internet connection

**Plum** · 02-02-2008, 21:30

Ciao a tutti, mi chiamo Giulia e da ieri sera ho anch’io, purtroppo, il problema di Internet Connection. Oggi il mio antivirus (McAfee) ha rilevato un Trojan Horse, un programma nocivo chiamato Winampa.exe, probabilmente collegato al dialer. Mi ha avvertito che l’ha rimosso, ma non sapendo se anche il dialer è stato rimosso, ho pensato di chiedervi aiuto.
Ho dei dati cioè i report di Hijackthis e Awf. Ringrazio chi gentilmente saprà darmi indicazioni. Giulia

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.12.47, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programmi\file comuni\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FILECO~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programmi\McAfee\MPF\MPFSrv.exe
C:\Programmi\McAfee\MSK\MskSrver.exe
C:\Programmi\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Programmi\McAfee\MSC\mcshell.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programmi\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Programmi\McAfee\MSK\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119 .1736\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Programmi\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD4A978B-73FC-46A9-AFE6-5B238644688D}: NameServer = 85.37.17.6 85.38.28.89
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmi\file comuni\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FILECO~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmi\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Programmi\McAfee\MSK\MskSrver.exe
O23 - Service: Servizio SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Programmi\SiteAdvisor\6253\SAService.exe

--
End of file - 4609 bytes

--------------------------------------------------------------------------------------------------------------------

Find AWF report by noahdfear ©2006
Version 1.40

bak folders found
~~~~~~~~~~~

Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: BC4E-F7BD

Directory di C:\PROGRA~1\WINAMP\BAK

15/01/2008 23.54 37.376 winampa.exe
1 File 37.376 byte
2 Directory 19.226.161.152 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: BC4E-F7BD

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK

20/01/2008 20.15 68.856 GoogleToolbarNotifier.exe
1 File 68.856 byte
2 Directory 19.226.161.152 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: BC4E-F7BD

Directory di C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

03/08/2007 22.33 582.992 mcagent.exe
1 File 582.992 byte
2 Directory 19.226.157.056 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: BC4E-F7BD

Directory di C:\PROGRA~1\SITEAD~1\6253\BAK

02/10/2006 20.09 35.928 SiteAdv.exe
1 File 35.928 byte
2 Directory 19.226.157.056 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: BC4E-F7BD

Directory di C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

11/05/2007 03.06 40.048 Reader_sl.exe
1 File 40.048 byte
2 Directory 19.226.157.056 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: BC4E-F7BD

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

13/01/2004 19.00 99.840 E_S4I0T1.EXE
1 File 99.840 byte
2 Directory 19.226.157.056 byte disponibili

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

37376 15 Jan 2008 "C:\Programmi\Winamp\bak\winampa.exe"
52272 20 Jan 2008 "C:\Programmi\Google\googletoolbar1user.exe"
138680 20 Jan 2008 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 20 Jan 2008 "C:\Programmi\Google\GoogleToolbarNotifier\bak\Goo gleToolbarNotifier.exe"
582992 3 Aug 2007 "C:\Programmi\McAfee.com\Agent\mcagent.exe"
582992 3 Aug 2007 "C:\Programmi\McAfee.com\Agent\bak\mcagent.exe "
35928 2 Oct 2006 "C:\Programmi\SiteAdvisor\6253\bak\SiteAdv.exe "
40048 11 May 2007 "C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
99840 13 Jan 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\epsonsty lus_c469ac9\E_S4I0T1.EXE"
99840 13 Jan 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_ S4I0T1.EXE"

end of report

Discussione: internet connection

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio