Ho appena installato avast e disinstallato zonealarm perchè creava conflitto + avg antivirus e mi ritrovo colpito da questi trojan che mi fanno riavviare il pc, cosa mi consigliate di fare? non trovo info su google, help me.
thanks in advance
Ho appena installato avast e disinstallato zonealarm perchè creava conflitto + avg antivirus e mi ritrovo colpito da questi trojan che mi fanno riavviare il pc, cosa mi consigliate di fare? non trovo info su google, help me.
thanks in advance
wdkp 98.7 the sound of tomorrow the music of today
hai provato con AntivirPe e Zone Alarm?
Inviami per favore i due file zippati e con password a www.suspectfile.com
grazie
problema risolto con zone alarm e antivir pe.......grazie!!
wdkp 98.7 the sound of tomorrow the music of today
dopo aver fatto la scansione con asquared2 esce questo report in cui poi ho cancellato i trojan, sperando di averli eliminati definitivamente
-squared Free - Version 2.1
Impostazioni scansione:
Oggetti: Memoria, Tracce, Cookies, C:\, D:\, I:\
Archivio scansioni: On
Scientifico: On
ADS Scan: On
Scansione avviata: 16/01/2007 10.49.10
C:\Documents and Settings\All Users\Menu Avvio\Programmi\remote administrator v2.2 rilevati: Trace.Directory.Radmin
C:\Programmi\radmin rilevati: Trace.Directory.Radmin
C:\Documents and Settings\All Users\Menu Avvio\Programmi\remote administrator v2.2\help (english).lnk rilevati: Trace.File.Radmin
C:\Documents and Settings\All Users\Menu Avvio\Programmi\remote administrator v2.2\remote administrator viewer.lnk rilevati: Trace.File.Radmin
C:\Documents and Settings\All Users\Menu Avvio\Programmi\remote administrator v2.2\settings for remote administrator server.lnk rilevati: Trace.File.Radmin
C:\Documents and Settings\All Users\Menu Avvio\Programmi\remote administrator v2.2\start remote administrator server.lnk rilevati: Trace.File.Radmin
C:\Documents and Settings\All Users\Menu Avvio\Programmi\remote administrator v2.2\stop remote administrator server.lnk rilevati: Trace.File.Radmin
C:\Programmi\radmin\help.cnt rilevati: Trace.File.Radmin
C:\Programmi\radmin\help.hlp rilevati: Trace.File.Radmin
C:\Programmi\radmin\license.txt rilevati: Trace.File.Radmin
C:\Programmi\radmin\r_server.exe rilevati: Trace.File.Radmin
C:\Programmi\radmin\radmin.exe rilevati: Trace.File.Radmin
C:\Programmi\radmin\readme.txt rilevati: Trace.File.Radmin
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\uninstall\remote administrator v2.2 rilevati: Trace.Registry.Radmin
Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\r oot\legacy_r_server rilevati: Trace.Registry.Radmin
Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\r_server rilevati: Trace.Registry.Radmin
Key: HKEY_LOCAL_MACHINE\system\radmin rilevati: Trace.Registry.Radmin
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Remote Administrator v2.2 --> DisplayName rilevati: Trace.Registry.Radmin
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Remote Administrator v2.2 --> UninstallString rilevati: Trace.Registry.Radmin
C:\Documents and Settings\User\Cookies\user@atdmt[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@cgi-bin[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@mediaplex[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@statse.webtrendslive[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@bluestreak[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@tradedoubler[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@media.intelia[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@statcounter[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@sex-superstore[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@zedo[2].txt rilevati: Trace.TrackingCookie
C:\WINDOWS\SYSTEM32\raddrv.dll rilevati: Riskware.RemoteAdmin.Win32.RAdmin.20
C:\WINDOWS\112.tmp rilevati: Adware.Win32.LinkOptimizer.a
C:\Programmi\Radmin\raddrv.dll rilevati: Riskware.RemoteAdmin.Win32.RAdmin.20
C:\Programmi\Radmin\radmin.exe rilevati: Riskware.RemoteAdmin.Win32.RAdmin.22
C:\Programmi\Radmin\r_server.exe rilevati: Riskware.RemoteAdmin.Win32.RAdmin.22
C:\Programmi\Nokia\Nokia PC Suite 6\OneTouchAccess.exe rilevati: Heuristic.Dialer
C:\Documents and Settings\User\Documenti\RADMIN22.EXE rilevati: Riskware.RemoteAdmin.Win32.RAdmin.20
C:\Documents and Settings\PIuAbymXhRjMuE\Impostazioni locali\Temporary Internet Files\Content.IE5\CDQF4TU7\lfolv[1].htm rilevati: Hoax.Win32.Renos.gc
C:\Documents and Settings\PIuAbymXhRjMuE\Impostazioni locali\Temporary Internet Files\Content.IE5\51J35ZQC\fliffccjm[1].txt rilevati: Trojan-Clicker.Win32.Costrat.ae
C:\Documents and Settings\PIuAbymXhRjMuE\Impostazioni locali\Temporary Internet Files\Content.IE5\51J35ZQC\hgmslsbl[1].htm rilevati: Dialer
C:\Documents and Settings\PIuAbymXhRjMuE\Impostazioni locali\Temporary Internet Files\Content.IE5\SK82NRZI\jkzfp[1].txt rilevati: Trojan-PSW.Win32.Sinowal.bv
C:\lhlk.exe rilevati: Trojan-Clicker.Win32.Costrat.ae
C:\FOUND.055\FILE0000.CHK rilevati: Hoax.Win32.Renos.gc
D:\Download\scene\Remote Administrator v2.2.rar/RADMIN22.EXE rilevati: Riskware.RemoteAdmin.Win32.RAdmin.20
Scansionati
Files: 135689
Tracce: 94083
Cookies: 82
Processi: 30
Rilevato
Files: 14
Tracce: 19
Cookies: 11
Processi: 0
Chiavi registro: 0
Fine scansione: 16/01/2007 11.38.53
Tempo scansione: 0.49.43
C:\Documents and Settings\PIuAbymXhRjMuE\Impostazioni locali\Temporary Internet Files\Content.IE5\SK82NRZI\jkzfp[1].txt Cancellato Trojan-PSW.Win32.Sinowal.bv
C:\Documents and Settings\PIuAbymXhRjMuE\Impostazioni locali\Temporary Internet Files\Content.IE5\51J35ZQC\hgmslsbl[1].htm Cancellato Dialer
C:\Documents and Settings\PIuAbymXhRjMuE\Impostazioni locali\Temporary Internet Files\Content.IE5\51J35ZQC\fliffccjm[1].txt Cancellato Trojan-Clicker.Win32.Costrat.ae
C:\lhlk.exe Cancellato Trojan-Clicker.Win32.Costrat.ae
C:\Documents and Settings\PIuAbymXhRjMuE\Impostazioni locali\Temporary Internet Files\Content.IE5\CDQF4TU7\lfolv[1].htm Cancellato Hoax.Win32.Renos.gc
C:\FOUND.055\FILE0000.CHK Cancellato Hoax.Win32.Renos.gc
C:\Programmi\Nokia\Nokia PC Suite 6\OneTouchAccess.exe Cancellato Heuristic.Dialer
C:\Programmi\Radmin\radmin.exe Cancellato Riskware.RemoteAdmin.Win32.RAdmin.22
C:\Programmi\Radmin\r_server.exe Cancellato Riskware.RemoteAdmin.Win32.RAdmin.22
C:\WINDOWS\112.tmp Cancellato Adware.Win32.LinkOptimizer.a
C:\WINDOWS\SYSTEM32\raddrv.dll Cancellato Riskware.RemoteAdmin.Win32.RAdmin.20
C:\Programmi\Radmin\raddrv.dll Cancellato Riskware.RemoteAdmin.Win32.RAdmin.20
C:\Documents and Settings\User\Documenti\RADMIN22.EXE Cancellato Riskware.RemoteAdmin.Win32.RAdmin.20
D:\Download\scene\Remote Administrator v2.2.rar/RADMIN22.EXE Cancellato Riskware.RemoteAdmin.Win32.RAdmin.20
C:\Documents and Settings\User\Cookies\user@atdmt[2].txt Cancellato Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@cgi-bin[1].txt Cancellato Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@mediaplex[1].txt Cancellato Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@statse.webtrendslive[1].txt Cancellato Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@bluestreak[1].txt Cancellato Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@tradedoubler[2].txt Cancellato Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@media.intelia[2].txt Cancellato Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@statcounter[2].txt Cancellato Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt Cancellato Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@sex-superstore[2].txt Cancellato Trace.TrackingCookie
C:\Documents and Settings\User\Cookies\user@zedo[2].txt Cancellato Trace.TrackingCookie
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\uninstall\remote administrator v2.2 Cancellato Trace.Registry.Radmin
Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\r oot\legacy_r_server Cancellato Trace.Registry.Radmin
Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\r_server Cancellato Trace.Registry.Radmin
Key: HKEY_LOCAL_MACHINE\system\radmin Cancellato Trace.Registry.Radmin
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Remote Administrator v2.2 --> DisplayName Cancellato Trace.Registry.Radmin
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Remote Administrator v2.2 --> UninstallString Cancellato Trace.Registry.Radmin
C:\Documents and Settings\All Users\Menu Avvio\Programmi\remote administrator v2.2\help (english).lnk Cancellato Trace.File.Radmin
C:\Documents and Settings\All Users\Menu Avvio\Programmi\remote administrator v2.2\remote administrator viewer.lnk Cancellato Trace.File.Radmin
C:\Documents and Settings\All Users\Menu Avvio\Programmi\remote administrator v2.2\settings for remote administrator server.lnk Cancellato Trace.File.Radmin
C:\Documents and Settings\All Users\Menu Avvio\Programmi\remote administrator v2.2\start remote administrator server.lnk Cancellato Trace.File.Radmin
C:\Documents and Settings\All Users\Menu Avvio\Programmi\remote administrator v2.2\stop remote administrator server.lnk Cancellato Trace.File.Radmin
C:\Programmi\radmin\help.cnt Cancellato Trace.File.Radmin
C:\Programmi\radmin\help.hlp Cancellato Trace.File.Radmin
C:\Programmi\radmin\license.txt Cancellato Trace.File.Radmin
C:\Programmi\radmin\r_server.exe Cancellato Trace.File.Radmin
C:\Programmi\radmin\radmin.exe Cancellato Trace.File.Radmin
C:\Programmi\radmin\readme.txt Cancellato Trace.File.Radmin
C:\Documents and Settings\All Users\Menu Avvio\Programmi\remote administrator v2.2 Cancellato Trace.Directory.Radmin
C:\Programmi\radmin Cancellato Trace.Directory.Radmin
Cancellato
Files: 14
Tracce: 19
Cookies: 11
sono davvero eliminati?? se NO quale prog devo installare dopo antivir - asquared2 zone alarm e avg antyspyware??
wdkp 98.7 the sound of tomorrow the music of today
amvinfe fammi sape per avere la certezza che sia tutto in regola per favore........
wdkp 98.7 the sound of tomorrow the music of today
esegui anche una scansione con antivirpe
ciao amvinfe qua non s'è risolto nulla, explorer non va e antivir p non fa nulla, infatti con hjthis e mi dice questo:
Logfile of HijackThis v1.99.1
Scan saved at 9.07.15, on 17/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\wpablan.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\NewMixer.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\HighCriteria\TotalRecorder\TotRecSche d.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\File comuni\AOL\1129130041\ee\AOLSoftware.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 5008\GoogleToolbarNotifier.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe
C:\Programmi\GetRight\getright.exe
C:\Programmi\GetRight\getright.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Programmi\TrueCrypt\TrueCrypt.exe
C:\Programmi\Messenger\msmsgs.exe
c:\nsrat.exe
C:\WINDOWS\System32\msasvc.exe
C:\WINDOWS\TEMP\RmtKMmrgi
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\User\Documenti\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/home/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Class - {AAB2BC3F-6E6A-6803-FD08-1548F87C949C} - C:\WINDOWS\hdakn1.dll (file missing)
O3 - Toolbar: Rapido - {D3403F20-7D39-435F-A8CB-45016C29E48E} - C:\PROGRAMMI\RAPIDO\RAPIDO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\WINDOWS\NewMixer.exe /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Programmi\HighCriteria\TotalRecorder\TotRecSch ed.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\System32\netqvya.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [HostManager] C:\Programmi\File comuni\AOL\1129130041\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UDial] C:\WINDOWS\System32/udial.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [E06IXLRD_47589171] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Programmi\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Programmi\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Simp] C:\Programmi\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmi\GetRight\getright.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAMMI\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra button: Alice - {456FC6E0-7A73-11D7-BBDD-C6E8CC669041} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: HushEncryptionEngine - https://mailserver5.hushmail.com/sha...tionEngine.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.fastwebnet.org/font/tdserver.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097826190891
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.c...ll/Xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
non va niente il pc non si collega al web e poi sia avg antispyware e antivir p segnalano ma poi non mi dicono se voglio cancellare o meno.
nsart. exe e bdjuice.exe appaiono sempre e me le segnala come minacce gravi.
antivir p fa la scansione segnala ma poi.......... non mi appare nessun comando eleiminare le minacce ecc come mai??
thanks
wdkp 98.7 the sound of tomorrow the music of today
Mi ha trovato anche sinowal.exe che è un trojan
wdkp 98.7 the sound of tomorrow the music of today
Scusate per il flood ma ogni passaggio che faccio lo posto, adesso ho seguito la tua guida per elimanare isass.exe vado in regedit ecc da mod provv ma non trovo l'avserve 2 ecc ti posto l'immagine :
e poi mi trova un vbpablan.exe e me lo segnala avira come minaccia grave
wdkp 98.7 the sound of tomorrow the music of today
scusami, ma di quale mia guida parli? :master:Originariamente inviato da daftsonny
Scusate per il flood ma ogni passaggio che faccio lo posto, adesso ho seguito la tua guida per elimanare isass.exe vado in regedit ecc da mod provv ma non trovo l'avserve 2 ecc...
==
Disinstalla AVG antispyware.
==
Apri HijackThis esegui una scansione, metti la spunta al fianco dei valori. Chiudi tutti i programmi eventualmente aperti, browser compreso, clicca su Fix checked:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {AAB2BC3F-6E6A-6803-FD08-1548F87C949C} - C:\WINDOWS\hdakn1.dll (file missing)
O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\System32\netqvya.exe
O4 - HKLM\..\Run: [UDial] C:\WINDOWS\System32/udial.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
==
Riavvia in modalità provvisoria ed elimina se presenti:
C:\WINDOWS\System32/udial.exe
C:\WINDOWS\System32\netqvya.exe
C:\WINDOWS\wpablan.exe
c:\nsrat.exe
C:\WINDOWS\System32\msasvc.exe
C:\WINDOWS\TEMP\RmtKMmrgi
Riavvia
==
Svuota la cache dei temp, i Temporary internet file ed i cookie
==
Esegui una scansione dalla modalità provvisoria con AntivirPe, riavvia.
Esegui una scansione con Systemscan
http://www.suspectfile.com/upload/fi...systemscan.exe
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verrà rilasciato in C:\suspectfile il file report.txt.
Vai su www.mytempdir.com carica il file e nella tua prossima risposta scrivi l'URL per scaricarlo.
Permessi di invio
Rispondi quotando