Condividi:        

virus

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

virus

Postdi cracra » 28/11/07 09:07

devo aver presp qualche virus........ ogni volta che mi connetto ad internet mki appare una finestra con la scrittaTeh Simson, pochi secondi dopo scompare e mi si aprono diverse finestre di siti porno, suonerie e altre schifezze......Adesso inoltre non mi si connette più ad interne. Che devo fare???? ho Antivir ma non è servito a nulla... Aiutooo!!!!!!!!!!!!!!!!!!


questa scansione può servire?

RUN: [Synchronization Manager] mobsync.exe /logon
RUN: [ATIPTA] atiptaxx.exe
RUN: [CARPService] carpserv.exe
RUN: [CloneCDElbyCDFL] "D:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
RUN: [CloneCDTray] "D:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe"
RUN: [RealTray] D:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
RUN: [WheelMouse] Amoumain.exe
RUN: [windows auto update]
RUN: [MMTray] D:\Programmi\MusicMatch\MusicMatch Jukebox\mm_tray.exe
RUN: [CXMon] "c:\programmi\hp\Photo Imaging\Hpi_Monitor.exe"
RUN: [Share-to-Web Namespace Daemon] c:\programmi\hp\HP Share-to-Web\hpgs2wnd.exe
RUN: [DSLSTATEXE] D:\Program Files\Libero\Adsl\dslstat.exe icon
RUN: [DSLAGENTEXE] D:\Program Files\Libero\Adsl\dslagent.exe
RUN: [EPSON Stylus Photo R240 Series] D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB002" /M "Stylus Photo R240"
RUN: []
RUN: [Sony Ericsson PC Suite] "D:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
RUN: [NWEReboot]
RUN: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
RUN: [avgnt] "D:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
RUN: [Winamp Agent] D:\WINNT\system32\winamp.exe
RUN: [QuickTime Task] "D:\programmi\quicktimebis\qttask.exe" -atboottime
RUN: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
RUN: [odgnca.exe] D:\WINNT\TEMP\odgnca.exe
RUN: [SearchIndexer] rundll32.exe "D:\WINNT\system32\brpaxpve.dll",sitypnow
RUN: [internat.exe] internat.exe
RUN: [ATI Launchpad] "D:\Programmi\ATI Multimedia\main\launchpd.exe"
RUN: [EPSON Stylus Photo R240 Series] D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /M "Stylus Photo R240" /EF "HKCU"
RUN: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"


**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] D:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
BHO: [AcroIEHlprObj Class] D:\WINNT\system32\byxvtuu.dll
BHO: [AcroIEHlprObj Class] D:\WINNT\system32\ddccc.dll


**** IE Toolbars ****

TOOLBAR: [&Radio] D:\WINNT\System32\msdxm.ocx


**** IE Extensions ****

IEExt: []
IEExt: [@btrez.dll,-4015]
IEExt: [Real.com]


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost


**** IE Settings ****

Default Search: http://www.microsoft.com/isapi/redir.dl ... r=iesearch
Search Page: http://www.microsoft.com/isapi/redir.dl ... r=iesearch


**** IE Context Menu (Right click) ****

IEContext: [Invia a &Bluetooth] D:\Programmi\Bluetooth\Software Bluetooth\btsendto_ie_ctx.htm


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{09E18B9C-B559-4380-9EAC-DECB477DAB72}] SEQPACKET 7
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{09E18B9C-B559-4380-9EAC-DECB477DAB72}] DATAGRAM 7
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{37958735-CF45-4526-8916-3297CB587C50}] SEQPACKET 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{37958735-CF45-4526-8916-3297CB587C50}] DATAGRAM 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6AA1E6F8-2D87-419A-A2E7-15A4A993BF44}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6AA1E6F8-2D87-419A-A2E7-15A4A993BF44}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E0B45A5-3E59-4A8B-939E-2A205BA88B79}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E0B45A5-3E59-4A8B-939E-2A205BA88B79}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF03146A-3FB5-4E64-96A6-814A84EB879C}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF03146A-3FB5-4E64-96A6-814A84EB879C}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1A399C48-B6E4-41A1-8AFC-60D79854C772}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1A399C48-B6E4-41A1-8AFC-60D79854C772}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{176C8686-8420-4690-B14E-E83F930C59D1}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{176C8686-8420-4690-B14E-E83F930C59D1}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{53880187-8C69-43B5-9C1F-3D8936F96AA9}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{53880187-8C69-43B5-9C1F-3D8936F96AA9}] DATAGRAM 4


