MegaLab.it

Inviato: **lun mar 19, 2007 12:35 am**

Appena provo ad accedere ad internet si apre una pagina abaut blank e non la solita di libero, avevo appena disinstallato zone allarm e stavo navigando su google ed improvvisamente Antivir mi segna dei virus che non riesco ad eliminare, ho chiuso quindi tutto efatto la scansione con hijackthis di cui vi posto il logfile, ora sto facendo la scansione con antivir e vi faccio sapere .

Logfile of HijackThis v1.99.1
Scan saved at 23.16.39, on 18/03/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\AntiVir PersonalEdition Classic\sched.exe
E:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
E:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
E:\Programmi\Spyware Terminator\sp_rsser.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
E:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
E:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
E:\Programmi\MessengerPlus! 3\MsgPlus.exe
E:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
E:\Documents and Settings\fs\Desktop\Tools_antivirus\E892T93.exe
E:\WINDOWS\System32\ctfmon.exe
E:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
E:\Documents and Settings\fs\Desktop\Tools_antivirus\E892T93.exe
E:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\Programmi\AntiVir PersonalEdition Classic\avcenter.exe
E:\Programmi\Musicmatch\Musicmatch Jukebox\mim.exe
E:\Programmi\AntiVir PersonalEdition Classic\avscan.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\Documents and Settings\fs\Desktop\Tools_antivirus\_a_i_g_i_a_c_k_t_h_i_s.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SpywareTerminator] "E:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "E:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MimBoot] E:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] E:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
O4 - HKLM\..\Run: [mssn] Wscript E:\WINDOWS\PROGRAMM.VBS /B
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/g ... anager.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - E:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - E:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - E:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

Inviato: **lun mar 19, 2007 9:23 am**

Conosci questa cosa?
O4 - HKLM\..\Run: [mssn] Wscript E:\WINDOWS\PROGRAMM.VBS /B

Se trovi virus e non riesci ad eliminarli dicci i nomi dei virus e dei file infetti.

Inviato: **lun mar 19, 2007 9:55 am**

[quote="crazy.cat"]Conosci questa cosa?
O4 - HKLM\..\Run: [mssn] Wscript E:\WINDOWS\PROGRAMM.VBS /B

no non so cos'è. Inoltre la scansione con antivir non ha rilevato alcun virus.

Inviato: **lun mar 19, 2007 3:38 pm**

fai una scansione online con trend micro e f-secure, vediamo se trova qualche cosa

Inviato: **lun mar 19, 2007 8:04 pm**

crazy.cat ha scritto:Conosci questa cosa?
O4 - HKLM\..\Run: [mssn] Wscript E:\WINDOWS\PROGRAMM.VBS /B

.

questo lo devo eliminare?

Inviato: **lun mar 19, 2007 8:09 pm**

danyela ha scritto:
crazy.cat ha scritto:Conosci questa cosa?
O4 - HKLM\..\Run: [mssn] Wscript E:\WINDOWS\PROGRAMM.VBS /B
.

questo lo devo eliminare?

Puoi provare a far analizzare il singolo file sul sito www.virustotal.com e vedere cosa dicono loro.
se è un virus, elimina.

Hai provato con gli scan online che ti sono stati suggeriti?

Inviato: **lun mar 19, 2007 9:54 pm**

Ho provato a fare la scansione su f sicure ma mentre sta andando mi dice:
an error has occurred!please close the scanner and your browser then try again(Id: 24). E così ho rinunciato al secondo tentativo. Per trend micro invece dopo aver scaricato J2SE si blocca e non va più avanti... [cry+]

Non so che fare....ho provato ad inviare il file di cui sospettavi su virustotal.com e attendo risposta

Inviato: **lun mar 19, 2007 10:51 pm**

Ho fatto una scansione con ad aware ed ha rilevato 23 oggetti critici, vi posto il log...li devo eliminare?

Ad-Aware SE Build 1.06r1
Logfile Created on:lunedì 19 marzo 2007 21.29.45
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R161 19.03.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):23 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

19-03-2007 21.29.45 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 416
ThreadCreationTime : 19-03-2007 18.12.00
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\E:\WINDOWS\system32\
ProcessID : 464
ThreadCreationTime : 19-03-2007 18.12.02
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\E:\WINDOWS\system32\
ProcessID : 488
ThreadCreationTime : 19-03-2007 18.12.04
BasePriority : High

#:4 [services.exe]
FilePath : E:\WINDOWS\system32\
ProcessID : 532
ThreadCreationTime : 19-03-2007 18.12.04
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applicazione Servizi e Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : E:\WINDOWS\system32\
ProcessID : 544
ThreadCreationTime : 19-03-2007 18.12.04
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : E:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 19-03-2007 18.12.06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : E:\WINDOWS\System32\
ProcessID : 784
ThreadCreationTime : 19-03-2007 18.12.06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : E:\WINDOWS\System32\
ProcessID : 916
ThreadCreationTime : 19-03-2007 18.12.06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : E:\WINDOWS\System32\
ProcessID : 960
ThreadCreationTime : 19-03-2007 18.12.06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : E:\WINDOWS\system32\
ProcessID : 1076
ThreadCreationTime : 19-03-2007 18.12.07
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [sched.exe]
FilePath : E:\Programmi\AntiVir PersonalEdition Classic\
ProcessID : 1244
ThreadCreationTime : 19-03-2007 18.12.08
BasePriority : Normal

#:12 [explorer.exe]
FilePath : E:\WINDOWS\
ProcessID : 1336
ThreadCreationTime : 19-03-2007 18.12.09
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Esplora risorse
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : EXPLORER.EXE

#:13 [avguard.exe]
FilePath : E:\Programmi\AntiVir PersonalEdition Classic\
ProcessID : 1436
ThreadCreationTime : 19-03-2007 18.12.09
BasePriority : Normal

#:14 [btwdins.exe]
FilePath : E:\Programmi\WIDCOMM\Software Bluetooth\bin\
ProcessID : 1452
ThreadCreationTime : 19-03-2007 18.12.10
BasePriority : Normal
FileVersion : 1.4.2 Build 10
ProductVersion : 1.4.2 Build 10
ProductName : Bluetooth Software 1.4.2 Build 10
CompanyName : WIDCOMM, Inc.
FileDescription : Bluetooth Support Server
InternalName : BTWDIns
LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
OriginalFilename : BTWDIns.EXE

#:15 [sp_rsser.exe]
FilePath : E:\Programmi\Spyware Terminator\
ProcessID : 1512
ThreadCreationTime : 19-03-2007 18.12.11
BasePriority : Normal
FileVersion : 1.8.2.121
ProductName : Crawler Spyware Terminator
CompanyName : Crawler.com
FileDescription : Spyware Terminator Realtime Shield Service
LegalCopyright : © Crawler.com

#:16 [svchost.exe]
FilePath : E:\WINDOWS\System32\
ProcessID : 1616
ThreadCreationTime : 19-03-2007 18.12.14
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [wdfmgr.exe]
FilePath : E:\WINDOWS\System32\
ProcessID : 1644
ThreadCreationTime : 19-03-2007 18.12.15
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:18 [viritsvc.exe]
FilePath : C:\VEXPLITE\
ProcessID : 1676
ThreadCreationTime : 19-03-2007 18.12.15
BasePriority : Normal
FileVersion : 1, 1, 0, 1
ProductVersion : 1, 1, 0, 1
ProductName : TG Soft viritsvc
CompanyName : TG Soft Sas www.tgsoft.it
FileDescription : VirIT eXplorer Service
InternalName : viritsvc
LegalCopyright : Copyright © 2006
OriginalFilename : viritsvc.exe
Comments : VirIT eXplorer Service - www.tgsoft.it

#:19 [spywareterminatorshield.exe]
FilePath : E:\Programmi\Spyware Terminator\
ProcessID : 1912
ThreadCreationTime : 19-03-2007 18.12.26
BasePriority : Normal
FileVersion : 1.8.2.458
ProductName : Crawler Spyware Terminator
CompanyName : Crawler.com
FileDescription : Spyware Terminator Realtime Shield
LegalCopyright : © Crawler.com

#:20 [avgnt.exe]
FilePath : E:\Programmi\AntiVir PersonalEdition Classic\
ProcessID : 1928
ThreadCreationTime : 19-03-2007 18.12.27
BasePriority : Normal

#:21 [msgplus.exe]
FilePath : E:\Programmi\MessengerPlus! 3\
ProcessID : 1936
ThreadCreationTime : 19-03-2007 18.12.28
BasePriority : Normal

#:22 [mm_tray.exe]
FilePath : E:\PROGRA~1\MUSICM~1\MUSICM~1\
ProcessID : 1960
ThreadCreationTime : 19-03-2007 18.12.34
BasePriority : Normal
FileVersion : 10.00.4033
ProductVersion : 10.00.4033
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:23 [ctfmon.exe]
FilePath : E:\WINDOWS\System32\
ProcessID : 1996
ThreadCreationTime : 19-03-2007 18.12.37
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:24 [mim.exe]
FilePath : E:\Programmi\Musicmatch\Musicmatch Jukebox\
ProcessID : 616
ThreadCreationTime : 19-03-2007 18.13.03
BasePriority : Normal
FileVersion : 10.00.4033
ProductVersion : 10.00.4033
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mim
InternalName : mim
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mim.exe

#:25 [mmdiag.exe]
FilePath : E:\Programmi\Musicmatch\Musicmatch Jukebox\
ProcessID : 1188
ThreadCreationTime : 19-03-2007 18.13.31
BasePriority : Normal
FileVersion : 10.00.4033
ProductVersion : 10.00.4033
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : Logging and tracing manager
InternalName : MMTraceExe
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : MMTraceExe.EXE

#:26 [jusched.exe]
FilePath : E:\Programmi\Java\jre1.5.0_10\bin\
ProcessID : 2628
ThreadCreationTime : 19-03-2007 19.40.21
BasePriority : Normal

#:27 [swdsvc.exe]
FilePath : E:\Programmi\Spyware Doctor\
ProcessID : 3672
ThreadCreationTime : 19-03-2007 20.07.30
BasePriority : Normal
FileVersion : 5.0.0.47
ProductVersion : 5.0
CompanyName : PC Tools
FileDescription : Spyware Doctor Service
LegalCopyright : Copyright © 2006 PC Tools. All rights reserved.

#:28 [spywarebot.exe]
FilePath : E:\Programmi\SpywareBot\
ProcessID : 3572
ThreadCreationTime : 19-03-2007 20.21.29
BasePriority : Normal
FileVersion : 1.4.0.0
ProductVersion : 1.4.0.0
ProductName : SpywareBot
CompanyName : SpywareBot Company
FileDescription : Advanced Spyware Cleaner
InternalName : SpywareBot.exe
LegalCopyright : SpywareBot (c)2006. All rights reserved.
OriginalFilename : SpywareBot.exe

#:29 [spywarebot.exe]
FilePath : E:\Programmi\SpywareBot\
ProcessID : 2548
ThreadCreationTime : 19-03-2007 20.22.10
BasePriority : Normal
FileVersion : 1.4.0.0
ProductVersion : 1.4.0.0
ProductName : SpywareBot
CompanyName : SpywareBot Company
FileDescription : Advanced Spyware Cleaner
InternalName : SpywareBot.exe
LegalCopyright : SpywareBot (c)2006. All rights reserved.
OriginalFilename : SpywareBot.exe

#:30 [iexplore.exe]
FilePath : E:\Programmi\Internet Explorer\
ProcessID : 3532
ThreadCreationTime : 19-03-2007 20.26.47
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : IEXPLORE.EXE

#:31 [acrord32.exe]
FilePath : E:\Programmi\Adobe\Reader 8.0\Reader\
ProcessID : 3364
ThreadCreationTime : 19-03-2007 20.27.16
BasePriority : Normal
FileVersion : 8.0.0.2006102300
ProductVersion : 8.0.0.2006102300
ProductName : Adobe Reader
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Reader 8.0
LegalCopyright : Copyright 1984-2006 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroRd32.exe

#:32 [ad-aware.exe]
FilePath : E:\Programmi\Lavasoft\Ad-Aware SE Personal\
ProcessID : 4000
ThreadCreationTime : 19-03-2007 20.29.14
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:33 [ad-aware.exe]
FilePath : E:\PROGRA~1\LAVASOFT\AD-AWA~1\
ProcessID : 1304
ThreadCreationTime : 19-03-2007 20.29.15
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:34 [hh.exe]
FilePath : E:\WINDOWS\
ProcessID : 2012
ThreadCreationTime : 19-03-2007 20.29.15
BasePriority : Normal
FileVersion : 4.74.9273
ProductVersion : 4.74.9273
ProductName : HTML Help
CompanyName : Microsoft Corporation
FileDescription : Microsoft® HTML Help Executable
InternalName : HH 1.33
LegalCopyright : Copyright © Microsoft Corp.
OriginalFilename : HH.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:fs@2o7.net/
Expires : 17-03-2012 19.16.14
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:26
Value : Cookie:fs@statse.webtrendslive.com/
Expires : 16-03-2017 20.16.28
LastSync : Hits:26
UseCount : 0
Hits : 26

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:fs@mediaplex.com/
Expires : 22-06-2009 1.00.00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@clickbank[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:fs@clickbank.net/
Expires : 15-09-2007 21.18.28
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:fs@doubleclick.net/
Expires : 18-03-2010 19.16.12
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:fs@overture.com/
Expires : 16-03-2017 21.16.12
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@indextools[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:fs@indextools.com/
Expires : 18-03-2008 19.16.12
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@content.ipro[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : E:\Documents and Settings\fs\Cookies\fs@content.ipro[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@pop.searchco[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : E:\Documents and Settings\fs\Cookies\fs@pop.searchco[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@webstat[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : E:\Documents and Settings\fs\Cookies\fs@webstat[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@indextools[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : E:\Documents and Settings\fs\Cookies\fs@indextools[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@digitalpoint[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : E:\Documents and Settings\fs\Cookies\fs@digitalpoint[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@insightexpressai[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : E:\Documents and Settings\fs\Cookies\fs@insightexpressai[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@unicast[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : E:\Documents and Settings\fs\Cookies\fs@unicast[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@bizrate[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : E:\Documents and Settings\fs\Cookies\fs@bizrate[1].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 15
Objects found so far: 15

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : E:\Documents and Settings\fs\Impostazioni locali\Temp\Cookies\fs@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : E:\Documents and Settings\fs\Impostazioni locali\Temp\Cookies\fs@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : E:\Documents and Settings\fs\Impostazioni locali\Temp\Cookies\fs@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@bravenet[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : E:\Documents and Settings\fs\Impostazioni locali\Temp\Cookies\fs@bravenet[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@adopt.euroclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : E:\Documents and Settings\fs\Impostazioni locali\Temp\Cookies\fs@adopt.euroclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@as1.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : E:\Documents and Settings\fs\Impostazioni locali\Temp\Cookies\fs@as1.falkag[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : E:\Documents and Settings\fs\Impostazioni locali\Temp\Cookies\fs@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : fs@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : E:\Documents and Settings\fs\Impostazioni locali\Temp\Cookies\fs@statcounter[1].txt

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23

Scanning Hosts file......
Hosts file location:"E:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 23

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23

21.42.05 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00.12.19.624
Objects scanned:133605
Objects identified:23
Objects ignored:0
New critical objects:23

Inviato: **mar mar 20, 2007 2:56 pm**

danyela ha scritto:Ho fatto una scansione con ad aware ed ha rilevato 23 oggetti critici, vi posto il log...li devo eliminare?

Sono dei semplici cookie che non rappresentano grande pericolo per il pc, puoi tranquillamente eliminarli.
Vedi anche se riesci a fare la scansione con Kaspersky online.

Inviato: **mar mar 20, 2007 9:44 pm**

Allora, ho fatto la scansione con Kaspersky ed in modalità standard non ha rilevato alcun virus, in modalità extended, quella per gli "experienced users" ha trovato 8 virus...ora visto che io non sono per nulla un experienced user prima che vadi a cancellare qualcosa che non devo vi posto il report della scansione aspettando vostri consigli!!!grazie

Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics
Total number of scanned objects 43882
Number of viruses found 8
Number of infected objects 15 / 0
Number of suspicious objects 0
Duration of the scan process 00:42:30

Infected Object Name Virus Name Last Action
E:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\OBJECTS.DATA Object is locked skipped

E:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\INDEX.BTR Object is locked skipped

E:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped

E:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped

E:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped

E:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped

E:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped

E:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped

E:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped

E:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped

E:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped

E:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped

E:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped

E:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped

E:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped

E:\WINDOWS\SYSTEM32\config\Paramete.evt Object is locked skipped

E:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped

E:\WINDOWS\SYSTEM32\f3PSSavr.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

E:\WINDOWS\wiadebug.log Object is locked skipped

E:\WINDOWS\Cronologia\History.IE5\index.dat Object is locked skipped

E:\WINDOWS\Cronologia\History.IE5\MSHist012007032020070321\index.dat Object is locked skipped

E:\WINDOWS\wiaservc.log Object is locked skipped

E:\WINDOWS\WindowsUpdate.log Object is locked skipped

E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

E:\WINDOWS\Sti_Trace.log Object is locked skipped

E:\WINDOWS\SchedLog.Txt Object is locked skipped

E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

E:\WINDOWS\Debug\oakley.log Object is locked skipped

E:\Programmi\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

E:\Programmi\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

E:\Programmi\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ab skipped

E:\Programmi\MyWebSearch\bar\2.bin\F3DTACTL.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.al skipped

E:\Programmi\MyWebSearch\bar\2.bin\F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

E:\Programmi\MyWebSearch\bar\2.bin\F3POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

E:\Programmi\MyWebSearch\bar\2.bin\F3PSSAVR.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

E:\Programmi\MyWebSearch\bar\2.bin\F3REPROX.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.v skipped

E:\Programmi\MyWebSearch\bar\2.bin\F3RESTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

E:\Programmi\MyWebSearch\bar\2.bin\F3WPHOOK.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

E:\Programmi\MyWebSearch\bar\2.bin\M3HTML.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.w skipped

E:\Programmi\MyWebSearch\bar\2.bin\M3OUTLCN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

E:\Programmi\MyWebSearch\bar\2.bin\M3PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

E:\Programmi\MyWebSearch\bar\2.bin\NPMYWEBS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

E:\Documents and Settings\fs\NTUSER.DAT Object is locked skipped

E:\Documents and Settings\fs\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\fs\Impostazioni locali\Temp\JET87BC.tmp Object is locked skipped

E:\Documents and Settings\fs\Cookies\index.dat Object is locked skipped

E:\Documents and Settings\fs\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\fs\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\fs\Dati applicazioni\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped

E:\Documents and Settings\fs\Dati applicazioni\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped

E:\Documents and Settings\fs\Dati applicazioni\Musicmatch\MIM\Database\Default.mdb Object is locked skipped

E:\Documents and Settings\fs\Dati applicazioni\Musicmatch\MIM\Database\Default.ldb Object is locked skipped

E:\Documents and Settings\fs\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped

E:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

E:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

E:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

E:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

E:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

Inviato: **mar mar 20, 2007 10:38 pm**

Per rimuovere l'adware MyWebSearch prova a fare la scansione con A-squared o Superantispyware.

Inviato: **mer mar 21, 2007 1:34 am**

Manca il Service Pack 1 e 2:

[ Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000) ]

Consiglio di installarli al piu presto, sono due pacchetti di aggiornamento importanti per Windows[:)]

MegaLab.it

abaut blank e logfile hijackthis

abaut blank e logfile hijackthis