Ho VISTA PREMIUM e AVAST come antivirus.

Sono 3 giorni che avasto mi trova, ogni 2-3 ore, un trojan. Senza che io stia scaricando niente!!!

Attualmente mi ha trovato questo: 74exhdda.exe
sempre su C:\users\roberto\appdata\local\temp

mi si formano in continuazione e li metto nel cestino di AVAST per poi eliminiarli ma poi ritornano. Ho anche svuotato tutta quella Cartella TEMP ma non ho ottenuto nulla.

Cosa posso fare?

GRAZIE

log di hijackthis

Ecco la lista report di quello che mi è apparso in questi 2 giorni:


11/06/2007 18.53.12 Roberto 3888 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\Users\Public\Emule Completi\Mp4-Amv Convert-Avi-Mpeg-Dat-Wmv-Wma-Asf-Mov-Vob-Rm.zip\MSI.CAB\_6227252443C841BF9FFDFF29A9856421" file.
12/06/2007 14.17.05 SYSTEM 1604 Sign of "Win32:Horst-GZ [Trj]" has been found in "C:\Users\Roberto\AppData\Local\Temp\35exhdda.9.exe\[UPX]" file.
12/06/2007 18.50.59 SYSTEM 1580 Sign of "Win32:Horst-GZ [Trj]" has been found in "C:\Users\Roberto\AppData\Local\Temp\41exhdda.9.exe\[UPX]" file.
12/06/2007 21.55.04 SYSTEM 1744 Sign of "Win32:Horst-GZ [Trj]" has been found in "C:\Users\Roberto\AppData\Local\Temp\48exhdda.9.exe\[UPX]" file.
13/06/2007 0.13.35 SYSTEM 1500 Sign of "Win32:Horst-GZ [Trj]" has been found in "C:\Users\Roberto\AppData\Local\Temp\17exhdda.9.exe\[UPX]" file.
13/06/2007 11.53.20 SYSTEM 1780 Sign of "Win32:Horst-GZ [Trj]" has been found in "C:\Users\Roberto\AppData\Local\Temp\35exhdda.9.exe\[UPX]" file.
13/06/2007 15.19.36 SYSTEM 1620 Sign of "Win32:Horst-GZ [Trj]" has been found in "C:\Users\Roberto\AppData\Local\Temp\89exhdda.9.exe\[UPX]" file.
13/06/2007 16.28.00 SYSTEM 1620 Sign of "Win32:Horst-GZ [Trj]" has been found in "C:\Users\Roberto\AppData\Local\Temp\2exhdda.9.exe\[UPX]" file.
13/06/2007 17.34.48 SYSTEM 1664 Sign of "Win32:Horst-GZ [Trj]" has been found in "C:\Users\Roberto\AppData\Local\Temp\87exhdda.9.exe\[UPX]" file.
13/06/2007 20.28.21 SYSTEM 1652 Sign of "Win32:Horst-GZ [Trj]" has been found in "C:\Users\Roberto\AppData\Local\Temp\74exhdda.9.exe\[UPX]" file.
13/06/2007 23.15.05 SYSTEM 1768 Sign of "Win32:Horst-GZ [Trj]" has been found in "C:\Users\Roberto\AppData\Local\Temp\68exhdda.9.exe\[UPX]" file.

log di hijackthis

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download

log di hijackthis

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download

Basta lanciarlo e torna tutto a posto?

log di hijackthis

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download

Scusa ma non sono esperto, non capisco come usarlo

Un'altra domanda: Cosa posso usare per prevenire questi problemi avendo VISTA PREMIUM

Io ho AVASTA e il Firewall di VISTA ma deduco che non sono il massimo

Lo apri,clicchi su "I Agree",clicchi su "do a system scan and save logfile" e ti aprirà un file di testo:copia ed incolla il contenuto qui.

Lo apri,clicchi su "I Agree",clicchi su "do a system scan and save logfile" e ti aprirà un file di testo:copia ed incolla il contenuto qui.

Grazie tantissimo

Ecco la lista del Log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10.39.01, on 14/06/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\gsicon.exe
C:\Windows\System32\DSLAGENT.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Users\Roberto\AppData\Roaming\smss.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Public\anti-trojan-install\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [.nvsvc] C:\Users\Roberto\AppData\Roaming\smss.exe /w
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: E_SPSU01.lnk = C:\Windows\System32\spool\drivers\w32x86\3\E_SPSU01.EXE
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.archiviosex.net
O15 - Trusted Zone: *.otherchance.com
O15 - Trusted Zone: *.whatsnew.name
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AB5E01E-D694-483A-A0B4-B5E39D09E619}: NameServer = 85.37.17.15 85.38.28.74
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 8887 bytes

SOSPETTI:

C:\Users\Roberto\AppData\Roaming\smss.exe

O4 - HKCU\..\Run: [.nvsvc] C:\Users\Roberto\AppData\Roaming\smss.exe /w

O15 - Trusted Zone: *.archiviosex.net

O15 - Trusted Zone: *.otherchance.com

O15 - Trusted Zone: *.whatsnew.name

SOSPETTI:

C:\Users\Roberto\AppData\Roaming\smss.exe

O4 - HKCU\..\Run: [.nvsvc] C:\Users\Roberto\AppData\Roaming\smss.exe /w

O15 - Trusted Zone: *.archiviosex.net

O15 - Trusted Zone: *.otherchance.com

O15 - Trusted Zone: *.whatsnew.name


Come faccio ad eliminarli?

Come faccio ad eliminarli?

una volta fatta la scansione con Hijackthis, li selezioni ( flagghi il quadratino alla sinistra dei file che ti ho detto) e poi clicchi il tasto " Fix checked".;)

e cancelli questo file,dopo aver disabilitato ripristino conf di sistema:

C:\Users\Roberto\AppData\Roaming\smss.exe

e cancelli questo file,dopo aver disabilitato ripristino conf di sistema:

C:\Users\Roberto\AppData\Roaming\smss.exe

Grazie, domani mattina farò tutto ma....
Un'ultima cosa: come faccio a disabilitare ripristino conf di sistema?

start>pannello di controllo>prestazioni e manutenzione>sistema>ripristino configurazione di sistema>metti la spunta su disabilita ripristino configurazione di sistema>OK

Grazie ai vostri preziosi consigli ho risolto il mio problema.

Ancora molte grazie per la vostra disponibilità

Ora mi chiedo in ultima analisi:
poichè "prevenire è meglio che curare", cosa mi consigliate di montare su VISTA PREMIUM per avere una adeguata protezione?

Attualmente ho AVAST + WINDOWS DEFENDERS costantemente aggiornati

Grazie ai vostri preziosi consigli ho risolto il mio problema.

Ancora molte grazie per la vostra disponibilità

Ora mi chiedo in ultima analisi:
poichè "prevenire è meglio che curare", cosa mi consigliate di montare su VISTA PREMIUM per avere una adeguata protezione?

Attualmente ho AVAST + WINDOWS DEFENDERS costantemente aggiornati

avs + sspyware terminator + un fw decente

Rileggendo mi sono accorto di avere tolto C:\Users\Roberto\AppData\Roaming\smss.exe
senza aver disabilitato ripristino conf di sistema.

Ci sono problemi? Per ora sembra risolto

Grazie

ricancellalo

ricancellalo


Non c'è più

Si riformerà?

il system restore è attivato?

il system restore è attivato?


Non so nemmeno cosa sia :(

Come faccio a vedere se lo è?

Scusate ma sono un po' vecchiotto e ignorantuccio in materia

http://www.sicurezzainrete.com/disabilitare_system_restore.htm