is thumbs.dn a trojan?

My antivirus, avast, said that there is a trojan horse named Thumbs.dn .

At begining it was in my usb. I deleted it but now the autoplay of usb doesent work, appear ''??(O)''.

I don't know if it is correlated, very often, explorer close itself automatically.

Can you tell me how to remuve it?

Thank you for your help!

 

Hi, martina. Welcome to Windows BBS!

I suspect your computer and/or USB drive did indeed get infected with malware.

Please carefully read and follow the directions in this link (and post the appropriate logs in this thread).

 

I hope send you the right thing...

Deckard's System Scanner v20071014.68
Run by Martina on 2007-12-14 22:04:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
14: 2007-12-14 21:04:30 UTC - RP14 - Deckard's System Scanner Restore Point
13: 2007-12-03 13:06:57 UTC - RP13 - Installed The LOreal e-Strat - Team
12: 2007-11-27 21:45:16 UTC - RP12 - Microsoft Office 2000 Disco 2 installato
11: 2007-11-15 22:22:15 UTC - RP11 - Installed Dizionario Oxford-Paravia
10: 2007-11-14 19:50:58 UTC - RP10 - Punto di arresto del sistema


-- First Restore Point --
1: 2007-10-23 12:50:59 UTC - RP1 - Punto di arresto del sistema


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-14 22:06:24
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\HPQ\IAM\Bin\asghost.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\HPQ\Quick Launch Buttons\eabservr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\Java\jre1.5.0\bin\jusched.exe
C:\Programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\HPQ\Shared\hpqwmi.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Paravia\OP\Bin\OP.exe
C:\Documents and Settings\Martina\Impostazioni locali\Temporary Internet Files\Content.IE5\ED8F6XE5\dss[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Programmi\OLYMPUS\OLYMPUS Master 2\MMonitor.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
O4 - Global Startup: DVD Check.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\NPJPI150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\NPJPI150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{AAE3046C-8741-4048-AD9D-3C9145A484B4}: NameServer = 62.211.69.150 212.48.4.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - AppInit_DLLs: ASAPHook
O20 - Winlogon Notify: OneCard - C:\Programmi\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\Shared\hpqwmi.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe


--
End of file - 8109 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ClntMgmt.sys - c:\windows\system32\drivers\clntmgmt.sys <Not Verified; Hewlett-Packard; Client Management Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 hpqwmi (HP WMI Interface) - c:\programmi\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>

S3 WmcCds (Windows Media Connect (WMC)) - c:\programmi\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Helper di Windows Media Connect (WMC)) - c:\programmi\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-11-14 and 2007-12-14 -----------------------------

2007-12-03 14:06:58 0 d-------- C:\Programmi\STRATX
2007-11-27 22:45:39 0 d-------- C:\Programmi\Snapshot Viewer
2007-11-18 18:23:19 163840 --a------ C:\WINDOWS\BJPSUNST.EXE <Not Verified; CANON INC.; BJPSUNST.EXE>
2007-11-18 18:22:02 307712 --a------ C:\WINDOWS\IsUn0410.exe <Not Verified; InstallShield Software Corporation, Inc.; InstallShield® unInstaller>
2007-11-18 18:20:56 0 d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-11-18 18:20:50 0 d--h----- C:\Programmi\CanonBJ
2007-11-18 18:20:15 0 d-------- C:\Programmi\Canon
2007-11-15 23:22:16 0 d-------- C:\Programmi\Paravia


-- Find3M Report ---------------------------------------------------------------

2007-11-27 22:44:57 0 d-------- C:\Programmi\microsoft frontpage
2007-11-25 17:01:01 426042 --a------ C:\WINDOWS\system32\perfh010.dat
2007-11-25 17:01:01 63600 --a------ C:\WINDOWS\system32\perfc010.dat
2007-11-17 14:29:10 0 d-------- C:\Documents and Settings\Martina\Dati applicazioni\Apple Computer
2007-11-12 18:54:24 0 d-------- C:\Programmi\MSN Messenger
2007-11-07 18:53:19 0 d-------- C:\Documents and Settings\Martina\Dati applicazioni\Macromedia
2007-10-30 14:24:14 0 d-------- C:\Documents and Settings\Martina\Dati applicazioni\AdobeUM
2007-10-30 14:11:54 0 d-------- C:\Documents and Settings\Martina\Dati applicazioni\Help
2007-10-30 11:48:57 0 d-------- C:\Documents and Settings\Martina\Dati applicazioni\Leadertech
2007-10-29 19:52:32 0 d-------- C:\Documents and Settings\Martina\Dati applicazioni\Adobe
2007-10-29 18:10:22 0 d-------- C:\Programmi\File comuni
2007-10-29 18:07:20 0 d-------- C:\Documents and Settings\Martina\Dati applicazioni\Microsoft Web Folders
2007-10-27 11:25:03 0 d-------- C:\Programmi\File comuni\muvee Technologies
2007-10-27 11:23:22 0 d-------- C:\Programmi\QuickTime
2007-10-27 11:22:19 0 d-------- C:\Programmi\OLYMPUS
2007-10-27 11:21:31 0 d-------- C:\Programmi\MSXML 4.0
2007-10-23 15:29:28 0 d-------- C:\Programmi\File comuni\ODBC
2007-10-23 15:29:24 0 d-------- C:\Programmi\File comuni\SpeechEngines
2007-10-23 15:28:53 62 --ahs---- C:\Documents and Settings\Martina\Dati applicazioni\desktop.ini
2007-10-23 15:21:08 0 d-------- C:\Programmi\Er Finestra
2007-10-23 15:20:40 0 d-------- C:\Programmi\Force 2.0
2007-10-23 15:18:12 0 d-------- C:\Programmi\File comuni\Adobe
2007-10-23 15:16:14 0 d-------- C:\Programmi\File comuni\Adobe Systems Shared
2007-10-23 15:00:32 0 d-------- C:\Programmi\ACDSee32
2007-10-23 14:53:28 0 d-------- C:\Programmi\Ahead
2007-10-23 14:53:26 0 d-------- C:\Programmi\File comuni\Ahead
2007-10-23 14:47:23 0 d-------- C:\Programmi\Alwil Software
2007-10-23 14:22:09 0 d--h----- C:\Programmi\InstallShield Installation Information
2007-10-23 14:21:49 0 d-------- C:\Programmi\InterVideo
2007-10-23 14:20:48 0 d-------- C:\Programmi\HPQ
2007-10-23 14:20:43 0 d-------- C:\Programmi\Fingerprint Sensor
2007-10-23 14:20:43 0 d-------- C:\Programmi\AuthenTec
2007-10-23 14:19:43 0 d-------- C:\Programmi\Windows Media Connect
2007-10-23 14:18:12 0 d-------- C:\Programmi\Java
2007-10-23 14:18:11 0 d-------- C:\Programmi\File comuni\Java
2007-10-23 14:17:57 0 d-------- C:\Programmi\Sonic
2007-10-23 14:17:51 0 d-------- C:\Documents and Settings\Martina\Dati applicazioni\Sonic
2007-10-23 14:17:49 0 d-------- C:\Programmi\File comuni\Sonic
2007-10-23 14:17:02 0 d-------- C:\Programmi\File comuni\SureThing Shared
2007-10-23 14:15:52 0 d-------- C:\Programmi\HP Accessories Product Tour
2007-10-23 14:07:26 0 d-------- C:\Programmi\Intel
2007-10-23 14:07:01 0 d-------- C:\Programmi\ATI Technologies
2007-10-23 14:05:25 0 d-------- C:\Programmi\Synaptics
2007-10-23 14:05:20 0 d-------- C:\Programmi\File comuni\InstallShield
2007-10-23 14:03:02 0 d-------- C:\Programmi\WIDCOMM
2007-10-23 14:02:26 0 d-------- C:\Programmi\Broadcom
2007-10-23 14:01:22 0 d-------- C:\Programmi\Analog Devices
2007-10-23 13:50:44 0 d-------- C:\Documents and Settings\Martina\Dati applicazioni\Identities
2007-10-23 13:42:06 0 -rahs---- C:\MSDOS.SYS
2007-10-23 13:42:06 0 -rahs---- C:\IO.SYS
2007-10-23 13:42:06 0 --a------ C:\CONFIG.SYS
2007-10-23 13:42:06 0 --a------ C:\AUTOEXEC.BAT
2007-10-23 13:40:49 0 d--h----- C:\Programmi\WindowsUpdate
2007-10-23 13:40:44 0 d-------- C:\Programmi\Servizi in linea
2007-10-23 13:39:48 0 d-------- C:\Programmi\File comuni\MSSoap
2007-10-23 13:39:36 0 d-------- C:\Programmi\Movie Maker
2007-10-23 13:38:36 21840 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-10-23 13:38:01 0 d-------- C:\Programmi\Messenger
2007-10-23 13:37:56 0 d-------- C:\Programmi\MSN Gaming Zone
2007-10-23 13:37:47 0 d-------- C:\Programmi\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [14/10/2004 08.11]
"SoundMAX "= "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [23/09/2004 11.41]
"AGRSMMSG "= "AGRSMMSG.exe" [13/04/2005 11.12 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr "= "C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [02/02/2005 13.12]
"SynTPEnh "= "C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [02/02/2005 13.11]
"ATIPTA "= "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [19/01/2005 20.40]
"Cpqset "= "C:\Programmi\HPQ\Default Settings\cpqset.exe" [14/01/2005 12.21]
"eabconfg.cpl "= "C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe" [03/12/2004 12.24]
"UpdateManager "= "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" [19/08/2003 00.01]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [03/08/2004 00.05]
"SunJavaUpdateSched "= "C:\Programmi\Java\jre1.5.0\bin\jusched.exe" [23/10/2007 14.18]
"hpWirelessAssistant "= "C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [21/01/2005 12.40]
"CognizanceTS "= "C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [22/12/2003 19.12]
"WatchDog "= "C:\Programmi\InterVideo\DVD Check\DVDCheck.exe" [08/12/2004 17.44]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 14.00]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 09.50]
"QuickTime Task "= "C:\Programmi\QuickTime\qttask.exe" [01/09/2006 14.57]
"Easy-PrintToolBox "= "C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14/01/2004 02.10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 14.39]
"MsnMsgr "= "C:\Programmi\MSN Messenger\MsnMsgr.exe" [19/01/2007 11.54]
"OM2_Monitor "= "C:\Programmi\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [08/02/2007 19.43]
"MSMSGS "= "C:\Programmi\Messenger\msmsgs.exe" [19/08/2004 14.51]

C:\Documents and Settings\Martina\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 18.16.50]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 20.05.26]
BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe [31/05/2005 13.29.16]
DVD Check.lnk - C:\Programmi\InterVideo\DVD Check\DVDCheck.exe [23/10/2007 14.21.49]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [17/02/1999 21.05.56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Programmi\HPQ\IAM\Bin\AsWlnPkg.dll 10/11/2004 01.19 38912 C:\Programmi\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=ASAPHook

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= scecli AsWlnPkg

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance ASChannel


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c223f6a-816e-11dc-802e-00166f6fe2fa}]
verb1\command- Thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\Thumbs.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cfd61a4-8643-11dc-803b-9cdd5d33b256}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ba801a-897c-11dc-8047-93aa69ec5a59}]
verb1\command- F:\Thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\Thumbs.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f20c05b4-92e5-11dc-805a-001560b94796}]
AutoRun\command- F:\AutoTransfer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5520e76-8179-11dc-8030-ad35109fa858}]
verb1\command- Thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\Thumbs.bat




-- End of Deckard's System Scanner: finished at 2007-12-14 22:07:11 ------------

 

Yes, you did paste the appropriate logs. Thank you.

You appear to indeed have a malware issue.

• Bleeping Computer information about Knight.exe

• Symantec Information About the W32.Emiutao Worm
  

*You may or may not have a W32.Emiutao worm infection but I think you should notify your banks and credit card issuers (if you have performed such transactions with your computer) just in case a back door was used to steal that information from you (just to be on the safe side).

Please patiently wait for expert assistance from one of our malware analysts.

 

Welcome martina

Please download Flash_Disinfector by sUBs and save it to your desktop.

Plug in your USB flash drive.
Double-click Flash_Disinfector.exe to run it.
Follow any prompts that may appear.
Your desktop will vanish for a while, and then reappear. This is normal.
Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Download ComboFix by sUBs from here, saving the file to your desktop.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall