NoTrace Security Forum

NoTrace Security Forum
Home | Discussioni Attive | Discussioni Recenti | Segnalibro | Msg privati | Utenti | Download | cerca | faq | RSS | Security Chat
Nome Utente:
 Password:
Salva Password
Password Dimenticata?

 Tutti i Forum
 Virus
 Computer Virus
 Aiutatemi..		  Forum Bloccato
 Versione Stampabile Bookmark this Topic Aggiungi Segnalibro
I seguenti utenti stanno leggendo questo Forum Qui c'è:
Pagina Successiva
Autore Discussione Precedente Discussione Discussione Successiva
Pagina: di 2

Misterx
Average Member


Città: Carpi


86 Messaggi

Inserito il - 05/10/2008 : 12:18:46  Mostra Profilo
MI sono beccato dei trojan..che mi lanciano in continuazione messaggi del tipo " il tuo pc è a serio rischio...ect ect ect", tutti messaggi falsi ovviamente...questi sono questi i virus che ho preso:
trojan-downloader.win32.agent.bq
trojan-clicker.win32.tiny.h
trojan-spy.win32.keylogger.aa
Come posso fare per eliminarli?
Considerando che come antivirus ho avg 8..prima avevo Norton, ma mi è scaduto, e sono indeciso se rinnovare o no...grazie a tutti

Misterx
Average Member


Città: Carpi


86 Messaggi
Inserito il - 05/10/2008 : 12:21:03  Mostra Profilo
ah scusatemi anche questo tojan:
Trojan.Spy.HTML.Bankfraund.dq
Torna all'inizio della Pagina

shang
Advanced Member

Città: Roma


4879 Messaggi
Inserito il - 05/10/2008 : 12:24:15  Mostra Profilo
scarica ==> ftp://ftp.drweb[.com]/pub/drweb/cureit/launch.exe

Una volta lanciato, il tool farà immediatamente una scansione dei processi attivi nel sistema. Finita la scansione, dovrai selezionare quali hard disk vuoi controllare e poi cliccare sul tasto di avvio della scansione.
Torna all'inizio della Pagina

Misterx
Average Member


Città: Carpi


86 Messaggi
Inserito il - 05/10/2008 : 12:35:15  Mostra Profilo
si l'ho provato a fare prima da dato che non ci capivo niente, l'ho eliminato...
Torna all'inizio della Pagina

shang
Advanced Member

Città: Roma


4879 Messaggi
Inserito il - 05/10/2008 : 12:42:11  Mostra Profilo
fai una cosa

postami prima hijackthis e poi riprova col programma che ti ho indicato


htt*://[www].trendsecure[.com]/portal/en-US/threat_analytics/hijackthis.php#

ricorda di metterlo nel percorso C:\ Programmi

E' IMPORTANTE
Modificato da - shang in data 05/10/2008 12:43:07
Torna all'inizio della Pagina

Misterx
Average Member


Città: Carpi


86 Messaggi
Inserito il - 05/10/2008 : 12:53:07  Mostra Profilo
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.51.08, on 05/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Sally e Valerio\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\HlpWinSh\jypgjglq.exe
C:\ProgramData\rmzkdqhk\nafavide.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\*******!\Messenger\ymsgr_tray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = htt*://go.microsoft[.com]/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [www].google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htt*://ie.redirect.hp[.com]/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = htt*://go.microsoft[.com]/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htt*://go.microsoft[.com]/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = htt*://ie.redirect.hp[.com]/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &*******! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\*******!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar[.com] IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: *******! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\*******!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /F "C:\Windows\TEMP\E_SD7B8.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [\YURAD15.exe] C:\Windows\system32\YURAD15.exe
O4 - HKLM\..\Run: [\YURADE0.exe] C:\Windows\system32\YURADE0.exe
O4 - HKLM\..\Run: [\YURB159.exe] C:\Windows\system32\YURB159.exe
O4 - HKLM\..\Run: [\YURB2B0.exe] C:\Windows\system32\YURB2B0.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [*******! Pager] "C:\PROGRA~1\*******!\MESSEN~1\*******M~1.EXE" -quiet
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sally e Valerio\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [HlpWinSh] C:\ProgramData\HlpWinSh\jypgjglq.exe
O4 - HKCU\..\Run: [\YURAD15.exe] C:\Windows\system32\YURAD15.exe
O4 - HKCU\..\Run: [\YURADE0.exe] C:\Windows\system32\YURADE0.exe
O4 - HKCU\..\Run: [\YURB159.exe] C:\Windows\system32\YURB159.exe
O4 - HKCU\..\Run: [\YURB2B0.exe] C:\Windows\system32\YURB2B0.exe
O4 - HKCU\..\Run: [IYXRRMtbu7] C:\ProgramData\rmzkdqhk\nafavide.exe
O4 - HKCU\..\Run: [\YUR2D56.exe] C:\Windows\system32\YUR2D56.exe
O4 - HKCU\..\Run: [\YUR317B.exe] C:\Windows\system32\YUR317B.exe
O4 - HKCU\..\Run: [\YUR33CC.exe] C:\Windows\system32\YUR33CC.exe
O4 - HKCU\..\Run: [\YUR3320.exe] C:\Windows\system32\YUR3320.exe
O4 - HKCU\..\Run: [\YUR33FA.exe] C:\Windows\system32\YUR33FA.exe
O4 - HKCU\..\Run: [\YUR3571.exe] C:\Windows\system32\YUR3571.exe
O4 - HKCU\..\Run: [\YUR34C5.exe] C:\Windows\system32\YUR34C5.exe
O4 - HKCU\..\Run: [\YUR2F97.exe] C:\Windows\system32\YUR2F97.exe
O4 - HKCU\..\Run: [\YUR3C06.exe] C:\Windows\system32\YUR3C06.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - htt*s://h20364.[www]2.hp[.com]/CSMWeb/Customer/cabs/HPISDataManager .cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - htt*://messenger.zone.msn[.com]/binary/msgrchkr .cab56986 .cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\*******!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - htt*://messenger.zone.msn[.com]/binary/SolitaireShowdown .cab56986 .cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - htt*://messenger.zone.msn[.com]/binary/ZIntro .cab56649 .cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - htt*://messenger.zone.msn[.com]/binary/MessengerStatsPAClient .cab56907 .cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
QUESTO è IL LOG.


Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15189 bytes
Torna all'inizio della Pagina

Misterx
Average Member


Città: Carpi


86 Messaggi
Inserito il - 05/10/2008 : 12:57:13  Mostra Profilo
QUESTO è QUELLO COMPLETO


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.56.26, on 05/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Sally e Valerio\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\HlpWinSh\jypgjglq.exe
C:\ProgramData\rmzkdqhk\nafavide.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\*******!\Messenger\ymsgr_tray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = htt*://go.microsoft[.com]/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [www].google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htt*://ie.redirect.hp[.com]/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = htt*://go.microsoft[.com]/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htt*://go.microsoft[.com]/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = htt*://ie.redirect.hp[.com]/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &*******! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\*******!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar[.com] IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: *******! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\*******!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /F "C:\Windows\TEMP\E_SD7B8.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [\YURAD15.exe] C:\Windows\system32\YURAD15.exe
O4 - HKLM\..\Run: [\YURADE0.exe] C:\Windows\system32\YURADE0.exe
O4 - HKLM\..\Run: [\YURB159.exe] C:\Windows\system32\YURB159.exe
O4 - HKLM\..\Run: [\YURB2B0.exe] C:\Windows\system32\YURB2B0.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [*******! Pager] "C:\PROGRA~1\*******!\MESSEN~1\*******M~1.EXE" -quiet
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sally e Valerio\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [HlpWinSh] C:\ProgramData\HlpWinSh\jypgjglq.exe
O4 - HKCU\..\Run: [\YURAD15.exe] C:\Windows\system32\YURAD15.exe
O4 - HKCU\..\Run: [\YURADE0.exe] C:\Windows\system32\YURADE0.exe
O4 - HKCU\..\Run: [\YURB159.exe] C:\Windows\system32\YURB159.exe
O4 - HKCU\..\Run: [\YURB2B0.exe] C:\Windows\system32\YURB2B0.exe
O4 - HKCU\..\Run: [IYXRRMtbu7] C:\ProgramData\rmzkdqhk\nafavide.exe
O4 - HKCU\..\Run: [\YUR2D56.exe] C:\Windows\system32\YUR2D56.exe
O4 - HKCU\..\Run: [\YUR317B.exe] C:\Windows\system32\YUR317B.exe
O4 - HKCU\..\Run: [\YUR33CC.exe] C:\Windows\system32\YUR33CC.exe
O4 - HKCU\..\Run: [\YUR3320.exe] C:\Windows\system32\YUR3320.exe
O4 - HKCU\..\Run: [\YUR33FA.exe] C:\Windows\system32\YUR33FA.exe
O4 - HKCU\..\Run: [\YUR3571.exe] C:\Windows\system32\YUR3571.exe
O4 - HKCU\..\Run: [\YUR34C5.exe] C:\Windows\system32\YUR34C5.exe
O4 - HKCU\..\Run: [\YUR2F97.exe] C:\Windows\system32\YUR2F97.exe
O4 - HKCU\..\Run: [\YUR3C06.exe] C:\Windows\system32\YUR3C06.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - htt*s://h20364.[www]2.hp[.com]/CSMWeb/Customer/cabs/HPISDataManager .cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - htt*://messenger.zone.msn[.com]/binary/msgrchkr .cab56986 .cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\*******!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - htt*://messenger.zone.msn[.com]/binary/SolitaireShowdown .cab56986 .cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - htt*://messenger.zone.msn[.com]/binary/ZIntro .cab56649 .cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - htt*://messenger.zone.msn[.com]/binary/MessengerStatsPAClient .cab56907 .cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15114 bytes
Torna all'inizio della Pagina

