kaspsersky rileva virus in hp-1003.exe [era:win2000]

**Tritolo56** · 03-06-2007, 18:38

salve a tutti per motivi di lavoro nel pc di casa mi sono dovuto mettere il win2000 con antivirus kaspersky ma da un bel pò di giorni un virus mi sta assillando il virus in questione è (hp-1003)non sò come levarlo ho provato di tutto installando anche VirIT ma senza risultato lo trova anche lui lo elimina e ricompare constantemente vi allego una copia del file log di hijackthis_sfx:
Logfile of HijackThis v1.99.1
Scan saved at 18.35.54, on 03/06/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programmi\Winamp\winampa.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\AMD\Cool'n'Quiet\GemServ.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\AMD\Cool'n'Quiet\gemback.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINNT\system32\stisvc.exe
C:\VEXPLITE\viritsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\SBHookSvc.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\VEXPLITE\VIRITEXP.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINNT\system32\wuauclt.exe
E:\mIRC_6.16_Ita_Invision_Prive\mirc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programmi\Azureus\Azureus.exe
C:\Documents and Settings\Ermak\Desktop\hijackthis_sfx\HijackThis.e xe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [kav] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [uxjmbpkl] C:\llrvbjud.bat
O4 - HKLM\..\Run: [File Mapping Services] hp-1003.exe
O4 - HKLM\..\Run: [opqgfcmh] C:\fxoqthwg.bat
O4 - HKLM\..\RunServices: [File Mapping Services] hp-1003.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [File Mapping Services] hp-1003.exe
O4 - HKCU\..\RunServices: [File Mapping Services] hp-1003.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Alice - {74837393-C947-46BB-8DBA-6D4BE040F5A0} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O20 - Winlogon Notify: klogon - C:\WINNT\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Programmi\AMD\Cool'n'Quiet\GemServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\ALICET~1\SMARTB~1\SBHookSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

Magari consigliando un'altro antivirus vi ringrazio anticipatamente

**LUCASS** · 03-06-2007, 19:43

Ciao e benvenuto

Avvia Hijackthis, clicca sul pulsante "Do a system scan only", attendi il caricamento della lista, caricata tutta, scorri la lista e metti i flags accanto alle caselle che corrispondo alle stringhe che ti metto sotto, e clicca su "Fix checked" per eliminarle

codice:

O4 - HKLM\..\Run: [uxjmbpkl] C:\llrvbjud.bat
O4 - HKLM\..\Run: [File Mapping Services] hp-1003.exe
O4 - HKLM\..\Run: [opqgfcmh] C:\fxoqthwg.bat
O4 - HKLM\..\RunServices: [File Mapping Services] hp-1003.exe
O4 - HKCU\..\Run: [File Mapping Services] hp-1003.exe
O4 - HKCU\..\RunServices: [File Mapping Services] hp-1003.exe

Creati una nuova cartella in C:\ e chiamala Sysclean
Adesso inserisci nella cartella C:\Sysclean questo file
http://www.trendmicro.com/ftp/products/tsc/sysclean.com
Decomprimi l'archivio lpt505.zip
http://it.trendmicro-europe.com/glob...opr/lpt505.zip
Nella cartella C:\Sysclean

Avvia il pc in modalità provvisoria
Start>riavvia
Alle prime scritte del riavvio premi in continuazione il tasto F8
Attendi pochi instanti ed uscirà un menù
Dal menù seleziona l'opzione "Avvia in modalità provvisoria"

Una volta dentro, apri la cartella C:\Sysclean
Avvia l'eseguibile Sysclean.com
Metti la spunta nella casella "Automatically clean or delete detected files"
e nella casella "Scan all local fixed drives"
Clicca su "Scan"
Una finestra dos si aprirà(poi si chiude )
Attendi la fine della scansione, finita la scansione, riavvia il pc normalmente
Per piacere posta un nuovo log di Hijackthis e il log di Sysclean che trovi nella sua cartella con nome SYSCLEAN.LOG

Grazie

Ciao

**Habanero** · 03-06-2007, 20:00

stiamo attenti ai titoli per favore...
http://forum.html.it/forum/showthrea...hreadid=997970

**daftsonny** · 03-06-2007, 20:05

anche io l'ho preso e dopo averlo eliminato grazie all'utente OYS l'ho ripreso e non riesco a mandarlo via.............azz

**Tritolo56** · 04-06-2007, 13:15

ecco il file log di sysclean:

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2007-06-03, 20:24:15, Auto-clean mode specified.
2007-06-03, 20:24:15, Running scanner "C:\Sysclean\TSC.BIN"...
2007-06-03, 20:24:23, Scanner "C:\Sysclean\TSC.BIN" has finished running.
2007-06-03, 20:24:23, TSC Log:

Damage Cleanup Engine (DCE) 5.3(Build 1103)
Windows 2000(Build 2195: Service Pack 4)

Start time : dom giu 03 2007 20:24:15

Load Damage Cleanup Template (DCT) "C:\Sysclean\TMRDCT.ptn" (version ) [fail]
Load Damage Cleanup Template (DCT) "C:\Sysclean\tsc.ptn" (version 866) [success]

Complete time : dom giu 03 2007 20:24:23
Execute pattern count(3090), Virus found count(0), Virus clean count(0), Clean failed count(0)

2007-06-03, 20:25:23, An error was detected on "C:\System Volume Information\*.*": Accesso negato.
2007-06-03, 20:25:48, An error was detected on "D:\System Volume Information\*.*": Accesso negato.
2007-06-03, 20:25:58, An error was detected on "E:\System Volume Information\*.*": Accesso negato.
2007-06-03, 20:26:24, An error was detected on "H:\System Volume Information\*.*": Accesso negato.
2007-06-03, 21:03:54, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 20:26:25
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Sysclean

41506 files have been read.
41506 files have been checked.
38498 files have been scanned.
104673 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:03:53
---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:03:54, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 20:26:25
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Sysclean

41506 files have been read.
41506 files have been checked.
38498 files have been scanned.
104673 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:03:53 37 minutes 17 seconds (2237.76 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:03:54, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 20:26:25
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Sysclean

41506 files have been read.
41506 files have been checked.
38498 files have been scanned.
104673 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:03:53 37 minutes 17 seconds (2237.76 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:03:54, Scanner "C:\Sysclean\VSCANTM.BIN" has finished running.
2007-06-03, 21:10:17, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:03:54
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Sysclean

D:\hp-1006.exe [WORM_OSCARBOT.PD]
6100 files have been read.
6100 files have been checked.
5769 files have been scanned.
21005 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:10:17
---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:10:17, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:03:54
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Sysclean

Success Clean [WORM_OSCARBOT.PD]( 1) from D:\hp-1006.exe
6100 files have been read.
6100 files have been checked.
5769 files have been scanned.
21005 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:10:17 6 minutes 12 seconds (372.03 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:10:17, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:03:54
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Sysclean

6100 files have been read.
6100 files have been checked.
5769 files have been scanned.
21005 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:10:17 6 minutes 12 seconds (372.03 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:10:17, Scanner "C:\Sysclean\VSCANTM.BIN" has finished running.
2007-06-03, 21:34:33, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:10:17
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Sysclean

E:\mIRC_6.16_Ita_Invision_Prive\mirc.exe [TROJ_IRCFLOOD.AW]
3941 files have been read.
3941 files have been checked.
3736 files have been scanned.
4383 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:34:33
---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:34:33, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:10:17
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Sysclean

Success Clean [TROJ_IRCFLOOD.AW]( 1) from E:\mirc_6.16_ita_\mIRC_6.16_Ita_Invision_Prive.rar ,(mIRC_6.16_Ita_Invision_Prive\mirc.exe)
Success Clean [TROJ_IRCFLOOD.AW]( 1) from E:\mirc_6.16_ita_.rar,(mIRC_6.16_Ita_Invision_Priv e\mirc.exe)
Success Clean [TROJ_IRCFLOOD.AW]( 1) from E:\mIRC_6.16_Ita_Invision_Prive\mirc.exe
3941 files have been read.
3941 files have been checked.
3736 files have been scanned.
4383 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:34:33 24 minutes 15 seconds (1454.88 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:34:33, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:10:17
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Sysclean

3941 files have been read.
3941 files have been checked.
3736 files have been scanned.
4383 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:34:33 24 minutes 15 seconds (1454.88 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:34:33, Scanner "C:\Sysclean\VSCANTM.BIN" has finished running.
2007-06-03, 22:35:48, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:34:33
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 H:\*.* /P=C:\Sysclean

H:\carrettu\Provincia al 110107\VARI\googletoolbardownloader_it_signed.exe [TROJ_Generic.CON]
17334 files have been read.
17334 files have been checked.
14303 files have been scanned.
40173 files have been scanned. (including files in archived)
2 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 22:35:48
---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 22:35:48, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:34:33
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 H:\*.* /P=C:\Sysclean

