gen

No, il problema non c'è più ma volevo avere la certezza che tutto fosse OK, visto che vorrei creare l'immagine del disco con True Image partendo da una situazione pulita cmq grazie e buona pasqua No, il problema non c'è più ma volevo avere la certezza che tutto fosse OK, visto che vorrei creare l'immagine del disco con True Image partendo da una situazione pulita cmq grazie e buona pasqua

Questo è fatto in modalità normale Logfile of HijackThis v1.99.1 Scan saved at 23.36.58, on 05/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Programmi\AOL\Active Virus Shield\avp.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\Programmi\Analog Devices\SoundMAX\SMTray.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\Logitech\iTouch\iTouch.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\AOL\Active Virus Shield\avp.exe C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe C:\Programmi\QuickTime\qttask.exe C:\Program Files\Conexant\Adsl\dslstat.exe C:\Program Files\Conexant\Adsl\dslagent.exe C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Internet Explorer\iexplore.exe C:\WINDOWS\FSScrCtl.exe C:\Programmi\File comuni\Teleca Shared\CapabilityManager.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Teleca Shared\Generic.exe C:\Programmi\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Documents and Settings\GianCarlo\Desktop\SICUREZZA\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/index.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [spywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Avvia il browser Internet Explorer.lnk = C:\Programmi\Internet Explorer\iexplore.exe O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...918/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{464787E7-BCC0-4823-96D6-A611B330F4E1}: NameServer = 85.37.17.41 85.38.28.83 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe e grazie per l'attenzione ciao

Sono di nuovo qui a chiedervi un veloce controllo del log che ho fatto in modalità provvisoria, tanto per essere più tranquillo. Vi ringrazio in anticipo per l'attenzione giancarlo Logfile of HijackThis v1.99.1 Scan saved at 21.27.45, on 05/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\GianCarlo\Desktop\SICUREZZA\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/index.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [spywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Avvia il browser Internet Explorer.lnk = C:\Programmi\Internet Explorer\iexplore.exe O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...918/mcfscan.cab O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

ok grazie dell'aiuto vi ringrazio molto in particolare perchè siete sempre molto disponibili e tempestivi buona domenica giancarlo

no quindi posso essere tranquillo di non avere problemi?

Ho fatto questo controllo (in modalità normale però) e questo è il risultato: KASPERSKY ONLINE SCANNER REPORT Saturday, March 31, 2007 5:05:28 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 31/03/2007 Kaspersky Anti-Virus database records: 272970 Scan SettingsScan using the following antivirus databasestandardScan ArchivestrueScan Mail BasestrueScan TargetMy ComputerA:\ C:\ D:\ E:\ F:\ G:\ Scan StatisticsTotal number of scanned objects123110Number of viruses found0Number of infected objects0 / 0Number of suspicious objects0Duration of the scan process01:03:46 Infected Object NameVirus NameLast ActionC:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\117b_File_Monitoring_eventlog.rpt Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\117c_Mail_Monitoring_eventlog.rpt Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\detected.idx Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\detected.rpt Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\eventlog.rpt Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\report.rpt Object is locked skipped C:\Documents and Settings\GianCarlo\Cookies\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Dati applicazioni\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Cronologia\History.IE5\MSHist012007033120070401\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\ntuser.dat Object is locked skipped C:\Documents and Settings\GianCarlo\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\itouch_crash_info.txt Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{00F87D74-BEA5-4A2D-B084-74FB0AAC5594}\RP113\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped C :\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped C :\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\~DFDD2C.tmp Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{00F87D74-BEA5-4A2D-B084-74FB0AAC5594}\RP113\change.log Object is locked skipped G:\System Volume Information\_restore{00F87D74-BEA5-4A2D-B084-74FB0AAC5594}\RP113\change.log Object is locked skipped Scan process completed. mi insospettisce la frase Object is locked skipped temo che ci possa essere qualche trojan

l'avevo fatto in modalità provvisoria qualche mese fa ma ora non mi ricordo piu bene come si fa , se mi indichi come fare ci proverò grazie

Grazie vorrei solo precisare che ho eseguito il log in modalità normale e non in modalità provvisoria avrei dovuto farlo in modalità provvisoria o va bene lo stesso?

Vorrei sottoporre il risultato della scansione kaspersky che ho fatto al mio pc in quanto ha rilevato molti files bloccati che nn sono stati controlalti..: KASPERSKY ONLINE SCANNER REPORTKASPERSKY ONLINE SCANNER REPORT Tuesday, December 12, 2006 7:14:50 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 12/12/2006 Kaspersky Anti-Virus database records: 236208 Scan Settings Scan using the following antivirus databasestandard Scan Archivestrue Scan Mail Basestrue Scan TargetMy Computer A:\ C:\ D:\ E:\ F:\ G:\ Scan Statistics Total number of scanned objects40570 Number of viruses found0 Number of infected objects0 / 0 Number of suspicious objects0 Duration of the scan process00:38:04 Infected Object NameVirus NameLast Action C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\0345_File_Monitoring_eventlog.rpt Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\detected.idx Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\detected.rpt Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\eventlog.rpt Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\report.rpt Object is locked skipped C:\Documents and Settings\GianCarlo\Cookies\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Cronologia\History.IE5\MSHist012006121220061213\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\NTUSER.DAT Object is locked skipped C:\Documents and Settings\GianCarlo\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\itouch_crash_info.txt Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{00F87D74-BEA5-4A2D-B084-74FB0AAC5594}\RP48\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\ATHLON2K.ldb Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\ZLT07f59.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT07f5c.TMP Object is locked skipped C:\WINDOWS\Temp\~DFDF41.tmp Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed. ringrazio in anticipo chi mi darà una spiegazione in merito

ciao steve tempestivo e disponibile come sempre senza il vostro aiuto e i vostri consigli io e quelli inesperti come me saremmo persi PS avrei una domanda da farti mi è stato consigliato questo sito per cpntrollare il PC dicendomi che è della microsoft http://safety.live.com dici che ci si può fidare?

