Continue segnalazioni di virus. Ho cancellato il contenuto della cartella Temp.

[giorgiogio48]

Ciao amici,
da qualche giorno ricevevo continue segnalazioni della presenza di virus. Il virus era un Trojan horse. Ho visto la provenienza: erano tutti nella cartella Temp. Allora ho cancellato manualmente tutto il contenuto della cartella Temp e per ora non ricevo più alcuna segnalazione dall'antivirus. Il pc funziona regolarmente. Ho fatto bene? Ho eliminato definitivamente il disturbo?
Grazie.

[amvinfe]

sì, no, boh, forse.
Come facciamo a saperlo, chiederemo all'Admin di dotarci di sfera di cristallo
a parte gli scherzi...

esegui una scansione online con Panda o BitDefender, posta il report della scansione, riavvia posta un log di HijackThis.
Trovi tutti i link necessari nelle discussioni poste in rileivo.

[giorgiogio48]

Ciao amvinfe,
grazie per l'intervento.
Ti posto il log della scansione con AVG:

"","","Trojan horse Downloader.Generic3.AIM","E:\RECYCLER\S-1-5-21-484763869-220523388-682003330-1003\De121.exe","17/12/2006 14.18.20","De121.exe","23 KB"
"","","Trojan horse Downloader.Generic3.AIM","E:\RECYCLER\S-1-5-21-484763869-220523388-682003330-1003\De128.exe","17/12/2006 14.18.20","De128.exe","23 KB"
"","","Trojan horse Downloader.Generic3.AIM","E:\RECYCLER\S-1-5-21-484763869-220523388-682003330-1003\De48.exe","17/12/2006 14.18.20","De48.exe","23 KB"
"","","Trojan horse Downloader.Generic3.AIM","E:\RECYCLER\S-1-5-21-484763869-220523388-682003330-1003\De52.exe","17/12/2006 14.18.20","De52.exe","23 KB"
"","","Trojan horse Downloader.Generic3.AIM","E:\RECYCLER\S-1-5-21-484763869-220523388-682003330-1003\De53.exe","17/12/2006 14.18.20","De53.exe","23 KB"
"","","Trojan horse Downloader.Generic3.AIM","E:\RECYCLER\S-1-5-21-484763869-220523388-682003330-1003\De65.exe","17/12/2006 14.18.20","De65.exe","23 KB"
"","","Trojan horse Downloader.Generic3.AIM","E:\RECYCLER\S-1-5-21-484763869-220523388-682003330-1003\De66.exe","17/12/2006 14.18.20","De66.exe","23 KB"
"","","Trojan horse Downloader.Generic3.AIM","E:\RECYCLER\S-1-5-21-484763869-220523388-682003330-1003\De77.exe","17/12/2006 14.18.21","De77.exe","23 KB"
E quello con HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 9.35.34, on 19/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Programmi\Unlocker\UnlockerAssistant.exe
E:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programmi\Firebird\Firebird_2_0\bin\fbguard.exe
E:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 5008\GoogleToolbarNotifier.exe
E:\WINDOWS\system32\inetsrv\inetinfo.exe
E:\Programmi\Wireless LAN Utility\SiWake.exe
e:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\Programmi\Firebird\Firebird_2_0\bin\fbserver.ex e
E:\Programmi\Wireless LAN Utility\SiSCFG.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\Mozilla Firefox\firefox.exe
E:\Programmi\Outlook Express\msimn.exe
E:\Programmi\Messenger\msmsgs.exe
E:\PROGRA~1\IZArc\IZArc.exe
E:\DOCUME~1\GG20A2~1.GG-\IMPOST~1\Temp\ARC90\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\programmi\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programmi\Java\jre1.5.0_09\bin\jusched.exe "
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] E:\Programmi\BSplayer_WhenUSave_Installer\BSplayer _WhenUSave_Installer.exe
O4 - HKLM\..\Run: [MsgCenterExe] "E:\Programmi\File comuni\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [.nvsvc] E:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] E:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SiWake.lnk = E:\Programmi\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: &Clean Traces - E:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: Salva oggetto con Star Downloader - E:\Programmi\Star Downloader\sdie.htm
O8 - Extra context menu item: Translate with &Babylon - res://E:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{073AE90B-13F2-47AB-863C-57D4A61B1F5A}: NameServer = 194.20.8.1,213.145.3.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{073AE90B-13F2-47AB-863C-57D4A61B1F5A}: NameServer = 194.20.8.1,213.145.3.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{073AE90B-13F2-47AB-863C-57D4A61B1F5A}: NameServer = 194.20.8.1,213.145.3.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - E:\Programmi\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - E:\Programmi\Firebird\Firebird_2_0\bin\fbserver.ex e
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - e:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Servizio di condivisione in rete Windows Media Player (WMPNetworkSvc) - Unknown owner - E:\Programmi\Windows Media Player\WMPNetwk.exe (file missing)