Da giorni tento di eliminare un troian che si presenta con il nome di ASDF.exe; e ogni volta lui immancabilmente appare. Mi controllate il log??

Logfile of HijackThis v1.99.0
Scan saved at 9.02.24, on 30/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Progra~1\Network Associates\VirusScan\SHSTAT.EXE
C:\Progra~1\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
D:\Appl\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\Programmi\SAP\FrontEnd\SAPgui\saplgpad.exe
C:\Programmi\Microsoft Office\Office10\OUTLOOK.EXE
C:\Programmi\Microsoft Office\Office10\WINWORD.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\SP15171\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snamprogetti.eni.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.snamprogetti.eni.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.snamprogetti.eni.it:8081
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.snamprogettispa.pri;*.pri;*.snamprogetti.eni.it;*.eni.it;*.haradh.spspa;*.khuff.spspa;*.qatif.spspa;*.riopol.local;*.asgscarl.local;*.snamprogetti.it;*.agip*;172.23.*;172.31.*;*.albacom.it;*.omifco.local;10.64.108.*;*.app.cepavuno.it;(local)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Appl\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Appl\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Appl\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Progra~1\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Progra~1\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Appl\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Outlook.lnk = C:\Programmi\Microsoft Office\Office10\OUTLOOK.EXE
O4 - Startup: TO-DO.xls.lnk = documenti\TO-DO.xls
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = D:\Appl\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://D:\appl\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://D:\appl\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://D:\appl\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://D:\appl\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://D:\appl\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://D:\appl\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://D:\appl\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://D:\appl\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.snamprogetti.eni.it/
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = snamprogettispa.pri
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = snamprogettispa.pri
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = snamprogettispa.pri,snamprogetti.eni.it,pri,eni.pri,eni.it,snamprogettirf.res.prirf
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = snamprogettispa.pri
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = snamprogettispa.pri,snamprogetti.eni.it,pri,eni.pri,eni.it,snamprogettirf.res.prirf
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = snamprogettispa.pri,snamprogetti.eni.it,pri,eni.pri,eni.it,snamprogettirf.res.prirf
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Progra~1\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Progra~1\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Progra~1\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: OracleClientCache80 - Unknown - C:\programmi\oracle\oradisc31\Bin\Onrsd80.exe
O23 - Service: OracleOraHome81ClientCache - Unknown - C:\Programmi\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

Ciao, il log é pulito da spyware

esegui queste operazioni

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA

utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

Fai una scansione con questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1286

sempre in modalità provvisoria fai una scansione Antivirus


Nel sistema non é presente un Firewall, installa questo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=56

---

Collaboratore Aiutamici