ho fatto un controllo on line e il risultato è questo: Scanner Malware name AntiVir Heuristic/Malware ArcaVir X Avast X AVG Antivirus X BitDefender BehavesLike:Win32.AV-Killer ClamAV X Dr.Web Trojan.PWS.Lineage F-Prot Antivirus X F-Secure Anti-Virus X Fortinet X Kaspersky Anti-Virus Trojan-PSW.Win32.Nilage.aua NOD32 probably a variant of Win32/PSW.Lineage.DN Norman Virus Control X VirusBuster X VBA32 Trojan-PSW.Lineage.1 naturalmente non so come comportarmi, per cui sono di nuovo qui a chiedere aiuto finora ho sempre negato l'accesso mi sa che dovrò fare un abbonamento, grazie cmq dell'attenzione giancarlo

ciao steve per analizzarlo online ho scritto il nome del file nel controllo online di Malware scan ed è stato analizzato, come puoi vedere dal report che ho copiato nel mio primo post, se ricordo bene quando mi è stato segnalato dall'antivirus stavo facendo l'analisi completa in questo sito: http://safety.live.com/site/it-IT/default.htm cmq grazie dell'attenzione buona giornata

veramente il saluto io l'ho fatto, probabilmente spostando la discussione le prime righe sono andate perse, per cui risaluto nuovamente, nelle prime righe avevo anche scritto che l'antivirus antivir me lo ha segnalato in 2 momenti diversi, dicendo che questo file cercava di entrare nel mio PC, ma io ho sempre negato l'accesso, per cui non credo sia nel mio computer volevo soltanto sapere cosa fare in questi casi, se negare l'accesso o cliccare su delete, o se è la stessa cosa, ed in particolare se qualcuno conosce già questo file ciao e cmq grazie ancora per la sollecitudine che hai sempre nelle risposte, credo che in questi giorni se non ci fosse stato il tuo aiuto e l'aiuto degli altri moderatori avrei dovuto formattare il PC

da 2 giorni mi trovo il file desktop.ini, che tra l'altro, data la mia ignoranza in materia, non so cosa sia, ad ogni accensione del PC mi trovo aperti 2 blocco note che si chiamano desktop.ini ed inoltre mi trovo nel menu di partenza, facendo START - programmi, la voce desktop.ini, dando l'ok mi apre un altro blocco note denominato desktop.ini in questo blocco note vi è questa scritta: [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787 oppure [.ShellClassInfo] LocalizedResourceName=@shell32.dll,-21782 e poi non ho piu provato ad aprirlo non vorrei fosse nuovamente qualche malvare o qualche trojian ho provato a eliminarli ma ad ogni apertura si ricreano ringrazio in anticipo chi mi risponderà giancarlo

ho riavviato e non si è risolto, allora ho provato a fare un ripristino di configurazione di sistema ed al riavvio il pronlema è sparito... grazie mille dell'aiuto e della disponibilità ciao giancarlo

sono andato nel sito che mi hai indicato, ma non ho risolto ancora il problema, mi spiego: le istruzioni dicono di : Verificare che il file contenga le righe seguenti:[.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787Se il file contiene tali righe, fare clic con il pulsante destro del mouse sul file, scegliere Elimina, quindi Sì alla richiesta di confermare l'eliminazione sono un pò titubante perchè ho trovato l'esatta riga in unità:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica ed ho provveduto ad eliminare il file mentre in:•unità:\Documents and Settings\All Users\Menu Avvio\Programmi ho trovato il file desktop.ini con la riga: [.ShellClassInfo] LocalizedResourceName=@shell32.dll,-21782 e in:•unità:\Documents and Settings\All Users\Menu Avvio ho trovato il file desktop.ini con la riga:: [.ShellClassInfo] LocalizedResourceName=@shell32.dll,-21786 [LocalizedFileNames] Catalogo di Windows.lnk=@%SystemRoot%\system32\shell32.dll,-22075 Attivazione di Windows.lnk=@%SystemRoot%\system32\oobe\msoobe.exe,-2000 Impostazioni accesso ai programmi.lnk=@xpsp1res.dll,-10077 e non le ho eliminate, ho riavviato il computer ed il problema si è ripresentato, mi potresti dire se devo anche eliminare questi 2 files? non vorrei fare dei casini grazie ancora

