geppo68

[xp]sp2 Trojan-dropper.win32.agent.qqj

6 messaggi in questa discussione

Buongiorno a tutti , ho un problema : la clessidra del puntatore rimane sempre presente sullo schermo e lampeggia ,ho fatto una scansione con kaspersky online e mi ha rilevato alcuni trojan .

Vi posto il log di hijackthis.

Trojan-Dropper.Win32.Agent.qqj Logfile of HijackThis v1.99.1

Scan saved at 11.12.18, on 22/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\AntiVir PersonalEdition Premium\sched.exe

C:\Programmi\AntiVir PersonalEdition Premium\avguard.exe

C:\Programmi\AntiVir PersonalEdition Premium\avesvc.exe

C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

C:\Programmi\AntiVir PersonalEdition Premium\avmailc.exe

C:\Programmi\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programmi\AntiVir PersonalEdition Premium\avgnt.exe

C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe

C:\Programmi\HP\HP Software Update\HPWuSchd2.exe

D:\PROGRA~2\NOKIAP~1\LAUNCH~1.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe

D:\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe

D:\Programmi\Nokia PC Suite 6\PcSync2.exe

C:\Programmi\Messenger\msmsgs.exe

C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe

C:\Programmi\MSN Messenger\MsnMsgr.Exe

C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe

C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe

C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe

C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Programmi\Internet Explorer\IEXPLORE.EXE

C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programmi\DAP\DAP.EXE

C:\Documents and Settings\Proprietario\Desktop\Collegamenti desktop inutilizzati\Per Gerard\My Received Files\hijackthis\HijackThis.exe

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~2\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uniblue SpyEraser] "C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe" -m

O4 - HKCU\..\Run: [PcSync] D:\Programmi\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'avsda.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194114664156

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194124572390

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

Grazie siete sempre i migliori !!

scansione_kaspersky_21.4.08.html

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao geppo68

Disabilita il tuo antivirus...

Scaricati Combofix

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Salvalo sul desktop.

(se il file salvato dal primo link non dovesse funzionare, scaricalo dal secondo link)

1. Doppio click su combofix.exe, comparirà la seguente videata:

combofix01fn6zj1.jpg

2. Digita 1, premi Invio e segui le indicazioni.

3. Al termine, verrà creato un file log chiamato C:\ComboFix.txt.

4. Posta il log creato

5.Allega un log di Hijackthis eseguito con l'ultima versione

Nota: Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.

Nota: ComboFix non funziona in modalità provvisoria.

:P:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ho fatto tutto ecco i log

ComboFix 08-04-22.5 - Proprietario 2008-04-24 9.49.04.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.41.1040.18.610 [GMT 2:00]

Eseguito da: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe

* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Desktop\UUSEE~1.LNK

C:\Documents and Settings\All Users\Menu Avvio\UUSEE~1.LNK

C:\WINDOWS\Downloaded Program Files\setup.inf

.

((((((((((((((((((((((((( Files Creati Da 2008-03-24 al 2008-04-24 )))))))))))))))))))))))))))))))))))

.

2008-04-22 12:54 . 2008-04-22 12:54 <DIR> d-------- C:\VundoFix Backups

2008-04-20 23:02 . 2008-04-20 23:02 <DIR> d-------- C:\Programmi\Microsoft Silverlight

2008-04-15 21:52 . 2008-04-15 21:52 <DIR> d-------- C:\Documents and Settings\Proprietario\DoctorWeb

2008-04-09 01:21 . 2008-04-09 01:22 98,838 --a------ C:\WINDOWS\hpqins16.dat

2008-04-06 21:43 . 2008-04-13 19:15 <DIR> d-------- C:\Programmi\File comuni\uusee

2008-04-06 21:42 . 2008-04-07 09:00 <DIR> d-------- C:\Programmi\Google

2008-04-02 18:19 . 2008-04-02 18:20 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller

2008-04-02 18:17 . 2008-04-05 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller

2008-03-29 22:59 . 2008-03-29 23:08 <DIR> d-------- C:\Documents and Settings\Proprietario\Dati applicazioni\SopCast

2008-03-29 22:11 . 2008-03-29 22:15 <DIR> d-------- C:\Documents and Settings\Proprietario\Dati applicazioni\ppstream

2008-03-29 21:55 . 2008-03-29 21:55 <DIR> d-------- C:\Programmi\File comuni\Synacast

2008-03-29 21:55 . 2008-03-29 21:55 <DIR> d-------- C:\Documents and Settings\Proprietario\Dati applicazioni\PPMate

2008-03-29 21:12 . 2008-03-29 21:14 <DIR> d-------- C:\Documents and Settings\Proprietario\babelgum

2008-03-25 00:47 . 2008-03-25 00:47 1,409 --a------ C:\WINDOWS\system32\tmpBB0A8.FOT

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-24 07:14 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP

2008-04-24 06:58 --------- d-----w C:\Programmi\AntiVir PersonalEdition Premium

2008-04-22 06:09 2,911,232 ----a-w C:\WINDOWS\Internet Logs\xDBF59A.tmp

2008-04-21 18:11 8,748 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_21_19_38_31_small.dmp.zip

2008-04-21 18:11 113,393 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_21_19_37_22_small.dmp.zip

2008-04-20 00:41 131,584 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp

2008-04-19 23:25 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help

2008-04-19 12:26 2,872,832 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp

2008-04-19 07:49 22,965,996 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_04_18_21_19_54_full.dmp.zip

2008-04-18 19:22 3,134,976 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp

2008-04-18 19:21 2,872,320 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp

2008-04-18 19:19 2,872,832 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp

2008-04-17 20:35 --------- d-----w C:\Programmi\SpeedBit Video Accelerator

2008-04-17 14:04 10,919,535 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2008-04-16 21:53 --------- d-----w C:\Programmi\NoAdware5.0

2008-04-14 14:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition Premium

2008-04-14 14:43 126,264 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\mainlsp.reg.dat

2008-04-11 09:25 --------- d-----w C:\Programmi\Windows Media Connect 2

2008-04-06 19:43 --------- d-----w C:\Programmi\MSN Messenger

2008-03-20 19:42 2,706,432 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp

2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-18 22:55 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink

2008-03-17 22:56 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\gtk-2.0

2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-24 17:28 --------- d-----w C:\Programmi\Picture Pyramid

2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2007-11-03 14:12 84,418 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\firstlsp.reg.dat

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]

"Uniblue SpyEraser"="C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe" [2007-12-03 16:39 1260296]

"PcSync"="D:\Programmi\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]

"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]

"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 11:36 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 11:31 126976]

"avgnt"="C:\Programmi\AntiVir PersonalEdition Premium\avgnt.exe" [2008-04-14 16:28 262401]

"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280]

"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

"PCSuiteTrayApplication"="D:\PROGRA~2\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]

"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]

"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

"QuickTime Task"="D:\qttask.exe" [2008-02-15 15:43 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Bluetooth Manager.lnk - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 20:42:34 45056]

HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSVideo"= VfwECamC.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Programmi\\AntiVir PersonalEdition Premium\\avcenter.exe"=

"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Programmi\\uTorrent\\uTorrent.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Programmi\\MSN Messenger\\livecall.exe"=

"D:\\Programmi\\ABC\\abc.exe"=

"D:\\Programmi\\eMule\\eMule.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programmi\\Messenger\\msmsgs.exe"=

"C:\\Programmi\\Zone Labs\\ZoneAlarm\\zlclient.exe"=

"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"D:\\Programmi\\uusee\\UUSeePlayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Web Server

R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;C:\Programmi\AntiVir PersonalEdition Premium\avmailc.exe [2008-04-14 16:28]

R2 antivirwebservice;Avira AntiVir Premium WebGuard;"C:\Programmi\AntiVir PersonalEdition Premium\AVWEBGRD.EXE" [2008-04-14 16:28]

R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;C:\Programmi\AntiVir PersonalEdition Premium\avesvc.exe [2008-04-14 16:28]

R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-11-03 19:19]

R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2007-11-03 19:19]

*Newly Created Service* - CATCHME

.

Contenuto della cartella 'Scheduled Tasks'

"2007-11-03 15:11:24 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"

- C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-24 09:54:21

Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe [6576] 0x88F31020

? [11152]

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe [11128] 0x88DFF2F8

? [11164]

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

Ora fine scansione: 2008-04-24 9.59.32

ComboFix-quarantined-files.txt 2008-04-24 07:59:14

8 Directory 4,952,100,864 byte disponibili

12 Directory 5,383,639,040 byte disponibili

157 --- E O F --- 2008-04-21 14:17:07

hijackthis.log

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

:):P

Grazie sono riuscito a liberarmi dei trojan

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Sono contenta che hai risolto...

Con tutte le applicazioni chiuse

Avvia Hijack e clicca su "do a system scan only"

Metti la spunta a queste voci e clicca su "fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm

Da "Installazione Applicazioni" disinstalla DAP (che è uno spyware) al suo posto puoi usare

Download Express (Free)

http://www.metaproducts.com/download/desetup.exe

:P:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ho fatto tutto , sembra che il problema della clessidra sia risolto.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora