Vesi se riesci a postare un log di Hjt punto 4 della guida.
Ciao.
Vesi se riesci a postare un log di Hjt punto 4 della guida.
Ciao.
ecco il file di log di hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 10.48.52, on 08/08/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Network ICE\BlackICE\blackd.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\atiptaxx.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\System32\firewall.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\WINNT\System32\internat.exe
C:\Programmi\Network ICE\BlackICE\blackice.exe
C:\mysql\bin\winmysqladmin.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gustoinrete.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINNT\System32\firewall.exe
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackICE Utility.lnk = C:\Programmi\Network ICE\BlackICE\blackice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1143722971045
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Programmi\Network ICE\BlackICE\blackd.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
Ciao,sposta l'eseguibile Hijackthis.exe in una nuova cartella(sempre in C:\)
Creati una nuova cartella in C:\ e chiamala Sysclean
Adesso inserisci nella cartella C:\Sysclean questo file
http://www.trendmicro.com/ftp/products/tsc/sysclean.com
Decomprimi l'archivio lpt641.zip http://www.trendmicro.com/ftp/produc...ern/lpt641.zip
Nella cartella C:\Sysclean
Adesso procedi con i passi successivi
Apri il task manager i windows e termina il seguente processo:
firewall.exe
Chiudi tutte le applicazioni
Imposta la visualizzazione di tutti i files e cartelle
Start>pannello di controllo>opzioni cartella>Visualizzazione
Spunta la casella "Visualizza file e cartelle nascoste"
Leva la spunta dalla casella "Nascondi file di sistema(consigliato)
Clicca su Applica
Rispondi SI alla finestra
Apri Hijackthis clicca sul "Do a system scan only"
Metti le spunte affianco alle caselle che corrispondono alle stringhe che ti metto sotto
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINNT\System32\firewall.exe
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
Clicca sul pulsante Fix Checked per eliminare le stringhe
Elimina i files segnati in rosso se presenti
C:\WINNT\System32\firewall.exe
c:\eied_s7.cab
C:\WINT\System32\logon.exe
C:\WINT\System32\algs.exe
C:\WINT\System32\explorer.exe
C:\WINT\System32\Isass.exe <------Non conferndelo con lsass.exe
C:\WINT\System32\iexplore.exe
C:\WINT\System32\spoolsvc.exe <-----Non confonderlo con spoolsv.exe
C:\WINT\System32\winamp.exe
C:\WINT\System32\csrs.exe <-----Non confonderlo con csrss.exe
C:\WINT\System32\aspr_keys.ini
Avvia il pc in modalità provvisoria
Start>riavvia
Alle prime scritte del riavvio premi in continuazione il tasto F8
Attendi pochi instanti ed uscirà un menù
Dal menù seleziona l'opzione "Avvia in modalità provvisoria"
Una volta dentro apri la cartella C:\Sysclean
Avvia l'eseguibile Sysclean.com
Metti la spunta nella casella "Automatically clean or delete detected files"
e nella casella "Scan all local fixed drives"
Clicca su "Scan"
Una finestra dos si aprirà(poi si chiude tranquillo)
Attendi la fine della scansione,finita la scansione riavvia il pc normalmente
Rendi nuovamente nascosti i files e le cartelle
Collegati ed aggiorna il sistema tramite windows update
Per piacere posta un nuovo log di Hijackthis e il log di Sysclean che trovi nella sua cartella con nome SYSCLEAN.LOG
Ciao
Ecco il file di log di Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 19.06.28, on 09/08/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Network ICE\BlackICE\blackd.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\atiptaxx.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\WINNT\System32\internat.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Network ICE\BlackICE\blackice.exe
C:\mysql\bin\winmysqladmin.exe
C:\HHH\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gustoinrete.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackICE Utility.lnk = C:\Programmi\Network ICE\BlackICE\blackice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1143722971045
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Programmi\Network ICE\BlackICE\blackd.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
questo è quello di sysclean
2006-08-09, 16:51:55, Auto-clean mode specified.
2006-08-09, 16:51:55, Running scanner "C:\sysclean\TSC.BIN"...
2006-08-09, 16:52:04, Scanner "C:\sysclean\TSC.BIN" has finished running.
2006-08-09, 16:52:04, TSC Log:
Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows 2000(Build 2195: Service Pack 3)
Start time : mer ago 09 2006 16:51:56
Load Damage Cleanup Template (DCT) "C:\sysclean\tsc.ptn" (version 764) [success]
Complete time : mer ago 09 2006 16:52:04
Execute pattern count(2907), Virus found count(0), Virus clean count(0), Clean failed count(0)
2006-08-09, 16:52:17, Could not set file for reading on "C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\7869 99f5617b331428135848d30802a1_42c91e9e-8a7b-4943-878a-133764cd4866": Accesso negato.
2006-08-09, 16:52:17, Could not set file for reading on "C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\7a43 6fe806e483969f48a894af2fe9a1_42c91e9e-8a7b-4943-878a-133764cd4866": Accesso negato.
2006-08-09, 16:52:17, Could not set file for reading on "C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\c85e a974f91d42a828c57ff33b31fe70_42c91e9e-8a7b-4943-878a-133764cd4866": Accesso negato.
2006-08-09, 16:52:34, An error occurred while scanning file "C:\Documents and Settings\Paolo\NTUSER.DAT": Accesso negato.
2006-08-09, 16:52:34, An error occurred while scanning file "C:\Documents and Settings\Paolo\ntuser.dat.LOG": Accesso negato.
2006-08-09, 16:57:52, An error occurred while scanning file "C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat": Accesso negato.
2006-08-09, 16:57:52, An error occurred while scanning file "C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG": Accesso negato.
2006-08-09, 17:32:53, An error was detected on "C:\System Volume Information\*.*": Accesso negato.
2006-08-09, 17:40:14, An error occurred while scanning file "C:\WINNT\system32\config\default": Accesso negato.
2006-08-09, 17:40:14, An error occurred while scanning file "C:\WINNT\system32\config\default.LOG": Accesso negato.
2006-08-09, 17:40:14, An error occurred while scanning file "C:\WINNT\system32\config\SAM": Accesso negato.
2006-08-09, 17:40:14, An error occurred while scanning file "C:\WINNT\system32\config\SAM.LOG": Accesso negato.
2006-08-09, 17:40:14, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY": Accesso negato.
2006-08-09, 17:40:14, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY.LOG": Accesso negato.
2006-08-09, 17:40:14, An error occurred while scanning file "C:\WINNT\system32\config\software": Accesso negato.
2006-08-09, 17:40:14, An error occurred while scanning file "C:\WINNT\system32\config\software.LOG": Accesso negato.
2006-08-09, 17:40:15, An error occurred while scanning file "C:\WINNT\system32\config\system": Accesso negato.
2006-08-09, 17:40:15, An error occurred while scanning file "C:\WINNT\system32\config\SYSTEM.ALT": Accesso negato.
2006-08-09, 17:41:56, Running scanner "C:\sysclean\VSCANTM.BIN"...
2006-08-09, 18:14:16, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 8/9/2006 17:41:57
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 641 (123616 Patterns) (2006/08/07) (364100)
Command Line: C:\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\sysclean
C:\RECYCLER\S-1-5-21-1993962763-1677128483-1343024091-1000\Dc2.exe [WORM_SDBOT.AAI]
96839 files have been read.
96839 files have been checked.
94653 files have been scanned.
149650 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/9/2006 18:14:16
---------*---------*---------*---------*---------*---------*---------*---------*
2006-08-09, 18:14:16, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 8/9/2006 17:41:57
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 641 (123616 Patterns) (2006/08/07) (364100)
Command Line: C:\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\sysclean
Success Clean [ WORM_SDBOT.AAI]( 1) from C:\RECYCLER\S-1-5-21-1993962763-1677128483-1343024091-1000\Dc2.exe
96839 files have been read.
96839 files have been checked.
94653 files have been scanned.
149650 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/9/2006 18:14:16 32 minutes 12 seconds (1931.65 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2006-08-09, 18:14:16, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 8/9/2006 17:41:57
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 641 (123616 Patterns) (2006/08/07) (364100)
Command Line: C:\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\sysclean
96839 files have been read.
96839 files have been checked.
94653 files have been scanned.
149650 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/9/2006 18:14:16 32 minutes 12 seconds (1931.65 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2006-08-09, 18:14:16, Scanner "C:\sysclean\VSCANTM.BIN" has finished running.
2006-08-09, 18:36:35, An error was detected on "D:\System Volume Information\*.*": Accesso negato.
2006-08-09, 18:36:35, Running scanner "C:\sysclean\VSCANTM.BIN"...
2006-08-09, 18:58:37, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 8/9/2006 18:36:36
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 641 (123616 Patterns) (2006/08/07) (364100)
Command Line: C:\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\sysclean
50575 files have been read.
50575 files have been checked.
45661 files have been scanned.
116957 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/9/2006 18:58:36
---------*---------*---------*---------*---------*---------*---------*---------*
2006-08-09, 18:58:37, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 8/9/2006 18:36:36
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 641 (123616 Patterns) (2006/08/07) (364100)
Command Line: C:\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\sysclean
50575 files have been read.
50575 files have been checked.
45661 files have been scanned.
116957 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/9/2006 18:58:36 21 minutes 52 seconds (1312.90 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2006-08-09, 18:58:37, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 8/9/2006 18:36:36
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 641 (123616 Patterns) (2006/08/07) (364100)
Command Line: C:\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\sysclean
50575 files have been read.
50575 files have been checked.
45661 files have been scanned.
116957 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/9/2006 18:58:36 21 minutes 52 seconds (1312.90 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2006-08-09, 18:58:37, Scanner "C:\sysclean\VSCANTM.BIN" has finished running.
Ciao,non mi hai detto la cosa + importante
se hai ancora problemi con gli attacchi,il log di Hijackthis è apposto,facci sapere
sembra che non ci siano più problemi
grazie infinite
Permessi di invio
Rispondi quotando