Innanzitutto ciao a tutti, visto che sono un nuovo utente ed ecco subito il mio problema: qualche giorno fa il mio antivirus, ACTIVE VIRUS SHIELD" mi ha segnalato: Trojan program Trojan.win32.Obfuscated.z con la nota che non era possibile il "delete" dopo un minuto lo ha di nuovo segnalato e lo ha lasciato cancellare... sono andato nella cartella C:\Documents and Settings ed ho trovato una cartella il cui nome è:BJAGNkteJUGsf, e dentro di essa il file ntuser.dat, mentre nella cartella Documents and Settings un altro file dall ostesso nome: ntuser.dat ed un'altra cartella di nome BJAGNkteJUGsf.ATHLON2K con all'interno nuovamente il file ntuser.dat e alcune altre cartelle alcune delle quali nascoste premetto che non sono un esperto per cui scrivo cosa ho trovato..il pc continua a funzionare bene...però temo di avere qualche trojan o qualche malware, anche se il programma ad aware non lo rileva.... ho fatto scansione con Kaspersky Online Scanner e questo è il risultato: KASPERSKY ONLINE SCANNER REPORT Wednesday, November 08, 2006 7:32:56 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 8/11/2006 Kaspersky Anti-Virus database records: 225892 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ F:\ G:\ Scan Statistics Total number of scanned objects 49265 Number of viruses found 0 Number of infected objects 0 / 0 Number of suspicious objects 0 Duration of the scan process 00:57:52 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\02da_File_Monitoring_eventlog.rpt Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\detected.idx Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\detected.rpt Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\eventlog.rpt Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\report.rpt Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Cookies\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\ntuser.dat Object is locked skipped C:\Documents and Settings\GianCarlo\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\itouch_crash_info.txt Object is locked skipped C:\Programmi\File comuni\Services\ais.exe Object is locked skipped C:\Programmi\File comuni\Services\bXo.exe Object is locked skipped C:\Programmi\File comuni\Services\bYYV.exe Object is locked skipped C:\Programmi\File comuni\Services\cAqb.exe Object is locked skipped C:\Programmi\File comuni\Services\cLM.exe Object is locked skipped C:\Programmi\File comuni\Services\Dpnpr.exe Object is locked skipped C:\Programmi\File comuni\Services\EiB.exe Object is locked skipped C:\Programmi\File comuni\Services\EOky.exe Object is locked skipped C:\Programmi\File comuni\Services\Ewk.exe Object is locked skipped C:\Programmi\File comuni\Services\fCd.exe Object is locked skipped C:\Programmi\File comuni\Services\FlO.exe Object is locked skipped C:\Programmi\File comuni\Services\FOoM.exe Object is locked skipped C:\Programmi\File comuni\Services\FRr.exe Object is locked skipped C:\Programmi\File comuni\Services\FVK.exe Object is locked skipped C:\Programmi\File comuni\Services\fVQo.exe Object is locked skipped C:\Programmi\File comuni\Services\gjamy.exe Object is locked skipped C:\Programmi\File comuni\Services\gut.exe Object is locked skipped C:\Programmi\File comuni\Services\hdUl.exe Object is locked skipped C:\Programmi\File comuni\Services\hRL.exe Object is locked skipped C:\Programmi\File comuni\Services\hSQ.exe Object is locked skipped C:\Programmi\File comuni\Services\JUO.exe Object is locked skipped C:\Programmi\File comuni\Services\kfr.exe Object is locked skipped C:\Programmi\File comuni\Services\kKD.exe Object is locked skipped C:\Programmi\File comuni\Services\kke.exe Object is locked skipped C:\Programmi\File comuni\Services\kPSBWm.exe Object is locked skipped C:\Programmi\File comuni\Services\KsTNGx.exe Object is locked skipped C:\Programmi\File comuni\Services\njoLzN.exe Object is locked skipped C:\Programmi\File comuni\Services\nSOTnr.exe Object is locked skipped C:\Programmi\File comuni\Services\nZM.exe Object is locked skipped C:\Programmi\File comuni\Services\nZw.exe Object is locked skipped C:\Programmi\File comuni\Services\OBj.exe Object is locked skipped C:\Programmi\File comuni\Services\oYj.exe Object is locked skipped C:\Programmi\File comuni\Services\PJo.exe Object is locked skipped C:\Programmi\File comuni\Services\pKobQG.exe Object is locked skipped C:\Programmi\File comuni\Services\PsTX.exe Object is locked skipped C:\Programmi\File comuni\Services\qJcgUG.exe Object is locked skipped C:\Programmi\File comuni\Services\Qvv.exe Object is locked skipped C:\Programmi\File comuni\Services\SaX.exe Object is locked skipped C:\Programmi\File comuni\Services\soHOEf.exe Object is locked skipped C:\Programmi\File comuni\Services\SSJ.exe Object is locked skipped C:\Programmi\File comuni\Services\SUy.exe Object is locked skipped C:\Programmi\File comuni\Services\Tbo.exe Object is locked skipped C:\Programmi\File comuni\Services\tDj.exe Object is locked skipped C:\Programmi\File comuni\Services\tEU.exe Object is locked skipped C:\Programmi\File comuni\Services\TUr.exe Object is locked skipped C:\Programmi\File comuni\Services\TvT.exe Object is locked skipped C:\Programmi\File comuni\Services\tvVnh.exe Object is locked skipped C:\Programmi\File comuni\Services\uNI.exe Object is locked skipped C:\Programmi\File comuni\Services\vEP.exe Object is locked skipped C:\Programmi\File comuni\Services\VJm.exe Object is locked skipped C:\Programmi\File comuni\Services\wkVW.exe Object is locked skipped C:\Programmi\File comuni\Services\xFhSW.exe Object is locked skipped C:\Programmi\File comuni\Services\xlrzm.exe Object is locked skipped C:\Programmi\File comuni\Services\yEcPGi.exe Object is locked skipped C:\Programmi\File comuni\Services\yjt.exe Object is locked skipped C:\Programmi\File comuni\Services\YPZ.exe Object is locked skipped C:\Programmi\File comuni\Services\yVs.exe Object is locked skipped C:\Programmi\File comuni\Services\yYj.exe Object is locked skipped C:\Programmi\File comuni\Services\zKcIOZ.exe Object is locked skipped C:\Programmi\File comuni\Services\znn.exe Object is locked skipped C:\Programmi\File comuni\Services\zqV.exe Object is locked skipped C:\Programmi\File comuni\Services\ZrO.exe Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\~DFDE1D.tmp Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. _________________ temo che la frase che ho grassettata e le indicazioni"object is locked skipped" possano significare qualcosa di negativo, perchè quei file che sono bloccati e non è stato possibile al programma analizzarli....fanno parte proprio delle cartelle di Documents and setting.. ringrazio chi potrà cortesemente darmi qualche suggerimento per aiutarmi a risolvere il problema, ammesso che ci sia un problema , oppure tranquillizzarmi in merito alle mie paure

