKEY_USERS\S-1-5-21-2575856821-1387995726-446612659-1008\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-2575856821-1387995726-446612659-1008\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
--------------- [ States / Services ] ----------------
Missing key : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- boot mode not available !!
Missing key : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
- boot mode not available !!
Missing key : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
- boot mode not available !!
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
/!\ Ndisuio - Type of startup = 4
EapHost - Type of startup = 3
/!\ Ip6Fw - Type of startup = 4
/!\ SharedAccess - Type of startup = 4
/!\ wuauserv - Type of startup = 4
/!\ wscsvc - Type of startup = 4
--------------- [ Searching in removable drives ] ----------------
+- Informations :
C: - Unit… fissa
R: - Unit… fissa
+- Contents of autorun : R:\autorun.inf
[autorun]
OPEN=setupSNK.exe
ICON=\SMRTNTKY\fcw.ico
ACTION=Installazione guidata rete senza fili
+- Presence of files :
Found ! [06/07/2009 17.05][--a------] - R:\autorun.inf
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
------------------- ! End of report ! --------------------
cosa devo fare?