Packer.malware.nsanti.1
Hi!
Bitdefender has just found this malware:
Packer.Malware.NSAnti.1
I can't remove it from my computer.
Can you help me?
This is my log file after bitdefender scan:
Comments
-
Please paste here the full scan log
0 -
ok, this is my log file:
BitDefender Log File
Prodotto: BitDefender Internet Security 2009
Versione: BitDefender UIScanner v.12
Funzione scansione: Scansione approfondita del sistema
Data registro (log): 03:48:05 27/10/2008
Percorso registro (log): C:\Documents and Settings\All Users\Dati applicazioni\Bitdefender\Desktop\Profiles\Logs\deep_scan\1225075685_1_02.xml
Percorsi di scansione:Percorso 0000: C:\Programmi\BitDefender\BitDefender 2009\uiscan.exe
Percorso 0001: C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
Percorso 0002: C:\WINDOWS\System32\svchost.exe
Percorso 0003: C:\Programmi\BitDefender\BitDefender 2009\vsserv.exe
Percorso 0004: C:\Programmi\BitDefender\BitDefender 2009\seccenter.exe
Percorso 0005: C:\WINDOWS\system32\wuauclt.exe
Percorso 0006: C:\Programmi\iPod\bin\iPodService.exe
Percorso 0007: C:\WINDOWS\system32\MsPMSPSv.exe
Percorso 0008: C:\WINDOWS\system32\svchost.exe
Percorso 0009: C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
Percorso 0010: C:\WINDOWS\system32\nvsvc32.exe
Percorso 0011: C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
Percorso 0012: C:\Programmi\Microsoft LifeCam\MSCamS32.exe
Percorso 0013: C:\Programmi\PrevxCSI\prevxcsi.exe
Percorso 0014: C:\Programmi\Creative\Shared Files\CTDevSrv.exe
Percorso 0015: C:\Programmi\PrevxCSI\prevxcsi.exe
Percorso 0016: C:\WINDOWS\system32\CTsvcCDA.exe
Percorso 0017: C:\WINDOWS\asuskbservice.exe
Percorso 0018: C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
Percorso 0019: C:\Programmi\a-squared Free\a2service.exe
Percorso 0020: C:\Documents and Settings\utente\Creative Media Lite\CTZDetec.exe
Percorso 0021: C:\WINDOWS\system32\ctfmon.exe
Percorso 0022: C:\Programmi\BitDefender\BitDefender 2009\bdagent.exe
Percorso 0023: C:\WINDOWS\system32\rundll32.exe
Percorso 0024: C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
Percorso 0025: C:\Programmi\File comuni\Real\Update_OB\realsched.exe
Percorso 0026: C:\WINDOWS\system32\RUNDLL32.EXE
Percorso 0027: E:\iTunes\iTunesHelper.exe
Percorso 0028: C:\WINDOWS\vVX6000.exe
Percorso 0029: C:\Programmi\ScanSoft\OmniPage15.0\Opware15.exe
Percorso 0030: C:\Programmi\Microsoft Hardware\Mouse\point32.exe
Percorso 0031: C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
Percorso 0032: C:\Programmi\Microsoft Hardware\Keyboard\type32.exe
Percorso 0033: C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
Percorso 0034: C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe
Percorso 0035: C:\WINDOWS\Explorer.EXE
Percorso 0036: C:\WINDOWS\system32\spoolsv.exe
Percorso 0037: C:\WINDOWS\system32\svchost.exe
Percorso 0038: C:\WINDOWS\system32\svchost.exe
Percorso 0039: C:\WINDOWS\System32\svchost.exe
Percorso 0040: C:\WINDOWS\system32\svchost.exe
Percorso 0041: C:\WINDOWS\system32\svchost.exe
Percorso 0042: C:\WINDOWS\system32\lsass.exe
Percorso 0043: C:\WINDOWS\system32\services.exe
