|
|||||||
|
|
|
 |
|
|
Strumenti |
24-07-2007, 18:55
|
#1 |
|
Senior Member
Iscritto dal: Aug 2001
Città: From la punta di diamante della Brianza
Messaggi: 127
|
aiuto virus!
ciao,
da circa 10gg sono alle prese con un/alcuni virus che non riesco a debellare... configurazione: win xp sp2 antivir ad aware spybot search and destroy hijackthis firewall zonealarm sintomi: appena mi connetto il pc impazzisce, spesso l'antivirus trova un sacco di cose e appena tento di eliminare e neutralizzare qualcosa mi esce immediatamente un'altra finestra... nonostante ciò riesco a navigare per qualche minuto, dopo di che il pc non risponde più ai comandi, qualsiasi icona clicco o qualsiasi programma che tento di aprire non funziona, la clessidra gira un paio di volte e non succede nulla. non si può nemmeno spegnere il pc, devo usare il pulsante di reset quando riparte windows mi segnala: file boot.ini non trovato avvio da c:/windows (???????????) quando entro nel desktop tutto ok, funziona tutto ma non riesco ad avviare hijack this però l'antivirus e tutti gli altri programmi offline funzionano! ho provato un po' di tutto, antivir non riesce a togliere i virus hijack this non trova nulla grozmon remover ha tolto tutto ma il pc continua a fare le bizze ad aware e spybot ogni tanto trovano e rimuovono qualcosa ma non cambia nulla! ho provato un po' tutti i software suggeriti su questo forum, anche in modalità provvisoria... tra poco cerco di postarvi i log dei vari programmi (mi sto connettendo con una live usb di linux lenta come la fame...) grazie in anticipo! PS ho due partizioni su pc una con windows e un'altra con dati, foto e documenti se formatto posso formattare solo la prima oppure è meglio un formattone totale? 
__________________
 ...tramontate stelle, traaamontaate stelleee....ALL'ALBA VINCEROOOOOO,VINCEROOO,VIN-CERRROOOOOOOOOOOOOOO Core2duo8400-asusp5q-4gbram-ati48501gb-samsungp2350
Ultima modifica di Dr. Stein : 24-07-2007 alle 18:58. |
|
|
|
24-07-2007, 19:00
|
#2 |
|
Senior Member
Iscritto dal: Apr 2006
Messaggi: 22462
|
posta un log di hijackthis
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza |
|
|
|
|
24-07-2007, 19:57
|
#3 |
|
Senior Member
Iscritto dal: Aug 2001
Città: From la punta di diamante della Brianza
Messaggi: 127
|
logs
posto il log di hijack
e un paio di antivir l`ultimo e ripulito delle cose non interessanti Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23.17.02, on 23/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\windows\system32\spoolsv.exe C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Programmi\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe C:\Programmi\D-Link\Software Bluetooth\bin\btwdins.exe C:\windows\system32\cisvc.exe C:\windows\system32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\windows\system32\svchost.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\compaq-flash.exe", O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Coolstreaming_Tool-Bar_v1.0 toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Coolstreaming_Tool-Bar_v1.0 toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [PCTVRemote] C:\Programmi\Pinnacle\PCTV Stereo\Remote\Remoterm.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ImMsn] C:\WINDOWS\msncomm.exe /i O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Programmi\iolo\System Mechanic 5\StartupGuard.exe" O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\winsys.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-21-2000478354-413027322-839522115-1003\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Andrea') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Pinnacle Scheduler.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\D-Link\Software Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\D-Link\Software Bluetooth\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tittuz88.spaces.live.com//Pho...d/MsnPUpld.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: 0F65FB12 - Unknown owner - C:\windows\system32\1DDDD796.EXE (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: B4620E06 - Unknown owner - C:\windows\system32\CC3980EC.EXE (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmi\D-Link\Software Bluetooth\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6323 bytes ANTIVIR PRIMA VOLTA VIRUS AntiVir PersonalEdition Classic Report file date: giovedì 12 luglio 2007 19:00 Scanning for 915634 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Andrea Computer name: BIBO-7676FB98A5 Version information: BUILD.DAT : 247 11838 Bytes 10/05/2007 11:48:00 AVSCAN.EXE : 7.0.4.15 274472 Bytes 22/04/2007 20:13:06 AVSCAN.DLL : 7.0.4.4 33832 Bytes 22/04/2007 20:13:06 LUKE.DLL : 7.0.4.11 135208 