www.MegaLab.it

da **Sabrina1988** » mer gen 23, 2008 12:06 pm

Visitando forum e google sembra che io abbia fasttrack ho provato a seguire quello che dicevano i vari forum ma il mio problema rimane sempre.Compare connessione remota e disconnette.Questa connessione compare già all'avvio di windows.Ho antivir.comodo firewall,superantyspyware,spyware terminator ed a-squared...Antivir trovo ed eliminò questi virus: W95/Blumblebee.1738
TR/PWS.Sinowal.Gen - Trojan.Con nuova scansione niente virus.Kaspersky non trova niente.Non sò cosa inventarmi se esiste una soluzione...Grazie in anticipo.

da **crazy.cat** » mer gen 23, 2008 1:30 pm

Vediamo un log della scansione di hijackthis.

da **Sabrina1988** » mer gen 23, 2008 1:35 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.35.54, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{232BD322-52F3-4E63-AFF1-3CC8EE72DCB4}: NameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABE7A8C2-25B1-4896-A8DE-E0F55E149C8D}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{232BD322-52F3-4E63-AFF1-3CC8EE72DCB4}: NameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{232BD322-52F3-4E63-AFF1-3CC8EE72DCB4}: NameServer = 85.37.17.16 85.38.28.68
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

da **ste_95** » mer gen 23, 2008 2:19 pm

Il log è pulito. Non è che il trojan lo ha eliminato Antivir?

da **Sabrina1988** » mer gen 23, 2008 7:39 pm

I trojan o i virus saranno anche eliminati ma non è possibile essere disconnessi ogni 10-15 minuti e non sapere ancora cosa ho..Se si potesse fermare questa connessione remota esterna..

da **Sabrina1988** » ven gen 25, 2008 10:24 pm

Ad-Aware mi ha individuato qualche chiave di registro modificata.Cosa fare per risolverle?

Ad-Aware SE Build 1.06r1
Logfile Created on:venerdì 25 gennaio 2008 22.05.07
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R200 29.10.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):17 total references
Tracking Cookie(TAC index:3):4 total references
Win32.Backdoor.Agent(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

25-01-2008 22.05.07 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\IVANO\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1532298954-682003330-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1532298954-682003330-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1532298954-682003330-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1532298954-682003330-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1532298954-682003330-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1532298954-682003330-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1532298954-682003330-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1532298954-682003330-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1532298954-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1532298954-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1532298954-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1532298954-682003330-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-1078081533-1532298954-682003330-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 820
ThreadCreationTime : 25-01-2008 18.31.01
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 868
ThreadCreationTime : 25-01-2008 18.31.03
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 896
ThreadCreationTime : 25-01-2008 18.31.08
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 940
ThreadCreationTime : 25-01-2008 18.31.08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applicazione Servizi e Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 952
ThreadCreationTime : 25-01-2008 18.31.08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1108
ThreadCreationTime : 25-01-2008 18.31.09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1172
ThreadCreationTime : 25-01-2008 18.31.09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1268
ThreadCreationTime : 25-01-2008 18.31.10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1324
ThreadCreationTime : 25-01-2008 18.31.10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1460
ThreadCreationTime : 25-01-2008 18.31.15
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1664
ThreadCreationTime : 25-01-2008 18.31.19
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1772
ThreadCreationTime : 25-01-2008 18.31.19
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Esplora risorse
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : EXPLORER.EXE

#:13 [avguard.exe]
FilePath : C:\Programmi\Avira\AntiVir PersonalEdition Classic\
ProcessID : 1820
ThreadCreationTime : 25-01-2008 18.31.20
BasePriority : Normal
FileVersion : 7.00.00.82
ProductVersion : 7.00.00.00
ProductName : AntiVir Workstation
CompanyName : Avira GmbH
FileDescription : Antivirus On-Access Service
InternalName : AVGuard
LegalCopyright : Copyright © 2007 Avira GmbH. All rights reserved.
LegalTrademarks : AntiVir® is a registered trademark of Avira GmbH, Germany.
OriginalFilename : avguard.exe

#:14 [jusched.exe]
FilePath : C:\Programmi\Java\jre1.6.0_03\bin\
ProcessID : 1988
ThreadCreationTime : 25-01-2008 18.31.21
BasePriority : Normal

#:15 [avgnt.exe]
FilePath : C:\Programmi\Avira\AntiVir PersonalEdition Classic\
ProcessID : 1996
ThreadCreationTime : 25-01-2008 18.31.21
BasePriority : Normal
FileVersion : 7.02.00.16
ProductVersion : 7.02.00.16
ProductName : AntiVir Workstation
CompanyName : Avira GmbH
FileDescription : Antivirus System Tray Tool
InternalName : avsystray.exe
LegalCopyright : Copyright © 2007 Avira GmbH. All rights reserved.
LegalTrademarks : AntiVir® is a registered trademark of Avira GmbH, Germany.
OriginalFilename : avgnt.exe

#:16 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 144
ThreadCreationTime : 25-01-2008 18.31.22
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:17 [a2service.exe]
FilePath : C:\Programmi\a-squared Anti-Dialer\
ProcessID : 492
ThreadCreationTime : 25-01-2008 18.31.28
BasePriority : Normal
FileVersion : 3.0.0.384
ProductVersion : 3.0.0.0
ProductName : a-squared
CompanyName : Emsi Software GmbH
FileDescription : a-squared Service
InternalName : a2service
LegalCopyright : (C) 2003-2007 Emsi Software GmbH
OriginalFilename : a2service.exe

#:18 [sched.exe]
FilePath : C:\Programmi\Avira\AntiVir PersonalEdition Classic\
ProcessID : 520
ThreadCreationTime : 25-01-2008 18.31.29
BasePriority : Normal
FileVersion : 7.00.00.62
ProductVersion : 7.00.00.62
ProductName : Scheduler
CompanyName : Avira GmbH
FileDescription : Antivirus Scheduler
InternalName : avschd
LegalCopyright : Copyright © 2007 Avira GmbH. All rights reserved.
LegalTrademarks : AntiVir® is a registered trademark of Avira GmbH, Germany.
OriginalFilename : sched.exe

#:19 [cmdagent.exe]
FilePath : C:\Programmi\COMODO\Firewall\
ProcessID : 544
ThreadCreationTime : 25-01-2008 18.31.29
BasePriority : Normal
FileVersion : 2.4.0.19
ProductVersion : 2.4.0.0
ProductName : Comodo Firewall
CompanyName : COMODO
FileDescription : Comodo Agent Service
InternalName : cmdagent
LegalCopyright : Copyright © 2005-2006 COMODO ®. All rights reserved
LegalTrademarks : Copyright © 2005-2006 COMODO ®. All rights reserved
OriginalFilename : cmdagent.exe

#:20 [sp_rsser.exe]
FilePath : C:\Programmi\Spyware Terminator\
ProcessID : 856
ThreadCreationTime : 25-01-2008 18.31.37
BasePriority : Normal
FileVersion : 2.0.1.195
ProductName : Crawler Spyware Terminator
CompanyName : Crawler.com
FileDescription : Spyware Terminator Realtime Shield Service
LegalCopyright : © Crawler.com

#:21 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1416
ThreadCreationTime : 25-01-2008 18.31.43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1580
ThreadCreationTime : 25-01-2008 18.31.44
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:23 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2636
ThreadCreationTime : 25-01-2008 18.31.54
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:24 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2648
ThreadCreationTime : 25-01-2008 18.31.55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:25 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3176
ThreadCreationTime : 25-01-2008 18.32.04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:26 [msnmsgr.exe]
FilePath : C:\Programmi\MSN Messenger\
ProcessID : 212
ThreadCreationTime : 25-01-2008 18.34.17
BasePriority : Normal
FileVersion : 8.1.0178.00
ProductVersion : 8.1.0178
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe

#:27 [usnsvc.exe]
FilePath : C:\Programmi\MSN Messenger\
ProcessID : 944
ThreadCreationTime : 25-01-2008 18.34.41
BasePriority : Normal
FileVersion : 8.1.0178.00
ProductVersion : 8.1.0178
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger Sharing USN Journal Reader Service
InternalName : usnsvc.exe
LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename : usnsvc.exe

#:28 [ad-aware.exe]
FilePath : C:\Programmi\Lavasoft\Ad-Aware SE Personal\
ProcessID : 7444
ThreadCreationTime : 25-01-2008 21.04.09
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ivano@bs.serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ivano@bs.serving-sys.com/
Expires : 31-12-2037 23.00.00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ivano@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:ivano@overture.com/
Expires : 22-01-2018 12.17.28
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ivano@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:ivano@serving-sys.com/
Expires : 31-12-2037 23.00.00
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ivano@weborama[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\IVANO\Cookies\ivano@weborama[1].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 21

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Backdoor.Agent Object Recognized!
Type : File
Data : 339_d.sld
TAC Rating : 10
Category : Virus
Comment :
Object : C:\Documents and Settings\All Users\Dati applicazioni\Comodo\common\DB\DDB\DLL\

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 22

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Backdoor.Agent Object Recognized!
Type : RegData
Data : c:\windows\system32\userinit.exe
TAC Rating : 10
Category : Virus
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Userinit
Data : c:\windows\system32\userinit.exe

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 23

22.19.56 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00.14.49.47
Objects scanned:199254
Objects identified:6
Objects ignored:0
New critical objects:6

da **ste_95** » ven gen 25, 2008 10:29 pm

I file trovati erano Cookie e file temporanei, nulla di serio.

www.MegaLab.it

FASTTRACK o cosa?

FASTTRACK o cosa?

Chi c’è in linea