visto che sei così gentile ti faccio ancora qualche domanda: ho installato l'antivirus che mi hai consigliato ed ho disibnstallato quello che avevo.. Ho anche installato come controlli: PREVX1 e ZONE ALARM la combinazione di antivir prevx1 e zone alrm è una protezione sufficiente oppure devo aggiungerne qualcun altro? oppure sono incompatibili? ti ringrazio ancora per la disponibilità e l'aiuto che mi stai dando? ciao

ciao anche a te le 2 voci le ho fissate è solo una mia curiosità: le cartelle \LocalService..sono state create in C:\documents and settingsda questo malware? invece non capisco cosa intendi per svuotare la cartella, basta eliminarne il contenuto con elimina? per quanto riguarda l'antivirus, me ne puoi consigliare uno che vada bene? scusa ma sono un pò inesperto PS: sono stato nuovamente infettato oppure i tuoi consigli sono solo per precauzione? grazie ancora

eccomi di nuovo bisognoso d'aiuto oggi pomeriggio l'antivirus ACTIVE VIRUS SHELD mi ha segnalato un Malvare: EXPLOIT:VBS:Phel.a nel file C....\Content.IES\KTNC52Z/test-bid1467(1)htm con la segnalazione: File contains malvare and cannot be disinfected WRITE ACCESS IS DENIED c'era anche scritto che era impossibile "delete" ho cliccato su skip per uscire ma ora temo di nuovo di avere qualche problema perchè temo di avergli permesso ldi entrare nel mio PC cliccando su skip ho fatto 2 log, se per cortesia me li controllate ve ne sarò grato: Logfile of HijackThis v1.99.1 Scan saved at 17.45.25, on 12/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Programmi\AOL\Active Virus Shield\avp.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\Prevx1\PXAgent.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe C:\Programmi\Analog Devices\SoundMAX\SMTray.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\Logitech\iTouch\iTouch.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Conexant\Adsl\dslstat.exe C:\Program Files\Conexant\Adsl\dslagent.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\AOL\Active Virus Shield\avp.exe C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe C:\Programmi\Prevx1\PXConsole.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\GianCarlo\Desktop\AntiVirus Spyware\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/indexbb.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Programmi\AOL Security Toolbar\tbu2\AOL_security_toolbar.dll O4 - HKLM\..\Run: [smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [ASUS Probe] "C:\Program Files\ASUS\Probe\AsusProb.exe" O4 - HKLM\..\Run: [AdslTaskBar] "rundll32.exe" stmctrl.dll,TaskBar O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [mmtask] "C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\Conexant\Adsl\dslstat.exe" icon O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\Conexant\Adsl\dslagent.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [spywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx1\PXConsole.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\ccleaner.exe" /AUTO O4 - Startup: Avvia il browser Internet Explorer.lnk = C:\Programmi\Internet Explorer\iexplore.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{464787E7-BCC0-4823-96D6-A611B330F4E1}: NameServer = 85.37.17.41 85.38.28.83 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Sistema Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe e: KASPERSKY ONLINE SCANNER REPORT Sunday, November 12, 2006 5:43:42 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 12/11/2006 Kaspersky Anti-Virus database records: 240820 Scan SettingsScan using the following antivirus databaseextendedScan ArchivestrueScan Mail BasestrueScan TargetMy ComputerA:\ C:\ D:\ E:\ F:\ G:\ Scan StatisticsTotal number of scanned objects50327Number of viruses found0Number of infected objects0 / 0Number of suspicious objects0Duration of the scan process01:10:01 Infected Object NameVirus NameLast ActionC:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\05a6_File_Monitoring_eventcritlog.rpt Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\05a6_File_Monitoring_eventlog.rpt Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\detected.idx Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\detected.rpt Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\eventlog.rpt Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\AOL\AVP6\Report\report.rpt Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\Prevx\Local.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Cookies\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Cronologia\History.IE5\MSHist012006111220061113\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR2C.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR2F.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR3A.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR3C.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR3D.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\ntuser.dat Object is locked skipped C:\Documents and Settings\GianCarlo\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\GianCarlo\UserData\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\itouch_crash_info.txt Object is locked skipped C:\Programmi\Prevx1\lclbrk.cache Object is locked skipped C:\Programmi\Prevx1\log\px-log.txt Object is locked skipped C:\Programmi\Prevx1\paws.cache Object is locked skipped C:\Programmi\Prevx1\prevx.cache Object is locked skipped C:\Programmi\Prevx1\proc.cat Object is locked skipped C:\Programmi\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped C:\Programmi\Webroot\Spy Sweeper\Masters\Masters.mst Object is locked skipped C:\Programmi\Webroot\Spy Sweeper\Masters.base Object is locked skipped C:\System Volume Information\_restore{00F87D74-BEA5-4A2D-B084-74FB0AAC5594}\RP11\A0034175.exe Object is locked skipped C:\System Volume Information\_restore{00F87D74-BEA5-4A2D-B084-74FB0AAC5594}\RP11\A0034176.exe Object is locked skipped C:\System Volume Information\_restore{00F87D74-BEA5-4A2D-B084-74FB0AAC5594}\RP11\A0034177.exe Object is locked skipped C:\System Volume Information\_restore{00F87D74-BEA5-4A2D-B084-74FB0AAC5594}\RP11\A0034178.exe Object is locked skipped C:\System Volume Information\_restore{00F87D74-BEA5-4A2D-B084-74FB0AAC5594}\RP15\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\ATHLON2K.ldb Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\ZLT07469.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT0746c.TMP Object is locked skipped C:\WINDOWS\Temp\~DFF78B.tmp Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\_cleaned.tmp Object is locked skipped D:\System Volume Information\_restore{00F87D74-BEA5-4A2D-B084-74FB0AAC5594}\RP15\change.log Object is locked skipped G:\System Volume Information\_restore{00F87D74-BEA5-4A2D-B084-74FB0AAC5594}\RP15\change.log Object is locked skipped Scan process completed.