Success Clean [TROJ_IRCFLOOD.AW]( 1) from H:\carrettu\mirc_6.16_ita_\mIRC_6.16_Ita_Invision_ Prive.rar,(mIRC_6.16_Ita_Invision_Prive\mirc.exe)
17334 files have been read.
17334 files have been checked.
14303 files have been scanned.
40173 files have been scanned. (including files in archived)
2 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 22:35:48 1 hour 1 minute 4 seconds (3663.70 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 22:35:48, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:34:33
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 H:\*.* /P=C:\Sysclean

17334 files have been read.
17334 files have been checked.
14303 files have been scanned.
40173 files have been scanned. (including files in archived)
2 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 22:35:48 1 hour 1 minute 4 seconds (3663.70 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 22:35:48, Scanner "C:\Sysclean\VSCANTM.BIN" has finished running

**Tritolo56** · 04-06-2007, 13:17

qui c'è il file log di hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 13.13.35, on 04/06/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programmi\Winamp\winampa.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\AMD\Cool'n'Quiet\GemServ.exe
C:\Programmi\AMD\Cool'n'Quiet\gemback.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\VEXPLITE\MONLITE.EXE
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\WINNT\system32\stisvc.exe
C:\VEXPLITE\viritsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\SBHookSvc.exe
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINNT\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Azureus\Azureus.exe
C:\Documents and Settings\Ermak\Desktop\hijackthis_sfx\HijackThis.e xe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [kav] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Alice - {74837393-C947-46BB-8DBA-6D4BE040F5A0} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O20 - Winlogon Notify: klogon - C:\WINNT\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Programmi\AMD\Cool'n'Quiet\GemServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\ALICET~1\SMARTB~1\SBHookSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

**Tritolo56** · 04-06-2007, 13:18

qui c'è il file log di sysclean:

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2007-06-03, 20:24:15, Auto-clean mode specified.
2007-06-03, 20:24:15, Running scanner "C:\Sysclean\TSC.BIN"...
2007-06-03, 20:24:23, Scanner "C:\Sysclean\TSC.BIN" has finished running.
2007-06-03, 20:24:23, TSC Log:

Damage Cleanup Engine (DCE) 5.3(Build 1103)
Windows 2000(Build 2195: Service Pack 4)

Start time : dom giu 03 2007 20:24:15

Load Damage Cleanup Template (DCT) "C:\Sysclean\TMRDCT.ptn" (version ) [fail]
Load Damage Cleanup Template (DCT) "C:\Sysclean\tsc.ptn" (version 866) [success]

Complete time : dom giu 03 2007 20:24:23
Execute pattern count(3090), Virus found count(0), Virus clean count(0), Clean failed count(0)

2007-06-03, 20:25:23, An error was detected on "C:\System Volume Information\*.*": Accesso negato.
2007-06-03, 20:25:48, An error was detected on "D:\System Volume Information\*.*": Accesso negato.
2007-06-03, 20:25:58, An error was detected on "E:\System Volume Information\*.*": Accesso negato.
2007-06-03, 20:26:24, An error was detected on "H:\System Volume Information\*.*": Accesso negato.
2007-06-03, 21:03:54, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 20:26:25
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Sysclean

41506 files have been read.
41506 files have been checked.
38498 files have been scanned.
104673 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:03:53
---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:03:54, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 20:26:25
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Sysclean

41506 files have been read.
41506 files have been checked.
38498 files have been scanned.
104673 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:03:53 37 minutes 17 seconds (2237.76 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:03:54, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 20:26:25
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Sysclean

41506 files have been read.
41506 files have been checked.
38498 files have been scanned.
104673 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:03:53 37 minutes 17 seconds (2237.76 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:03:54, Scanner "C:\Sysclean\VSCANTM.BIN" has finished running.
2007-06-03, 21:10:17, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:03:54
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Sysclean

D:\hp-1006.exe [WORM_OSCARBOT.PD]
6100 files have been read.
6100 files have been checked.
5769 files have been scanned.
21005 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:10:17
---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:10:17, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:03:54
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Sysclean

Success Clean [WORM_OSCARBOT.PD]( 1) from D:\hp-1006.exe
6100 files have been read.
6100 files have been checked.
5769 files have been scanned.
21005 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:10:17 6 minutes 12 seconds (372.03 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:10:17, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:03:54
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Sysclean

6100 files have been read.
6100 files have been checked.
5769 files have been scanned.
21005 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:10:17 6 minutes 12 seconds (372.03 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:10:17, Scanner "C:\Sysclean\VSCANTM.BIN" has finished running.
2007-06-03, 21:34:33, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:10:17
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Sysclean