Misterx
Average Member


Città: Carpi


86 Messaggi
Inserito il - 05/10/2008 : 12:58:10  Mostra Profilo
Va bene adesso??
Torna all'inizio della Pagina

shang
Advanced Member

Città: Roma


4879 Messaggi
Inserito il - 05/10/2008 : 13:02:06  Mostra Profilo
si va bene

ora lo sto' controllando
Torna all'inizio della Pagina

shang
Advanced Member

Città: Roma


4879 Messaggi
Inserito il - 05/10/2008 : 13:24:22  Mostra Profilo
sei pieno di infezioni


scarica Avenger da qui

htt*://swandog46.geekstogo[.com]/avenger.zip

lo installi e lo lanci

Copi e incolli nella finestra: "Input script here" il testo in rosso così come lo vedi scritto:

files to delete:
C:\ProgramData\HlpWinSh\jypgjglq.exe
C:\ProgramData\rmzkdqhk\nafavide.exe

Spunta "Automatically disable any rootkits found"

clicca sul pulsante "Execute"
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

posta il log di avenger che trovi in c:\


_______



Apri hjt ed elimina queste voci:

O4 - HKLM\..\Run: [\YURAD15.exe] C:\Windows\system32\YURAD15.exe


O4 - HKLM\..\Run: [\YURADE0.exe] C:\Windows\system32\YURADE0.exe

O4 - HKLM\..\Run: [\YURB159.exe] C:\Windows\system32\YURB159.exe

O4 - HKLM\..\Run: [\YURB2B0.exe] C:\Windows\system32\YURB2B0.exe


O4 - HKCU\..\Run: [HlpWinSh] C:\ProgramData\HlpWinSh\jypgjglq.exe

O4 - HKCU\..\Run: [\YURAD15.exe] C:\Windows\system32\YURAD15.exe

O4 - HKCU\..\Run: [\YURADE0.exe] C:\Windows\system32\YURADE0.exe


O4 - HKCU\..\Run: [\YURB159.exe] C:\Windows\system32\YURB159.exe

O4 - HKCU\..\Run: [\YURB2B0.exe] C:\Windows\system32\YURB2B0.exe

O4 - HKCU\..\Run: [IYXRRMtbu7] C:\ProgramData\rmzkdqhk\nafavide.exe


O4 - HKCU\..\Run: [\YUR317B.exe] C:\Windows\system32\YUR317B.exe


O4 - HKCU\..\Run: [\YUR33CC.exe] C:\Windows\system32\YUR33CC.exe

O4 - HKCU\..\Run: [\YUR3320.exe] C:\Windows\system32\YUR3320.exe


O4 - HKCU\..\Run: [\YUR33FA.exe] C:\Windows\system32\YUR33FA.exe


O4 - HKCU\..\Run: [\YUR3571.exe] C:\Windows\system32\YUR3571.exe

O4 - HKCU\..\Run: [\YUR34C5.exe] C:\Windows\system32\YUR34C5.exe


O4 - HKCU\..\Run: [\YUR2F97.exe] C:\Windows\system32\YUR2F97.exe

O4 - HKCU\..\Run: [\YUR3C06.exe] C:\Windows\system32\YUR3C06.exe

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
Torna all'inizio della Pagina

Misterx
Average Member


Città: Carpi


86 Messaggi
Inserito il - 05/10/2008 : 13:29:39  Mostra Profilo
ok sarà fatto..
Torna all'inizio della Pagina

shang
Advanced Member

Città: Roma


4879 Messaggi
Inserito il - 05/10/2008 : 13:31:47  Mostra Profilo
quando hai finito, prima di usare dr web cureit, fai una scansione con kaspersky online

htt*://[www].kaspersky[.com]/virusscanner

clicca su "kaspersky online scanner"
clicca su "accept"
--- verrà eseguito il download dei componenti necessari alla scansione
quando è terminato clicca su "my computer" (finestra a sinistra)
avvia la scansione
--- da questo punto in poi, puoi anche disconnettere il pc da internet
quando finisce la scansione, salva e posta il rapporto.


(attento ai programmi crack)
Torna all'inizio della Pagina

Misterx
Average Member


Città: Carpi


86 Messaggi
Inserito il - 05/10/2008 : 16:30:00  Mostra Profilo
allora inanzi tutto ecco il log di Avenger:
Logfile of The Avenger Version 2.0, (c) by Swandog46
htt*://swandog46.geekstogo[.com]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\ProgramData\HlpWinSh\jypgjglq.exe" deleted successfully.

Error: file "C:\ProgramData\rmzkdqhk\nafavide.exe" not found!
Deletion of file "C:\ProgramData\rmzkdqhk\nafavide.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.



Poi dopo ho eliminato le cose che mi hai detto, ho fatto la scansione con Kaspersky, solo che non mi fà salvare un bel niente..cioè vado x salvarlo, dico la cartella dove salvare il log, ma niente di niente..non c'è da nessuna parte.
Modificato da - Misterx in data 05/10/2008 16:30:51
Torna all'inizio della Pagina

shang
Advanced Member

Città: Roma


4879 Messaggi
Inserito il - 05/10/2008 : 18:05:07  Mostra Profilo
peccato kaspersky mi servirebbe

puoi riprovare a fare la scansione?

ricordi se ha rilevato qualcosa?

magari prova a fare una foto

___________________



per maggior sicurezza, vedi se nel tuo pc c'e' ancora questo

C:\ProgramData\rmzkdqhk\nafavide.exe
Modificato da - shang in data 05/10/2008 18:06:02
Torna all'inizio della Pagina

Misterx
Average Member


Città: Carpi


86 Messaggi
Inserito il - 05/10/2008 : 18:14:36  Mostra Profilo
e si tanti trojan tipo 11...cmq ci sta tanto a fare una scansione..ci a messo 2 ore e 30...si cmq c'è ancora quel file..ma se lo elimino io manulamente cosa succede??cmq sembrava che era un file esegubile questo qua nafavide.exe ,cioe ci cliccavo sopra si caricava ma nn si apriva niente, ma ora no, mi richiede con quale programma lo voglio aprire!! cmq molti messaggi di falso allarme non ci sono più!!
Torna all'inizio della Pagina

shang
Advanced Member

Città: Roma


4879 Messaggi
Inserito il - 05/10/2008 : 18:16:49  Mostra Profilo
segui il percorso >>> C:\ProgramData\rmzkdqhk\nafavide.exe

eliminalo manualmente - SHIFT+CANC E LO ELIMINI SENZA FARLO PASSARE PER IL CESTINO
Torna all'inizio della Pagina
Pagina: di 2 Discussione Precedente Discussione Discussione Successiva  
Pagina Successiva

 Forum Bloccato
 Versione Stampabile Bookmark this Topic Aggiungi Segnalibro
Vai a:
NoTrace Security Forum
 © Nazzareno Schettino
RSS NEWS 		Torna all'inizio della Pagina
Pagina generata in 0,34 secondi. TargatoNA | SuperDeeJay | Snitz Forums 2000