Ho seguito le istruzioni alla lettera, poi ho spento e riavviato e quelle 2 cartelle MALEDETTE non ci sono più devo ancora fare qualche controllo o posso stare tranquillo? cmq vi ringrazio veramente tanto senza di voi non so proprio cosa avrei potuto fare,anzi lo so... FORMATTARE IL DISCO FISSO ciao

Aggiungo anche questo LOG ho evidenziato alcuni file, esattamente 4 che in un LOG precedente mi erano stati segnalati comesintomi di infezione da:Gromozon/LinkOptimizer KASPERSKY ONLINE SCANNER REPORT Saturday, November 11, 2006 5:53:01 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 11/11/2006 Kaspersky Anti-Virus database records: 240626 Scan SettingsScan using the following antivirus databaseextendedScan ArchivestrueScan Mail BasestrueScan TargetMy ComputerA:\ C:\ D:\ E:\ F:\ G:\ Scan StatisticsTotal number of scanned objects50325Number of viruses found0Number of infected objects0 / 0Number of suspicious objects0Duration of the scan process00:56:26 Infected Object NameVirus NameLast ActionC:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\Prevx\Local.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Cookies\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Cronologia\History.IE5\MSHist012006111120061112\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR11.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR12.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR13.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR14.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR15.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR16.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR17.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR18.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR19.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR1A.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR1B.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR1C.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR1D.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR1E.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR1F.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR20.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR21.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR22.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR23.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR24.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR25.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR26.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR27.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR28.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR29.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR2A.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR2B.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR2C.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR2D.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR2E.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR2F.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR30.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR31.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR32.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR33.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR34.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR35.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR36.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR37.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR38.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR39.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR3A.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR3B.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR3C.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR3D.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR3E.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR3F.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR40.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR41.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR42.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR43.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR44.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR45.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR46.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR47.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR48.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR49.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temp\PXR4A.tmp Object is locked skipped C:\Documents and Settings\GianCarlo\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\GianCarlo\ntuser.dat Object is locked skipped C:\Documents and Settings\GianCarlo\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\GianCarlo\UserData\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\itouch_crash_info.txt Object is locked skipped C:\Programmi\File comuni\Services\FVK.exe Object is locked skipped C:\Programmi\File comuni\Services\nZw.exe Object is locked skipped C:\Programmi\File comuni\Services\Qvv.exe Object is locked skipped C:\Programmi\File comuni\Services\YPZ.exe Object is locked skipped C:\Programmi\Prevx1\lclbrk.cache Object is locked skipped C:\Programmi\Prevx1\log\px-log.txt Object is locked skipped C:\Programmi\Prevx1\paws.cache Object is locked skipped C:\Programmi\Prevx1\prevx.cache Object is locked skipped C:\Programmi\Prevx1\proc.cat Object is locked skipped C:\Programmi\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped C:\Programmi\Webroot\Spy Sweeper\Masters\Masters.mst Object is locked skipped C:\Programmi\Webroot\Spy Sweeper\Masters.base Object is locked skipped C:\System Volume Information\_restore{00F87D74-BEA5-4A2D-B084-74FB0AAC5594}\RP11\change.log Object is locked skipped C:\VEXPLITE\GianCarlo\reg.dat Object is locked skipped C:\VEXPLITE\reg_ecc.dat Object is locked skipped C:\VEXPLITE\VIRITMON.LOG Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\ATHLON2K.ldb Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\ZLT0050c.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT0050f.TMP Object is locked skipped C:\WINDOWS\Temp\~DFECB6.tmp Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\_cleaned.tmp Object is locked skipped Scan process completed.

ho seguito le tue istruzioni, l'unica cosa è che dopo aver cancellato i file presenti in quelle 2 cartelle, stranamente in ognuna di queste sono rimaste delle cartelle che sono vuote, almeno apparentemente, non vi sono neppure files nascosti...però non vengono segnalate come "cartelle vuote" ma se vado in proprietà vedo che una è di 62 bytes,una di 179 e così via....mi sembra molto strano....cmq ho spento e riacceso il PC e non si sono più creati quei files che ho cancellato...rimangono soltanto le cartelle apparentemente vuote di cui ho parlato sopra.. .e in piu si è ricreato il file "ntuser.dat" Che temo sia il files che al prossimo avvio mi ricreerà tutto come devo agire con queste cartelle? ho il terrore che al prossimo avvio torni tutto come prima ti posto ora il log: Logfile of HijackThis v1.99.1 Scan saved at 14.05.24, on 11/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Programmi\AOL\Active Virus Shield\avp.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\Prevx1\PXAgent.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\VEXPLITE\viritsvc.exe C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe C:\Programmi\Analog Devices\SoundMAX\SMTray.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\Logitech\iTouch\iTouch.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Conexant\Adsl\dslstat.exe C:\Program Files\Conexant\Adsl\dslagent.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\AOL\Active Virus Shield\avp.exe C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe C:\Programmi\Prevx1\PXConsole.exe C:\VEXPLITE\MONLITE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programmi\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\GianCarlo\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/indexbb.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Programmi\AOL Security Toolbar\tbu2\AOL_security_toolbar.dll O4 - HKLM\..\Run: [smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [ASUS Probe] "C:\Program Files\ASUS\Probe\AsusProb.exe" O4 - HKLM\..\Run: [AdslTaskBar] "rundll32.exe" stmctrl.dll,TaskBar O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [mmtask] "C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\Conexant\Adsl\dslstat.exe" icon O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\Conexant\Adsl\dslagent.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [spywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx1\PXConsole.exe" O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Avvia il browser Internet Explorer.lnk = C:\Programmi\Internet Explorer\iexplore.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{464787E7-BCC0-4823-96D6-A611B330F4E1}: NameServer = 85.37.17.41 85.38.28.83 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe O23 - Service: Sistema Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe grazie per l'aiuto, spero che vada tutto bene ciao

2) GMER 1.0.12.11889 - http://www.gmer.net Autostart scan 2006-11-11 09:40:19 Windows 5.1.2600 Service Pack 2 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe, HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>> klogon@DLLName = C:\WINDOWS\system32\klogon.dll WRNotifier@DLLName = WRLogonNTF.dll HKLM\SYSTEM\CurrentControlSet\Services\ >>> Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe AVP /*Active Virus Shield*/@ = "C:\Programmi\AOL\Active Virus Shield\avp.exe" -r LogDze /*LogDze*/@ = "C:\Programmi\File comuni\Services\tvVnh.exe" /*file not found*/ MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe" PREVXAgent /*Prevx Agent*/@ = "C:\Programmi\Prevx1\PXAgent.exe" -f ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe WebrootSpySweeperService /*Sistema Webroot Spy Sweeper*/@ = "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @SmappC:\Programmi\Analog Devices\SoundMAX\SMTray.exe = C:\Programmi\Analog Devices\SoundMAX\SMTray.exe @NeroCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe @ATIPTA"C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" = "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" @zBrowser LauncherC:\Programmi\Logitech\iTouch\iTouch.exe = C:\Programmi\Logitech\iTouch\iTouch.exe @ASUS Probe"C:\Program Files\ASUS\Probe\AsusProb.exe" = "C:\Program Files\ASUS\Probe\AsusProb.exe" @AdslTaskBar"rundll32.exe" stmctrl.dll,TaskBar = "rundll32.exe" stmctrl.dll,TaskBar @Adobe Photo Downloader"C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" = "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" @SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe" @mmtask"C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" = "C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" @DSLSTATEXE"C:\Program Files\Conexant\Adsl\dslstat.exe" icon = "C:\Program Files\Conexant\Adsl\dslstat.exe" icon @DSLAGENTEXE"C:\Program Files\Conexant\Adsl\dslagent.exe" = "C:\Program Files\Conexant\Adsl\dslagent.exe" @QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime @aol"C:\Programmi\AOL\Active Virus Shield\avp.exe" = "C:\Programmi\AOL\Active Virus Shield\avp.exe" @SpywareTerminator"C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" = "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" @PrevxOne"C:\Programmi\Prevx1\PXConsole.exe" = "C:\Programmi\Prevx1\PXConsole.exe" @VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE HKCU\Software\Microsoft\Windows\CurrentVersion\Run@CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/ @{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) = @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL @{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll @{FED7043D-346A-414D-ACD7-550D052499A7} /*dBpowerAMP Music Converter 1*/C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dBShell.dll @{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} /*dBpowerAMP Music Converter*/C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll = C:\Programmi\Illustrate\dBpowerAMP\dMCShell.dll @{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll @{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll @{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL @{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL @{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL @{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL @{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL @{A5110426-177D-4e08-AB3F-785F10B4439C} /*Sony Ericsson Gestione file*/C:\Programmi\Sony Ericsson\Mobile\File Manager\fmgrgui.dll = C:\Programmi\Sony Ericsson\Mobile\File Manager\fmgrgui.dll @{7C9D5882-CB4A-4090-96C8-430BFE8B795B} /*Webroot Spy Sweeper Context Menu Integration*/C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>> Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\AOL\Active Virus Shield\shellex.dll MyPhoneExplorer@{2D30AAA2-9084-4686-B8B9-B9B62EEFFD4E} = C:\Programmi\MyPhoneExplorer\DLL\ShellMgr.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\AOL\Active Virus Shield\shellex.dll SpySweeper@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>> @{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll @{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll = C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\ASUSFE~1.SCR HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main >>> @Start Pagehttp://www.alice.it/oggi/indexbb.html = http://www.alice.it/oggi/indexbb.html @Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL HKLM\Software\Classes\PROTOCOLS\Handler\ >>> cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll its@CLSID = C:\WINDOWS\System32\itss.dll lid@CLSID = C:\WINDOWS\System32\msvidctl.dll mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll ms-its@CLSID = C:\WINDOWS\System32\itss.dll ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL tv@CLSID = C:\WINDOWS\system32\msvidctl.dll HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll C:\Documents and Settings\GianCarlo\Menu Avvio\Programmi\Esecuzione automatica = Avvia il browser Internet Explorer.lnk C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>> Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk Logitech Desktop Messenger.lnk = Logitech Desktop Messenger.lnk Microsoft Office.lnk = Microsoft Office.lnk ---- EOF - GMER 1.0.12 ---- 3) Logfile of HijackThis v1.99.1 Scan saved at 9.52.04, on 11/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Programmi\AOL\Active Virus Shield\avp.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\Prevx1\PXAgent.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\VEXPLITE\viritsvc.exe C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe C:\Programmi\Analog Devices\SoundMAX\SMTray.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\Logitech\iTouch\iTouch.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Conexant\Adsl\dslstat.exe C:\Program Files\Conexant\Adsl\dslagent.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\AOL\Active Virus Shield\avp.exe C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe C:\Programmi\Prevx1\PXConsole.exe C:\VEXPLITE\MONLITE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programmi\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\GianCarlo\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/indexbb.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {153F50E2-2ED3-AF5E-97B0-F0BCB9A6253D} - (no file) O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Programmi\AOL Security Toolbar\tbu2\AOL_security_toolbar.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [ASUS Probe] "C:\Program Files\ASUS\Probe\AsusProb.exe" O4 - HKLM\..\Run: [AdslTaskBar] "rundll32.exe" stmctrl.dll,TaskBar O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [mmtask] "C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\Conexant\Adsl\dslstat.exe" icon O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\Conexant\Adsl\dslagent.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [spywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx1\PXConsole.exe" O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Avvia il browser Internet Explorer.lnk = C:\Programmi\Internet Explorer\iexplore.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