Percorso 0044: C:\WINDOWS\SYSTEM32\winlogon.exe
Percorso 0045: C:\WINDOWS\system32\csrss.exe
Percorso 0046: \SystemRoot\System32\smss.exe
Percorso 0047: C:\
Percorso 0048: E:\
Percorso 0049: F:\
Opzioni di scansione:Esamina alla ricerca di virus: Si
Scansione alla ricerca di adware: Si
Scansione alla ricerca di spyware: Si
Scansione alla ricerca di applicazioni: Si
Scansione alla ricerca di dialers: Si
Scansione alla ricerca di rootkit: Si
Opzioni di Selezione del Target:Esamina chiavi di registro: Si
Esamina cookie: Si
Esamina i settori di boot: Si
Esamina processi di memoria: Si
Esamina archivi: Si
Esamina runtime packers: Si
Esamina email: No
Esamina tutti i file: Si
Scansione euristica: Si
Estensioni esaminate:
Estensioni escluse:
Target:Azione predefinita per gli oggetti infetti: Disinfetta
Azione predefinita per gli oggetti sospetti: Nessuno
Azione predefinita per gli oggetti nascosti: Nessuno
Azione predefinita per gli oggetti criptati infetti: Nessuno
Azione predefinita per gli oggetti criptati sospetti: Nessuno
Azione predefinita per gli oggetti protetti da password: Nessuno
Sommario motori di scansioneNumero di Impronte di Virus: 1957206
Plugin di archivio: 43
Plugin di mail: 6
Plugin di scansione: 12
Plugin di sistema: 5
Plugin unpack: 7
Sommario Scansione complessivaElementi Esaminati: 452165
Elementi Infetti: 2
Elementi sospetti: 0
Elementi risolti: 1
Elementi non risolti: 5
Elementi protetti da password: 4
Virus individuali trovati: 2
Directories esaminate: 8725
Settori di boot esaminati: 12
Archivi esaminati: 3406
Errori Input-output: 30
Durata della scansione: 01:22:30
File al secondo: 91
Sommario Processi esaminatiEsaminati: 47
Infetti: 0
Sommario Chiavi di registro esaminateEsaminati: 1061
Infetti: 0
Sommario cookies esaminatiEsaminati: 1061
Infetti: 0
Problemi rimanenti:Nome oggetto Nome Minaccia Stato Finale
[system]=]HKEY_USERS\S-1-5-21-1078081533-1788223648-682003330-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\kamsoft=]C:\WINDOWS\SYSTEM32\CKVO.EXE Packer.Malware.NSAnti.1 Infetto
Problemi risolti:Nome oggetto Nome Minaccia Stato Finale
C:\WINDOWS\system32\ckvo0.dll Packer.Malware.NSAnti.1 Eliminato
Oggetti su cui non è stata eseguita la scansione:Nome oggetto Causa Stato Finale
C:\Programmi\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ITA\Data1.cab=]WebSearchENU.pdf Protetta da password Nessuna azione possibile
C:\Programmi\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ITA\Data1.cab=]RdrMsgITA.pdf Protetta da password Nessuna azione possibile
C:\Programmi\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ITA\Data1.cab=]RdrMsgENU.pdf Protetta da password Nessuna azione possibile
C:\Programmi\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ITA\Data1.cab=]RdrMsgSplash.pdf Protetta da password Nessuna azione possibile0 -
I have also another problem, I can't open my drive c: by double clicking on it. Every time i try to open the drive, the computer prompts me to choose a program to open with!
0 -
Download: http://subs.geekstogo.com/ComboFix.exe and save it on your Desktop.
Open Notepad and copy/paste the text in the quotebox below into it:File::
C:\WINDOWS\SYSTEM32\CKVO.EXE
C:\WINDOWS\system32\ckvo0.dll
Save this as:
CFScript.txt
Drag CFScript.txt into ComboFix.exe
Then post the resultant log here.0 -
this is the log file:
ComboFix 08-10-27.01 - utente 2008-10-27 21:59:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1674 [GMT 1:00]
Interruttori di comando utilizzati :: C:\Documents and Settings\utente\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
FILE ::
C:\WINDOWS\SYSTEM32\CKVO.EXE
C:\WINDOWS\system32\ckvo0.dll
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Programmi\INSTALL.LOG
C:\WINDOWS\system32\_004100_.tmp.dll
C:\WINDOWS\system32\_004101_.tmp.dll
C:\WINDOWS\system32\_004102_.tmp.dll
C:\WINDOWS\system32\_004103_.tmp.dll
C:\WINDOWS\system32\_004110_.tmp.dll
C:\WINDOWS\system32\_004112_.tmp.dll
C:\WINDOWS\system32\_004113_.tmp.dll
C:\WINDOWS\system32\_004114_.tmp.dll
C:\WINDOWS\system32\_004115_.tmp.dll
C:\WINDOWS\system32\_004116_.tmp.dll
C:\WINDOWS\system32\_004117_.tmp.dll
C:\WINDOWS\system32\_004118_.tmp.dll
C:\WINDOWS\system32\_004119_.tmp.dll
C:\WINDOWS\system32\_004120_.tmp.dll
C:\WINDOWS\system32\_004121_.tmp.dll
C:\WINDOWS\system32\_004122_.tmp.dll
C:\WINDOWS\system32\_004123_.tmp.dll
C:\WINDOWS\system32\_004124_.tmp.dll
C:\WINDOWS\system32\_004126_.tmp.dll
C:\WINDOWS\system32\_004128_.tmp.dll
C:\WINDOWS\system32\_004129_.tmp.dll
C:\WINDOWS\system32\_004130_.tmp.dll
C:\WINDOWS\system32\_004134_.tmp.dll
C:\WINDOWS\system32\_004135_.tmp.dll
C:\WINDOWS\system32\_004137_.tmp.dll
C:\WINDOWS\system32\_004138_.tmp.dll
C:\WINDOWS\system32\_004139_.tmp.dll
C:\WINDOWS\system32\_004140_.tmp.dll
C:\WINDOWS\system32\_004141_.tmp.dll
C:\WINDOWS\system32\_004142_.tmp.dll
C:\WINDOWS\system32\_004144_.tmp.dll
C:\WINDOWS\system32\_004145_.tmp.dll
C:\WINDOWS\system32\_004146_.tmp.dll
C:\WINDOWS\system32\_004148_.tmp.dll
C:\WINDOWS\system32\_004149_.tmp.dll
C:\WINDOWS\system32\_004150_.tmp.dll
C:\WINDOWS\system32\_004151_.tmp.dll
C:\WINDOWS\system32\_004152_.tmp.dll
C:\WINDOWS\system32\_004153_.tmp.dll
C:\WINDOWS\system32\_004154_.tmp.dll
C:\WINDOWS\system32\_004157_.tmp.dll
C:\WINDOWS\system32\_004158_.tmp.dll
C:\WINDOWS\system32\_004159_.tmp.dll
C:\WINDOWS\system32\_004160_.tmp.dll
C:\WINDOWS\system32\_004162_.tmp.dll
C:\WINDOWS\system32\_004163_.tmp.dll
C:\WINDOWS\system32\_004164_.tmp.dll
C:\WINDOWS\system32\_004166_.tmp.dll
C:\WINDOWS\system32\_004168_.tmp.dll
C:\WINDOWS\system32\_004169_.tmp.dll
C:\WINDOWS\system32\_004170_.tmp.dll
C:\WINDOWS\system32\_004174_.tmp.dll
C:\WINDOWS\system32\_004175_.tmp.dll
C:\WINDOWS\system32\_004177_.tmp.dll
C:\WINDOWS\system32\_004180_.tmp.dll
C:\WINDOWS\system32\_004182_.tmp.dll
C:\WINDOWS\system32\_004183_.tmp.dll
C:\WINDOWS\system32\_004184_.tmp.dll
C:\WINDOWS\system32\_004185_.tmp.dll
C:\WINDOWS\system32\_004188_.tmp.dll
C:\WINDOWS\system32\_004189_.tmp.dll
C:\WINDOWS\system32\_004190_.tmp.dll
C:\WINDOWS\system32\_004191_.tmp.dll
C:\WINDOWS\system32\_004192_.tmp.dll
C:\WINDOWS\system32\_004197_.tmp.dll
C:\WINDOWS\system32\_004199_.tmp.dll
E:\Autorun.inf
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Creati Da 2008-09-27 al 2008-10-27 )))))))))))))))))))))))))))))))))))
.
2008-10-27 02:17 . 2008-10-27 02:17 <DIR> d----c--- C:\Documents and Settings\utente\Dati applicazioni\BitDefender
2008-10-27 02:17 . 2008-10-27 02:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\BitDefender
2008-10-27 02:16 . 2008-10-27 02:17 <DIR> d-------- C:\Programmi\File comuni\BitDefender
2008-10-27 01:45 . 2008-10-27 01:45 <DIR> d-------- C:\Programmi\PrevxCSI
2008-10-27 01:45 . 2008-10-27 01:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PrevxCSI
2008-10-27 01:45 . 2008-10-27 01:45 25,400 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-10-27 01:24 . 2008-10-27 01:24 250 --a------ C:\WINDOWS\gmer.ini
2008-10-26 21:57 . 2008-10-26 23:45 <DIR> d----c--- C:\Documents and Settings\utente\DoctorWeb
2008-10-26 17:58 . 2008-10-26 17:58 <DIR> d-------- C:\fsaua.data
2008-10-26 17:15 . 2008-10-26 17:20 <DIR> d-------- C:\Programmi\a-squared Free
2008-10-26 15:36 . 2008-10-26 15:36 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-26 15:36 . 2008-10-26 15:36 <DIR> d----c--- C:\Documents and Settings\utente\Dati applicazioni\Malwarebytes
2008-10-26 15:36 . 2008-10-26 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-26 15:36 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-26 15:36 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-25 15:47 . 2008-10-25 15:47 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-10-25 15:47 . 2008-10-25 16:39 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-10-25 14:29 . 2008-10-25 14:29 <DIR> d----c--- C:\Documents and Settings\utente\Dati applicazioni\OpenOffice.org
2008-10-25 14:17 . 2008-10-25 14:17 <DIR> d-------- C:\Programmi\OpenOffice.org 3
2008-10-25 14:17 . 2008-10-25 14:17 <DIR> d-------- C:\Programmi\JRE
2008-10-25 12:51 . 2008-10-27 02:17 <DIR> d-------- C:\Programmi\BitDefender
2008-10-25 12:16 . 2008-10-25 12:17 <DIR> d-------- C:\Programmi\Motive
2008-10-24 18:25 . 2008-10-15 17:36 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-24 17:54 . 2008-10-24 17:54 <DIR> d----c--- C:\Documents and Settings\utente\Dati applicazioni\U3
2008-10-24 00:46 . 2008-10-24 00:46 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-10-23 22:23 . 2008-10-23 22:29 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-10-22 13:00 . 2008-06-14 18:32 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-22 12:57 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-22 12:28 . 2008-10-22 12:38 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-22 10:20 . 2008-08-14 14:22 2,148,864 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-10-22 00:59 . 2008-10-22 12:37 <DIR> d-------- C:\WINDOWS\system32\it
2008-10-22 00:59 . 2008-10-22 12:37 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-22 00:59 . 2008-10-22 12:37 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-22 00:34 . 2004-08-19 13:00 71,040 --------- C:\WINDOWS\system32\drivers\_004087_.tmp.dll
2008-10-22 00:34 . 2008-04-14 03:14 42,496 --a------ C:\WINDOWS\system32\net.exe
2008-10-22 00:33 . 2008-10-22 12:09 <DIR> d-------- C:\WINDOWS\EHome
2008-10-21 23:41 . 2004-08-03 21:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-10-21 23:41 . 2004-08-03 21:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-10-21 23:41 . 2004-08-03 21:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-10-21 23:41 . 2004-07-17 21:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-10-21 23:41 . 2004-08-03 21:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-10-21 01:28 . 2008-04-14 03:13 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-10-15 23:11 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 23:10 . 2008-08-14 14:22 2,192,896 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 23:10 . 2008-08-14 14:22 2,148,864 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 23:10 . 2008-08-14 14:22 2,069,760 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 23:10 . 2008-08-14 14:22 2,027,520 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 23:10 . 2008-09-15 16:24 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-08 16:19 . 2008-10-17 11:18 <DIR> d----c--- C:\Documents and Settings\utente\Dati applicazioni\dvdcss
2008-10-07 16:49 . 2008-10-07 16:49 <DIR> d-------- C:\Programmi\¡Trabajando con el Español!
2008-10-05 23:44 . 2008-04-14 03:13 7,168 --a------ C:\WINDOWS\system32\hccoin.dll
2008-10-05 11:18 . 2008-10-05 11:18 <DIR> d-------- C:\Programmi\Evernote
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 16:23 --------- d-----w C:\Programmi\eMule
2008-10-26 00:25 --------- d-----w C:\Programmi\MSN Messenger
2008-10-25 13:14 --------- d-----w C:\Programmi\OpenOffice.org 2.4
2008-10-25 12:07 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-10-25 11:17 --------- d-----w C:\Programmi\Alice ti aiuta
2008-10-25 11:16 --------- d-----w C:\Programmi\Telecom Italia
2008-10-25 10:30 --------- dc----w C:\Documents and Settings\utente\Dati applicazioni\OpenOffice.org2
2008-10-25 10:23 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-10-25 10:23 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-10-23 20:17 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-10-22 10:41 --------- d-----w C:\Programmi\Java
2008-10-21 15:55 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-10-18 16:02 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-10-18 16:01 --------- d-----w C:\Programmi\Lavasoft
2008-10-18 15:46 --------- d-----w C:\Programmi\Mediacenter 1.0a
2008-09-15 15:24 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-01 13:55 --------- dc----w C:\Documents and Settings\utente\Dati applicazioni\vlc
2008-08-30 16:38 --------- d-----w C:\Programmi\Coolstreaming_Tool-Bar_v1.0
2008-08-30 15:44 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-08-30 15:07 --------- d-----w C:\Programmi\BitTorrent
2008-08-26 07:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:22 2,027,520 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2007-12-10 14:19 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-11-27 19:35 52,368 -c--a-w C:\Documents and Settings\utente\Dati applicazioni\GDIPFONTCACHEV1.DAT
2004-03-11 12:27 40,960 ----a-w C:\Programmi\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"CTZDetec.exe"="C:\Documents and Settings\utente\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe" [2006-02-28 1013429]
"Acronis Scheduler2 Service"="C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2006-02-28 118784]
"IntelliType"="C:\Programmi\Microsoft Hardware\Keyboard\type32.exe" [2001-06-12 69632]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"Opware15"="C:\Programmi\ScanSoft\OmniPage15.0\Opware15.exe" [2005-09-26 69632]
"PDF3 Registry Controller"="C:\Programmi\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-08-25 106496]
"LifeCam"="C:\Programmi\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2006-12-19 994072]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-01-10 385024]
"iTunesHelper"="E:\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-06-26 185896]
"ScanSoft OmniPage 15.0-reminder"="C:\Programmi\ScanSoft\OmniPage15.0\Ereg\ereg.exe" [2005-06-03 729088]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"BDAgent"="C:\Programmi\BitDefender\BitDefender 2009\bdagent.exe" [2008-09-04 716800]
"BitDefender Antiphishing Helper"="C:\Programmi\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
--a------ 2004-08-17 16:57 3412480 C:\Programmi\ASUS\Ai Booster\OverClk.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\QuickTime\\QuickTimePlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\SopCast\\sopvod.exe"=
"C:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Programmi\\TVAnts\\Tvants.exe"=
"E:\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-10-27 25400]
R1 ANVIOCTL;ANVIOCTL;C:\WINDOWS\system32\DRIVERS\anvioctl.sys [2004-05-24 233688]
R2 BDVEDISK;BDVEDISK;C:\Programmi\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R2 CSIScanner;CSIScanner;C:\Programmi\PrevxCSI\prevxcsi.exe [2008-10-27 880696]
R2 MSCamSvc;MSCamSvc;C:\Programmi\Microsoft LifeCam\MSCamS32.exe [2007-01-04 240408]
R2 Network WanMiniport First Position;Network WanMiniport First Position;C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 8192]
R3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-12-19 2383256]
S3 Arrakis3;BitDefender Arrakis Server;C:\Programmi\File comuni\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenuto della cartella 'Scheduled Tasks'
2008-10-27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9613A1C0-3390-4A59-8346-2358A4564160}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
HKLM-Run-OpScheduler - C:\Programmi\ScanSoft\OmniPage15.0\OpScheduler.exe
HKLM-Run-POINTER - point32.exe
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 22:02:28
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
PROCESSO: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programmi\BitDefender\BitDefender 2009\vsserv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\asuskbservice.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programmi\Creative\Shared Files\CTDevSrv.exe
C:\Programmi\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\BitDefender\BitDefender 2009\seccenter.exe
.
**************************************************************************
.
Ora fine scansione: 2008-10-27 22:07:07 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-10-27 21:06:58
Pre-Run: 20,223,705,088 byte disponibili
Post-Run: 20,139,540,480 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
295 --- E O F --- 2008-10-25 06:33:190 -
Can you acces your C: partition now ?
Download Malwarebytes' Anti-malware from here:
http://www.malwarebytes.org/mbam.php
Once the download is complete, run the install program, and accept all of the default options. Make sure that the options to Update and Launch the software is checked when you click Finish.
Now, let's make sure that it has all of the latest anti-spyware definitions: click on the Update tab and click the Check for Updates button.
After the updates have been loaded, click on the Scanner tab and choose the Perform Complete Scan option, then click the Scan button.
When the scan is complete, it will show you all of the potentially harmful files on your computer - click the button to remove them automatically.
Paste the scan log here.0 -
It seems working!
no more problems...thanks a lot!
anyway....this is the log file:
Malwarebytes' Anti-Malware 1.30
Versione del database: 1329
Windows 5.1.2600 Service Pack 3
28/10/2008 3.09.56
mbam-log-2008-10-28 (03-09-56).txt
Tipo di scansione: Scansione completa (C:\|E:\|F:\|)
Elementi scansionati: 141009
Tempo trascorso: 1 hour(s), 4 minute(s), 3 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)0 -
Sorry...
I have another problem...
I've just found the same virus on my external disk....this is the bitdefender log file....I can't enter in my external disk....
BitDefender Log File
Prodotto: BitDefender Internet Security 2009
Versione: BitDefender UIScanner v.12
Funzione scansione: scansione disco sterno
Data registro (log): 11:54:04 29/10/2008
Percorso registro (log): C:\Documents and Settings\utente\Dati applicazioni\BitDefender\Desktop\Profiles\Logs\user_0002\1225277644_1_02.xml
Percorsi di scansione:Percorso 0000: C:\Programmi\BitDefender\BitDefender 2009\uiscan.exe
Percorso 0001: C:\Programmi\HP\Digital Imaging\bin\hpqgpc01.exe
Percorso 0002: C:\Programmi\HP\Digital Imaging\bin\hpqbam08.exe
Percorso 0003: C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
Percorso 0004: C:\WINDOWS\System32\svchost.exe
Percorso 0005: C:\WINDOWS\System32\alg.exe
Percorso 0006: C:\WINDOWS\system32\svchost.exe
Percorso 0007: C:\Programmi\iPod\bin\iPodService.exe
Percorso 0008: C:\Programmi\BitDefender\BitDefender 2009\seccenter.exe
Percorso 0009: C:\WINDOWS\system32\MsPMSPSv.exe
Percorso 0010: C:\WINDOWS\system32\svchost.exe
Percorso 0011: C:\WINDOWS\System32\svchost.exe
Percorso 0012: C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
Percorso 0013: C:\WINDOWS\system32\nvsvc32.exe
Percorso 0014: C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
Percorso 0015: C:\WINDOWS\System32\svchost.exe
Percorso 0016: C:\Programmi\Microsoft LifeCam\MSCamS32.exe
Percorso 0017: C:\WINDOWS\system32\svchost.exe
Percorso 0018: C:\Programmi\Creative\Shared Files\CTDevSrv.exe
Percorso 0019: C:\WINDOWS\system32\CTsvcCDA.exe
Percorso 0020: C:\WINDOWS\asuskbservice.exe
Percorso 0021: C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
Percorso 0022: C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
Percorso 0023: C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
Percorso 0024: C:\Documents and Settings\utente\Creative Media Lite\CTZDetec.exe
Percorso 0025: C:\WINDOWS\system32\ctfmon.exe
Percorso 0026: C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
Percorso 0027: C:\Programmi\Microsoft Hardware\Mouse\point32.exe
Percorso 0028: C:\Programmi\BitDefender\BitDefender 2009\bdagent.exe
Percorso 0029: C:\WINDOWS\system32\rundll32.exe
Percorso 0030: C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
Percorso 0031: C:\Programmi\File comuni\Real\Update_OB\realsched.exe
Percorso 0032: C:\WINDOWS\system32\RUNDLL32.EXE
Percorso 0033: E:\iTunes\iTunesHelper.exe
Percorso 0034: C:\WINDOWS\vVX6000.exe
Percorso 0035: C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
Percorso 0036: C:\Programmi\Microsoft Hardware\Keyboard\type32.exe
Percorso 0037: C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
Percorso 0038: C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe
Percorso 0039: C:\WINDOWS\Explorer.EXE
Percorso 0040: C:\WINDOWS\system32\spoolsv.exe
Percorso 0041: C:\WINDOWS\system32\svchost.exe
Percorso 0042: C:\WINDOWS\system32\svchost.exe
Percorso 0043: C:\WINDOWS\System32\svchost.exe
Percorso 0044: C:\Programmi\BitDefender\BitDefender 2009\vsserv.exe
Percorso 0045: C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
Percorso 0046: C:\WINDOWS\system32\svchost.exe
Percorso 0047: C:\WINDOWS\system32\svchost.exe
Percorso 0048: C:\WINDOWS\system32\lsass.exe
Percorso 0049: C:\WINDOWS\system32\services.exe
Percorso 0050: C:\WINDOWS\system32\winlogon.exe
Percorso 0051: C:\WINDOWS\system32\csrss.exe
Percorso 0052: \SystemRoot\System32\smss.exe
Percorso 0053: G:\
Opzioni di scansione:Esamina alla ricerca di virus: Si
Scansione alla ricerca di adware: Si
Scansione alla ricerca di spyware: Si
Scansione alla ricerca di applicazioni: Si
Scansione alla ricerca di dialers: Si
Scansione alla ricerca di rootkit: Si
Opzioni di Selezione del Target:Esamina chiavi di registro: Si
Esamina cookie: Si
Esamina i settori di boot: Si
Esamina processi di memoria: Si
Esamina archivi: Si
Esamina runtime packers: Si
Esamina email: Si
Esamina tutti i file: Si
Scansione euristica: Si
Estensioni esaminate:
Estensioni escluse:
Target:Azione predefinita per gli oggetti infetti: Disinfetta
Azione predefinita per gli oggetti sospetti: Nessuno
Azione predefinita per gli oggetti nascosti: Nessuno
Azione predefinita per gli oggetti criptati infetti: Nessuno
Azione predefinita per gli oggetti criptati sospetti: Nessuno
Azione predefinita per gli oggetti protetti da password: Nessuno
Sommario motori di scansioneNumero di Impronte di Virus: 1977199
Plugin di archivio: 43
Plugin di mail: 6
Plugin di scansione: 12
Plugin di sistema: 5
Plugin unpack: 7
Sommario Scansione complessivaElementi Esaminati: 145341
Elementi Infetti: 5
Elementi sospetti: 0
Elementi risolti: 2
Elementi non risolti: 7
Elementi protetti da password: 4
Virus individuali trovati: 4
Directories esaminate: 3067
Settori di boot esaminati: 14
Archivi esaminati: 1765
Errori Input-output: 2
Durata della scansione: 01:00:10
File al secondo: 39
Sommario Processi esaminatiEsaminati: 53
Infetti: 0
Sommario Chiavi di registro esaminateEsaminati: 1168
Infetti: 0
Sommario cookies esaminatiEsaminati: 1168
Infetti: 0
Problemi rimanenti:Nome oggetto Nome Minaccia Stato Finale
G:\Photomatix Pro 2.5.4 With Serial.rar=]Photomatix Tone Mapping v1.0 For Adobe Photoshop Incl Keygen\Photomatix.Tone.Mapping.v1.0.Keygen.exe Trojan.Generic.190391 Cancellazione fallita (il file era in un archivio)
G:\Driver\Photomatix Pro v2.2.4 WinALL Incl Keygen-ARN.rar=]Photomatix.Pro.v2.2.4.WinALL.Incl.Keygen-ARN\PhotomatixPro224.exe Trojan.Generic.248797 Cancellazione fallita (il file era in un archivio)
G:\Driver\Photomatix Pro v2.2.4 WinALL Incl Keygen-ARN.rar=]Photomatix.Pro.v2.2.4.WinALL.Incl.Keygen-ARN\keygen\keygen.exe Trojan.Horse.COH Cancellazione fallita (il file era in un archivio)
Problemi risolti:Nome oggetto Nome Minaccia Stato Finale
G:\System Volume Information\_restore{4B84759F-2DD4-4993-9A62-AE4D25461A05}\RP630\A0129923.cmd Packer.Malware.NSAnti.1 Eliminato
G:\System Volume Information\_restore{4B84759F-2DD4-4993-9A62-AE4D25461A05}\RP13\A0002056.cmd Packer.Malware.NSAnti.1 Eliminato0 -
0
-
Bitdefender says that i have virus but I can't enter in my external disk....I can enter only using search in the start menu....
0 -
No more piracy, Mr. j4p
" />0