E:\mIRC_6.16_Ita_Invision_Prive\mirc.exe [TROJ_IRCFLOOD.AW]
3941 files have been read.
3941 files have been checked.
3736 files have been scanned.
4383 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:34:33
---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:34:33, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:10:17
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Sysclean

Success Clean [TROJ_IRCFLOOD.AW]( 1) from E:\mirc_6.16_ita_\mIRC_6.16_Ita_Invision_Prive.rar ,(mIRC_6.16_Ita_Invision_Prive\mirc.exe)
Success Clean [TROJ_IRCFLOOD.AW]( 1) from E:\mirc_6.16_ita_.rar,(mIRC_6.16_Ita_Invision_Priv e\mirc.exe)
Success Clean [TROJ_IRCFLOOD.AW]( 1) from E:\mIRC_6.16_Ita_Invision_Prive\mirc.exe
3941 files have been read.
3941 files have been checked.
3736 files have been scanned.
4383 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:34:33 24 minutes 15 seconds (1454.88 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:34:33, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:10:17
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Sysclean

3941 files have been read.
3941 files have been checked.
3736 files have been scanned.
4383 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 21:34:33 24 minutes 15 seconds (1454.88 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 21:34:33, Scanner "C:\Sysclean\VSCANTM.BIN" has finished running.
2007-06-03, 22:35:48, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:34:33
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 H:\*.* /P=C:\Sysclean

H:\carrettu\Provincia al 110107\VARI\googletoolbardownloader_it_signed.exe [TROJ_Generic.CON]
17334 files have been read.
17334 files have been checked.
14303 files have been scanned.
40173 files have been scanned. (including files in archived)
2 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 22:35:48
---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 22:35:48, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:34:33
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 H:\*.* /P=C:\Sysclean

Success Clean [TROJ_IRCFLOOD.AW]( 1) from H:\carrettu\mirc_6.16_ita_\mIRC_6.16_Ita_Invision_ Prive.rar,(mIRC_6.16_Ita_Invision_Prive\mirc.exe)
17334 files have been read.
17334 files have been checked.
14303 files have been scanned.
40173 files have been scanned. (including files in archived)
2 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 22:35:48 1 hour 1 minute 4 seconds (3663.70 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 22:35:48, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 6/3/2007 21:34:33
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 505 (196675 Patterns) (2007/05/31) (450500)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 H:\*.* /P=C:\Sysclean

17334 files have been read.
17334 files have been checked.
14303 files have been scanned.
40173 files have been scanned. (including files in archived)
2 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/3/2007 22:35:48 1 hour 1 minute 4 seconds (3663.70 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-03, 22:35:48, Scanner "C:\Sysclean\VSCANTM.BIN" has finished running.

**LUCASS** · 04-06-2007, 14:34

Ciao

Grazie per i logs, riscontri ancora problemi?

Ciao

PS:Aggiorna il sistema con tutte le pacht tramite windows update

**Tritolo56** · 04-06-2007, 15:07

unico problema che riscontro è la modifica della data del S.O. ad ogni riavvio ma credo che sia la pila della scheda madre che forse è scarica.
non esiste un prog x vedre il livelo di carica della pilo ho visto nel bios ma nn trovo niente

**Tritolo56** · 04-06-2007, 18:38

raga non sò ke fare in virus hp è ritornato ma adesso si fa vedere solo dopo molto tempo dall'accensione del pc vi allega il file log di hijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 18.36.57, on 04/06/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programmi\Winamp\winampa.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\AMD\Cool'n'Quiet\GemServ.exe
C:\Programmi\AMD\Cool'n'Quiet\gemback.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\VEXPLITE\MONLITE.EXE
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\WINNT\system32\stisvc.exe
C:\VEXPLITE\viritsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\SBHookSvc.exe
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Azureus\Azureus.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Ermak\Desktop\hijackthis_sfx\HijackThis.e xe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [kav] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Alice - {74837393-C947-46BB-8DBA-6D4BE040F5A0} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O20 - Winlogon Notify: klogon - C:\WINNT\system32\klogon.dll
O23 - Service: 78281 - Unknown owner - \\79.8.100.229\Admin$\eraseme_17555.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Programmi\AMD\Cool'n'Quiet\GemServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\ALICET~1\SMARTB~1\SBHookSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

Discussione: kaspsersky rileva virus in hp-1003.exe [era:win2000]

Strumenti discussione

Ricerca discussione

Visualizza

win2000

Permessi di invio