ECCOI I LOG che mi hai suggerito: 1) GMER 1.0.12.11889 - http://www.gmer.net Rootkit scan 2006-11-11 09:38:53 Windows 5.1.2600 Service Pack 2 [/size] ---- System - GMER 1.0.12 ---- SSDT pxfsf.sys ZwAlertResumeThread SSDT pxfsf.sys ZwAllocateUserPhysicalPages SSDT pxfsf.sys ZwAllocateVirtualMemory SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose SSDT pxfsf.sys ZwCompactKeys SSDT pxfsf.sys ZwCompressKey SSDT pxfsf.sys ZwCreateDirectoryObject SSDT pxfsf.sys ZwCreateEvent SSDT pxfsf.sys ZwCreateEventPair SSDT pxfsf.sys ZwCreateFile SSDT pxfsf.sys ZwCreateIoCompletion SSDT pxfsf.sys ZwCreateJobObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey SSDT pxfsf.sys ZwCreateMailslotFile SSDT pxfsf.sys ZwCreateMutant SSDT pxfsf.sys ZwCreateNamedPipeFile SSDT pxfsf.sys ZwCreatePort SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection SSDT pxfsf.sys ZwCreateSemaphore SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread SSDT pxfsf.sys ZwCreateTimer SSDT pxfsf.sys ZwCreateToken SSDT pxfsf.sys ZwDeleteFile SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey SSDT pxfsf.sys ZwDeviceIoControlFile SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey SSDT pxfsf.sys ZwFreeUserPhysicalPages SSDT pxfsf.sys ZwFreeVirtualMemory SSDT pxfsf.sys ZwImpersonateAnonymousToken SSDT pxfsf.sys ZwImpersonateThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry SSDT pxfsf.sys ZwLoadDriver SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2 SSDT pxfsf.sys ZwLockRegistryKey SSDT pxfsf.sys ZwLockVirtualMemory SSDT pxfsf.sys ZwMapViewOfSection SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey SSDT pxfsf.sys ZwOpenFile SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess SSDT pxfsf.sys ZwOpenProcessToken SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection SSDT pxfsf.sys ZwOpenThread SSDT pxfsf.sys ZwOpenThreadToken SSDT pxfsf.sys ZwProtectVirtualMemory SSDT pxfsf.sys ZwQueryInformationProcess SSDT pxfsf.sys ZwQueryInformationThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey SSDT pxfsf.sys ZwQueryOpenSubKeys SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey SSDT pxfsf.sys ZwQueueApcThread SSDT pxfsf.sys ZwReadFile SSDT pxfsf.sys ZwReadVirtualMemory SSDT pxfsf.sys ZwRenameKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey SSDT pxfsf.sys ZwResumeProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey SSDT pxfsf.sys ZwSaveKeyEx SSDT pxfsf.sys ZwSaveMergedKeys SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess SSDT pxfsf.sys ZwSetInformationThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject SSDT pxfsf.sys ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey SSDT pxfsf.sys ZwSuspendProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread SSDT pxfsf.sys ZwSystemDebugControl SSDT pxfsf.sys ZwTerminateJobObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess SSDT pxfsf.sys ZwTerminateThread SSDT pxfsf.sys ZwUnloadDriver SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey SSDT pxfsf.sys ZwUnloadKeyEx SSDT pxfsf.sys ZwUnlockVirtualMemory SSDT pxfsf.sys ZwUnmapViewOfSection SSDT pxfsf.sys ZwWriteFile SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296] Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.12 ---- .text ntoskrnl.exe!KiDispatchInterrupt + C0 804DBEC3 7 Bytes JMP F0FDC120 \??\C:\WINDOWS\system32\drivers\klif.sys .text ntoskrnl.exe!_abnormal_termination + D7 804E2DA8 24 Bytes .text ntoskrnl.exe!_abnormal_termination + F3 804E2DC4 16 Bytes .text ntoskrnl.exe!_abnormal_termination + 107 804E2DD8 12 Bytes .text ntoskrnl.exe!_abnormal_termination + 117 804E2DE8 24 Bytes .text ntoskrnl.exe!_abnormal_termination + 1D3 804E2EA4 12 Bytes .text ... .text ntoskrnl.exe!IoIsOperationSynchronous 804E8EBA 5 Bytes JMP F0FD92A0 \??\C:\WINDOWS\system32\drivers\klif.sys .text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804FDAF1 5 Bytes JMP F0FD8E10 \??\C:\WINDOWS\system32\drivers\klif.sys ---- User code sections - GMER 1.0.12 ---- .text C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe[228] kernel32.dll!CreateThread + 1A 7C810849 4 Bytes ---- Devices - GMER 1.0.12 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 81AE44B0 Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 81944DA8 Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE 81943EA0 Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 81943570 Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 81942368 Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 81947EA0 Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 81AD09C0 Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 81AD06E0 Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 81AE41E8 Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 81AE4DB0 Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 81AE0C00 Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 81ACC610 Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 81AE5D60 Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 8193CA20 Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 81ACA2C0 Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL 819F11F0 Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN 81940CA8 Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 81940C30 Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 81940BB8 Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 81940810 Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 81940798 Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 81940720 Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 81940378 Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 81940300 Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 81940288 Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 8193FEB0 Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 8193FE38 Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 8193FDC0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 81AE44B0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 81944DA8 Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE 81943EA0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 81943570 Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 81942368 Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 81947EA0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 81AD09C0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 81AD06E0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 81AE41E8 Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 81AE4DB0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 81AE0C00 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 81ACC610 Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 81AE5D60 Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 8193CA20 Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 81ACA2C0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 819F11F0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 81940CA8 Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 81940C30 Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 81940BB8 Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 81940810 Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 81940798 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 81940720 Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 81940378 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 81940300 Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 81940288 Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 8193FEB0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 8193FE38 Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 8193FDC0 Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 81AE44B0 Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE 81944DA8 Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE 81943EA0 Device \Driver\Tcpip \Device\Udp IRP_MJ_READ 81943570 Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 81942368 Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 81947EA0 Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION 81AD09C0 Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA 81AD06E0 Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 81AE41E8 Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 81AE4DB0 Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION 81AE0C00 Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION 81ACC610 Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL 81AE5D60 Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL 8193CA20 Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL 81ACA2C0 Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL 819F11F0 Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN 81940CA8 Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL 81940C30 Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP 81940BB8 Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT 81940810 Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY 81940798 Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY 81940720 Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER 81940378 Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL 81940300 Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE 81940288 Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA 8193FEB0 Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA 8193FE38 Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP 8193FDC0 Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 81AE44B0 Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE 81944DA8 Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE 81943EA0 Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ 81943570 Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 81942368 Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 81947EA0 Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION 81AD09C0 Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA 81AD06E0 Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 81AE41E8 Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 81AE4DB0 Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION 81AE0C00 Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION 81ACC610 Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL 81AE5D60 Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL 8193CA20 Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL 81ACA2C0 Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL 819F11F0 Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN 81940CA8 Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL 81940C30 Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP 81940BB8 Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT 81940810 Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY 81940798 Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY 81940720 Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER 81940378 Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL 81940300 Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE 81940288 Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA 8193FEB0 Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA 8193FE38 Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP 8193FDC0 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 81AE44B0 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE 81944DA8 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE 81943EA0 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_READ 81943570 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE 81942368 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION 81947EA0 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION 81AD09C0 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA 81AD06E0 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA 81AE41E8 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS 81AE4DB0 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION 81AE0C00 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION 81ACC610 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL 81AE5D60 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL 8193CA20 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL 81ACA2C0 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL 819F11F0 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN 81940CA8 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL 81940C30 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP 81940BB8 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT 81940810 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY 81940798 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY 81940720 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER 81940378 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL 81940300 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE 81940288 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA 8193FEB0 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA 8193FE38 Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP 8193FDC0 ---- Threads - GMER 1.0.12 ---- Thread 4:128 81A89950 Thread 4:132 81A67C60 Thread 4:136 81A67C60 ---- Files - GMER 1.0.12 ---- ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2A81F9CE ---- EOF - GMER 1.0.12 ----