Bytes 22/04/2007 20:13:06 LUKERES.DLL : 7.0.4.0 10280 Bytes 22/04/2007 20:13:06 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 18:25:39 ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 17:24:47 ANTIVIR2.VDF : 6.39.0.130 2048 Bytes 10/07/2007 17:24:47 ANTIVIR3.VDF : 6.39.0.131 2048 Bytes 10/07/2007 17:24:47 AVEWIN32.DLL : 7.4.0.39 2482688 Bytes 05/07/2007 17:18:53 AVWINLL.DLL : 1.0.0.7 14376 Bytes 22/04/2007 20:13:06 AVPREF.DLL : 7.0.2.1 18984 Bytes 22/04/2007 20:13:06 AVREP.DLL : 7.0.0.1 122920 Bytes 22/04/2007 20:13:07 AVPACK32.DLL : 7.3.0.13 348200 Bytes 27/06/2007 17:17:40 AVREG.DLL : 7.0.1.2 31784 Bytes 22/04/2007 20:13:06 AVEVTLOG.DLL : 7.0.0.18 81960 Bytes 22/04/2007 20:13:06 AVARKT.DLL : No Information! NETNT.DLL : 6.32.0.0 6696 Bytes 27/09/2005 07:56:45 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 22/04/2007 20:13:03 RCTEXT.DLL : 7.0.45.0 86056 Bytes 22/04/2007 20:13:03 Configuration settings for the scan: Jobname..........................: Active Processes Configuration file...............: C:\Programmi\AntiVir PersonalEdition Classic\process.avp Logging..........................: medium Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Scan memory......................: off Process scan.....................: on Extended process scan............: on Scan registry....................: off Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +Netscape/Mozilla Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +GAME,+JOKE,+PCK,+SPR, Start of the scan: giovedì 12 luglio 2007 19:00 The scan of running processes will be started Scan process 'avscan.exe' - '31' Module(s) have been scanned Scan process 'avcenter.exe' - '55' Module(s) have been scanned Scan process 'PCLEScheduler.exe' - '23' Module(s) have been scanned Scan process 'iPodService.exe' - '0' Module(s) have been scanned Scan process 'soundman.exe' - '20' Module(s) have been scanned Scan process 'alg.exe' - '0' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '25' Module(s) have been scanned Scan process 'rundll32.exe' - '30' Module(s) have been scanned Scan process 'remoterm.exe' - '17' Module(s) have been scanned Scan process 'avgnt.exe' - '34' Module(s) have been scanned Scan process 'acrotray.exe' - '19' Module(s) have been scanned Scan process 'wdfmgr.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'PAStiSvc.exe' - '0' Module(s) have been scanned Scan process 'nvsvc32.exe' - '0' Module(s) have been scanned Scan process 'btwdins.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'avguard.exe' - '0' Module(s) have been scanned Scan process 'sched.exe' - '0' Module(s) have been scanned Scan process 'PhotoshopElementsFileAgent.exe' - '0' Module(s) have been scanned Scan process 'spoolsv.exe' - '0' Module(s) have been scanned Scan process 'explorer.exe' - '87' Module(s) have been scanned Module is infected -> 'C:\windows\system32\41E3EBE0.DLL' Scan process 'compaq-flash.exe' - '32' Module(s) have been scanned Module is infected -> 'C:\windows\system32\41E3EBE0.DLL' Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'lsass.exe' - '0' Module(s) have been scanned Scan process 'services.exe' - '0' Module(s) have been scanned Scan process 'winlogon.exe' - '0' Module(s) have been scanned Scan process 'csrss.exe' - '0' Module(s) have been scanned Scan process 'smss.exe' - '0' Module(s) have been scanned 11 processes with 373 modules were scanned End of the scan: giovedì 12 luglio 2007 19:00 Used time: 00:19 min The scan has been done completely. 0 Scanning directories 372 Files were scanned 2 viruses and/or unwanted programs were found 2 classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 0 Files cannot be scanned 368 Files not concerned 0 Archives were scanned 0 Warnings 0 Notes 0 Hidden objects were found ANTIVIR ULTIMO SCAN COMPLETO, LOG TRONCATO DELLE PARTI POCO INTERESSANTI AntiVir PersonalEdition Classic Report file date: lunedì 23 luglio 2007 21:03 Scanning for 915634 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Andrea Computer name: BIBO-7676FB98A5 Version information: BUILD.DAT : 247 11838 Bytes 10/05/2007 11:48:00 AVSCAN.EXE : 7.0.4.15 274472 Bytes 22/04/2007 20:13:06 AVSCAN.DLL : 7.0.4.4 33832 Bytes 22/04/2007 20:13:06 LUKE.DLL : 7.0.4.11 135208 Bytes 22/04/2007 20:13:06 LUKERES.DLL : 7.0.4.0 10280 Bytes 22/04/2007 20:13:06 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 18:25:39 ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 17:24:47 ANTIVIR2.VDF : 6.39.0.130 2048 Bytes 10/07/2007 17:24:47 ANTIVIR3.VDF : 6.39.0.131 2048 Bytes 10/07/2007 17:24:47 AVEWIN32.DLL : 7.4.0.39 2482688 Bytes 05/07/2007 17:18:53 AVWINLL.DLL : 1.0.0.7 14376 Bytes 22/04/2007 20:13:06 AVPREF.DLL : 7.0.2.1 18984 Bytes 22/04/2007 20:13:06 AVREP.DLL : 7.0.0.1 122920 Bytes 22/04/2007 20:13:07 AVPACK32.DLL : 7.3.0.13 348200 Bytes 27/06/2007 17:17:40 AVREG.DLL : 7.0.1.2 31784 Bytes 22/04/2007 20:13:06 AVEVTLOG.DLL : 7.0.0.18 81960 Bytes 22/04/2007 20:13:06 AVARKT.DLL : No Information! NETNT.DLL : 6.32.0.0 6696 Bytes 27/09/2005 07:56:45 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 22/04/2007 20:13:03 RCTEXT.DLL : 7.0.45.0 86056 Bytes 22/04/2007 20:13:03 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: medium Primary action...................: repair Secondary action.................: delete Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +Netscape/Mozilla Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: lunedì 23 luglio 2007 21:03 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'compaq-flash.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '0' Module(s) have been scanned Scan process 'lsass.exe' - '0' Module(s) have been scanned Scan process 'services.exe' - '0' Module(s) have been scanned Scan process 'winlogon.exe' - '0' Module(s) have been scanned Scan process 'csrss.exe' - '0' Module(s) have been scanned Scan process 'smss.exe' - '0' Module(s) have been scanned 4 processes with 4 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. C:\WINDOWS\system32\ C:\Programmi\Adobe\Acrobat 7.0\Distillr\ C:\Programmi\AntiVir PersonalEdition Classic\ C:\Programmi\Pinnacle\PCTV Stereo\Remote\ C:\windows\system32\ C:\WINDOWS\system32\ C:\Programmi\iTunes\ C:\WINDOWS\system32\ C:\Programmi\Zone Labs\ZoneAlarm\ C:\WINDOWS\ C:\WINDOWS\system32\ C:\Programmi\Skype\Phone\ C:\WINDOWS\system32\ C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\ C:\Documents and Settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\ C:\WINDOWS\system32\config\systemprofile\Menu Avvio\Programmi\Esecuzione automatica\ The registry was scanned ( '18' files ). Starting the file scan: Begin scan in 'C:\' C:\ C:\pagefile.sys [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\_cleaned.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\Working\ C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_8AA8_C62B_A8C6_161B\ C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Movie Maker\ C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\OIS\ C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Outlook\ C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Outlook\backupppostavecchia.pst [0] Archive type: MS Outlook Mailbox --> Mailbox_[Folder:archivio posta in arrivo 2005 - 06][Subject:Administration][From:[email protected]]2135.document.zip [DETECTION] Contains signature of the worm WORM/NetSky.P [WARNING] Infected files in archives cannot be repaired! [1] Archive type: ZIP --> details.txt .pif [DETECTION] Contains signature of the worm WORM/NetSky.P [WARNING] Infected files in archives cannot be repaired! --> Mailbox_[Folder:archivio posta in arrivo 2005 - 06][Subject:Hi][From:[email protected]]4912.application.zip [DETECTION] Contains signature of the worm WORM/NetSky.P [WARNING] Infected files in archives cannot be repaired! [1] Archive type: ZIP --> document.txt .exe [DETECTION] Contains signature of the worm WORM/NetSky.P [WARNING] Infected files in archives cannot be repaired! --> Mailbox_[Folder:archivio posta in arrivo 2005 - 06][Subject:Your password has been updated][From:[email protected]]5590.updated-password.zip [DETECTION] Contains signature of the worm WORM/Mytob.GK [WARNING] Infected files in archives cannot be repaired! [1] Archive type: ZIP --> updated-password.htm .pif [DETECTION] Contains signature of the worm WORM/Mytob.GK [WARNING] Infected files in archives cannot be repaired! [WARNING] The file was ignored! C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Outlook\Outlook.pst [0] Archive type: MS Outlook Mailbox --> Mailbox_[Folder:Titta][Subject:noia... actun!][From:[email protected]]5651.Che_noia.zip [1] Archive type: ZIP --> Che noia!.exe [DETECTION] Contains signature of the joke program JOKE/Noia [WARNING] Infected files in archives cannot be repaired! --> Mailbox_[Folder:Titta][Subject:noia... actun!][From:[email protected]]5653.Che_noia.zip [1] Archive type: ZIP --> Che noia!.exe [DETECTION] Contains signature of the joke program JOKE/Noia [WARNING] Infected files in archives cannot be repaired! --> Mailbox_[Folder:Posta eliminata][Subject:Video CNN][From:[email protected]]576.cnn_news.asx [DETECTION] Is the Trojan horse TR/Dldr.VB.FT.89 [WARNING] Infected files in archives cannot be repaired! [WARNING] The file was ignored! C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Windows\ C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Dati applicazioni\Sun\Java\jre1.5.0_09\ C:\Documents and Settings\Andrea\Impostazioni locali\Temp\ C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR1.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR10.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR11.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR12.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR13.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR14.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR15.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR16.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR17.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR18.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR19.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR1A.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR1B.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR1C.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR1D.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR1E.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR1F.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR2.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR20.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR21.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR22.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR23.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR24.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR25.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR26.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR27.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR28.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR29.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR2A.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR2B.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR2C.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR2D.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR2E.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR2F.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR3.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR30.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR31.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR32.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR33.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR34.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR35.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR36.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR37.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR38.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR39.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR3A.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR3B.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR3C.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR3D.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR3E.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR3F.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR4.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR40.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR41.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR42.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR43.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR44.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR45.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR46.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR47.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR48.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR49.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR4A.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR4B.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR4C.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR4D.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR4E.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR4F.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR5.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR50.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR51.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR52.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR53.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR54.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR55.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR56.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR57.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR58.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR6.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR7.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR8.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXR9.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXRA.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXRB.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXRC.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXRD.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXRE.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temp\PXRF.tmp [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\Andrea\Impostazioni locali\Temporary Internet Files\Content.IE5\ST67W9AB\ C:\Documents and Settings\Andrea\Impostazioni locali\Temporary Internet Files\Content.IE5\ST67W9AB\jz0619[1].exe [DETECTION] Contains suspicious code HEUR/Malware [INFO] The file was moved to '77db2dba.qua'! C:\Documents and Settings\Andrea\Impostazioni locali\Temporary Internet Files\Content.IE5\ST67W9AB\jz0619[2].exe [DETECTION] Contains suspicious code HEUR/Malware [INFO] The file was moved to '76fc2657.qua'! C:\Documents and Settings\Andrea\Impostazioni locali\Temporary Internet Files\Content.IE5\ST67W9AB\mh0618[1].exe [DETECTION] Is the Trojan horse TR/PSW.Agent.20480 [INFO] A backup was created as '77db2da9.qua' ( QUARANTINE ) [INFO] The file was deleted! C:\Documents and Settings\Andrea\Impostazioni locali\Temporary Internet Files\Content.IE5\ST67W9AB\qj0617[1].exe [DETECTION] Is the Trojan horse TR/PSW.OnLineGame.YF [INFO] A backup was created as '77db2dab.qua' ( QUARANTINE ) [INFO] The file was deleted! C:\Documents and Settings\Andrea\Impostazioni locali\Temporary Internet Files\Content.IE5\ST67W9AB\wow0617[1].exe [DETECTION] Is the Trojan horse TR/PSW.Agent.20480 [INFO] A backup was created as '7cd574b0.qua' ( QUARANTINE ) [INFO] The file was deleted! C:\Documents and Settings\Andrea\Impostazioni locali\Temporary Internet Files\Content.IE5\ST67W9AB\wow0617[2].exe [DETECTION] Is the Trojan horse TR/PSW.Agent.20480 [INFO] A backup was created as '7df27f5d.qua' ( QUARANTINE ) [INFO] The file was deleted! C:\Documents and Settings\Andrea\Impostazioni locali\Temporary Internet Files\Content.IE5\ST67W9AB\zt0616[1].exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [INFO] A backup was created as '77db2db6.qua' ( QUARANTINE ) [INFO] The file was deleted! C:\Documents and Settings\Andrea\Impostazioni locali\Temporary Internet Files\Content.IE5\ST67W9AB\zt0616[2].exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [INFO] A backup was created as '76fc265b.qua' ( QUARANTINE ) [INFO] The file was deleted! C:\Documents and Settings\LocalService\ C:\Documents and Settings\LocalService\NTUSER.DAT [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\LocalService\ntuser.dat.LOG [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\LocalService\Cookies\ C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft\HTML Help\ C:\Documents and Settings\LocalService\Impostazioni locali\ C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\ C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\ C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012006072520060726\ C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\MSHist012006072820060729\ C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\ C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\ C:\Documents and Settings\NetworkService\ C:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Programmi\File comuni\Services\lbA.exe [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Programmi\File comuni\Services\uvO.exe [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Programmi\File comuni\Services\VlymF.exe [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Programmi\File comuni\System\Yco.exe [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask [0] Archive type: ZIP --> Ad-Aware SE Default.skn [WARNING] The archive is encrypted [WARNING] The archive is encrypted C:\WINDOWS\ C:\WINDOWS\compaq-flash.exe [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\WINDOWS\system32\ C:\WINDOWS\system32\41E3EBE0.DLL [DETECTION] Contains suspicious code HEUR/Malware [INFO] The file was moved to '8bd8465e.qua'! C:\WINDOWS\system32\7B1DE621.exe [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen [INFO] A backup was created as '8be9326f.qua' ( QUARANTINE ) [INFO] The file was deleted! C:\WINDOWS\system32\k11852036782.exe [DETECTION] Is the Trojan horse TR/PSW.Agent.20480 [INFO] A backup was created as '7bdd326f.qua' ( QUARANTINE ) [INFO] The file was deleted! C:\WINDOWS\system32\k11852172122.exe [DETECTION] Is the Trojan horse TR/PSW.Agent.20480 [INFO] A backup was created as '7bdd3270.qua' ( QUARANTINE ) [INFO] The file was deleted! C:\WINDOWS\system32\1033\ C:\WINDOWS\system32\1040\ C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\ C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ C:\WINDOWS\system32\CatRoot2\ C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\ C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ C:\WINDOWS\system32\Color\ C:\WINDOWS\system32\Com\ C:\WINDOWS\system32\config\ C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\WINDOWS\system32\drivers\dtscsi.sys [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! C:\WINDOWS\system32\drivers\sptd9981.sys [WARNING] The file could not be opened! [WARNING] Error code: 0x000D [WARNING] Access error/file locked! End of the scan: lunedì 23 luglio 2007 21:29 Used time: 26:07 min The scan has been done completely. 6007 Scanning directories 179636 Files were scanned 21 viruses and/or unwanted programs were found 3 classified as suspicious: 9 files were deleted 0 files were repaired 12 files were moved to quarantine 0 files were renamed 621 Files cannot be scanned 179612 Files not concerned 2294 Archives were scanned 672 Warnings 0 Notes 0 Hidden objects were found
__________________
...tramontate stelle, traaamontaate stelleee....ALL'ALBA VINCEROOOOOO,VINCEROOO,VIN-CERRROOOOOOOOOOOOOOO Core2duo8400-asusp5q-4gbram-ati48501gb-samsungp2350
|
|
|
|
|
24-07-2007, 20:17
|
#4 |
|
Registered User
Iscritto dal: May 2007
Messaggi: 64
|
che ci farai con questo pc
 mail di posta piene di virus e schifezze varie, file temporanei internet altrettanto. scarica ccleaner e svuota la cache del browser |
|
|
|
|
24-07-2007, 20:28
|
#5 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
vado un pò di fretta ma ci sono un pò di cose da fixare -R3 -F2 -023 eccetera
__________________
Opera disabilitazione script ed iframe  Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
|
|
|
|
|
24-07-2007, 20:31
|
#6 | |
|
Senior Member
Iscritto dal: Aug 2001
Città: From la punta di diamante della Brianza
Messaggi: 127
|
Quote:
che ci faccio? papa',mamma e sorella utenti sprovveduti, ecco cosa faccio!!!  ok, allora inizio con i tuoi suggerimenti... dal prossimo formattone metto linux per navigare in internet e in windows utenti limitati...
__________________
...tramontate stelle, traaamontaate stelleee....ALL'ALBA VINCEROOOOOO,VINCEROOO,VIN-CERRROOOOOOOOOOOOOOO Core2duo8400-asusp5q-4gbram-ati48501gb-samsungp2350
|
|
|
|
|
|
24-07-2007, 21:35
|
#7 |
|
Senior Member
Iscritto dal: Aug 2001
Città: From la punta di diamante della Brianza
Messaggi: 127
|
ciao a tutti,
ancora grazie per l'aiuto CCcleaner effettuato e un po' di spazzatura buttata... in ogni caso non riesco a avviare hijack this e il pc è ancora castrato... avete altri suggerimenti? PS ho trovato un utente "fantasma" in documents and settings... non mi torna per niente il messaggio all'avvio di windows "boot.ini file non valido avvio da c:\windows"
__________________
...tramontate stelle, traaamontaate stelleee....ALL'ALBA VINCEROOOOOO,VINCEROOO,VIN-CERRROOOOOOOOOOOOOOO Core2duo8400-asusp5q-4gbram-ati48501gb-samsungp2350
|
|
|
|
|
25-07-2007, 00:15
|
#8 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
disattiva il ripristino config di sistema se non sai come fare vedi QUI link
comincia col fixare questi: Quote:
poi da Start->esegui digiti regedit dai ok e navighi fino a questa chiave HK Local Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon e sulla destra doppio clic su Userinit...devi cancellare solo questa parte:"c:\windows\compaq-flash.exe", in modo che la chiave risulti così:C:\WINDOWS\system32\userinit.exe, compresa la virgola -attenzione se cancelli tutta la chiave il S.O non si avvia più!Quindi prudenza! Visualizza le cartelle nascoste: apri una cartella qualsiasi vai su sulla barra :strumenti->opzioni cartella->visualizzazione->metti la spunta a "visualizza file e cartelle nascoste" e togli la spunta a "nascondi file protetti di sistema"--> applica sempre da provvisoria cerca e cancella questi file in queste directory: c:\windows\compaq-flash.exe C:\WINDOWS\msncomm.exe C:\WINDOWS\winsys.exe C:\windows\system32\1DDDD796.EXE C:\windows\system32\CC3980EC.EXE Poi rifai la scansione con l'antivirus e con l'antispyware (http://www.superantispyware.com/down...PERANTISPYWARE) naturalmente dopo averli aggiornati poi vedremo il da farsi.... Edit fai girare anche questo http://info.prevx.com/gromozon.asp
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
Ultima modifica di lancetta : 25-07-2007 alle 00:33. |
|
|
|
|
|
25-07-2007, 21:25
|
#9 |
|
Senior Member
Iscritto dal: Aug 2001
Città: From la punta di diamante della Brianza
Messaggi: 127
|
ok, grazie dell'aiuto,
adesso la situazione sembra un attimino sotto controllo a parte antivir che non mi aggiorna più... però questo "c:\windows\compaq-flash.exe" non l'ho trovato nel registro! boh!
