Aiuto killav.oe

[MAXIMILIAM]

Ciao a tutti,
da qualche giorno, quando accendo il pc il mio antivirus Avira-Antivir mi segnala un virus o trojan dal nome KILLAV.OE
Qualcuno mi può aiutare ? Posto il log
Logfile of HijackThis v1.99.1
Scan saved at 22.34.01, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HijackThis\hijackthis_199\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] "C:\Programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/do ... se5059.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7963381593
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D357A55-6D7D-4F2D-98C3-2CB1CA1E00E5}: NameServer = 85.37.17.4 85.38.28.70
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

Grazie

[Luke57]

Ciao, apri hijackthis, premi "do a system scan only", cerca e spunta la voce seguente:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

premi fix checked.

[MAXIMILIAM]

Ciao,
OK fatto. Ora sembra tutto a posto.

Grazie mille

[SiriodeJaneiro]

ciao a tutti

ho un problema simile ma il trojan si chiama appunto killav.hp, avg me lo becca al caricamento di windows, lo elimina, ma puntualmente si ripresenta ogni volta

questo è il log di hijackthis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19.38.25, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\Documents and Settings\Utente\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmi\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DF40BE8-0E8D-4A76-9251-DE5A6A6487EB}: NameServer = 62.211.69.150 212.48.4.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{2DF40BE8-0E8D-4A76-9251-DE5A6A6487EB}: NameServer = 62.211.69.150 212.48.4.15
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe

Qualche esperto che mi da una mano?
Grazie

[andysoon]

Ciao.. anch'io ho lo stesso problema.. e non so proprio come risolverlo... qualcuno mi potrebbe aiutare? Grazie
Logfile of HijackThis v1.99.1
Scan saved at 21.36.49, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Andrea\IMPOST~1\Temp\Rar$EX00.032\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\system32\G-VGA.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\ADSL\CnxDslTb.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 0764456830
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/it/it/tools/activex/fpu.cab
O16 - DPF: {7F8B1F27-AE54-479D-AACF-0A7B2334E7EE} (HTTPUplListX Control) - http://stampafoto.mediaworld.it/HTTPUplList.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.gazzettino.it/script/AxisCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3CF862B-8240-45B7-B41E-2FA7FD7EEBC5}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[Luke57]

@ andysoon
@SiriodeJaneiro i

Ciao, fate uno scan on line con kaspersky a questo punto:

http://www.kaspersky.com/service?chapter=161739400
1.Clicca su Kaspersky Online Scanner
2.Scarica un componente ActiveX da Kaspersky, Clicca su "Yes."
3.Attendi la fine del download
4.Clicca su "Next"
5.Clicca su "Scan Settings"
6.Assicurati che siano spuntate le seguenti voci
Scan using the following Anti-Virus database:
Extended
spunta le voci di "Scan options"
Scan Archives
Scan Mail Bases
7.Clicca su "OK"
8.Scegli "My computer"
Attendi la fine della scansione,se viene rilevato qualcosa salva il rapporto cliccando su "Save as Text"

Incollatr il report dello scan.

[andysoon]

Mi blocco già al punto 2. Quando clicco su Kaspersky online scanner mi si apre una finestra, clicco su accept, ma non succede nulla.

[SiriodeJaneiro]

x andy: lo scan funziona solo con explorer


Ciao Luke, questo è il report di Kaspersky:


KASPERSKY ONLINE SCANNER REPORT
Saturday, February 16, 2008 7:37:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/02/2008
Kaspersky Anti-Virus database records: 569242


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 44801
Number of viruses found 1
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 00:44:25

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Utente\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\jgjoq3zm.default\cert8.db Object is locked skipped

C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\jgjoq3zm.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\jgjoq3zm.default\history.dat Object is locked skipped

C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\jgjoq3zm.default\key3.db Object is locked skipped

C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\jgjoq3zm.default\parent.lock Object is locked skipped

C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\jgjoq3zm.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\jgjoq3zm.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Cronologia\History.IE5\MSHist012008021620080217\index.dat Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\denghiuz@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\denghiuz@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\denghiuz@hotmail.com\SharingMetadata\Working\database_A050_C1B2_50C1_9008\dfsr.db Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\denghiuz@hotmail.com\SharingMetadata\Working\database_A050_C1B2_50C1_9008\fsr.log Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\denghiuz@hotmail.com\SharingMetadata\Working\database_A050_C1B2_50C1_9008\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\denghiuz@hotmail.com\SharingMetadata\Working\database_A050_C1B2_50C1_9008\tmp.edb Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\denghiuz@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\denghiuz@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\jgjoq3zm.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\jgjoq3zm.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\jgjoq3zm.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\jgjoq3zm.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Temp\1108250945.exe Infected: Trojan.Win32.Dialer.abi skipped

C:\Documents and Settings\Utente\Impostazioni locali\Temp\131732048.exe Infected: Trojan.Win32.Dialer.abi skipped

C:\Documents and Settings\Utente\Impostazioni locali\Temp\1409946321.exe Infected: Trojan.Win32.Dialer.abi skipped

C:\Documents and Settings\Utente\Impostazioni locali\Temp\1481311461.exe Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Temp\1839571113.exe Infected: Trojan.Win32.Dialer.abi skipped

C:\Documents and Settings\Utente\Impostazioni locali\Temp\~DF7AAA.tmp Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Temp\~DF7BFC.tmp Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Temp\~DF9E4B.tmp Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Temp\~DF9F39.tmp Object is locked skipped

C:\Documents and Settings\Utente\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Utente\ntuser.dat Object is locked skipped

C:\Documents and Settings\Utente\ntuser.dat.LOG Object is locked skipped

C:\sti.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{39BC2D89-BAE7-405E-97DF-84EEE44B5AA3}\RP215\A0013840.exe Object is locked skipped

C:\System Volume Information\_restore{39BC2D89-BAE7-405E-97DF-84EEE44B5AA3}\RP252\A0016523.exe Object is locked skipped

C:\System Volume Information\_restore{39BC2D89-BAE7-405E-97DF-84EEE44B5AA3}\RP252\A0016524.exe Object is locked skipped

C:\System Volume Information\_restore{39BC2D89-BAE7-405E-97DF-84EEE44B5AA3}\RP252\A0016532.exe Object is locked skipped

C:\System Volume Information\_restore{39BC2D89-BAE7-405E-97DF-84EEE44B5AA3}\RP252\A0016533.exe Object is locked skipped

C:\System Volume Information\_restore{39BC2D89-BAE7-405E-97DF-84EEE44B5AA3}\RP252\A0016534.EXE Object is locked skipped

C:\System Volume Information\_restore{39BC2D89-BAE7-405E-97DF-84EEE44B5AA3}\RP254\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[Luke57]

@andysoon
Ciao, scarica findawf da qui:
http://noahdfear.geekstogo.com/FindAWF.exe
lo lanci, nella finestra dos che si apre premi 1, attendi lo scan e incolli il report che troverai in C:\findawf.txt.

[Luke57]

@siriodejaneiro
Ciao, scarica, se non l'hai, ATF cleaner da qui:
http://www.majorgeeks.com/ATF_Cleaner_d4949.htmlù
riavvi in modalità provvisoria, premendo ripetutamente il tasto f8 all'accensione del computer prima che si carichi windows.
Poi avvia ATF cleaner , seleziona “Select All” , nella barra del menù in alto compariranno anche le voci dei vostri browers, (Firofox o Opera) premi sulla voce di menu che riguarda il tuo brower e seleziona anche lì la casella “Select All“, (se volete mantenere le password deselezionate la rispettiva casella).
Premi sul pulsante “Empty selected” e attendi che venga mostrato il messaggio “Done Cleaning!.” la pulizia è terminata.
Poi anche tu, scarica findawf (trovi link e istruzioni) nel mio post precedente.

[SiriodeJaneiro]

fatto, questo è il report di findawf:



Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 50C1-9008

Directory di C:\PROGRA~1\MSNMES~1\BAK

0 File 0 byte
2 Directory 157.517.443.072 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 50C1-9008

Directory di C:\WINDOWS\SYSTEM32\BAK

30/08/2004 21.00 15.360 ctfmon.exe
09/07/2001 11.50 155.648 NeroCheck.exe
2 File 171.008 byte
2 Directory 157.517.443.072 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 50C1-9008

Directory di C:\PROGRA~1\CREATIVE\SHARED~2\BAK

30/07/2004 11.04 245.760 CAMTRAY.EXE
1 File 245.760 byte
2 Directory 157.517.438.976 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 50C1-9008

Directory di C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

18/09/2006 11.08 29.696 PDVDServ.exe
1 File 29.696 byte
2 Directory 157.517.438.976 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 50C1-9008

Directory di C:\PROGRA~1\GRISOFT\AVG7\BAK

24/10/2007 18.13 579.072 avgcc.exe
1 File 579.072 byte
2 Directory 157.517.438.976 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 50C1-9008

Directory di C:\PROGRA~1\CYBERL~1\POWERDVD\LANGUAGE\BAK

29/09/2006 21.58 49.152 Language.exe
1 File 49.152 byte
2 Directory 157.517.438.976 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 50C1-9008

Directory di C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK

15/12/2006 03.23 75.520 jusched.exe
1 File 75.520 byte
2 Directory 157.517.438.976 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 50C1-9008

Directory di C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

06/06/2005 23.46 57.344 apdproxy.exe
1 File 57.344 byte
2 Directory 157.517.438.976 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

15360 30 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 30 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
245760 30 Jul 2004 "C:\Programmi\Creative\Shared Files\bak\CAMTRAY.EXE"
29696 18 Sep 2006 "C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe"
579072 20 Dec 2007 "C:\Programmi\Grisoft\AVG7\avgcc.exe"
579072 24 Oct 2007 "C:\Programmi\Grisoft\AVG7\bak\avgcc.exe"
49152 29 Sep 2006 "C:\Programmi\CyberLink\PowerDVD\Language\bak\Language.exe"
75520 15 Dec 2006 "C:\Programmi\Java\jre1.5.0_11\bin\bak\jusched.exe"
57344 6 Jun 2005 "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"


end of report

[Luke57]

@siriodejaneiro
Ciao, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte seguenti:

files to move:
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bak\NeroCheck.exe | C:\WINDOWS\system32\NeroCheck.exe
C:\Programmi\Grisoft\AVG7\bak\avgcc.exe | C:\Programmi\Grisoft\AVG7\avgcc.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe | C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\CyberLink\PowerDVD\Language\bak\Language.exe | C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe | C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Creative\Shared Files\bak\CAMTRAY.EXE | C:\Programmi\Creative\Shared Files\CAMTRAY.EXE


Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi ok e poi yes.
Il pc dovrebbe riavviarsi da solo, se così non fosse riavvialo manualmente.
Posta il log generato da avenger, lo trovi in C:\avenger.txt è un file di testo.
Inoltre, disistalla la jre ormai vecchia e installa la nuova dall'apposito sito.

[SiriodeJaneiro]

ciao Luke, questo è il report di avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gaaobmxu

*******************

Script file located at: \??\C:\ekgsldsk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File move operation C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe completed successfully.
File move operation C:\Programmi\Grisoft\AVG7\bak\avgcc.exe|C:\Programmi\Grisoft\AVG7\avgcc.exe completed successfully.
File move operation C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe|C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe completed successfully.
File move operation C:\Programmi\CyberLink\PowerDVD\Language\bak\Language.exe|C:\Programmi\CyberLink\PowerDVD\Language\Language.exe completed successfully.
File move operation C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe|C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe completed successfully.
File move operation C:\Programmi\Creative\Shared Files\bak\CAMTRAY.EXE|C:\Programmi\Creative\Shared Files\CAMTRAY.EXE completed successfully.

Completed script processing.

*******************

Finished! Terminate.


Disinstallare la jre intendi eliminare la cartella jre o devo rimuovere J2SE da installazione applicazioni?

[Luke57]

Ciao, la devi disistallare e reinstallare la versione più recente.

[mich74]

ciao a tutti io sono nuovo del forum...anch'io ho trovato questo trojan horse sul pc di un mio amico
questo è il risultato da hijackthis....cosa devo fare?

Logfile of HijackThis v1.99.1
Scan saved at 20.52.36, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ilaria\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\PROGRAMMI\WINBUDGET\BIN\MATRIX.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmi\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAD002DB-A457-40E2-B071-852AF83F2631}: NameServer = 85.37.17.56 85.38.28.98
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

GRAZIE MILLE

MICHELE

[Luke57]

Ciao, scarica findawf da qui:
http://noahdfear.geekstogo.com/FindAWF.exe
lo lanci, nella finestra dos che si apre premi 1, attendi lo scan e incolli il report che troverai in C:\findawf.txt.

[mich74]

ciao posto il testo dopo aver fatto la scansione con findawf


Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: C8C6-10DB

Directory di C:\PROGRA~1\ITUNES\BAK

15/11/2007 13.11 267.048 iTunesHelper.exe
1 File 267.048 byte
2 Directory 25.116.139.520 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: C8C6-10DB

Directory di C:\PROGRA~1\MSNMES~1\BAK

0 File 0 byte
2 Directory 25.116.139.520 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: C8C6-10DB

Directory di C:\PROGRA~1\QUICKT~1\BAK

14/11/2007 23.43 286.720 qttask.exe
1 File 286.720 byte
2 Directory 25.116.135.424 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: C8C6-10DB

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 14.39 15.360 ctfmon.exe
1 File 15.360 byte
2 Directory 25.116.135.424 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: C8C6-10DB

Directory di C:\PROGRA~1\GRISOFT\AVG7\BAK

30/12/2007 12.15 579.072 avgcc.exe
1 File 579.072 byte
2 Directory 25.116.135.424 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: C8C6-10DB

Directory di C:\PROGRA~1\MICROS~1\OFFICE12\BAK

27/10/2006 00.47 31.016 GrooveMonitor.exe
1 File 31.016 byte
2 Directory 25.116.135.424 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: C8C6-10DB

Directory di C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

25/09/2007 01.11 132.496 jusched.exe
1 File 132.496 byte
2 Directory 25.116.135.424 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267048 15 Nov 2007 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
102400 12 Dec 2007 "C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe"
116008 15 Nov 2007 "C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
286720 14 Nov 2007 "C:\Programmi\QuickTime\bak\qttask.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
579072 4 Feb 2008 "C:\Programmi\Grisoft\AVG7\avgcc.exe"
579072 30 Dec 2007 "C:\Programmi\Grisoft\AVG7\bak\avgcc.exe"
65824 27 Oct 2006 "C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe"
31016 27 Oct 2006 "C:\Programmi\Microsoft Office\Office12\bak\GrooveMonitor.exe"
132496 12 Jul 2007 "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
132496 25 Sep 2007 "C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe"


end of report


Grazie a tutti per la risposta
Michele

[andysoon]