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

DirectAnimation Java Classes [file://D:\WINNT\Java\classes\dajava.cab]
Microsoft XML Parser for Java [file://D:\WINNT\Java\classes\xmldso.cab]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [http://download.bitdefender.com/resources/scan8/oscan8.cab] D:\WINNT\bdoscandellang.ini D:\WINNT\bdoscandel.exe D:\WINNT\Downloaded Program Files\live.ini D:\WINNT\Downloaded Program Files\scanoptions.tsi D:\WINNT\Downloaded Program Files\lang.ini D:\WINNT\Downloaded Program Files\ipsupd.dll D:\WINNT\Downloaded Program Files\bdupd.dll D:\WINNT\Downloaded Program Files\libfn.dll D:\WINNT\Downloaded Program Files\bdcore.dll D:\WINNT\Downloaded Program Files\oscan8.ocx

{6414512B-B978-451D-A0D8-FCFDF33E833C} [http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143014042671]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38263.5339699074]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]


**** Windows Services ****

[Alerter] %SystemRoot%\System32\services.exe
[ALGS]
[AntiVirScheduler] "D:\Programmi\AntiVir PersonalEdition Classic\sched.exe"
[AntiVirService] "D:\Programmi\AntiVir PersonalEdition Classic\avguard.exe"
[AppMgmt] %SystemRoot%\system32\services.exe
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[BITS] %SystemRoot%\System32\svchost.exe -k BITSgroup
[Browser] %SystemRoot%\System32\services.exe
[btwdins] D:\Programmi\Bluetooth\Software Bluetooth\bin\btwdins.exe
[cisvc] D:\WINNT\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[Dhcp] %SystemRoot%\System32\services.exe
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\services.exe
[Dnscache] %SystemRoot%\System32\services.exe
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] D:\WINNT\System32\svchost.exe -k netsvcs
[ewido security suite control] D:\Programmi\ewido anti-malware\ewidoctrl.exe
[ewido security suite guard] D:\Programmi\ewido anti-malware\ewidoguard.exe
[Fax] %systemroot%\system32\faxsvc.exe
[IDriverT] D:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
[iPod Service] C:\Programmi\iPod\bin\iPodService.exe
[lanmanserver] %SystemRoot%\System32\services.exe
[lanmanworkstation] %SystemRoot%\System32\services.exe
[LmHosts] %SystemRoot%\System32\services.exe
[Messenger] %SystemRoot%\System32\services.exe
[mnmsrvc] D:\WINNT\System32\mnmsrvc.exe
[MSDTC] D:\WINNT\System32\msdtc.exe
[MSIServer] D:\WINNT\System32\MsiExec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\services.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\regsvc.exe
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe -s
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardDrv] %SystemRoot%\System32\SCardSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\system32\MSTask.exe
[seclogon] %SystemRoot%\system32\services.exe
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[StiSvc] %systemroot%\system32\stisvc.exe
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] %SystemRoot%\system32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\services.exe
[UpdateManager]
[UPS] %SystemRoot%\System32\ups.exe
[UtilMan] %SystemRoot%\System32\UtilMan.exe
[W32Time] %SystemRoot%\System32\services.exe
[WinMgmt] %SystemRoot%\System32\WBEM\WinMgmt.exe
[Wmi] %SystemRoot%\system32\Services.exe
[wuauserv] %systemroot%\system32\svchost.exe -k wugroup
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.google.it/
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IEOPT: [FullScreen] no
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [Window_Placement] ,
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [AutoSearch]
IEOPT: [Use FormSuggest] no
IEOPT: [FavChevron] NO
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [Show image placeholders]
IEOPT: [Play_Animations] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [FavIntelliMenus] yes
IEOPT: [Page_Transitions]
IEOPT: [NscSingleExpand]
IEOPT: [Disable Script Debugger] yes
IEOPT: [ShowGoButton] yes
IEOPT: [Friendly http errors] yes
IEOPT: [AllowWindowReuse]
IEOPT: [SmoothScroll]
IEOPT: [Print_Background] no
IEOPT: [FormSuggest PW Ask] no
IEOPT: [Q261272] yes
IEOPT: [Save Directory] C:\Documenti\Gioia\
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] D:\WINNT\SYSTEM32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] about:blank
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.00.2800.1106
IEOPT: [FullScreen] no
cracra
Newbie
 
Post: 3
Iscritto il: 09/05/06 15:15

Sponsor
 

Postdi Luke57 » 28/11/07 11:21

Ciao, scarica questi 2 files sul desktop
ComboFix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
VundoFix
http://www.atribune.org/ccount/click.php?id=4

Disconettiti da internet
disattiva l'antivirus
Esegui vundofix
VundoFix si chiuderà e si riaprirà da solo, una volta riaperto, clicca sul pulsante "Scan for Vundo" quando la scansione è finita, clicca sul pulsante "Remove Vundo" a questo punto ti chiederà se vuoi eliminare i files, rispondi Yes una volta cliccato su Yes, non preoccuparti se il desktop scompare, è normale dato che è iniziata la procedura di eliminazione, finito la rimozione ti chiederà se vuoi riavviare, rispondi Yes e si riavvierà il pc.
E' possibile che vundofix non riesca ad eliminare alcuni files, in questo caso, vedrai vundofix apparire al riavvio basta che premi il pulsante Remove vundo per continuare la rimoazione.
Finito tutto, riavvia il pc

Al riavvio assicurati che antivir sia disattivato

Avvia il file ComboFix.exe
Digita 1 per avviare il tool
Segui le instruzioni e alla fine verrà generato un log.

Riavvia il pc, riattiva Antivir , collegati e posta questi 2 logs
C:\vundofix.txt
C:\combofix.txt
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi cracra » 29/11/07 19:28

ciao grazie del suggerimento..... ti mando i 2 log
VundoFix V6.6.2

Checking Java version...

Sun Java not detected
Scan started at 18.48.24 29/11/2007

Listing files found while scanning....

D:\WINNT\system32\brpaxpve.dll
D:\WINNT\system32\byxvtuu.dll
D:\WINNT\system32\cccdd.bak1
D:\WINNT\system32\cccdd.bak2
D:\WINNT\system32\cccdd.ini
D:\WINNT\system32\cccdd.ini2
D:\WINNT\system32\cccdd.tmp
D:\WINNT\system32\ddccc.dll
D:\WINNT\system32\evpxaprb.ini

Beginning removal...

Attempting to delete D:\WINNT\system32\brpaxpve.dll
D:\WINNT\system32\brpaxpve.dll Has been deleted!

Attempting to delete D:\WINNT\system32\byxvtuu.dll
D:\WINNT\system32\byxvtuu.dll Could not be deleted.

Attempting to delete D:\WINNT\system32\cccdd.bak1
D:\WINNT\system32\cccdd.bak1 Has been deleted!

Attempting to delete D:\WINNT\system32\cccdd.bak2
D:\WINNT\system32\cccdd.bak2 Has been deleted!

Attempting to delete D:\WINNT\system32\cccdd.ini
D:\WINNT\system32\cccdd.ini Has been deleted!

Attempting to delete D:\WINNT\system32\cccdd.ini2
D:\WINNT\system32\cccdd.ini2 Has been deleted!

Attempting to delete D:\WINNT\system32\cccdd.tmp
D:\WINNT\system32\cccdd.tmp Has been deleted!

Attempting to delete D:\WINNT\system32\ddccc.dll
D:\WINNT\system32\ddccc.dll Has been deleted!

Attempting to delete D:\WINNT\system32\evpxaprb.ini
D:\WINNT\system32\evpxaprb.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...



ecco l'altro
ComboFix 07-11-19.4B - Gioia 29/11/2007 18.58.28.1 - FAT32x86
Eseguito da: D:\Documents and Settings\P4\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Programmi\File comuni\inetget
D:\WINNT\system32\awttusq.dll
D:\WINNT\system32\bwnyefjx.dll
D:\WINNT\system32\bxejpvlk.dll
D:\WINNT\system32\byxvtuu.dll
D:\WINNT\system32\ddcccyw.dll
D:\WINNT\system32\hnghjlxq.ini
D:\WINNT\system32\klvpjexb.ini
D:\WINNT\system32\kxpbampr.dll
D:\WINNT\system32\nnnmkif.dll
D:\WINNT\system32\pbvtkfxl.dll
D:\WINNT\system32\pmnligd.dll
D:\WINNT\system32\qxljhgnh.dll
D:\WINNT\system32\uduyjonc.dll
D:\WINNT\system32\uhyjajxc.dll
D:\WINNT\system32\yylafqtv.dll

.
((((((((((((((((((((((((( Files Creati Da 2007-10-28 al 2007-11-29 )))))))))))))))))))))))))))))))))))
.

2007-11-29 18:48 <DIR> d-------- D:\VundoFix Backups
2007-11-27 21:33 <DIR> d-------- D:\Programmi\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 17:53 24,576 ----a-w D:\WINNT\system32\VundoFixSVC.exe
2007-11-27 18:52 37,376 ----a-w D:\WINNT\system32\yayxyyw.dll
2007-11-27 14:25 37,376 ----a-w D:\WINNT\system32\iiffeef.dll
2007-11-27 13:48 37,376 ----a-w D:\WINNT\system32\ddcayyw.dll
2007-11-21 19:44 37,376 ----a-w D:\WINNT\system32\awtutqn.dll
2007-11-13 18:04 35,328 ----a-w D:\WINNT\system32\mljhigd.dll
2007-10-19 13:39 35,328 ----a-w D:\WINNT\system32\cbxwvwu.dll
2007-10-07 11:16 35,328 ----a-w D:\WINNT\system32\jkkjkig.dll
2004-12-29 22:43 6,537,564 ----a-w D:\Documents and Settings\gioia\timplayersetup.exe
2004-02-22 15:48 230,422 ------w D:\Documents and Settings\francesca.DESKTOP\DSCN1556.zip
2002-11-11 08:42 271 ---h--w D:\Programmi\desktop.ini
2002-11-11 08:42 22,075 ---h--w D:\Programmi\folder.htt
1999-03-10 13:53 99,840 ----a-w D:\Programmi\File comuni\IRAABOUT.DLL
1998-12-09 00:53 70,144 ----a-w D:\Programmi\File comuni\IRAMDMTR.DLL
1998-12-09 00:53 48,640 ----a-w D:\Programmi\File comuni\IRALPTTR.DLL
1998-12-09 00:53 31,744 ----a-w D:\Programmi\File comuni\IRAWEBTR.DLL
1998-12-09 00:53 186,368 ----a-w D:\Programmi\File comuni\IRAREG.DLL
1998-12-09 00:53 17,920 ----a-w D:\Programmi\File comuni\IRASRIAL.DLL
2003-06-19 19:05 1,015,859 --sha-w D:\WINNT\system32\mfc42.dll
2003-06-19 19:05 286,773 --sha-w D:\WINNT\system32\msvcrt.dll
1999-12-22 23:00 77,878 --sh--w D:\WINNT\system32\msvcirt.dll
2000-08-28 23:00 401,462 --sh--w D:\WINNT\system32\msvcp60.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6340F2F-4B71-4E12-B983-457F2B865FD4}]
D:\WINNT\system32\ddccc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [99-12-23 00:00 D:\WINNT\system32\internat.exe]
"ATI Launchpad"="D:\Programmi\ATI Multimedia\main\launchpd.exe" [02-05-02 09:57 ]
"EPSON Stylus Photo R240 Series"="D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [05-04-25 05:00 ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [05-09-03 15:18 ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 20:05 D:\WINNT\system32\mobsync.exe]
"ATIPTA"="atiptaxx.exe" []
"CARPService"="carpserv.exe" [01-12-22 20:02 D:\WINNT\system32\carpserv.exe]
"CloneCDElbyCDFL"="D:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" [01-12-06 13:09 ]
"CloneCDTray"="D:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe" [02-04-15 09:12 ]
"RealTray"="D:\Programmi\Real\RealPlayer\RealPlay.exe" [02-11-30 12:43 ]
"WheelMouse"="Amoumain.exe" []
"windows auto update"="" []
"MMTray"="D:\Programmi\MusicMatch\MusicMatch Jukebox\mm_tray.exe" [00-08-17 23:27 ]
"CXMon"="c:\programmi\hp\Photo Imaging\Hpi_Monitor.exe" [01-08-09 17:08 ]
"Share-to-Web Namespace Daemon"="c:\programmi\hp\HP Share-to-Web\hpgs2wnd.exe" [01-07-03 09:11 ]
"DSLSTATEXE"="D:\Program Files\Libero\Adsl\dslstat.exe" [04-11-29 09:52 ]
"DSLAGENTEXE"="D:\Program Files\Libero\Adsl\dslagent.exe" [04-11-29 09:52 ]
"EPSON Stylus Photo R240 Series"="D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [05-04-25 05:00 ]
"Sony Ericsson PC Suite"="D:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [05-10-26 16:17 ]
"NWEReboot"="" []
"NeroFilterCheck"="D:\WINNT\system32\NeroCheck.exe" [01-07-09 11:50 ]
"QuickTime Task"="D:\programmi\quicktimebis\qttask.exe" [07-02-16 10:54 ]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [07-03-14 19:05 ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [99-12-23 00:00 D:\WINNT\system32\internat.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="D:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 20:05 ]

D:\Documents and Settings\P4\Menu Avvio\Programmi\Esecuzione automatica\
Stop Dialers.lnk - C:\StopDialers\StopDialer.exe [2003-04-15 21:10:28]

D:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - D:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2002-11-16 15:56:01]
WinZip Quick Pick.lnk - D:\Programmi\WinZip\WZQKPICK.EXE [2002-11-16 16:02:27]
Microsoft Office.lnk - D:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56]
Porta Symantec Fax Starter Edition.lnk - D:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE [1999-03-10 14:53:12]
BTTray.lnk - D:\Programmi\Bluetooth\Software Bluetooth\BTTray.exe [2004-11-29 19:55:44]

R1 ewido security suite driver;ewido security suite driver;\??\D:\Programmi\ewido anti-malware\guard.sys
R3 Amps2prt;Trust Ami PS/2 Port Mouse Driver (1);D:\WINNT\system32\DRIVERS\Amps2prt.sys
R3 openhci;Driver controller host USB Open Microsoft ;D:\WINNT\system32\DRIVERS\openhci.sys
R3 usbhub20;Supporto hub USB;D:\WINNT\system32\DRIVERS\usbhub20.sys
S2 G11AV;Digital Camera - PC Camera;D:\WINNT\system32\Drivers\G11av.sys
S3 SE2Cbus;Sony Ericsson Device 044 Driver driver (WDM);D:\WINNT\system32\DRIVERS\SE2Cbus.sys
S3 SE2Cmdfl;Sony Ericsson Device 044 USB WMC Modem Filter;D:\WINNT\system32\DRIVERS\SE2Cmdfl.sys
S3 SE2Cmdm;Sony Ericsson Device 044 USB WMC Modem Driver;D:\WINNT\system32\DRIVERS\SE2Cmdm.sys
S3 SE2Cmgmt;Sony Ericsson Device 044 USB WMC Device Management Drivers (WDM);D:\WINNT\system32\DRIVERS\SE2Cmgmt.sys
S3 se2Cnd5;Sony Ericsson Device 044 USB Ethernet Emulation SEMC44 (NDIS);D:\WINNT\system32\DRIVERS\se2Cnd5.sys
S3 SE2Cobex;Sony Ericsson Device 044 USB WMC OBEX Interface;D:\WINNT\system32\DRIVERS\SE2Cobex.sys
S3 se2Cunic;Sony Ericsson Device 044 USB Ethernet Emulation SEMC44 (WDM);D:\WINNT\system32\DRIVERS\se2Cunic.sys
S3 USBATA;PCX 370;D:\WINNT\system32\DRIVERS\USBATA.SYS
S3 wanusb;GlobespanVirata USB ADSL WAN Modem;D:\WINNT\system32\DRIVERS\gwausb.sys
S3 z520bus;Sony Ericsson 520 driver (WDM);D:\WINNT\system32\DRIVERS\z520bus.sys
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;D:\WINNT\system32\DRIVERS\z520mdfl.sys
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;D:\WINNT\system32\DRIVERS\z520mdm.sys
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;D:\WINNT\system32\DRIVERS\z520mgmt.sys
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;D:\WINNT\system32\DRIVERS\z520obex.sys

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
Contenuto della cartella 'Scheduled Tasks'
"2007-11-29 18:00:54 D:\WINNT\Tasks\dnt.job"
- d:\winnt\system32\monkwzag.exe
"2007-05-31 16:18:04 D:\WINNT\Tasks\AppleSoftwareUpdate.job"
- D:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2007-11-29 18:00:54 D:\WINNT\Tasks\llri.job"
- d:\winnt\system32\monkwzag.exe
"2007-11-29 18:00:54 D:\WINNT\Tasks\drrr.job"
- d:\winnt\system32\monkwzag.exe
"2007-11-29 18:00:54 D:\WINNT\Tasks\foxzbbxz.job"
- d:\winnt\system32\monkwzag.exe
"2007-11-29 18:00:52 D:\WINNT\Tasks\jmjbxwwy.job"
- d:\winnt\system32\monkwzag.exe
"2007-11-29 18:00:52 D:\WINNT\Tasks\uhslb.job"
- d:\winnt\system32\monkwzag.exe
"2007-11-29 18:00:52 D:\WINNT\Tasks\ennlomht.job"
- d:\winnt\system32\monkwzag.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 19:01:11
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2007-11-29 19:03:11 - machine was rebooted
.
--- E O F ---





ora che faccio???
cracra
Newbie
 
Post: 3
Iscritto il: 09/05/06 15:15

Postdi Luke57 » 30/11/07 08:01

Ciao, scaricA The Avenger
http://swandog46.geekstogo.com/avenger.zip


Poi avvia il file Avenger.exe. (applicazioni chiuse e antivirus disattivato)
Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno dello spazio bianco copia ed incolla questo script:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Files to delete:
D:\WINNT\system32\yayxyyw.dll
D:\WINNT\system32\iiffeef.dll
D:\WINNT\system32\ddcayyw.dll
D:\WINNT\system32\awtutqn.dll
D:\WINNT\system32\mljhigd.dll
D:\WINNT\system32\cbxwvwu.dll
D:\WINNT\system32\jkkjkig.dll
D:\WINNT\system32\ddccc.dll

folders to delete:
D:\winnt\tasks

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6340F2F-4B71-4E12-B983-457F2B865FD4}


Clicca sul pulsante Done
Adesso clicca sul semaforo con la luce verde
Rispondi Yes 2 volte
Il pc si dovrebbe riavviare,se non si riavvia,riavvialo manualmente

Al riavvio collegati e posta il file C:\Avenger.txt
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "virus":


Chi c’è in linea

Visitano il forum: Nessuno e 41 ospiti

cron