Ciao shapiro. Ho fatto quanto hai detto, ma, a quanto pare, risultati zero! Eccoti i reports:
1)scansione kasper:
Sunday, December 14, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, December 13, 2008 12:53:19
Records in database: 1457729
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 91378
Threat name 14
Infected objects 36
Suspicious objects 3
Duration of the scan 04:52:57
File name Threat name Threats count
C:\WINDOWS\system32\xxyywUml.dll/C:\WINDOWS\system32\xxyywUml.dll Infected: Trojan.Win32.Monder.aanc 3
C:\AUTORUN.INF Infected: Worm.Win32.AutoRun.aka 1
C:\datidel giudice\adunanza\Posta in arrivo.dbx Infected: Trojan-Downloader.HTML.Agent.ae 1
C:\datidel giudice\adunanza\Posta in arrivo.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\datidel giudice\Documenti\Backup pendrive1-3-07\mandala\OUROBOROS.jpg Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\datidel giudice\Documenti\Best NOKIA Games 2006\Mosquitos.sis Infected: Trojan.SymbOS.Mosquit.b 1
C:\datidel giudice\Documenti\Della Porta\OUROBOROS.jpg Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\datidel giudice\Documenti\Downloads\Best NOKIA Games 2006.rar Infected: Trojan.SymbOS.Mosquit.b 1
C:\datidel giudice\posta\in\You have received a postcard.eml Infected: Trojan-Downloader.HTML.Agent.ae 1
C:\datidel giudice\posta\Posta in arrivo.dbx Infected: Trojan-Downloader.HTML.Agent.ae 1
C:\datidel giudice\posta\Posta in arrivo.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Dott.GuidoDelGiudice\Dati applicazioni\Sun\Java\Deployment\cache\6.0\11\20d7210b-330c38d2 Infected: Trojan-Downloader.Java.OpenConnection.aq 1
C:\Documents and Settings\Dott.GuidoDelGiudice\Dati applicazioni\Sun\Java\Deployment\cache\6.0\26\508465da-1bbb896b Infected: Trojan-Downloader.Java.OpenConnection.aq 1
C:\Documents and Settings\Dott.GuidoDelGiudice\Dati applicazioni\Sun\Java\Deployment\cache\6.0\28\1935cf9c-1aa0057a Infected: Trojan-Downloader.Java.OpenConnection.aq 1
C:\Documents and Settings\Dott.GuidoDelGiudice\Dati applicazioni\Sun\Java\Deployment\cache\6.0\40\5c034a68-6be4ee15 Infected: Trojan-Downloader.Java.OpenConnection.aq 1
C:\Documents and Settings\Dott.GuidoDelGiudice\Dati applicazioni\Sun\Java\Deployment\cache\6.0\42\5c0ee46a-61c8fb57 Infected: Trojan-Downloader.Java.OpenConnection.aq 1
C:\Documents and Settings\Dott.GuidoDelGiudice\Dati applicazioni\Sun\Java\Deployment\cache\6.0\54\381fec76-463a983a Infected: Trojan-Downloader.Java.OpenConnection.aq 1
C:\Documents and Settings\Dott.GuidoDelGiudice\Dati applicazioni\Sun\Java\Deployment\cache\6.0\6\7757bb86-71ea166c Infected: Trojan-Downloader.Java.OpenConnection.aq 1
C:\Documents and Settings\Dott.GuidoDelGiudice\Documenti\Backup pendrive1-3-07\mandala\OUROBOROS.jpg Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\Documents and Settings\Dott.GuidoDelGiudice\Documenti\Best NOKIA Games 2006\Mosquitos.sis Infected: Trojan.SymbOS.Mosquit.b 1
C:\Documents and Settings\Dott.GuidoDelGiudice\Documenti\Della Porta\OUROBOROS.jpg Infected: Trojan-Clicker.HTML.IFrame.rp 1
C:\Documents and Settings\Dott.GuidoDelGiudice\Documenti\Downloads\Best NOKIA Games 2006.rar Infected: Trojan.SymbOS.Mosquit.b 1
C:\Documents and Settings\Dott.GuidoDelGiudice\Impostazioni locali\Dati applicazioni\Identities\{F62533B4-CAFB-41C7-96B1-9A4885EE9E9F}\Microsoft\Outlook Express\Posta in arrivo.dbx Infected: Trojan-Downloader.HTML.Agent.ae 1
C:\Documents and Settings\Dott.GuidoDelGiudice\Impostazioni locali\Dati applicazioni\Identities\{F62533B4-CAFB-41C7-96B1-9A4885EE9E9F}\Microsoft\Outlook Express\Posta in arrivo.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Programmi\AdunanzA\Incoming\Magic Ball2 v2.1+Serial\Magic Ball2 v2.1+Serial\MagicBall2.exe Infected: not-a-virus:AdWare.Win32.MegaSearch.g 1
C:\Programmi\AdunanzA\Incoming\Magic Ball2 v2.1+Serial\Magic Ball2 v2.1+Serial\MagicBall2.exe Infected: Trojan-Downloader.Win32.Keenval.n 1
C:\Programmi\AdunanzA\Incoming\Magic Ball2 v2.1+Serial\Magic Ball2 v2.1+Serial\MagicBall2.exe Infected: Trojan-Downloader.Win32.Keenval.h 1
C:\Programmi\AdunanzA\Incoming\Magic Ball2 v2.1+Serial\Magic Ball2 v2.1+Serial\MagicBall2.exe Infected: Trojan.Win32.Keenval.a 1
C:\Programmi\AdunanzA\Incoming\Magic Ball2 v2.1+Serial.rar Infected: not-a-virus:AdWare.Win32.MegaSearch.g 1
C:\Programmi\AdunanzA\Incoming\Magic Ball2 v2.1+Serial.rar Infected: Trojan-Downloader.Win32.Keenval.n 1
C:\Programmi\AdunanzA\Incoming\Magic Ball2 v2.1+Serial.rar Infected: Trojan-Downloader.Win32.Keenval.h 1
C:\Programmi\AdunanzA\Incoming\Magic Ball2 v2.1+Serial.rar Infected: Trojan.Win32.Keenval.a 1
C:\Programmi\eMule\Incoming\arclab MailList Controller v2.01.WinAll.Incl.[key]maker-DEViANCE.zip Infected: Trojan.Win32.Agent.acw 1
C:\Programmi\eMule\Incoming\Sendblaster.Free.Edition.1.2.18.Win_All.crracked.zip Infected: Trojan.Win32.Agent.acw 1
C:\Programmi\eMule\Incoming\Tomtom 6 Deutschland-Map-v650 updated-fixed 02-2007.zip Infected: P2P-Worm.Win32.Kapucen.b 1
C:\Programmi\eMule\Uninstall.exe Infected: not-a-virus:AdWare.Win32.Agent.hox 1
C:\WINDOWS\system32\xxyywUml.dll Infected: Trojan.Win32.Monder.aanc 1
The selected area was scanned.
2)log di avenger:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.comPlatform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\WINDOWS\system32\SpywareRemover.exe" not found!
Deletion of file "C:\WINDOWS\system32\SpywareRemover.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
3)report di Vundofix:
VundoFix V7.0.6
Scan started at 15.31.48 13/12/2008
Listing files found while scanning....
VundoFix V7.0.6
Scan started at 15.46.31 13/12/2008
Listing files found while scanning....
No infected files were found.
VundoFix V7.0.6
Scan started at 19.27.21 14/12/2008
Listing files found while scanning....
No infected files were found.
4)log di HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 20.44.56, on 14/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\DOTT~1.GUI\IMPOST~1\Temp\Rar$EX00.890\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.libero.it/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {31B9FFFE-9006-4B3E-94E3-7C9325433ADE} - C:\WINDOWS\system32\vtUNfeDu.dll (file missing)
O2 - BHO: (no name) - {461C7FD4-E1D2-4F69-8BB9-E176DDC759CB} - C:\WINDOWS\system32\qoMgfExX.dll (file missing)
O2 - BHO: (no name) - {4B38EFD8-A182-4C55-8E25-C37EA3811D1D} - C:\WINDOWS\system32\xxyxyxwt.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\xxyywUml.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {77AB59B4-55A3-4737-9FD5-B93C6430BF78} - C:\WINDOWS\system32\yevcwfsx.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB002" /M "Stylus C46"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &Flash Movies - C:\Programmi\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: ybpdfb.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: xxyywUml - C:\WINDOWS\SYSTEM32\xxyywUml.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
