Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

troj dialer.qq

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

troj dialer.qq

Messaggioda Gazza » ven mar 02, 2007 1:58 pm

Ciao a tutti...Credo di essermi preso un virus.
Da ieri l'antivirus (pc-cillin internet security 12),continua ad avvisarmi della presenza di due minacce: dila_klone.g e troj_dialer.qq, inoltre ho problemi di navigazione lenta e spesso non riesco a caricare le pagine(riprovando però si caricano),ho fatto la scansione con hijackthis e ve la posto.
Potete darmi una mano per favore? non so neanche da dove cominciare...
Grazie!

PS. qualche mese fa mi ero beccato il trojan linkoptimizre, e ho dovuto formattare, spero non capiti ancora... [cry+]


Logfile of HijackThis v1.99.1
Scan saved at 12.56.11, on 02/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\Programmi\Trend Micro\Internet Security 12\pccguide.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programmi\PalickSoft\HDD Temperature\HDDTSvc.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\LClock\lclock.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Programmi\PalickSoft\HDD Temperature\HDDTemperature.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\DOCUME~1\Gianluca\IMPOST~1\Temp\RtkBtMnt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Gianluca\IMPOST~1\Temp\Rar$EX00.953\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmi\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [TransBar] C:\Documents and Settings\Gianluca\Impostazioni locali\Dati applicazioni\AKSoftware\TransBar\TransBar.exe /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\lclock.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: HDD temperature.lnk = C:\Programmi\PalickSoft\HDD Temperature\HDDTemperature.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b53083.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B14E6E9-0F9D-4374-A2D0-F75A311D2A0B}: NameServer = 151.99.125.2,151.99.0.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: 75.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhoo32 - C:\WINDOWS\SYSTEM32\winhoo32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Programmi\PalickSoft\HDD Temperature\HDDTSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Avatar utente
Gazza
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: gio gen 11, 2007 5:22 pm

Messaggioda crazy.cat » ven mar 02, 2007 2:06 pm

Un problema direi che è questo
O20 - Winlogon Notify: winhoo32 - C:\WINDOWS\SYSTEM32\winhoo32.dll

L'altro non si vede.
In quali file ti segnala il virus?
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Gazza » ven mar 02, 2007 2:13 pm

dunque

dial_klone.g è segnalato in C:\Documents and Settings\Gianluca\Impostazioni locali\Temporary Internet Files\Content.IE5\OAQSWLQ2\srvmfr[1].exe e anche in c:\WINDOWS\TEMP\win15.tmp

mentre troj dialer.qq in C:\Documents and Settings\Gianluca\Impostazioni locali\Temporary Internet Files\Content.IE5\OAQSWLQ2\srvmfr[1].exe e in C:\WINDOWS\TEMP\win4fe.tmp
Avatar utente
Gazza
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: gio gen 11, 2007 5:22 pm


Messaggioda crazy.cat » ven mar 02, 2007 2:16 pm

Prendi ccleaner e fagli fare pulizia, dovrebbe toglierti anche i due file infetti.
Fai sparire anche la dll che ti ho segnalato, usa unlocker o killbox, non è niente di buono da tenere sul pc.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Gazza » ven mar 02, 2007 2:19 pm

ok adesso eseguo e dopo pranzo ti faccio sapere grazie!
Avatar utente
Gazza
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: gio gen 11, 2007 5:22 pm

Messaggioda Gazza » ven mar 02, 2007 4:49 pm

niente da fare... sono tornati tutti e due...sia il trojan che il dialer.

pero è cambiato il percorso dive si trovano:

dial klone.g in C:\Documents and Settings\Gianluca\Impostazioni locali\Temporary internet files\Content.IE5\PFDEPMTF\srbkys[1].exe

troj dialer.qq in C:\Documents and Settings\Gianluca\Impostazioni locali\Temporary internet files\Content.IE5\S5ON9BNV\srviim[1].exe

e altre cose simili sempre con nomi che sembrano casuali (lo stesso percorso fino a ...\Content.IE5\)

cosa posso fare?
Avatar utente
Gazza
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: gio gen 11, 2007 5:22 pm

Messaggioda Amantide » ven mar 02, 2007 5:06 pm

Intanto fai la scansione con Kaspersky online e posta qui il report.

Per poter eliminare i file temporanei infetti, il CCleaner deve essere usato dalla modalità provvisoria perché non riesce ad eliminare i file in uso.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda Gazza » ven mar 02, 2007 5:09 pm

ok eseguo subito!

non sapevo di doverlo usare dalla modalita provvisoria, provvedero anche a questo finita la scansione di kaspersky
Avatar utente
Gazza
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: gio gen 11, 2007 5:22 pm

Messaggioda Gazza » ven mar 02, 2007 6:10 pm

fatto!

ecco il report di kaspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, March 02, 2007 5:07:35 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/03/2007
Kaspersky Anti-Virus database records: 259865
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 120144
Number of viruses found: 13
Number of infected objects: 109 / 0
Number of suspicious objects: 1
Duration of the scan process: 00:56:28

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\winhoo32.dll Infected: Trojan.Win32.Agent.qt skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{904E9BF4-9D68-42E7-8836-B2DD9AC01E8E}.crmlog Object is locked skipped
C:\WINDOWS\Temp\win4412.tmp.exe Suspicious: PECompact skipped
C:\WINDOWS\Temp\win7.tmp Object is locked skipped
C:\WINDOWS\Temp\win15.tmp Object is locked skipped
C:\WINDOWS\Temp\win24.tmp Object is locked skipped
C:\WINDOWS\Temp\win2416.tmp Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\LiveUpdate\2007-03-02_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\Gianluca\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Temp\~DFF899.tmp Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Temp\~DFF8B5.tmp Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Temp\~DF9B9.tmp Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Temp\~DF9C3.tmp Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Cronologia\History.IE5\MSHist012007030220070303\index.dat Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Temporary Internet Files\Content.IE5\93ONP2LQ\srvakv[1].exe Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Dati applicazioni\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\gag_ga@hotmail.it\real\members.stg Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\gag_ga@hotmail.it\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\xxwicvh1.Test\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\xxwicvh1.Test\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\xxwicvh1.Test\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Gianluca\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\xxwicvh1.Test\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Gianluca\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Gianluca\Dati applicazioni\Mozilla\Firefox\Profiles\xxwicvh1.Test\history.dat Object is locked skipped
C:\Documents and Settings\Gianluca\Dati applicazioni\Mozilla\Firefox\Profiles\xxwicvh1.Test\formhistory.dat Object is locked skipped
C:\Documents and Settings\Gianluca\Dati applicazioni\Mozilla\Firefox\Profiles\xxwicvh1.Test\parent.lock Object is locked skipped
C:\Documents and Settings\Gianluca\Dati applicazioni\Mozilla\Firefox\Profiles\xxwicvh1.Test\cert8.db Object is locked skipped
C:\Documents and Settings\Gianluca\Dati applicazioni\Mozilla\Firefox\Profiles\xxwicvh1.Test\key3.db Object is locked skipped
C:\Documents and Settings\Gianluca\Dati applicazioni\Mozilla\Firefox\Profiles\xxwicvh1.Test\search.sqlite Object is locked skipped
C:\Documents and Settings\Gianluca\Dati applicazioni\Mozilla\Firefox\Profiles\xxwicvh1.Test\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Gianluca\ntuser.dat Object is locked skipped
C:\Programmi\eMule\Temp\013.part Object is locked skipped
C:\Programmi\eMule\Temp\014.part Object is locked skipped
C:\Programmi\eMule\Temp\018.part Object is locked skipped
C:\Programmi\eMule\Temp\026.part Object is locked skipped
C:\Programmi\eMule\Temp\028.part Object is locked skipped
C:\Programmi\eMule\Temp\029.part Object is locked skipped
C:\Programmi\eMule\Temp\030.part Object is locked skipped
C:\Programmi\eMule\Temp\031.part Object is locked skipped
C:\Programmi\eMule\Temp\032.part Object is locked skipped
C:\Programmi\eMule\Temp\033.part Object is locked skipped
C:\Programmi\eMule\Temp\034.part Object is locked skipped
C:\Programmi\eMule\Temp\036.part Object is locked skipped
C:\Programmi\eMule\Temp\037.part Object is locked skipped
C:\Programmi\eMule\Temp\038.part Object is locked skipped
C:\Programmi\eMule\Temp\039.part Object is locked skipped
C:\Programmi\eMule\Temp\040.part Object is locked skipped
C:\Programmi\eMule\Temp\041.part Object is locked skipped
C:\Programmi\eMule\Temp\042.part Object is locked skipped
C:\Programmi\eMule\Incoming\Deutsch Civilization 4 crack.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a skipped
C:\Programmi\eMule\Incoming\Deutsch Civilization 4 crack.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\Programmi\eMule\Incoming\Deutsch Civilization 4 crack.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\Programmi\eMule\Incoming\Deutsch Civilization 4 crack.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\Programmi\eMule\Incoming\Deutsch Civilization 4 crack.exe/expIorer.exe Infected: Trojan-Dropper.Win32.Pakes skipped
C:\Programmi\eMule\Incoming\Deutsch Civilization 4 crack.exe SetupFactory: infected - 5 skipped
C:\Programmi\eMule\Incoming\US Civilization 4 crack.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a skipped
C:\Programmi\eMule\Incoming\US Civilization 4 crack.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\Programmi\eMule\Incoming\US Civilization 4 crack.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\Programmi\eMule\Incoming\US Civilization 4 crack.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\Programmi\eMule\Incoming\US Civilization 4 crack.exe/expIorer.exe Infected: Trojan-Dropper.Win32.Pakes skipped
C:\Programmi\eMule\Incoming\US Civilization 4 crack.exe SetupFactory: infected - 5 skipped
C:\Programmi\eMule\Incoming\Civilization 4 cracked.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a skipped
C:\Programmi\eMule\Incoming\Civilization 4 cracked.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\Programmi\eMule\Incoming\Civilization 4 cracked.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\Programmi\eMule\Incoming\Civilization 4 cracked.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\Programmi\eMule\Incoming\Civilization 4 cracked.exe/expIorer.exe Infected: Trojan-Dropper.Win32.Pakes skipped
C:\Programmi\eMule\Incoming\Civilization 4 cracked.exe SetupFactory: infected - 5 skipped
C:\Programmi\Trend Micro\Internet Security 12\Quarantine\34.tmp Infected: Trojan.Win32.Dialer.rt skipped
C:\Programmi\Trend Micro\Internet Security 12\Quarantine\35.tmp Infected: Trojan.Win32.Dialer.rt skipped
C:\Programmi\Trend Micro\Internet Security 12\Quarantine\46.tmp Infected: Trojan.Win32.Dialer.rt skipped
C:\Programmi\Trend Micro\Internet Security 12\Quarantine\30AD.tmp Infected: Trojan.Win32.Dialer.rt skipped
C:\Programmi\Trend Micro\Internet Security 12\Quarantine\350C.tmp Infected: Trojan.Win32.Dialer.rt skipped
C:\Programmi\Trend Micro\Internet Security 12\Quarantine\350E.tmp Infected: Trojan.Win32.Dialer.rt skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP43\A0017695.dll Object is locked skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP68\A0028840.exe Infected: Trojan-Proxy.Win32.Mitglieder.ei skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP68\A0028842.exe Infected: Trojan-Downloader.Win32.Bagle.bh skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP68\A0028844.exe Infected: Email-Worm.Win32.Bagle.gx skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033324.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033324.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033324.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033324.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033324.exe/expIorer.exe Infected: Trojan-Dropper.Win32.Pakes skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033324.exe SetupFactory: infected - 5 skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033325.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033325.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033325.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033325.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033325.exe/expIorer.exe Infected: Trojan-Dropper.Win32.Pakes skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033325.exe SetupFactory: infected - 5 skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033327.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033327.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033327.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033327.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033327.exe/expIorer.exe Infected: Trojan-Dropper.Win32.Pakes skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP101\A0033327.exe SetupFactory: infected - 5 skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035539.exe Object is locked skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037182.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037182.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037182.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037182.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037182.exe/expIorer.exe Infected: Trojan-Dropper.Win32.Pakes skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037182.exe SetupFactory: infected - 5 skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037183.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037183.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037183.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037183.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037183.exe/expIorer.exe Infected: Trojan-Dropper.Win32.Pakes skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037183.exe SetupFactory: infected - 5 skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037186.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037186.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037186.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037186.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037186.exe/expIorer.exe Infected: Trojan-Dropper.Win32.Pakes skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP105\A0037186.exe SetupFactory: infected - 5 skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP122\A0042992.bat Infected: Trojan.BAT.Zapchast skipped
C:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP142\change.log Object is locked skipped
C:\winupd.bat Infected: Trojan.BAT.Zapchast skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP68\A0028866.exe Infected: Trojan-Proxy.Win32.Mitglieder.ei skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP68\A0028867.exe Infected: Trojan-Proxy.Win32.Mitglieder.ei skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP68\A0028870.exe Infected: Trojan-Proxy.Win32.Mitglieder.ei skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP68\A0028872.exe Infected: Trojan-Proxy.Win32.Mitglieder.ei skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035781.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035781.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035781.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035781.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035781.exe/expIorer.exe Infected: Trojan-Dropper.Win32.Pakes skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035781.exe SetupFactory: infected - 5 skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035782.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035782.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035782.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035782.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035782.exe/expIorer.exe Infected: Trojan-Dropper.Win32.Pakes skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035782.exe SetupFactory: infected - 5 skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035783.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035783.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035783.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035783.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035783.exe/expIorer.exe Infected: Trojan-Dropper.Win32.Pakes skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP102\A0035783.exe SetupFactory: infected - 5 skipped
D:\System Volume Information\_restore{0945435B-1507-4631-B9A9-29A60025D023}\RP142\change.log Object is locked skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Autorun/Crack/Civilization.4.Crack.by.MasterCrack.rar/Civilization 4 Crack.exe Infected: Trojan.Win32.VB.afr skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Autorun/Crack/Civilization.4.Crack.by.MasterCrack.rar/tmpfile.dat Infected: Trojan.Win32.KillFiles.in skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Autorun/Crack/Civilization.4.Crack.by.MasterCrack.rar Infected: Trojan.Win32.KillFiles.in skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Autorun/Crack/[NO CD] Civilization 4 crack.zip/install.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Autorun/Crack/[NO CD] Civilization 4 crack.zip/install.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Autorun/Crack/[NO CD] Civilization 4 crack.zip/install.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Autorun/Crack/[NO CD] Civilization 4 crack.zip/install.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Autorun/Crack/[NO CD] Civilization 4 crack.zip/install.exe/expIorer.exe Infected: Trojan-Dropper.Win32.Pakes skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Autorun/Crack/[NO CD] Civilization 4 crack.zip/install.exe Infected: Trojan-Dropper.Win32.Pakes skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Autorun/Crack/[NO CD] Civilization 4 crack.zip Infected: Trojan-Dropper.Win32.Pakes skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Crack/Civilization.4.Crack.by.MasterCrack.rar/Civilization 4 Crack.exe Infected: Trojan.Win32.VB.afr skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Crack/Civilization.4.Crack.by.MasterCrack.rar/tmpfile.dat Infected: Trojan.Win32.KillFiles.in skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Crack/Civilization.4.Crack.by.MasterCrack.rar Infected: Trojan.Win32.KillFiles.in skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Crack/[NO CD] Civilization 4 crack.zip/install.exe/irsetup.dat Infected: P2P-Worm.Win32.Insta.a skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Crack/[NO CD] Civilization 4 crack.zip/install.exe/cheat_plugin.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Crack/[NO CD] Civilization 4 crack.zip/install.exe/cheat_plugin.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Crack/[NO CD] Civilization 4 crack.zip/install.exe/cheat_plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ny skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Crack/[NO CD] Civilization 4 crack.zip/install.exe/expIorer.exe Infected: Trojan-Dropper.Win32.Pakes skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Crack/[NO CD] Civilization 4 crack.zip/install.exe Infected: Trojan-Dropper.Win32.Pakes skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf/Crack/[NO CD] Civilization 4 crack.zip Infected: Trojan-Dropper.Win32.Pakes skipped
D:\Pc Civilization 4 Ita\CIVILIZATION4.mdf ISO image: infected - 20 skipped

Scan process completed.
Avatar utente
Gazza
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: gio gen 11, 2007 5:22 pm

Messaggioda Gazza » ven mar 02, 2007 6:55 pm

forse sono riuscito a risolvere da solo, adesso rifaccio una scansione e speriamo bene!

grazie a tutti!
Avatar utente
Gazza
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: gio gen 11, 2007 5:22 pm

Troj_dialer.qq e dial_clone.g

Messaggioda Nimble » mar mar 06, 2007 11:15 am

Ciao a tutti.

Come da oggetto, ho questi due rompipalle che mi stressano il PC. E la cosa più bella e che sul compuer di casa non ho mai avuto problemi, sul lavoro, con anti-virus in rete, firewall professionale, proxy, pinco e palla... eccoli. E non riesco a rimuoverli!

La storia.

Trend Micro mi trova due dialer-trojan:

Troj_dialer.qq e dial_clone.g

Li rova sempre in file differenti, che, come da specifiche dei due robi, sono creati casuali di volta in volta. Sono sempre in due posti:

..\Temporary Internet File\Content.IE5\"Nome cartella casuale tipo KJ3FE01D"\"Nome file .exe casuale che inizia sempre con srv tipo srvfrl[1].exe"

C:\Windows\Temp\"Nome file .tmp che inizia sempre con win tipo win2C.tmp"

Il primo viene sempre bloccato ma non rimosso ne messo in quarantena. Il secondo viene messo in quarantena.

Le ho provate un po' tutte, i vari scan non trovano mai niente. Trend Micro,
AD-Aware, ecc. Ho fatto pulizia con CCleaner in modalità provisoria, ma non risolve niente.

Quì sotto il log di HijackThis.

Attendo suggerimenti.

Ciao, Massimiliano.

Logfile of HijackThis v1.99.1
Scan saved at 9.59.20, on 06/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\slserv.exe
C:\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\BE697.EXE
C:\WINDOWS\Explorer.EXE
C:\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmi\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Launchy\Launchy.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Microsoft Office\Office10\OUTLOOK.EXE
C:\Programmi\Opera\Opera.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Skype\Plugin Manager\SkypePM.exe
C:\Programmi\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = atlaspx.dsdata.it:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = pms.dsdata.it;*.dsdata.com;*.dsdata.it;*.dsdata.net;*.dstaxi.com;*.dstaxi.it;*.dstaxifashion.it;*.dstaxifashion.com;*.dsdam.it;*.dsdam.com;dswnt5.*;localhost.*;dlp4-02305.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmi\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Launchy.lnk = C:\Programmi\Launchy\Launchy.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://dswnt5.dsdata.it:4343/officesca ... nNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://dswnt5.dsdata.it:4343/officesca ... tupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://dswnt5.dsdata.it:4343/officesca ... /setup.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://dswnt5.dsdata.it:4343/officesca ... AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://dswnt5.dsdata.it:4343/officesca ... veCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0414767929
O16 - DPF: {8990AFAD-D352-42AC-A72F-A660BBF6E209} (OfficeScan Management Console) - https://dswnt5.dsdata.it:4343/officesca ... onsole.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dsdata.it
O17 - HKLM\Software\..\Telephony: DomainName = dsdata.it
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dsdata.it
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: winawp32 - C:\WINDOWS\SYSTEM32\winawp32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Trend Micro\OfficeScan Client\tmlisten.exe
Avatar utente
Nimble
Neo Iscritto
Neo Iscritto
 
Messaggi: 2
Iscritto il: lun mar 05, 2007 2:07 pm

Messaggioda Amantide » mar mar 06, 2007 12:37 pm

Ciao e benvenuto Nimble [:)]

Abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti) trova ed elimina dalla modalità provvisoria o con aiuto di Unlocker i file indicati in rosso:
C:\WINDOWS\TEMP\BE697.EXE
C:\WINDOWS\system32\rpcc.dll
C:\WINDOWS\SYSTEM32\winawp32.dll

Sempre dalla modalità provvisoria con aiuto di CCleaner svuota il contenuto delle cartelle temporanei ed alla fine fai la scansione completa con A-squared o Superantispyware.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Fatto!

Messaggioda Nimble » ven mar 09, 2007 5:11 pm

Ciao.

Grazie dell'hint.

Ho risolto.

Massimiliano.
Avatar utente
Nimble
Neo Iscritto
Neo Iscritto
 
Messaggi: 2
Iscritto il: lun mar 05, 2007 2:07 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 7 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising