Ciao crazy, scusa il ritardo.Autoruns non riesco a capirlo.. son riuscito a leggere solo l'inizio di quella chiave che mi segnala in quella schermata azzurra, e incomincia per : \systemroot\ se non sbaglio... mi pare di averl letto anche boot execute, ma non ne sono sicuro..
![[boh]](http://www.megalab.it/forum/images/smilies/dntknw.gif "Boh")
.
ho controllato l'avvio con ccleaner, e di voci che non conosco c'è : ShowWnd.exe , il percorso non è specificato.
Adesso stavo scansionandocon malwarebytes, e perora è ha14 elementi infetti.. grazie per l'aiuto!
![[^]](http://www.megalab.it/forum/images/smilies/Oh-yea.gif "Approvazione")
.hai qualche altra idea?
P.S. Aggiungo il log di malwarebytes antimalware :
Malwarebytes' Anti-Malware 1.37
Versione del database: 2288
Windows 5.1.2600 Service Pack 3
16/06/2009 21.24.38
mbam-log-2009-06-16 (21-24-38).txt
Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|)
Elementi scansionati: 207590
Tempo trascorso: 2 hour(s), 31 minute(s), 23 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 14
Valori di registro infetti: 9
Elementi dato del registro infetti: 1
Cartelle infette: 15
File infetti: 21
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{8aa4410f-a3ee-4279-8f2c-4bfab8ceb231} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8aa4410f-a3ee-4279-8f2c-4bfab8ceb231} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db893839-10f0-4af9-92fa-b23528f530af} (Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000020040000} (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> Quarantined and deleted successfully.
Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D3 (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\pr (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\BN (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\gd (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D1 (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D2 (Spyware.Ambler) -> Quarantined and deleted successfully.
Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
Cartelle infette:
c:\documents and settings\Alice\Dati applicazioni\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Alice\dati applicazioni\shoppingreport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Alice\dati applicazioni\shoppingreport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Alice\dati applicazioni\shoppingreport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Alice\dati applicazioni\shoppingreport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Alice\dati applicazioni\shoppingreport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Programmi\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\programmi\shoppingreport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\programmi\shoppingreport\Bin\2.0.26 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Programmi\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Programmi\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmi\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
c:\programmi\bitdownload\ZM (Trojan.Lop) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
File infetti:
C:\WINDOWS\system32\krmnat.dll (Trojan.Banker) -> Quarantined and deleted successfully.
c:\programmi\multi_media_italy\tbMul0.dll (Adware.Shopper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{47290b63-9d6c-4e8c-8225-76fbb744187f}\RP512\A0626320.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{47290b63-9d6c-4e8c-8225-76fbb744187f}\RP512\A0629479.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Alice\dati applicazioni\shoppingreport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Alice\dati applicazioni\shoppingreport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Alice\dati applicazioni\shoppingreport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Alice\dati applicazioni\shoppingreport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Alice\dati applicazioni\shoppingreport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Alice\dati applicazioni\shoppingreport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Alice\dati applicazioni\shoppingreport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\programmi\bitdownload\BitDownload.TRC (Trojan.Lop) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\c2d.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\idm.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\q1.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pis (Malware.Trace) -> Quarantined and deleted successfully.
Inviato: mar giu 16, 2009 5:43 pm![[:D]](http://www.megalab.it/forum/images/smilies/fragorosa_risata.gif "Fragorosa risata")
) ; se riesco la prossima volta che vado leggo piano piano pezzo per pezzo l'errore e lo riporto qua! Grazie per l'aiuto