------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, May 09, 2008 1:56:21 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 8/05/2008 Kaspersky Anti-Virus database records: 747889 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 86742 Number of viruses found: 13 Number of infected objects: 35 Number of suspicious objects: 7 Duration of the scan process: 03:10:36 Infected Object Name / Virus Name / Last Action C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{40ADAED9-8EA7-4EC4-8C74-F1A5E02D1ED9}.bin Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\avg8\emc\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\avg8\Log\avgwdsvc.log Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\avg8\Log\avgrs.log Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\avg8\Log\avgwd.log Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\avg8\Log\avgsched.log Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\avg8\Log\avglng.log Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\avg8\Log\avgui.log Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\avg8\Log\avgcore.log Object is locked skipped C:\Documents and Settings\All Users\Dati applicazioni\comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\dmd\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\dmd\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\dmd\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\dmd\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\dmd\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\dmd\Impostazioni locali\Temp\~DFB9B8.tmp Object is locked skipped C:\Documents and Settings\dmd\Impostazioni locali\Temp\~DFB9D4.tmp Object is locked skipped C:\Documents and Settings\dmd\Desktop\Strumenti di amministrazione\Utility\Sicurezza\Antimalware\spostare su desktop quando si usano\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\dmd\Desktop\Strumenti di amministrazione\Utility\Sicurezza\Antimalware\spostare su desktop quando si usano\SmitfraudFix.exe RAR: infected - 1 skipped C:\Documents and Settings\dmd\Desktop\Strumenti di amministrazione\Utility\Sicurezza\Antimalware\spostare su desktop quando si usano\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\dmd\Cookies\index.dat Object is locked skipped C:\Documents and Settings\dmd\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\dmd\ntuser.dat Object is locked skipped C:\Documents and Settings\dmd\.housecall6.6\Quarantine\A0080365.SYS.bac_a02636 Infected: Trojan-Clicker.Win32.Costrat.ac skipped C:\System Volume Information\_restore{BB13918B-D6B0-4455-9C07-07AEF547CF22}\RP345\A0077118.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped C:\System Volume Information\_restore{BB13918B-D6B0-4455-9C07-07AEF547CF22}\RP355\A0080983.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\_restore{BB13918B-D6B0-4455-9C07-07AEF547CF22}\RP355\A0080984.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\_restore{BB13918B-D6B0-4455-9C07-07AEF547CF22}\RP355\A0080986.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\_restore{BB13918B-D6B0-4455-9C07-07AEF547CF22}\RP355\A0081017.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped C:\System Volume Information\_restore{BB13918B-D6B0-4455-9C07-07AEF547CF22}\RP355\A0081021.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped C:\System Volume Information\_restore{BB13918B-D6B0-4455-9C07-07AEF547CF22}\RP355\A0081131.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped C:\System Volume Information\_restore{BB13918B-D6B0-4455-9C07-07AEF547CF22}\RP355\A0083236.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\_restore{BB13918B-D6B0-4455-9C07-07AEF547CF22}\RP355\A0083237.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\_restore{BB13918B-D6B0-4455-9C07-07AEF547CF22}\RP355\A0083263.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped C:\System Volume Information\_restore{BB13918B-D6B0-4455-9C07-07AEF547CF22}\RP355\A0083267.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped C:\System Volume Information\_restore{BB13918B-D6B0-4455-9C07-07AEF547CF22}\RP355\A0083322.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped C:\System Volume Information\_restore{BB13918B-D6B0-4455-9C07-07AEF547CF22}\RP355\A0085342.DLL Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\_restore{BB13918B-D6B0-4455-9C07-07AEF547CF22}\RP360\change.log Object is locked skipped C:\PScanner Backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped D:\CD\Outlook Express\Posta in arrivo.dbx/[From Mail Delivery Subsystem ][Date Fri, 6 Dec 2002 19:55:57 -0500 (EST)]/UNNAMED/[From logs-wo.proxy.aol.com [205.188.200.6]]/UNNAMED/[From sha_bspa ][Date Fri, 6 Dec 2002 19:42:46 -0500 (EST)]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped D:\CD\Outlook Express\Posta in arrivo.dbx/[From Mail Delivery Subsystem ][Date Fri, 6 Dec 2002 19:55:57 -0500 (EST)]/UNNAMED/[From logs-wo.proxy.aol.com [205.188.200.6]]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped D:\CD\Outlook Express\Posta in arrivo.dbx/[From Mail Delivery Subsystem ][Date Fri, 6 Dec 2002 19:55:57 -0500 (EST)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped D:\CD\Outlook Express\Posta in arrivo.dbx/[From Mail Delivery Subsystem ][Date Sun, 15 Dec 2002 18:50:25 -0500 (EST)]/UNNAMED/[From logs-tq.proxy.aol.com [152.163.201.5]]/UNNAMED/[From webmaster ][Date Sun, 15 Dec 2002 16:31:15 -0500 (EST)]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped D:\CD\Outlook Express\Posta in arrivo.dbx/[From Mail Delivery Subsystem ][Date Sun, 15 Dec 2002 18:50:25 -0500 (EST)]/UNNAMED/[From logs-tq.proxy.aol.com [152.163.201.5]]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped D:\CD\Outlook Express\Posta in arrivo.dbx/[From Mail Delivery Subsystem ][Date Sun, 15 Dec 2002 18:50:25 -0500 (EST)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped D:\CD\Outlook Express\Posta in arrivo.dbx MailMSOutlook5: suspicious - 6 skipped D:\downloads\Utility\Backup\Masterizzazoine\amazingcdburnerfree.exe/data0006 Infected: not-a-virus:AdWare.Win32.Relevant.a skipped D:\downloads\Utility\Backup\Masterizzazoine\amazingcdburnerfree.exe Inno: infected - 1 skipped D:\downloads\Utility\Boot WinXP\UBCD\UBCD4WinV304.exe/file3166 Infected: not-a-virus:NetTool.Win32.Portscan.c skipped D:\downloads\Utility\Boot WinXP\UBCD\UBCD4WinV304.exe/file3322 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped D:\downloads\Utility\Boot WinXP\UBCD\UBCD4WinV304.exe/file3327 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped D:\downloads\Utility\Boot WinXP\UBCD\UBCD4WinV304.exe/file3366 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped D:\downloads\Utility\Boot WinXP\UBCD\UBCD4WinV304.exe/file3369 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped D:\downloads\Utility\Boot WinXP\UBCD\UBCD4WinV304.exe/file3370 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped D:\downloads\Utility\Boot WinXP\UBCD\UBCD4WinV304.exe/file3567/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped D:\downloads\Utility\Boot WinXP\UBCD\UBCD4WinV304.exe/file3567/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped D:\downloads\Utility\Boot WinXP\UBCD\UBCD4WinV304.exe/file3567/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped D:\downloads\Utility\Boot WinXP\UBCD\UBCD4WinV304.exe/file3567 Infected: not-a-virus:PSWTool.Win32.RAS.a skipped D:\downloads\Utility\Boot WinXP\UBCD\UBCD4WinV304.exe Inno: infected - 10 skipped D:\downloads\Utility\Video\convertitori video\Download_mp4cset3.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped D:\downloads\Utility\Win98bootcd\XPBOOT.ISO/zerocmos/DUMPCMOS.COM Infected: Trojan.DOS.KillCMOS.k skipped D:\downloads\Utility\Win98bootcd\XPBOOT.ISO/zerocmos/KILLCMOS.COM Infected: Trojan.DOS.KillCMOS.c skipped D:\downloads\Utility\Win98bootcd\XPBOOT.ISO ISOimage: infected - 2 skipped Scan process completed.