Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Virus emule

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Virus emule

Postdi Stiff » 25/04/07 14:30

Ciao a tutti, l'altro giorno ho scaricato un file da emule e convinto che fosse un programma originale l'ho installato nel pc. Da quel momento mi compaiono dopo qualche minuto finestre che mi collegano a siti porno, siti bancari, ecc.ecc. . Come posso fare ad eliminare questo virus?? Vi prego aiutatemi :cry: ! Grazie mille
Stiff
Utente Junior
 
Post: 35
Iscritto il: 17/11/06 21:59

Sponsor
 

Postdi Luke57 » 25/04/07 15:26

Ciao, è un pò poco per sapere che cosa hai beccato.
Scarica hijackthis_v2.exe da qui:
http://www.trendsecure.com/portal/en-US ... his_v2.exe
lo collochi in una cartella permanente del disco fisso appositamente dedicata, tipo C:\HJT.
Lo apri dalla nuova cartella, premi "do a system scan and save a log file", attendi che si apra un file di testo al cui interno viene elaborato un contenuto.
Selezioni e copi il contenuto del file di testo, lo incolli in un post nel foru.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Stiff » 25/04/07 20:08

Grazie Luke, ecco il file!


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21.06.41, on 25/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Alias\Maya 7.0 Personal Learning Edition\docs\jre\bin\java.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Microsoft Hardware\Keyboard\type32.exe
C:\Programmi\Microsoft Hardware\Mouse\point32.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {46c676b4-51c0-4811-88d1-db970430c7a0} - C:\WINDOWS\system32\mscnt$.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Programmi\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft Hardware\Mouse\point32.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\WINDOWS\system32\wuauclt.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\StarModem\StarModem USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Spooler] C:\WINDOWS\system32\spoolsv32.exe
O4 - HKLM\..\Run: [Windows DLL Host] C:\WINDOWS\system32\dllhost32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\effcyy.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Programmi\Ubisoft\Ghost Recon Advanced Warfighter\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZJ
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://newuntitledblog.spaces.live.com/ ... nPUpld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b53083.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/e/us094/e.cab
O20 - Winlogon Notify: mscnt$ - C:\WINDOWS\SYSTEM32\mscnt$.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Maya 7 PLE Documentation Server (mple7docserver) - Unknown owner - C:\Programmi\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 11022 bytes
Stiff
Utente Junior
 
Post: 35
Iscritto il: 17/11/06 21:59

Postdi Mikele46 » 25/04/07 20:18

fixa questi...

C:\WINDOWS\ALCXMNTR.EXE (cerca anche di eliminarlo manualmente)



O2 - BHO: (no name) - {46c676b4-51c0-4811-88d1-db970430c7a0} - C:\WINDOWS\system32\mscnt$.dll


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


O4 - HKLM\..\Run: [Windows Spooler] C:\WINDOWS\system32\spoolsv32.exe


O4 - HKLM\..\Run: [Windows DLL Host] C:\WINDOWS\system32\dllhost32.exe


O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZJ


O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/e/us094/e.cab




O20 - Winlogon Notify: mscnt$ - C:\WINDOWS\SYSTEM32\mscnt$.dll



O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\effcyy.dll",realset



Sconosciuto
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run


O4 - HKLM\..\Run: [0123456789012345678901234567890123456789012345678901234567890123456789012345678 90123456789012345678901234567890123456789012345678901234567890123456789012345678 90123456789012345678901234567890123456789012345678901234567890123456789012345678 9012345678912345678] C:\WINDOWS\system32\wuauclt.exe


questa è sconosciuta decidi tu se eliminare


O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
Avatar utente
Mikele46
Utente Senior
 
Post: 521
Iscritto il: 20/08/06 15:16
Località: Napoli

Postdi Stiff » 25/04/07 21:49

perfetto, fatto tutto tranne l'ultima, quella sconosciuta. ora vedo se compaiono ancora le finestre e ti faccio sapere!! grazie per la tua attenzione!! :P
Stiff
Utente Junior
 
Post: 35
Iscritto il: 17/11/06 21:59

Postdi Stiff » 26/04/07 07:12

ok, perfetto, niente più finestre che si aprono a caso :diavolo: !! grazie raga, mitici come sempre!! :D
Stiff
Utente Junior
 
Post: 35
Iscritto il: 17/11/06 21:59

Postdi Stiff » 26/04/07 08:58

ehm....le finestre si aprono ancora...ma con tempi più lunghi...diciamo 2-3 volte in 1 ora...che faccio, posto un'altra scansione con hjt?? :evil:
Stiff
Utente Junior
 
Post: 35
Iscritto il: 17/11/06 21:59

Postdi Stiff » 26/04/07 09:00

lo posto lo stesso, vedete se qualcuno può fare qualcosa!! :cry:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9.59.15, on 26/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Alias\Maya 7.0 Personal Learning Edition\docs\jre\bin\java.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Microsoft Hardware\Keyboard\type32.exe
C:\Programmi\Microsoft Hardware\Mouse\point32.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\HJT\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {46c676b4-51c0-4811-88d1-db970430c7a0} - C:\WINDOWS\system32\mscnt$.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Programmi\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft Hardware\Mouse\point32.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\StarModem\StarModem USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Programmi\Ubisoft\Ghost Recon Advanced Warfighter\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://newuntitledblog.spaces.live.com/ ... nPUpld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b53083.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O20 - Winlogon Notify: mscnt$ - C:\WINDOWS\SYSTEM32\mscnt$.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Maya 7 PLE Documentation Server (mple7docserver) - Unknown owner - C:\Programmi\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 10171 bytes
Stiff
Utente Junior
 
Post: 35
Iscritto il: 17/11/06 21:59

Postdi Luke57 » 26/04/07 11:52

Ciao, scarica systemscan (strumento di diagnosi) da qua:
http://www.suspectfile.com/systemscan
Disattiva antivirus, chiudi le altre applicazioni, decomprimi il file sul desktop, lo avvii, spunti tutte le opzioni, premi scan now. Al termine viene generato un log e salvato con il nome di report.txt nella cartella c:/suspectfile.
Vai su:
http://www.easy-share.com/
premi sfoglia, individui il file, premi Upload. Ti verrà fornito il link (il primo) per vedere il file. Incollalo in un tuo post.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Stiff » 26/04/07 15:16

Stiff
Utente Junior
 
Post: 35
Iscritto il: 17/11/06 21:59

Postdi Luke57 » 26/04/07 16:17

Ciao, apri hijackthis, premi “do a system scan only”, cerca e spunta
O2 - BHO: (no name) - {46c676b4-51c0-4811-88d1-db970430c7a0} - C:\WINDOWS\system32\mscnt$.dll
O20 - Winlogon Notify: mscnt$ - C:\WINDOWS\SYSTEM32\mscnt$.dll
Premi fix checked.

Poi, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:
C:\WINDOWS\effcyy.dll
C:\WINDOWS\system32\mscnt$.dll
C:\WINDOWS\system32\awvvw.exe
C:\WINDOWS\SYSTEM32\PATCHER.EXE


Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Stiff » 26/04/07 19:46

appena mi sono collegato a internet dopo il riavvio le finestre hanno continuato ad apparire...comunque, questo è il file log:


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\daujalrx

*******************

Script file located at: \??\C:\Documents and Settings\ivuvkrgr.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\effcyy.dll deleted successfully.
File C:\WINDOWS\system32\mscnt$.dll deleted successfully.
File C:\WINDOWS\system32\awvvw.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\PATCHER.EXE deleted successfully.


Could not get size of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs
Replacement with dummy of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Stiff
Utente Junior
 
Post: 35
Iscritto il: 17/11/06 21:59

Postdi Luke57 » 26/04/07 21:16

Ciao, riesegui avenger inserendo questo script:

files to delete:
C:\WINDOWS\vtrdrv.exe
C:\WINDOWS\yycffe.ini
C:\WINDOWS\msgsocm.log
C:\WINDOWS\netfxocm.log

Folders to delete:
C:\WINDOWS\temp



Poi scarica Vundofix da qui:
http://www.atribune.org/ccount/click.php?id=4
clicca su su Scan for Vundo.
• A scansione finita clicca su Remove Vundo: alla richiesta di conferma per la rimozione, clicca su OK
• A rimozione conclusa conferma il messaggio che chiederà di riavviare il PC

Posta report di avenger e risultati di Vundofix
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Stiff » 27/04/07 19:18

Allora, ho scansionato con avenger, riavviato il pc e salvato il log. Poi ho avviato vundofix, ha scansionato ma non ha trovato nulla, ho cliccato su remove vundo, ho premuto ok ma non mi ha chiesto di riavviare il pc ma comunque l'ho fatto io per sicurezza. Ti posto il lof di avenger.


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hsscphqk

*******************

Script file located at: \??\C:\WINDOWS\pcqsalui.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\vtrdrv.exe deleted successfully.
File C:\WINDOWS\yycffe.ini deleted successfully.
File C:\WINDOWS\msgsocm.log deleted successfully.
File C:\WINDOWS\netfxocm.log deleted successfully.
Folder C:\WINDOWS\temp deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Stiff
Utente Junior
 
Post: 35
Iscritto il: 17/11/06 21:59

Postdi Stiff » 27/04/07 20:42

ecco il log che ho trovato di vundo


VundoFix V6.3.20

Checking Java version...

Sun Java not detected
Scan started at 19.54.46 27/04/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Beginning removal...
Stiff
Utente Junior
 
Post: 35
Iscritto il: 17/11/06 21:59

Postdi Luke57 » 29/04/07 14:46

Ciao, fai nuovo log di systemscan e indica il link su easyshare per poterlo vedere.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Stiff » 29/04/07 16:10

ciao luke, ecco il link easyshare del log di systemscan:

http://w13.easy-share.com/1040555.html
Stiff
Utente Junior
 
Post: 35
Iscritto il: 17/11/06 21:59

Postdi Luke57 » 29/04/07 18:06

Ciao, apri hijackthis, premi “do a system scan only”, cerca e spunta le voci seguenti:
O2 - BHO: (no name) - {46c676b4-51c0-4811-88d1-db970430c7a0} - C:\WINDOWS\system32\mscnt$.dll (file missing)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\tmp1.tmp.dll
O20 - Winlogon Notify: mscnt$ - mscnt$.dll (file missing)
Premi fix checked.

Con Avenger, esegui una nuova operazione inserendo questo script:

Files to delete:
C:\WINDOWS\system32\tmp1.tmp.dll
C:\WINDOWS\system32\drivers\oreans32.sys
C:\WINDOWS\system32\geedecb.dll
C:\WINDOWS\system32\WinFlyer32.dll
C:\DOCUME~1\utente\IMPOST~1\Temp\nswD.tmp\gnjsgmdctl.exe
C:\WINDOWS\SYSTEM32\SMAB.DLL



Poi disistalla la versione Java ultravecchia da pannello di controllo, installazioni\applicazioni e installa la più recente dal sito.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Luke57 » 29/04/07 18:09

Ciao, in aggiunta, scarica Avg antispyware da qui:
http://free.grisoft.com/doc/5390/lng/us ... yware-free
installalo, aggiornalo e fai una scansione completa.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Stiff » 29/04/07 19:41

allora, fixato i file di hijackthis, poi ho avviato avenger, ho riavviato e poi mi è apparsa una scritta che diceva che non era possibile creare il file txt con il log di avenger...ora sto scansionando con AVG :neutral:
Stiff
Utente Junior
 
Post: 35
Iscritto il: 17/11/06 21:59


Torna a Sicurezza e Privacy


Topic correlati a "Virus emule":

eMule
Autore: valyfilm
Forum: Reti, ADSL e wireless
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti