Da tempo un eseguibile a me sconosciuto chiede l'accesso,il processo
si chiama ddqcmdt.exe.A Norton ho impartito la regola blocca sempre.
Ho fatto diverse ricerche su questo eseguibile ma non ho mai trovato nulla al riguardo.
So che la porta a cui chiede accesso,se non erro,e' la 1057.
Potrebbe forse essere questo il motivo della non visualizzazione? Ho eseguito la pulizia con cc cleaner che ho gia' usato tante volte,come mi ha consigliato Alfonso,ma non riesco a visualizzare quei files di hobbygrafico.
ecco li log,come Alfonso mi ha chiesto di fare,l'avevo gia' postato nella sezione windows xp ma non ho avuto risposta.Grazie di tutto.


Logfile of HijackThis v1.99.1
Scan saved at 22.37.30, on 23/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton Internet Security\ISSVC.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\HELPEX~1\SMARTB~1\MotiveSB.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Programmi\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe
F:\UTILITA' WEB\hijackthisexe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/oggi/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\HELPEX~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4871/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A532CD96-4545-4D36-B2E7-1D30B9389DFD}: NameServer = 62.211.69.150 212.48.4.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Unknown owner - C:\Programmi\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmi\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

Ciao, il log è pulito, ma quell'exe è sospetto. Per precauzione fai un controllo anti rootkit. Scarica RootkitRevealer e fai una scansione.
http://news.swzone.it/link.php?action=d&id=17094

---

<BLOCKQUOTE id=quote><font size=1 face="Sans Serif, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
Ciao, il log è pulito, ma quell'exe è sospetto. Per precauzione fai un controllo anti rootkit. Scarica RootkitRevealer e fai una scansione.
[url]http://news.swzone.it/link.php?


Grazie pidue,ho fatto la scansione come mi hai riferito,pero' non so interpretare i risultati.Potresti dirmi di + x favore? Grazie mille!
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Sans Serif, Arial, Helvetica" size=2 id=quote><img src=icon_smile.gif border=0 align=middle>

Giusto cosi'?Se sbaglio scusatemi,non conosco il programma.Grazie anche a te Alfonso!




C:\Documents and Settings\Rita\Dati applicazioni\Microsoft\Office\File recenti\belleshistoires1(1).pps.LNK 05/10/2006 21.57 872 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Dati applicazioni\Microsoft\Office\File recenti\flyinghome.jpg.LNK 23/10/2006 22.56 430 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Desktop\indice_passo_a_passo.xls 23/10/2006 23.10 345.50 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\sissi1612@hotmail.it\SharingMetadata\pevere2924@hotmail.com\DFSR\Staging\CS{68D6A579-97AA-7E13-06D1-76175247E7E8}\01\15-{68D6A579-97AA-7E13-06D1-76175247E7E8}-v1-{F9A 18/10/2006 17.59 8 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\1770084ID24B.PspAutosave 23/10/2006 22.53 69 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG23B.tmp 23/10/2006 22.51 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG23C.tmp 23/10/2006 22.51 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG23D.tmp 23/10/2006 22.51 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG23E.tmp 23/10/2006 22.51 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG23F.tmp 23/10/2006 22.51 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG240.tmp 23/10/2006 22.51 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG241.tmp 23/10/2006 22.51 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG242.tmp 23/10/2006 22.51 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG243.tmp 23/10/2006 22.51 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG244.tmp 23/10/2006 22.51 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG245.tmp 23/10/2006 22.51 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG246.tmp 23/10/2006 22.52 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG247.tmp 23/10/2006 22.52 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG252.tmp 23/10/2006 22.59 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG253.tmp 23/10/2006 22.59 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG254.tmp 23/10/2006 22.59 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG255.tmp 23/10/2006 22.59 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG257.tmp 23/10/2006 22.59 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG269.tmp 23/10/2006 23.07 31.99 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG26A.tmp 23/10/2006 23.07 0 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG26B.tmp 23/10/2006 23.07 658 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG26C.tmp 23/10/2006 23.07 0 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG26D.tmp 23/10/2006 23.07 0 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG26E.tmp 23/10/2006 23.07 0 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG26F.tmp 23/10/2006 23.07 0 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG270.tmp 23/10/2006 23.07 0 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG271.tmp 23/10/2006 23.07 0 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG272.tmp 23/10/2006 23.07 0 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\BCG273.tmp 23/10/2006 23.07 0 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\ppt24C.tmp 23/10/2006 22.55 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\VBE 23/10/2006 23.11 0 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\VBE\MSForms.exd 23/10/2006 23.11 143.82 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\VBE\RefEdit.exd 23/10/2006 23.11 14.69 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\~DF290.tmp 23/10/2006 23.11 32.00 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Rita\Impostazioni locali\Temp\~DFCD0F.tmp 23/10/2006 23.11 32.00 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\0P2JOPYB\common[1].js 23/10/2006 23.08 1.60 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\0P2JOPYB\header_back[1].gif 23/10/2006 23.04 594 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\0P2JOPYB\mail_servizi[1].css 23/10/2006 22.41 1.52 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\0P2JOPYB\seltabl[1].gif 23/10/2006 23.04 50 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\0P2JOPYB\site=virg&subsite=home&sez=htab&spec=nband&pos=53&tile=194154[1] 23/10/2006 23.08 19 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\0X2R0HE7\biframe[1].htm 23/10/2006 23.08 157 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\0X2R0HE7\header_ico_intl[1].gif 23/10/2006 23.04 275 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\0X2R0HE7\mail_entra[1].gif 23/10/2006 22.41 886 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\0X2R0HE7\pf.rossoalice.alice[1].htm 23/10/2006 23.08 3.59 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\0X2R0HE7\seltabr[1].gif 23/10/2006 23.04 51 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\4DQZSX23\localtab[1].css 23/10/2006 22.41 9.46 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\4DQZSX23\mail_servizi[1].css 23/10/2006 23.08 1.52 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\4DQZSX23\pf.rossoalice.alice[1].htm 23/10/2006 22.41 3.59 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\4DQZSX23\site=virg&pos=53&subsite=srch&kw=_apri_paint_shop_pro_x_&tile=139540[1] 23/10/2006 23.08 19 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\4DQZSX23\site=virg&subsite=home&sez=htab&spec=nband&adsize=440x40&pos=926&tile=194154[1] 23/10/2006 23.08 1 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZH33H8W\[1] 23/10/2006 22.57 0 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZH33H8W\corel_css[1].css 23/10/2006 23.04 3.58 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZH33H8W\help[1].gif 23/10/2006 23.04 108 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZH33H8W\localtab[1].css 23/10/2006 23.08 9.46 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZH33H8W\site=virg&pos=53&subsite=srch&kw=&tile=192940[1] 23/10/2006 23.09 19 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZH33H8W\std_alp[1].htm 23/10/2006 23.04 28.66 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZH33H8W\stili_760[1].css 23/10/2006 22.41 5.69 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\87NFI4X9\cms[3].htm 23/10/2006 23.09 1.72 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\87NFI4X9\enduser[1].css 23/10/2006 23.04 6.13 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\87NFI4X9\sections_back[1].gif 23/10/2006 23.04 126 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\87NFI4X9\sub[1].gif 23/10/2006 23.04 86 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\AL3KHSVM\authent_ps[1].js 23/10/2006 23.08 9.37 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\AL3KHSVM\common[1].js 23/10/2006 22.41 1.60 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\AL3KHSVM\header_logo[1].gif 23/10/2006 23.04 681 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\AL3KHSVM\search[2].htm 23/10/2006 23.09 19.17 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\AL3KHSVM\tabl[1].gif 23/10/2006 23.04 74 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\AL3KHSVM\wbk24A.tmp 23/10/2006 22.53 511 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\APINR04I\bl[1].gif 23/10/2006 23.04 50 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\APINR04I\footer_logo[1].gif 23/10/2006 23.04 1.27 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\APINR04I\site=virg&pos=53&subsite=srch&kw=&tile=40493[1] 23/10/2006 23.10 19 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\C1MR41MB\header_ico_cart[1].gif 23/10/2006 23.04 211 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\C1MR41MB\search[2].htm 23/10/2006 23.08 21.96 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\C1MR41MB\tl[1].gif 23/10/2006 23.04 50 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\D1FY6PFC\biframe[1].htm 23/10/2006 22.41 157 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\D1FY6PFC\connspeed-in[2].gif 23/10/2006 23.08 43 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\D1FY6PFC\enduser[1].js 23/10/2006 23.04 11.59 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\D1FY6PFC\stili_760[1].css 23/10/2006 23.08 5.69 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\D1FY6PFC\tabr[1].gif 23/10/2006 23.04 75 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\GF0VZ22O\authent_ps[1].js 23/10/2006 22.41 9.37 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\GF0VZ22O\br[1].gif 23/10/2006 23.04 51 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\GF0VZ22O\cms[2].htm 23/10/2006 23.10 1.72 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\GF0VZ22O\corel3[1].css 23/10/2006 23.04 12.13 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\GF0VZ22O\mail_entra[1].gif 23/10/2006 23.08 886 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\GF0VZ22O\trnsp[1].gif 23/10/2006 23.04 67 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\OCMDALZK\breadcrumb_back[1].gif 23/10/2006 23.04 1.23 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\OCMDALZK\kpi[4].gif 23/10/2006 23.10 43 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\OCMDALZK\rnt_pwr_btn[1].gif 23/10/2006 23.04 337 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\P483LH8T\cms[2].htm 23/10/2006 23.08 1.72 KB Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\P483LH8T\header_ico_sign[1].gif 23/10/2006 23.04 215 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Impostazioni locali\Temporary Internet Files\Content.IE5\P483LH8T\tr[1].gif 23/10/2006 23.04 51 bytes Hidden from Windows API.
C:\Documents and Settings\Rita\Recent\indice_passo_a_passo.xls.lnk 23/10/2006 23.10 456 bytes Hidden from Windows API.
C:\System Volume Information\_restore{CD748773-6157-4EB2-A650-5996436AC5CB}\RP29\A0011710.LNK 23/10/2006 0.14 450 bytes Visible in directory index, but not Windows API or MFT.
C:\System Volume Information\_restore{CD748773-6157-4EB2-A650-5996436AC5CB}\RP29\A0011711.LNK 14/08/2006 1.13 838 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\Prefetch\DEP.EXE-18554560.pf 23/10/2006 23.10 39.44 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\EXCEL.EXE-011EEF91.pf 23/10/2006 23.11 45.18 KB Visible in directory index, but not Windows API or MFT.

Grazie pidue per la tua disponibilita',alla fine della scansione mi chiedeva se volevo installare il programma.Ho risposto di no,non conoscendolo.Mi consigli di installarlo?
Ecco cmq il risultato,che a me pare ottimale.

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni


Trojan.Gromozon does not exist - your system is clean.

<BLOCKQUOTE id=quote><font size=1 face="Sans Serif, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
Bene, son contento che non ci sono rootkit.
Il FixGrom è un tool gratuito. Se vuoi puoi tenerlo. Il Prevx1now è a pagamento. Non vale la pena. Invece se non hai ancora installato la patch contro il LinkOptimizer, fallo subito.
Vai qui, è IL KB9192919. Scegli la lingua italiana, altrimenti non puoi installarlo.

http://www.microsoft.com/downloads/details.aspx?familyid=0C1B4C96-57AE-499E-B89B-215B7BB4D8E9&displaylang=en
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Sans Serif, Arial, Helvetica" size=2 id=quote>
Grazie ancora di tutto! Ho fatto cio' che mi hai detto.Strano che essendo una Kb,il sistema non me l'abbia proposta in automatico.
Come si fa allora ad esser certi che il sistema e' aggiornato e protetto?Gli aggiornamenti automatici,non bastano?

<BLOCKQUOTE id=quote><font size=1 face="Sans Serif, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
Se hai sempre impostato gli aggiornamenti automatici, dovresti vederlo in Pannello di controllo >> Installazione Applicazioni. Ciao.
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Sans Serif, Arial, Helvetica" size=2 id=quote>


il mio pc e' impostato su aggiornamenti automatici.Grazie di tutto.Ciao