Salve a tutti!
Ho un portatile con windows vista...da quache giorno mi sta dando parecchi problemi durante la navigazione...si aprono contunuatamente altre finestre di siti di molta fantasia..tra cui anche uno con uno sfondo blu..graficamente simile a un messaggio di errore di windows che dice di scaricare un proramma perchè il pc è affetto da malware e trojan...(naturalmente non l'ho scaricato il pacchetto) ho fatto anche una scansione online con kaspersky ce ha rilevato virus...vi allego anche il log di hijckthis....

che mi consiglite di fare?

Salve a tutti!
Ho un portatile con windows vista...da quache giorno mi sta dando parecchi problemi durante la navigazione...si aprono contunuatamente altre finestre di siti di molta fantasia..tra cui anche uno con uno sfondo blu..graficamente simile a un messaggio di errore di windows che dice di scaricare un proramma perchè il pc è affetto da malware e trojan...(naturalmente non l'ho scaricato il pacchetto) ho fatto anche una scansione online con kaspersky ce ha rilevato virus...vi allego anche il log di hijckthis....

che mi consiglite di fare?

Ciao, e benvenuto anche a te nel Pronto Soccorso di hwupgrade.
Perchè ti si possa aiutare, è necessario che tu ci metta in condizione prima di tutto di poter avere un idea del tuo pc anche a distanza. ;)
Per questo è necessario che segua attentamente le indicazioni riportate nella GUIDA alla DISINFEZIONE per INFETTI - obbligatoria la lettura (http://www.hwupgrade.it/forum/showthread.php?t=1599737) ;)


Pertnato ti prego di pubblicare tutti i log richiesti, attenendoti alle modalità di pubblicazione degli stessi, per i quali ti riporto lo schema:

MODALITA' DI PUBBLICAZIONE DEI LOG RICHIESTI:
● se il relativo txt generato è max 20 kb, allegato alla discussione, utilizzando l'apposita funzione GESTISCI ALLEGATI;
● se superiore a 20 kb, ogni singolo log, esclusivamente in formato txt, deve essere hostato su FileUP clicca qui per raggiungere FileUP (http://www.fileup.itadib.com/index.php), pubblicando, nella discussione, singolarmente, per ogni log, il link che verrà rilasciato per il download

Comunque, ti consiglio di evitare di utilizzare quel pc per le cose importanti o personali (anche per la lettura delle email) almeno finchè non sarai certo che sia bonificato. ;)

Ciao

ecco i log delle varie scansioni

log gmer: http://fileup.itadib.com/download.php?id=x7mfWTvS9bNg5DbY5s8J

log prevxcsi: http://fileup.itadib.com/download.php?id=GDmBK58PnEk3dYhqDTud

ne manca ancora qualcuna :)

le scansioni che mancano mi danno problemi...e non riesco ad eseguirle fino alla fine...cmq riprovo

log a-squared: http://fileup.itadib.com/download.php?id=C2nBLTt4sElyoaIvt1sb

dal log di Prevx:

C:\Windows\Temp\TMP00000015B998789E606F0FC5 InMem: 0 Det [U] MD5: 688E3E88D622C94CF02B3FA756BC4611 PX5: A9FF96750051DF8700380861BF69FA004D162364


C:\Users\Euronics\AppData\Local\Temp\$36E37E3D.t$m InMem: 0 Det [T] MD5: 5B8F3E7F6FC7A866010303B80B655C98 PX5: FF173736E061A1390AB70B3CD2E16900A3A59B16


aggiorna HiJackThis

ecco il nuovo log

prendilo da qui:
http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.zip

ecco il nuovo log:
http://fileup.itadib.com/download.php?id=IhlEhpmaU7usaeFGlRXv

intanto grazie mille :) pero ancora le finestre di ogni tipo si aprono :(

non capisco queste due voci:

O4 - HKLM\..\Run: [PrevxCSI] "" /bootupreg
O4 - HKCU\..\Run: [?????????] ??????????????e


io amo windows pulito quindi magari sono volute queste:
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [otnhgkslw] c:\users\euronics\appdata\local\otnhgkslw.exe otnhgkslw


ma perchè ci sono due versioni?
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

disinstalla entrambi e installa al loro posto FoxitReader (http://www.foxitsoftware.com/pdf/rd_intro.php)


poi vai al sito http://secunia.com/software_inspector/ e scansiona online il pc, aggiorna tutto quello che ti trova..

dopo di che fai analizzare sia su http://virusscan.jotti.org/ che su www.virustotal.com i due file:
C:\Program Files\Windows Sidebar\sidebar.exe
c:\users\euronics\appdata\local\otnhgkslw.exe

allora..
1) la voce 04 -HKCU\..\Run: [?????????] ????????????e la potrei fixare all'infinito: ricompare sempre:(

2) Non riesco a trovare Adobe 7 per disinstallarlo.

3)ho fatto tutti gli aggiornamenti segnalati da secunia.com

4) il file sidebar.exe risulta pulito su entrambi i siti che mi hai segnalato

5) il file otnhgkslw.exe risulta pulito sul primo sito..
sul secondo ecco il risultato:

Antivirus Versione Ultimo aggiornamento Risultato
AhnLab-V3 2008.4.9.0 2008.04.09 -
AntiVir 7.6.0.81 2008.04.09 -
Authentium 4.93.8 2008.04.09 -
Avast 4.8.1169.0 2008.04.09 -
AVG 7.5.0.516 2008.04.09 -
BitDefender 7.2 2008.04.09 -
CAT-QuickHeal 9.50 2008.04.08 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.04.09 -
DrWeb 4.44.0.09170 2008.04.09 -
eSafe 7.0.15.0 2008.04.09 -
eTrust-Vet 31.3.5684 2008.04.09 -
Ewido 4.0 2008.04.09 -
F-Prot 4.4.2.54 2008.04.08 -
F-Secure 6.70.13260.0 2008.04.09 -
FileAdvisor 1 2008.04.09 -
Fortinet 3.14.0.0 2008.04.09 -
Ikarus T3.1.1.26 2008.04.09 -
Kaspersky 7.0.0.125 2008.04.09 -
McAfee 5270 2008.04.09 -
Microsoft 1.3408 2008.04.09 -
NOD32v2 3014 2008.04.09 -
Norman 5.80.02 2008.04.09 -
Panda 9.0.0.4 2008.04.08 -
Prevx1 V2 2008.04.09 Heuristic: Suspicious Self Modifying EXE
Rising 20.39.12.00 2008.04.08 -
Sophos 4.28.0 2008.04.09 -
Sunbelt 3.0.1032.0 2008.04.08 -
TheHacker 6.2.92.270 2008.04.09 -
VBA32 3.12.6.4 2008.04.06 -
VirusBuster 4.3.26:9 2008.04.09 -
Webwasher-Gateway 6.6.2 2008.04.09 Trojan.Keylogger.Win32.Malware.gen!46 (suspicious)

Informazioni addizionali
File size: 339968 bytes
MD5...: 279dd94404220270e0fc1716380244d3
SHA1..: 2bf244f4a792b9eddfee338ef27a7fbbace99fc1
SHA256: f8fd3d3637f46abc56ef6ab88351a7b56dac4fbc3355c8568137349d2b31a108
SHA512: 554a7596106be5e5fc051ec53cdd32c1ed81dd7511440d785f56f18faec3e5a0<BR>fbf4beae7e9c7f448c15b3c6688e9c7e7cb6c4d95d6c1a6895623adf1ef9573c
PEiD..: Armadillo v1.71
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x445602<BR>timedatestamp.....: 0x479eb7f7 (Tue Jan 29 05:21:59 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x4479c 0x45000 7.99 dec35dbeca8e80a4aa35e7e9c17630f5<BR>.rdata 0x46000 0x69d6 0x7000 5.63 43152d23e2472cccbc6582e7b7c5c973<BR>.data 0x4d000 0x2abc 0x3000 7.55 272856c422a263710adac9354668a851<BR>.rsrc 0x50000 0x27cc 0x3000 7.25 bcddc61a7f2edee05c1b8f0f7f5eb7de<BR><BR>( 7 imports ) <BR>&gt; KERNEL32.dll: InitializeCriticalSection, VerLanguageNameW, GetProfileSectionW, SetProcessAffinityMask, ReadConsoleOutputCharacterW, SetThreadContext, ReadConsoleA, GetDateFormatW, SetUnhandledExceptionFilter, InterlockedExchangeAdd, LockFileEx, SetProcessWorkingSetSize, EraseTape, OpenMutexW, WaitForSingleObject, CreateToolhelp32Snapshot, WriteConsoleInputW, lstrcatA, DebugBreak, CreateEventW, Beep, GetLastError, LocalFlags, GetConsoleTitleW, GetProcAddress, FindResourceExW, WriteTapemark, CreateMutexW, WriteConsoleInputA, GetTempFileNameW, WaitForSingleObjectEx, EnumTimeFormatsW, SetFileAttributesA, lstrcmpA, GlobalSize, EnterCriticalSection, _lopen, GetProcessTimes, GetModuleHandleA, FindFirstFileW, SystemTimeToTzSpecificLocalTime, GetVersionExA, GetCompressedFileSizeW, BeginUpdateResourceW, FoldStringW, ReleaseSemaphore, GetModuleFileNameW, Heap32ListFirst, IsBadWritePtr, CreateFileA, GetConsoleScreenBufferInfo, _lcreat, FreeLibraryAndExitThread, GetSystemDirectoryA, AllocConsole, lstrcpyA, FillConsoleOutputAttribute, MoveFileW, VirtualQuery, TransactNamedPipe, ReadFile, GetComputerNameA, Thread32Next, SetThreadExecutionState, Sleep, GetModuleHandleW, WritePrivateProfileStructA, GetBinaryTypeW, GetWindowsDirectoryW, SetDefaultCommConfigW, GlobalFlags, LeaveCriticalSection, CreatePipe, FindAtomA, BackupWrite, WriteConsoleOutputCharacterA, _lclose, AddAtomA, SetNamedPipeHandleState, WaitCommEvent, RemoveDirectoryW, OpenMutexA, InitAtomTable, QueryDosDeviceA, GlobalGetAtomNameA, MultiByteToWideChar, WideCharToMultiByte, EnumTimeFormatsA, WriteConsoleOutputAttribute, IsValidLocale, GetSystemDefaultLangID, GetHandleInformation, SetCommMask, SetEnvironmentVariableW, SetFileTime, SetTapePosition, lstrcmpW, SetMessageWaitingIndicator, GetStringTypeExW, lstrcatW, GetProcessHeap, SetHandleCount, Toolhelp32ReadProcessMemory, GetTempPathA, FatalExit, CreateConsoleScreenBuffer, GetThreadContext, AddAtomW, GetThreadTimes, WriteConsoleOutputCharacterW, WriteFile, GlobalAlloc, CompareStringA, EnumResourceTypesA, GetFileAttributesW, CreateSemaphoreW, OpenEventW, LoadResource, MoveFileExA, SetProcessPriorityBoost, CreateTapePartition, InterlockedDecrement, CreateNamedPipeA, FreeEnvironmentStringsW, SetConsoleCtrlHandler, SetDefaultCommConfigA, ReadFileEx, MulDiv, HeapCompact, CreateProcessA, SetupComm, FindResourceW, UnmapViewOfFile, CreateIoCompletionPort, GetBinaryTypeA, GetUserDefaultLangID, OpenFileMappingA, GetSystemDefaultLCID, Heap32ListNext, SetVolumeLabelW, TransmitCommChar, SuspendThread, VirtualQueryEx, InterlockedIncrement, OpenSemaphoreA, DefineDosDeviceW, ExitProcess, GetCommMask, FlushConsoleInputBuffer, GetAtomNameA, UnlockFileEx, GetConsoleTitleA, FatalAppExitW, GetThreadLocale, GetTempFileNameA, EnumSystemLocalesW, DisconnectNamedPipe, PeekConsoleInputW, SetConsoleCursorPosition, ReadConsoleInputA, GetTempPathW, HeapUnlock, CompareStringW, FileTimeToLocalFileTime, GetModuleFileNameA, lstrlenA, GetProcessWorkingSetSize, SetHandleInformation, VirtualProtectEx, SetTimeZoneInformation, GetWindowsDirectoryA, OpenFileMappingW, QueryDosDeviceW, ScrollConsoleScreenBufferW, SetErrorMode, GetDevicePowerState, ReadFileScatter, GetPrivateProfileSectionA, FindNextFileA, SetTapeParameters, ResetWriteWatch, GetTapeParameters, FindNextChangeNotification, WaitNamedPipeA, SetPriorityClass, FindResourceA, CreateEventA, SetFilePointer, VerLanguageNameA, GetCommState, ReadConsoleOutputA, LocalCompact, GetSystemInfo, lstrcpynW, BeginUpdateResourceA, _hread, GlobalHandle, CompareFileTime, GetPrivateProfileSectionNamesA, EnumSystemCodePagesA, WaitForMultipleObjects, GetOverlappedResult, GetNumberOfConsoleInputEvents, SetSystemTimeAdjustment, GetNumberFormatA, SetFileAttributesW, GetExitCodeThread, FileTimeToDosDateTime, GetFileAttributesA, GetStartupInfoA, GetCPInfoExW, ReadProcessMemory, GetDiskFreeSpaceW, Module32Next, SetConsoleActiveScreenBuffer, FindNextFileW, LocalFree, IsBadReadPtr, IsBadHugeWritePtr, GetEnvironmentVariableW, GetPrivateProfileStringA, IsBadCodePtr, _lwrite, TlsFree, GetVolumeInformationA, ScrollConsoleScreenBufferA, WriteFileEx, UnhandledExceptionFilter, SetComputerNameW, VirtualUnlock, GetThreadPriorityBoost, UpdateResourceA, lstrcpynA, GetThreadSelectorEntry, EnumResourceTypesW, ReadConsoleOutputCharacterA, GetProfileStringA, PostQueuedCompletionStatus, FreeConsole, FlushFileBuffers, SetConsoleWindowInfo, GetACP, Heap32Next, EnumDateFormatsA, BackupSeek, SetThreadPriority, BuildCommDCBA, GetDateFormatA, GetCPInfoExA, ReadConsoleInputW, CreateThread, GlobalCompact, GetTimeFormatW, GetMailslotInfo, GetPriorityClass, GetDiskFreeSpaceExW, CancelIo, GetStringTypeA, CloseHandle, WaitForDebugEvent, DefineDosDeviceA, LocalLock, WriteConsoleOutputA, GlobalUnlock, FileTimeToSystemTime, VirtualFreeEx, GetConsoleMode, UpdateResourceW, DebugActiveProcess, GetStartupInfoW, GetCPInfo, GetUserDefaultLCID, CreateDirectoryExW, WritePrivateProfileStringA, EndUpdateResourceW, BuildCommDCBW, LoadLibraryExW, GlobalWire, GetCommTimeouts, HeapLock, GetNamedPipeHandleStateW, SetLastError, GlobalReAlloc, SetFileApisToANSI, SetCalendarInfoW, DisableThreadLibraryCalls, GetFileAttributesExA, GetLocalTime, GetLocaleInfoA, lstrcmpiA, EndUpdateResourceA, HeapFree, OpenEventA, FindFirstChangeNotificationA, VirtualFree, HeapSize, SetProcessShutdownParameters, SearchPathW, GetCurrentThread, EnumDateFormatsW, WriteProfileStringW, EnumSystemLocalesA, ResumeThread, SetLocaleInfoW, MoveFileExW, GetStringTypeW, HeapDestroy, SetCurrentDirectoryA, CopyFileW, FindResourceExA, GlobalFree, GetLogicalDrives, GetCommProperties, DosDateTimeToFileTime, FillConsoleOutputCharacterW, DuplicateHandle, EnumResourceLanguagesA, TlsAlloc, GetSystemTime, FatalAppExitA, ExpandEnvironmentStringsA, GetWriteWatch, GetLogicalDriveStringsW, lstrcmpiW<BR>&gt; USER32.dll: DestroyAcceleratorTable, MessageBeep, SetWindowsHookA, FindWindowExA, MapVirtualKeyW, SetScrollInfo, LoadMenuIndirectA, GetMenuState, IsWindowVisible, EndDeferWindowPos, GetClassInfoW, SetScrollPos, CheckMenuItem, FindWindowA, ValidateRgn, EnumWindows, CharPrevA, SendDlgItemMessageW, CharPrevExA, ChangeMenuA, GetDesktopWindow, CopyIcon, GetScrollPos, GetWindowDC, DefMDIChildProcA, MessageBoxA, DlgDirSelectExA, WaitForInputIdle, IsRectEmpty, ActivateKeyboardLayout, GetClipCursor, CreateDialogIndirectParamW, GetNextDlgTabItem, DlgDirListW, OffsetRect, DialogBoxIndirectParamA, IsChild, EndDialog, WinHelpA, CharLowerA, DragDetect, SetClipboardData, DefWindowProcW, GetWindowTextW, SetPropW, EnumPropsExW, GetClipboardFormatNameW, EnumDesktopsA, GetTopWindow, EnumPropsA, GetScrollRange, SetDlgItemTextA, TranslateAcceleratorA, UnhookWindowsHookEx, GetClientRect, GetQueueStatus, GetUserObjectSecurity, CreateWindowExW, EnumDisplaySettingsW, ChangeDisplaySettingsA, MessageBoxExW, SetClassLongA, TrackPopupMenuEx, KillTimer, LookupIconIdFromDirectory, GetDoubleClickTime, SetCapture, ExitWindowsEx, GetClipboardFormatNameA, CharToOemBuffW, LoadMenuW, DrawMenuBar, CreateWindowExA, RegisterClassA, SetParent, MapWindowPoints, GetDlgItemTextA, ToAscii, WindowFromDC, IsIconic, GetWindowTextLengthA, GetMessageExtraInfo, LoadCursorFromFileW, SendNotifyMessageW, wsprintfW, ToAsciiEx, GetClassInfoExA, wvsprintfA, SetProcessWindowStation, OpenDesktopW, ChangeMenuW, SetUserObjectInformationA, HiliteMenuItem, ValidateRect, SetSysColors, MapVirtualKeyExW, RemovePropA, SetScrollRange, LoadCursorFromFileA, SetRectEmpty, InsertMenuA, OpenDesktopA, GetClassLongW, UnionRect, ShowCursor, GetMenuItemID, DrawIconEx, GetUserObjectInformationW, CountClipboardFormats, VkKeyScanExW, ChildWindowFromPointEx, CallMsgFilterW, GetTabbedTextExtentA, SetActiveWindow, GetInputState, SetWindowLongW, IsCharUpperA, InsertMenuItemW, UpdateWindow, SetTimer, CallMsgFilterA, SwitchToThisWindow, SendMessageTimeoutA, SetDlgItemInt, GetParent, GetCapture, LoadMenuIndirectW, GetMenu, SendMessageCallbackW, GetClassNameA, CascadeWindows, SetWindowPlacement, GetDCEx, DestroyWindow, DestroyMenu, CreateDesktopW, OpenClipboard, SwapMouseButton, AdjustWindowRectEx, DeferWindowPos, GetSysColor, DrawTextExA, SetMenuDefaultItem, GetMessageTime, mouse_event, WaitMessage, IsDialogMessageA, ChildWindowFromPoint, LookupIconIdFromDirectoryEx, SetDoubleClickTime, LoadStringW, GetPropW, IsDialogMessageW, GetProcessWindowStation, GetSubMenu, GetSystemMenu, OemToCharW, CreateDialogIndirectParamA, LoadKeyboardLayoutA, CharLowerBuffW, FillRect, ScrollWindow, UnregisterHotKey, GetDlgItemTextW, PostQuitMessage, GetSystemMetrics, GetMenuDefaultItem, ShowScrollBar, GetWindowTextA, SwitchDesktop, GetMenuItemCount, IsWindowEnabled, CreateMDIWindowA, SetMenuItemInfoW, EnumWindowStationsA, MsgWaitForMultipleObjectsEx, CreatePopupMenu, TabbedTextOutW, SetMessageQueue, GetAsyncKeyState, SendMessageW, ExcludeUpdateRgn, GetKeyboardState, ClipCursor, SetPropA, DefDlgProcW, TranslateMDISysAccel, WinHelpW, ShowCaret, GetActiveWindow, DrawTextW, SetCaretBlinkTime, EnumChildWindows, GetKeyboardLayout, CharLowerBuffA, DrawEdge, ToUnicodeEx, VkKeyScanA, EnumDisplaySettingsA, InvertRect, GetClassWord, InsertMenuItemA, RedrawWindow, SetMenu, MessageBoxExA, DlgDirSelectComboBoxExA, ChangeDisplaySettingsW, IsMenu, TabbedTextOutA, GetWindowRgn, GetMessageW, CloseWindow, SystemParametersInfoA, CopyAcceleratorTableW, ReleaseDC, GetUpdateRgn, CharUpperA, GetFocus, EndPaint, PtInRect, OemToCharA, ChangeDisplaySettingsExA, ShowWindowAsync, RegisterHotKey, SetClipboardViewer, GetKeyNameTextA, GetClassLongA, VkKeyScanExA, CopyAcceleratorTableA, CharNextW, PeekMessageW, ModifyMenuW, GetMenuContextHelpId, GetWindowRect, SetWindowPos, SetClassWord, PeekMessageA, GetTabbedTextExtentW, DestroyCursor, GetWindow, SetDebugErrorLevel, FlashWindow, SendMessageA, EmptyClipboard, IsCharAlphaNumericW, IsCharLowerA, DestroyCaret, GetKeyboardLayoutList, GetUserObjectInformationA, DlgDirListComboBoxW, SendNotifyMessageA, LoadImageW, LockWindowUpdate, GetMenuCheckMarkDimensions, DefDlgProcA, AttachThreadInput, ChangeDisplaySettingsExW, CreateIconFromResourceEx, TranslateMessage, GetKeyNameTextW, LoadIconA, IsClipboardFormatAvailable, EnumDesktopsW, RegisterClassExA, CloseClipboard, PostThreadMessageA, PostMessageA, EnableScrollBar, LoadStringA, GetWindowLongA, GetClipboardData, GetForegroundWindow, AppendMenuA, GrayStringA, GetMenuStringW, IsWindow, SetWindowTextA, GetClassNameW, SetThreadDesktop, ClientToScreen, GetClassInfoA, CallNextHookEx, ShowWindow, ScrollDC<BR>&gt; GDI32.dll: EnumFontFamiliesW, Chord, GetTextExtentPoint32A, FloodFill, GetTextColor, EnumEnhMetaFile, GetCurrentObject, CreateDiscardableBitmap, DeleteMetaFile, PolyPolygon, GetGlyphOutlineA, GetKerningPairsW, SetArcDirection, GdiGetBatchLimit, GetTextMetricsW, MaskBlt, BitBlt, ExtTextOutA, GetBitmapBits, PtInRegion, FillRgn, SetTextAlign, GetROP2, GetColorSpace, SwapBuffers, GetCharWidth32A, ChoosePixelFormat, StrokePath, SetBoundsRect, CreateHatchBrush, GetFontData, GetTextCharsetInfo, GdiComment, SetBrushOrgEx, GetMapMode, ExtFloodFill, GetDIBits, EndPage, GetMetaRgn, GetTextAlign, GetTextMetricsA, PolyDraw, CreateBitmapIndirect, PlayEnhMetaFileRecord, PlayEnhMetaFile, GetCurrentPositionEx, CreateEllipticRgnIndirect, CreateEllipticRgn, StrokeAndFillPath, DeleteEnhMetaFile, CreateFontIndirectW, GetObjectW, SetGraphicsMode, SetPixelV, SetMetaFileBitsEx, IntersectClipRect, GetCharABCWidthsFloatW, GetTextExtentPoint32W, SetPixel, StartDocW, GdiFlush, OffsetClipRgn, CreateEnhMetaFileA, GetTextExtentExPointW, GetTextExtentPointW, BeginPath, CombineTransform, PlayMetaFileRecord, PolyBezierTo, SelectObject, GetBkMode, EnumFontFamiliesA, GetEnhMetaFileDescriptionA, DrawEscape, GetEnhMetaFileA, SetStretchBltMode, GetBoundsRect, GetRandomRgn, GetCharacterPlacementW, GetLogColorSpaceA, SetColorSpace, RoundRect, GetCharABCWidthsA, GetRasterizerCaps, GetBrushOrgEx, CreateRectRgnIndirect, GetClipRgn, SelectPalette, CreateFontA, GdiSetBatchLimit, CopyMetaFileA, DeleteObject, GetOutlineTextMetricsA, EqualRgn, GetTextFaceA, GetAspectRatioFilterEx, RectInRegion, SetTextJustification, GetEnhMetaFileDescriptionW, CreateHalftonePalette, EnumICMProfilesW, SetPaletteEntries, GetTextCharacterExtra, EnumFontsA, GetCharABCWidthsFloatA, ResetDCA, GetStockObject, CreateRectRgn, EnumFontsW, SetDIBColorTable, SetICMMode, CreateScalableFontResourceA, ExcludeClipRect, OffsetWindowOrgEx, GetPixelFormat, ExtSelectClipRgn, PathToRegion, GetColorAdjustment, GetKerningPairsA, CloseFigure, UpdateICMRegKeyW, GetRgnBox, CreateCompatibleDC, LineTo, GetICMProfileA, PolylineTo, InvertRgn, CreateEnhMetaFileW, GetEnhMetaFileHeader, PlgBlt, DeleteDC, GetEnhMetaFileW, CloseMetaFile, GetMetaFileBitsEx, CreatePatternBrush, GetViewportOrgEx, SetSystemPaletteUse, RectVisible, EnumICMProfilesA, UnrealizeObject, EnumFontFamiliesExW, SetMapMode, GetPath, PolyPolyline, ScaleWindowExtEx, DescribePixelFormat, SetMetaRgn, SetEnhMetaFileBits, CreateScalableFontResourceW, SetWinMetaFileBits, MoveToEx, GetDCOrgEx, ResizePalette, SetColorAdjustment, PatBlt, SetMiterLimit, SetICMProfileW, SetViewportExtEx, SelectClipPath, RestoreDC, CreateRoundRectRgn<BR>&gt; comdlg32.dll: ReplaceTextA, GetSaveFileNameA, ChooseFontW, CommDlgExtendedError, PageSetupDlgA, GetFileTitleA, ChooseFontA, GetOpenFileNameA, FindTextW, ChooseColorW, ReplaceTextW, GetFileTitleW, FindTextA, GetOpenFileNameW<BR>&gt; ADVAPI32.dll: RegisterEventSourceA, CryptEncrypt, ObjectOpenAuditAlarmA, FindFirstFreeAce, GetAuditedPermissionsFromAclW, BuildSecurityDescriptorA, InitializeAcl, CryptGenRandom, GetMultipleTrusteeOperationW, CryptGetProvParam, CloseServiceHandle, CryptContextAddRef, RegEnumKeyExW, GetExplicitEntriesFromAclW, RegLoadKeyA, CreateServiceW, ImpersonateSelf, AccessCheckAndAuditAlarmA, LookupPrivilegeValueW, ImpersonateLoggedOnUser, StartServiceW, RegQueryValueW, SetEntriesInAclW, DeregisterEventSource, ObjectCloseAuditAlarmW, LookupPrivilegeDisplayNameW, GetOldestEventLogRecord, IsTextUnicode, SetAclInformation, ClearEventLogA, GetFileSecurityW, GetTrusteeTypeA, GetMultipleTrusteeOperationA, BackupEventLogW, CryptGetDefaultProviderA, ObjectDeleteAuditAlarmW, LookupPrivilegeNameW, OpenSCManagerA, ObjectDeleteAuditAlarmA, LookupPrivilegeNameA, CryptSetProviderA, GetKernelObjectSecurity, RegNotifyChangeKeyValue, GetServiceDisplayNameW, RegConnectRegistryW, EnumServicesStatusW, NotifyChangeEventLog, SetKernelObjectSecurity, RegDeleteValueA, QueryServiceConfigA, OpenServiceA, RegEnumKeyExA, PrivilegeCheck, RegDeleteKeyW, CryptDestroyHash, GetFileSecurityA, OpenEventLogW, GetAuditedPermissionsFromAclA, SetServiceStatus, DuplicateTokenEx, AbortSystemShutdownW, RegisterServiceCtrlHandlerA, SetTokenInformation, RegEnumValueA, CreateProcessAsUserW, GetSidIdentifierAuthority, LookupAccountSidW, GetServiceKeyNameA, CryptSignHashW, BuildTrusteeWithSidW, BuildTrusteeWithNameA, BuildExplicitAccessWithNameA, OpenBackupEventLogA, CryptGetKeyParam, InitiateSystemShutdownW, EqualPrefixSid, RegOpenKeyW, RegEnumKeyW, CryptGetDefaultProviderW, GetTrusteeNameA, RegCreateKeyW, CryptAcquireContextW, ClearEventLogW, RegCloseKey, RegOpenKeyA, CryptCreateHash, GetPrivateObjectSecurity, AddAccessDeniedAce, ReportEventW, SetSecurityDescriptorSacl, AccessCheck, GetSecurityDescriptorDacl, GetUserNameA, CryptImportKey, GetSecurityDescriptorSacl, RegQueryInfoKeyW, LookupPrivilegeDisplayNameA, DeleteService, CryptVerifySignatureW, OpenBackupEventLogW, CryptDecrypt, CreateServiceA, RegSetKeySecurity, GetTrusteeTypeW, CryptEnumProviderTypesW, GetSecurityInfo, GetExplicitEntriesFromAclA, CryptSetHashParam, RegReplaceKeyA, ReportEventA, BackupEventLogA, RegQueryValueExW, CryptReleaseContext, CryptSetProviderExW, CryptHashData, RegDeleteKeyA, RegSetValueExA, AccessCheckAndAuditAlarmW, RegEnumValueW, CryptGetHashParam, RegOpenKeyExW, BuildSecurityDescriptorW, CryptDeriveKey, ReadEventLogW, LockServiceDatabase, RegLoadKeyW, DestroyPrivateObjectSecurity, ObjectOpenAuditAlarmW, QueryServiceStatus, SetSecurityDescriptorOwner, UnlockServiceDatabase, AddAce, OpenProcessToken, GetServiceDisplayNameA, InitiateSystemShutdownA, EnumServicesStatusA, CryptSetKeyParam, ObjectPrivilegeAuditAlarmA, GetNamedSecurityInfoA, SetSecurityInfo, QueryServiceObjectSecurity, GetSecurityDescriptorControl, RegFlushKey, OpenThreadToken, ChangeServiceConfigW, CryptDuplicateKey, LogonUserA, RegQueryValueA, CryptSignHashA, ControlService, GetSecurityDescriptorLength, GetSecurityDescriptorOwner, AdjustTokenGroups, RegUnLoadKeyW, LookupPrivilegeValueA, SetServiceBits, GetAclInformation, GetEffectiveRightsFromAclA, EnumDependentServicesW, RegOpenKeyExA, OpenSCManagerW, AdjustTokenPrivileges<BR>&gt; SHELL32.dll: ShellExecuteA, SHGetDataFromIDListW, SHFileOperationA, DoEnvironmentSubstA, FindExecutableA, SHGetSettings, DragQueryFileA, SHFileOperationW, SHInvokePrinterCommandW, SHAppBarMessage, ExtractIconW, -, SHGetSpecialFolderPathA, SHQueryRecycleBinA, SHBrowseForFolderA, DragFinish, ShellAboutW, ShellExecuteExA, ExtractAssociatedIconExA, ExtractIconA, ExtractIconExA, SHInvokePrinterCommandA, SHGetDesktopFolder, ShellExecuteW, SHGetFileInfoA, ExtractAssociatedIconExW, SHFreeNameMappings, SHGetSpecialFolderPathW, SHEmptyRecycleBinA, SHGetDataFromIDListA, SHLoadInProc, SHBrowseForFolderW, DoEnvironmentSubstW, SHGetPathFromIDListW<BR>&gt; MSVCRT.dll: strlen, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, __setusermatherr<BR><BR>( 0 exports ) <BR>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=EACA3309008B20E8300205839224AC00EEF0E505

allora..
1) la voce 04 -HKCU\..\Run: [?????????] ????????????e la potrei fixare all'infinito: ricompare sempre
quella voce, su Vista, è legittima: non la devi fixare :cool:

adesso inizia anche problema di accesso ad internet..con instant acceso :muro:

adesso inizia anche problema di accesso ad internet..con instant acceso :muro:
Eh lo so ...... che vuoi farci, sono cose che succedono ...... :read:

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [otnhgkslw] c:\users\euronics\appdata\local\otnhgkslw.exe otnhgkslw

La prima voce è della sidebar di vista...non toccarla...se non vuoi far partire la sidebar c'è l'apposita voce in pannello di controllo (se la fixi da lì non potrai farla partire più in automatico in seguito)
la seconda ti consiglierei di farla analizzare su virus total QUI (http://www.virustotal.com/en/indexf.html) (il percorso naturalmente è c:\users\euronics\appdata\local\otnhgkslw.exe otnhgkslw)
visualizzando file e cartelle nascosti (apri una cartella qualsiasi vai su sulla barra :strumenti->opzioni cartella->visualizzazione->metti la spunta a "visualizza file e cartelle nascoste" e togli la spunta a "nascondi file protetti di sistema"--> applica)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Questa e in local machine ed è il run normale di adobe 8(sarebbe da aggiornare comunque)
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
Questa in current user è il manager di aggiornamento della versione 7 di adobe...niente di pericoloso..potresti anche fixarla se vuoi è inutile in run

Saluti:cool:

1- Scarica Avenger da qui: http://www.fileup.itadib.com/download.php?id=qg3FqMxAzKZCKP1cBzFC copia ed incolla questo Script nel box bianco poi clicca su Execute

Files to delete:
C:\Users\Euronics\AppData\Local\otnhgkslw.exe

Registry values to delete:
HKEY_USERS\S-1-5-21-3857422176-1077726746-3946400950-1000\Software\Microsoft\Windows\CurrentVersion\Run | otnhgkslw

il PC si dovrebbe riavviare, se non si riavvia fallo tu manualmente, allega il log che trovi in C:\Avenger.txt

Edit: stavo per dimenticare serve anche un log di ComboFix che dovrebbe procedere ad eliminare altri file legati a otnhgkslw.exe

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Doppio click su combofix.exe e segui le istruzioni
Allegare il log C:\combofix.txt
N.B.: Durante la scansione verranno creati alcuni file sul desktop e poi eliminati - spariranno tutte le icone del desktop - il firewall potrebbe avvisare che verranno rimossi alcuni driver (consentire)
ComboFix deve essere eseguito a macchina dedicata - disconnessi dalla rete, disabilitando momentaneamente i realtime dei software di sicurezza inoltre se UAC reclama ovviamente acconsenti

e dimmi come và, ciao.

azz!!non avevo visto che le 2 voci le avevi già fatte analizzare......rimane quanto detto per le altre 2 :read: