Olimpo Informatico

[sally69]

Buonasera a tutti, mi chiamo Sally e mi sono appena iscritta.
Oggi ho scaricato a-squared hIJACKFREE SUL MIO PC.
cI HO CAPITO MOLTO POCO:
1) MA CONTINUA A SCANNERIZZARE?
2) CI SONO RIGHE VERDI E GIALLE: COSA SIGNIFICA?
HO PIGIATO IL TASTO ANALISI ON LINE E MI E' COMPARSA UNA LISTA DI ROBA INCOMPRENSIBILE.
la cosa che mi ha dato all'occhio da subito è stata questa:

Name: Winlogin
Path: C:\WINDOWS\system32\winlogin.exe
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 0 - Bad: 14
View Details Requires Attention!
Compare details with your local values
and/or search at Google

QUALCUNO GENTILMENTE PUO' DIRMI COS'E'?
C'E' UNA SPECIE DI DIAVOLINO ROSSO INCAVOLATISSIMO

ho xp service pack 2
ho come antivirus: clam
uso search and destroy e ccleaner
AVG antirootkit

grazie e buona serata

sally

[baciami]

SALLY..apri a-squared clicca aggiorna..dopo averlo aggiornato clicca "scansiona ora" vai su deep scan e inizia la scansione

[baciami]

scarica anche hijakthis..una volta scaricato clicca esegui e scan..una volta fatto clicca "savelog " lo copi e incolli qui che intanto ci diamo un occhio
per hIJACKFREE se non sei molto esperta del programma ti consiglio di accantonarlo

[sally69]

Ciao Baciami, ho fatto tutto ciò che mi hai detto.
Di seguito troverai il copia ed incolla.
Attendo.
Un abbraccio.
Sally


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.58.44, on 28/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\a-squared Anti-Malware\a2wizard.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] "C:\PROGRA~1\Magentic\bin\Magentic.exe" /c
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: DownloadInformation -
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Programmi/Fashion%20Fits/Images/stg_drm.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192804578109
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://194.244.16.123/g_bin/eng/breakout_2_0_0_29.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Programmi/Fashion%20Fits/Images/armhelper.ocx
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe

--
End of file - 5336 bytes

[baciami]

ciao sally
scarica combofix..leggi qui come fare http://forum.zeusnews.com/viewtopic.php?p=235539 poi posta il log qui

[sally69]

Ciao, ho fatto ciò che mi hai chiesto.
Di seguito ti allego jackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:59, on 2008-02-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\kmd.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\ComboFix\nircmd.cfexe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\findstr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] "C:\PROGRA~1\Magentic\bin\Magentic.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: DownloadInformation -
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Programmi/Fashion%20Fits/Images/stg_drm.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192804578109
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://194.244.16.123/g_bin/eng/breakout_2_0_0_29.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Programmi/Fashion%20Fits/Images/armhelper.ocx
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe

--
End of file - 5620 bytes
---------------------------------------------

questo è di combo:

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-01-28 al 2008-02-29 )))))))))))))))))))))))))))))))))))
.

2008-02-29 11:04 . 2008-02-29 11:04 <DIR> d-------- C:\Programmi\Wedding Dash
2008-02-29 09:55 . 2008-02-29 10:00 <DIR> d-------- C:\Programmi\Eusing Free Registry Cleaner
2008-02-28 23:57 . 2008-02-28 23:57 <DIR> d-------- C:\Programmi\Trend Micro
2008-02-28 23:49 . 2008-02-29 01:25 <DIR> d-------- C:\Programmi\a-squared Anti-Malware
2008-02-28 01:11 . 2008-02-29 01:19 <DIR> d-------- C:\Programmi\NoAdware5.0
2008-02-27 15:05 . 2008-02-27 15:05 <DIR> d-------- C:\Documents and Settings\BARBARA\Dati applicazioni\Uniblue
2008-02-27 14:11 . 2008-02-29 01:25 108 --a------ C:\index.ini
2008-02-27 14:04 . 2008-02-28 23:54 <DIR> d-------- C:\Programmi\a-squared HiJackFree
2008-02-25 10:42 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-23 22:34 . 2008-02-23 23:00 <DIR> d-------- C:\Programmi\Sallys Salon
2008-02-23 22:33 . 2008-02-23 22:33 <DIR> d-------- C:\Programmi\ReflexiveArcade
2008-02-22 13:37 . 2008-02-22 13:37 <DIR> d-------- C:\My Download Files
2008-02-22 13:31 . 2008-02-23 11:28 <DIR> d-------- C:\Programmi\BabysittingMania_at
2008-02-22 13:30 . 2008-02-22 14:40 <DIR> d-------- C:\Programmi\FashionCraze_at
2008-02-19 16:14 . 2008-02-19 16:14 <DIR> d-------- C:\Programmi\Xvid
2008-02-19 16:14 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-19 16:14 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-19 16:14 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-02-19 15:03 . 2008-02-19 15:03 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-02-19 15:00 . 2008-02-19 15:00 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-19 15:00 . 2008-02-19 15:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-17 13:46 . 2008-02-17 13:46 <DIR> d-------- C:\Programmi\DivX
2008-02-16 18:01 . 2008-02-16 18:01 <DIR> d-------- C:\Documents and Settings\BARBARA\Dati applicazioni\Fuzzy Games
2008-02-16 17:55 . 2008-02-16 18:16 <DIR> d-------- C:\Programmi\Zylom Games
2008-02-09 23:54 . 2008-02-09 23:54 <DIR> d-------- C:\Documents and Settings\BARBARA\Dati applicazioni\Home Sweet Home
2008-02-09 23:33 . 2008-02-10 00:23 <DIR> d-------- C:\Programmi\HomeSweetHome_at
2008-02-02 20:36 . 2008-02-21 23:15 <DIR> d-------- C:\Programmi\Fashion Fits!
2008-02-01 22:56 . 2008-02-01 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Go Go Gourmet
2008-02-01 11:17 . 2008-02-01 11:17 586,752 --a------ C:\WINDOWS\WLXPGSS.SCR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 10:23 --------- d-----w C:\Programmi\AdunanzA
2008-02-29 09:34 --------- d-----w C:\Programmi\Mozilla Sunbird
2008-02-28 23:37 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-02-28 23:21 0 ----a-w C:\Programmi\temp01
2008-02-28 23:08 --------- d-----w C:\Documents and Settings\BARBARA\Dati applicazioni\OpenOffice.org2
2008-02-28 23:06 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-27 14:49 --------- d-----w C:\Programmi\Windows Live
2008-02-27 13:42 --------- d-----w C:\Programmi\MSN Messenger
2008-02-17 11:05 --------- d-----w C:\Programmi\Google
2008-02-16 17:01 --------- d-----w C:\Documents and Settings\BARBARA\Dati applicazioni\Zylom
2008-02-01 22:59 --------- d-----w C:\Programmi\iWin.com
2008-02-01 12:52 --------- d-----w C:\Programmi\OpenOffice.org 2.3
2008-01-27 19:43 --------- d-----w C:\Programmi\Java
2008-01-27 19:41 --------- d-----w C:\Programmi\File comuni\Java
2008-01-25 21:16 --------- d-----w C:\Documents and Settings\BARBARA\Dati applicazioni\Apple Computer
2008-01-24 16:39 --------- d-----w C:\Programmi\Enigma Software Group
2008-01-23 00:55 --------- d-----w C:\Documents and Settings\BARBARA\Dati applicazioni\iWinArcade
2008-01-23 00:55 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\iWin Games
2008-01-20 19:17 --------- d-----w C:\Documents and Settings\BARBARA\Dati applicazioni\Valusoft
2008-01-20 19:17 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Valusoft
2008-01-20 12:28 --------- d-----w C:\Documents and Settings\BARBARA\Dati applicazioni\Oberon Games
2008-01-20 12:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Oberon Games
2008-01-20 11:24 --------- d-----w C:\Documents and Settings\BARBARA\Dati applicazioni\Gamelab
2008-01-20 02:30 --------- d-----w C:\Programmi\Gamenext
2008-01-13 12:18 120 ----a-w C:\drmHeader.bin
2008-01-03 23:57 --------- d-----w C:\Programmi\NCH Swift Sound
2008-01-03 23:56 --------- d-----w C:\Programmi\NCH Software
2008-01-03 23:44 --------- d-----w C:\Documents and Settings\BARBARA\Dati applicazioni\Recordpad
2008-01-03 23:44 --------- d-----w C:\Documents and Settings\BARBARA\Dati applicazioni\NCH Swift Sound
2008-01-03 23:44 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\NCH Swift Sound
2008-01-03 23:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\NCH Software
2008-01-03 21:45 --------- d-----w C:\Documents and Settings\BARBARA\Dati applicazioni\DivX
2007-12-30 09:57 --------- d-----w C:\Documents and Settings\BARBARA\Dati applicazioni\SpinTop
2007-12-30 01:23 --------- d-----w C:\Documents and Settings\BARBARA\Dati applicazioni\PlayFirst
2007-12-28 21:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Gogii
2007-12-28 15:33 --------- d-----w C:\Programmi\Trymedia
2007-12-19 10:34 286,720 ----a-w C:\WINDOWS\iun507.exe
2007-12-19 08:25 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-07 02:04 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:40 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-28 11:11 87,608 ----a-w C:\Documents and Settings\BARBARA\Dati applicazioni\ezpinst.exe
2007-10-28 11:11 47,360 -c--a-w C:\Documents and Settings\BARBARA\Dati applicazioni\pcouffin.sys
2007-10-02 12:42 970 -c--a-w C:\Documents and Settings\BARBARA\Dati applicazioni\wklnhst.dat
2006-12-17 21:08 37,480 -c--a-w C:\Documents and Settings\BARBARA\Dati applicazioni\GDIPFONTCACHEV1.DAT
2006-09-21 13:59 774,144 -c--a-w C:\Programmi\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Programmi\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02 208946]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2007-09-03 14:25 475180]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"a-squared"="C:\Programmi\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Documents and Settings\\BARBARA\\Documenti\\Immagini\\SETUP.EXE"=
"C:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Programmi\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Programmi\\Magentic\\bin\\Magentic.exe"=
"C:\\Programmi\\Magentic\\bin\\MgApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\IncrediMail\\bin\\ImLc.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4672:TCP"= 4672:TCP:emule
"4672:UDP"= 4672:UDP:emule udp ingresso

S3 Engine;Engine;J:\winPenPack\Bin\L2MRemover\engine.sys []
S3 ose;Office Source Engine;"C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE" [2003-07-28 20:28]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-28 01:35:02 C:\WINDOWS\Tasks\SpybotSD.job"
- C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 14:02:59
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-29 14.07.25
.
2008-02-27 14:50:01 --- E O F ---

[bdoriano]

Ciao sally69,

dovresti, cortesemente, evitare di continuare ad aprire nuovi topic quando non ricevi risposte in tempi brevi. Al limite, accodi un nuovo messaggio al tuo topic e vedrai che, magicamente, viene portato in cima agli altri.
Ti ringrazio per la collaborazione.

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

[sally69]

non lo sapevo, scusate.
comunque gradirei una risposta da BACIAMI , visto che ho iniziato con lui7lei a dialogare.
grazie sally

[baciami]

ciao sally..fai pure quello che ti chiede bdoriano che è il migliore. a dopo

[sally69]

Ciao bdoriano e baciami,
ho fatto ciò che mi avete consigliato con Kaspersky.
Vi allego report.

Grazie
Total number of scanned objects 50983
Number of viruses found 3
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 01:39:32

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\04c4a75c166754ae17b5a8a99bd24a61_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\07f63b6ebd28c86a907246459c15b4e6_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\0cba7f4480d29bd5a7f6b7d47b06d811_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\1686e78a0b06c246ed82ed6bbecf530e_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\27a4d5789658e2b1ee237abdd2e3d75a_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\2d6b5983d2aeb88a7b1d5afb0fdfff38_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\2e7d87d31ee9eda06ee7a8df53a65d59_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\33208e79ec578bb62c74332fbb20868b_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\35d34ad1df3d251b2a33db1bba3bb19b_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\3823d72fe9f347574fe63d9e93c5b32d_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\3a90e45c4690e29d4749ccd216d130c7_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\3b297b3ce2bab7416d85d39938da3a6e_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\3bae302d91cbc79d35de092634df3069_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\467f6970a7b07fc85c9baa6efe8b507e_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\48076c195dcf9ecd95b6c120c26da1d4_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\5af4cc2a8d727ce0b41b9ebd53765c9a_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\5e924e37d0cd972365751b02727c86d7_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\7b50fb1083035af9000d53d7fb30bc5e_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\7dc047dae5a74cb8c94ea72982f467a6_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\7e007dfdf8842384cc1a959359d87341_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\834647864cf6339beb0d2db55608a659_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\8c856aadb2bff81ad2d8389d5ab97026_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\96a3344ce8ccbb9155c8f2d51f237f6a_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\96b6a9feabc4124e803beb9427e601de_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\9b6dc6a0c5a834a7bddba571e6449af1_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\a2fc18010499338c0a137eadd0302221_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\be27a308ac0bacd511a07a467d3f5a8a_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\c2b41bafa8aef9e6bccf976452668ea4_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\d708cd54a3b2e8012b99363136dd0b73_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\de154e111e30b58ee5eb4255bd4b5971_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\ea57339dc9c515256348af7f85876265_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\f12566646f47ae41caafa25efd99349b_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\facb29b17fc4962a27051a720277999a_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\ff1c7f4591307f3c8c9f0a0188ca7961_9bf3a84a-24d2-4238-8430-6aff1f007ba7 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped

C:\Documents and Settings\BARBARA\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\BARBARA\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\BARBARA\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\BARBARA\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\BARBARA\Impostazioni locali\Temp\~DF3F2D.tmp Object is locked skipped

C:\Documents and Settings\BARBARA\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\BARBARA\Impostazioni locali\Temporary Internet Files\Content.IE5\Y20KH6VV\BurstingInteractionsPipe[1].htm Object is locked skipped

C:\Documents and Settings\BARBARA\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\BARBARA\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{62826132-7B41-4A1B-A9BA-0CC5D9EBFAB5}\RP376\A0137221.exe Infected: not-a-virus:AdTool.Win32.FenomenGame.a skipped

C:\System Volume Information\_restore{62826132-7B41-4A1B-A9BA-0CC5D9EBFAB5}\RP378\A0137312.exe/data0035 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bu skipped

C:\System Volume Information\_restore{62826132-7B41-4A1B-A9BA-0CC5D9EBFAB5}\RP378\A0137312.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{62826132-7B41-4A1B-A9BA-0CC5D9EBFAB5}\RP416\A0144072.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{62826132-7B41-4A1B-A9BA-0CC5D9EBFAB5}\RP419\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\etc\Hosts.bak Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\a2cache_6BA9E6EA.dat Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[Riverside]

@ sally, ciao; siamo in presenza di due ordini di problemi, quindi cerchiamo di capire un paio di cose, partendo dal primo:
per quanto riguarda questa istanza (nel log di Hthis si ripete ben quattro volte): C:\WINDOWS\system32\kmd.exe
● hai per caso scaricato ed installato KaZaA Media Desktop?
● quando hai eseguito lo scan con hijackthis e quello con Combofix, avevi Emule Adunanza in fase di scaricamento?.

P:S.: Nel frattempo, ti comunico che hai infettato il P.C.

[sally69]

ciao River, alle tue domande la risposta è NO in nessun caso.
cosa dovrei fare ora?
grazie per la disponibilità
ciao sally

[Riverside]

[sally69]

Ciao Riverside, allego report.
File KMD.EXE-2FAFDF40.pf ricevuto il 2008.03.02 10:31:38 (CET)
Stato corrente: Carico ... in coda attesa scansione finito NON TROVATO INTERROTTO


Risultato: 0/32 (0%)
Carico informazioni server...
Il tuo file è in coda in posizione: ___.
Tempo stimato inizio tra ___ e ___ .
Non chiudere la finestra fino al termine della scansione.
Lo scanner che stava processando il tuo file si è fermato in questo momento, stiamo aspettando alcuni secondi per tentare di recuperare i tuoi risultati.
Se stai aspettando da più di cinque minuti devi rimandare il tuo file.
VirusTotal sta controllando il tuo file in questo momento,
i risultati saranno visualizzati mentre vengono generati.
Formattato Stampa risultati
Il tuo file è scaduto o non esiste.
Il servizio è fermo in questo momento, il tuo file sta aspettando di essere controllato (posizione: ) da un tempo indefinito.

Puoi aspettare la risposta sul web (ricarico automatico) o digitare il tuo indirizzo email nel riquadro qui sotto e premere "richiesta" così il sistema ti invierà una notifica al termine della scansione.
Email:


Antivirus Versione Ultimo aggiornamento Risultato
AhnLab-V3 2008.2.29.1 2008.02.29 -
AntiVir 7.6.0.73 2008.02.29 -
Authentium 4.93.8 2008.03.01 -
Avast 4.7.1098.0 2008.03.01 -
AVG 7.5.0.516 2008.03.01 -
BitDefender 7.2 2008.03.02 -
CAT-QuickHeal 9.50 2008.03.01 -
ClamAV 0.92.1 2008.03.01 -
DrWeb 4.44.0.09170 2008.03.01 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5574 2008.02.29 -
Ewido 4.0 2008.03.02 -
FileAdvisor 1 2008.03.02 -
Fortinet 3.14.0.0 2008.03.02 -
F-Prot 4.4.2.54 2008.03.01 -
F-Secure 6.70.13260.0 2008.03.01 -
Ikarus T3.1.1.20 2008.03.02 -
Kaspersky 7.0.0.125 2008.03.02 -
McAfee 5242 2008.02.29 -
Microsoft 1.3301 2008.03.02 -
NOD32v2 2913 2008.03.01 -
Norman 5.80.02 2008.02.29 -
Panda 9.0.0.4 2008.03.01 -
Prevx1 V2 2008.03.02 -
Rising 20.33.52.00 2008.03.01 -
Sophos 4.27.0 2008.03.02 -
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.03.02 -
TheHacker 6.2.92.231 2008.03.02 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.03.02 -
Webwasher-Gateway 6.6.2 2008.03.02 -
Informazioni addizionali
File size: 12070 bytes
MD5: 08ec7b96e0c15cb5590581647b993286
SHA1: aac0475e92bd36c35e1ddbae3a5178db78a273c8
PEiD: -

[Riverside]

[sally69]

ecco:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.49.14, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] "C:\PROGRA~1\Magentic\bin\Magentic.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: DownloadInformation -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Programmi/Fashion%20Fits/Images/stg_drm.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192804578109
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://194.244.16.123/g_bin/eng/breakout_2_0_0_29.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Programmi/Fashion%20Fits/Images/armhelper.ocx
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe

--
End of file - 5112 bytes

IL RIPRISTINO DI CONFIG SISTEMA LO LASCIO DISATTIVATO????????????

[Riverside]

[sally69]

Ciao, ho fatto tutto quanto alla lettera.
Le tre scansioni hanno dato risultati negativi.
Nulla di nulla.

ti allego ultimo Jackthis:
DIMMI SE DEVO RICONFIGURARE IL RIPRISTINO DI SISTEMA...GRAZIE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.06.45, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] "C:\PROGRA~1\Magentic\bin\Magentic.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192804578109
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe

--
End of file - 4456 bytes

[Riverside]

[sally69]

GRAZIE RIVERSIDE

allora dovrei avere il pc pulito?
come antivirus sto usando a-squared in prova. va bene