__________________
...tramontate stelle, traaamontaate stelleee....ALL'ALBA VINCEROOOOOO,VINCEROOO,VIN-CERRROOOOOOOOOOOOOOO Core2duo8400-asusp5q-4gbram-ati48501gb-samsungp2350
|
|
|
|
|
25-07-2007, 22:50
|
#10 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
Quote:
 Comunque per sicurezza posta un altro log di hijackthis.... Saluti 
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
Ultima modifica di lancetta : 25-07-2007 alle 22:52. |
|
|
|
|
|
26-07-2007, 23:15
|
#11 |
|
Senior Member
Iscritto dal: Aug 2001
Città: From la punta di diamante della Brianza
Messaggi: 127
|
nuovo log...
adesso sto backuppando tutto, poi nel weeknd si formatta! speriamo di non backuppare i virus! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23.19.46, on 26/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\windows\system32\spoolsv.exe C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Programmi\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe C:\Programmi\D-Link\Software Bluetooth\bin\btwdins.exe C:\windows\system32\cisvc.exe C:\windows\system32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\windows\system32\svchost.exe C:\windows\Explorer.EXE C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe C:\Programmi\Pinnacle\PCTV Stereo\Remote\Remoterm.exe C:\windows\system32\rundll32.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\windows\SOUNDMAN.EXE C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Programmi\iPod\bin\iPodService.exe C:\windows\system32\cidaemon.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Coolstreaming_Tool-Bar_v1.0 toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Coolstreaming_Tool-Bar_v1.0 toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Coolstreaming_Tool-Bar_v1.0 toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [PCTVRemote] C:\Programmi\Pinnacle\PCTV Stereo\Remote\Remoterm.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\D-Link\Software Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\system32\shdocvw.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\D-Link\Software Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\D-Link\Software Bluetooth\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.hwupgrade.it O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tittuz88.spaces.live.com//Pho...d/MsnPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{367CB5AE-699C-4A2B-BA87-DA01DB260F9D}: NameServer = 85.38.28.15 85.38.28.74 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmi\D-Link\Software Bluetooth\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7949 bytes
__________________
...tramontate stelle, traaamontaate stelleee....ALL'ALBA VINCEROOOOOO,VINCEROOO,VIN-CERRROOOOOOOOOOOOOOO Core2duo8400-asusp5q-4gbram-ati48501gb-samsungp2350
|
|
|
|
|
26-07-2007, 23:22
|
#12 |
|
Senior Member
Iscritto dal: Aug 2001
Città: From la punta di diamante della Brianza
Messaggi: 127
|
ostrega ma non è possibile
ieri ho pulito tutto, e oggi questo! Virus or unwanted program 'BDS/Agent.ahj.713' detected in file 'G:\auto.exe' [BDS/Agent.ahj.713]. sembra che si crei un autorun appena collego la chiavetta USB... maledetti virussisti!
__________________
...tramontate stelle, traaamontaate stelleee....ALL'ALBA VINCEROOOOOO,VINCEROOO,VIN-CERRROOOOOOOOOOOOOOO Core2duo8400-asusp5q-4gbram-ati48501gb-samsungp2350
|
|
|
|
|
27-07-2007, 00:04
|
#13 |
|
Senior Member
Iscritto dal: Aug 2005
Città: Genova
Messaggi: 3397
|
formatta la chiavetta
|
|
|
|
|
27-07-2007, 15:56
|
#14 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
infatti hai vanificato con la chiavetta.......
__________________
Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 06:54.