ecco qua il report di kaspersky

KASPERSKY ONLINE SCANNER REPORT
Thursday, February 21, 2008 6:23:14 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/02/2008
Kaspersky Anti-Virus database records: 573884
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 72983
Number of viruses found: 4
Number of infected objects: 368
Number of suspicious objects: 0
Duration of the scan process: 01:29:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Andrea\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\g3bt8a8x.default\cert8.db Object is locked skipped
C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\g3bt8a8x.default\history.dat Object is locked skipped
C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\g3bt8a8x.default\key3.db Object is locked skipped
C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\g3bt8a8x.default\parent.lock Object is locked skipped
C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\g3bt8a8x.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\g3bt8a8x.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\soqua73@hotmail.it\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\soqua73@hotmail.it\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\soqua73@hotmail.it\SharingMetadata\Working\database_1078_A9D5_78A9_B9BC\dfsr.db Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\soqua73@hotmail.it\SharingMetadata\Working\database_1078_A9D5_78A9_B9BC\fsr.log Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\soqua73@hotmail.it\SharingMetadata\Working\database_1078_A9D5_78A9_B9BC\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\soqua73@hotmail.it\SharingMetadata\Working\database_1078_A9D5_78A9_B9BC\tmp.edb Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\soqua73@hotmail.it\real\members.stg Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\soqua73@hotmail.it\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\g3bt8a8x.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\g3bt8a8x.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\g3bt8a8x.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\g3bt8a8x.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Temp\305601689.exe Infected: Trojan.Win32.Dialer.abi skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Temp\3763618169.exe Infected: Trojan.Win32.Dialer.abi skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Temp\~DF6D62.tmp Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Temp\~DF6D6D.tmp Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Temp\~DF7C7F.tmp Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Temp\~DF7C8A.tmp Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Andrea\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andrea\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Andrea\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe Infected: Trojan.Win32.Agent.dxh skipped
C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe Infected: Trojan.Win32.Agent.dxh skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP681.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP682.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP683.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP684.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP685.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP686.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP687.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP688.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP689.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP690.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP691.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP692.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP693.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP694.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP695.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP696.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP697.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP698.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP699.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP7.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP70.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP700.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP701.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP702.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP703.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP704.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP705.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP706.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP707.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP708.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP709.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP71.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP710.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP711.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP712.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP713.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP714.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP715.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP716.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP717.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP718.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP719.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP72.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP720.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP721.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP722.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP723.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP724.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP725.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP726.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP727.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP728.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP729.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP73.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP730.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP731.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP732.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP733.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP734.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP735.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP736.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP737.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP738.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP739.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP74.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP740.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP741.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP742.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP743.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP744.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP745.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP746.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP747.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP748.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP749.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP75.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP750.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP751.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP752.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP753.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP754.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP755.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP756.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP757.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP758.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP759.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP76.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP760.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP761.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP762.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP763.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP764.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP765.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP766.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP767.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP768.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP769.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP77.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP770.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP771.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP772.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP773.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP774.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP775.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP776.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP777.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP778.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP779.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP78.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP780.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP781.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP782.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP783.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP784.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP785.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP786.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP787.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP788.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP789.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP79.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP790.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP791.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP792.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP793.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP794.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP795.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP796.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP797.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP798.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP799.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP8.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP80.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP800.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP801.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP802.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP803.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP804.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP805.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP806.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP807.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP808.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP809.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP81.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP810.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP811.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP812.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP813.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP814.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP815.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP816.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP817.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP818.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP819.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP82.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP820.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP821.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP822.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP823.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP824.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP825.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP826.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP827.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP828.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP829.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP83.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP830.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP831.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP832.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP833.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP834.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP835.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP836.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP837.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP838.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP839.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP84.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP840.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP841.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP842.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP843.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP844.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP845.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP846.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP847.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP848.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP849.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP85.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP850.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP851.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP852.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP853.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP854.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP855.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP856.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP857.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP858.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP859.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP86.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP860.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP861.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP862.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP863.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP864.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP865.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP866.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP867.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP868.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP869.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP87.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP870.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP871.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP872.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP873.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP874.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP875.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP876.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP877.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP878.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP879.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP88.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP880.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP881.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP882.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP883.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP884.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP885.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP886.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP887.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP888.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP889.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP89.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP890.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP891.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP892.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP893.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP894.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP895.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP896.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP897.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP898.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP899.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP9.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP90.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP900.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP901.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP902.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP903.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP904.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP905.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP906.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP907.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP908.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP909.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP91.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP910.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP911.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP912.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP913.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP914.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP915.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP916.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP917.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP918.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP919.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP92.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP920.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP921.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP922.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP923.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP924.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP925.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP926.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP927.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP928.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP929.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP93.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP930.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP931.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP932.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP933.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP934.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP935.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP936.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP937.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP938.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP939.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP94.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP940.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP941.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP942.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP943.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP944.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP945.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP946.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP947.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP948.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP949.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP95.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP950.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP951.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP952.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP953.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP954.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP955.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP956.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP957.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP958.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP959.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP96.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP960.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP961.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP962.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP963.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP964.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP965.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP966.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP967.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP968.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP969.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP97.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP970.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP971.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP972.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP973.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP974.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP975.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP976.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP977.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP978.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP979.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP98.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP980.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP981.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP982.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP983.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP984.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP985.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP986.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP987.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP988.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP989.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP99.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP990.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP991.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP992.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP993.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP994.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP995.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP996.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP997.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP998.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Norton AntiVirus\Quarantine\Incoming\AP999.TMP Infected: P2P-Worm.Win32.Bereb.b skipped
C:\Programmi\Pinnacle\Studio 11\LaunchList2.exe Infected: Trojan.Win32.Agent.dxh skipped
C:\Programmi\Windows Media Player\WMPNSCFG.exe Infected: Trojan.Win32.Agent.dxh skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{722ACC53-D186-4930-917D-E97368DA171E}\RP580\A0141827.exe Infected: Trojan.Win32.Agent.dxh skipped
C:\System Volume Information\_restore{722ACC53-D186-4930-917D-E97368DA171E}\RP580\A0141828.exe Infected: Trojan.Win32.Agent.dxh skipped
C:\System Volume Information\_restore{722ACC53-D186-4930-917D-E97368DA171E}\RP580\A0141830.exe Infected: Trojan.Win32.Agent.dxh skipped
C:\System Volume Information\_restore{722ACC53-D186-4930-917D-E97368DA171E}\RP588\A0142295.exe Infected: Trojan.Win32.Agent.dxh skipped
C:\System Volume Information\_restore{722ACC53-D186-4930-917D-E97368DA171E}\RP590\A0142410.Exe Infected: Trojan.Win32.Agent.dxh skipped
C:\System Volume Information\_restore{722ACC53-D186-4930-917D-E97368DA171E}\RP590\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\NeroCheck.exe Infected: Trojan.Win32.Agent.dxh skipped
C:\WINDOWS\system32\PSDrvCheck.exe Infected: Trojan.Win32.Agent.dxh skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\1\Tools Cracker password Office (ZIP, Office2000, PDF etc recovery).rar/Office Cracking Tools/Advanced RAR Password Recovery 1.11/setup.exe/WISE0039.BIN Infected: not-a-virus:PSWTool.Win32.OEPass.b skipped
F:\1\Tools Cracker password Office (ZIP, Office2000, PDF etc recovery).rar/Office Cracking Tools/Advanced RAR Password Recovery 1.11/setup.exe Infected: not-a-virus:PSWTool.Win32.OEPass.b skipped
F:\1\Tools Cracker password Office (ZIP, Office2000, PDF etc recovery).rar RAR: infected - 2 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{722ACC53-D186-4930-917D-E97368DA171E}\RP590\change.log Object is locked skipped

Scan process completed.

[Luke57]

@andysoon
Ciao, esegui findawf come ti avevo suggerito in un post precedente
@mich74
Ciao, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte seguenti:

files to move:
C:\Programmi\iTunes\bak\iTunesHelper.exe | C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\bak\qttask.exe | C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Grisoft\AVG7\bak\avgcc.exe | C:\Programmi\Grisoft\AVG7\avgcc.exe
C:\Programmi\Microsoft Office\Office12\bak\GrooveMonitor.exe | C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe | C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe


Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi ok e poi yes.
Il pc dovrebbe riavviarsi da solo, se così non fosse riavvialo manualmente.
Posta il log generato da avenger, lo trovi in C:\avenger.txt è un file di testo.

[mich74]

ciao Luke57, incollo quì sotto il risultato di avenger.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\seikfcfi

*******************

Script file located at: \??\C:\WINDOWS\system32\kwqrojmn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File move operation C:\Programmi\iTunes\bak\iTunesHelper.exe|C:\Programmi\iTunes\iTunesHelper.exe completed successfully.
File move operation C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe completed successfully.
File move operation C:\Programmi\Grisoft\AVG7\bak\avgcc.exe|C:\Programmi\Grisoft\AVG7\avgcc.exe completed successfully.
File move operation C:\Programmi\Microsoft Office\Office12\bak\GrooveMonitor.exe|C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe completed successfully.
File move operation C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe|C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Attendo tue info
Grazie mille
Mich74