Condividi:        

DDCCY.DLL impossibile da rimuovere

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

DDCCY.DLL impossibile da rimuovere

Postdi Tyrion » 25/01/08 14:55

Ho provato di tutto, ho letto circa 347 forum e installato svariate migliaia di tools per rimuoverlo ma nulla. É legato al processo lsass ed ho provato a sbloccarlo con unlocker, ma non funziona. Ho provato con combofix, superantispyware ed altri, ma nulla. il file ha dimensione 322KB. Vi posto il log di Hijackthis. Please... HELP!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\VEXPLITE\viritsvc.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\QSD100.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iason.at
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iason.at
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.iason.at/
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddccy.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: [No-Spam]xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.iason.at
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://demeter:4343/officescan/console ... l/WinNTChk .cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://demeter:4343/officescan/console ... l/setupini .cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://demeter:4343/officescan/console ... tall/setup .cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://demeter:4343/SMB/console/html/root/AtxEnc .cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://demeter:4343/officescan/console ... RemoveCtrl .cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... wuweb_site .cab?1163603642630
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... muweb_site .cab?1163603810145
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... sh/swflash .cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = IASONItalia.at
O17 - HKLM\Software\..\Telephony: DomainName = IASONItalia.at
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB68746C-0254-4C9C-88D6-923D04538671}: NameServer = 192.168.4.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = IASONItalia.at
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = IASONItalia.at
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Trend Micro Client-Server Security Agent Echtzeitsuche (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client-Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Client-Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O24 - Desktop Component 0: (no name) - file:///Z:/Simp/simpson000.gif

--
End of file - 6725 bytes
Tyrion
Newbie
 
Post: 4
Iscritto il: 25/01/08 14:47

Sponsor
 

Re: DDCCY.DLL impossibile da rimuovere

Postdi Luke57 » 25/01/08 15:40

Ciao, posta il report di combofix.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: DDCCY.DLL impossibile da rimuovere

Postdi Tyrion » 25/01/08 16:28

ComboFix 08-01-23.1 - rdellicicchi 2008-01-23 4:27:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.95 [GMT 1:00]
Running from: Z:\Delli Cicchi\Programmi\Viruuuuus\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Internet Explorer\setupapi.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddccy.exe
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_KPROF
-------\LEGACY_POOF


((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-23 04:42 . 2008-01-23 04:42 329,728 --------- C:\WINDOWS\system32\ddccy.dll
2008-01-23 04:42 . 2008-01-23 04:42 6,516 --ahs---- C:\WINDOWS\system32\yccdd.ini
2008-01-23 04:15 . 2008-01-23 04:15 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-18 14:02 . 2005-11-01 13:00 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-18 14:02 . 2005-11-01 13:00 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-16 17:28 . 2008-01-16 17:59 <DIR> d-------- C:\Program Files\a-squared Free
2008-01-16 17:02 . 2008-01-16 17:02 31,074 --a------ C:\WINDOWS\system32\drivers\Partizan.sys
2008-01-16 16:54 . 2008-01-16 16:54 25,600 --a------ C:\WINDOWS\system32\Partizan.exe
2008-01-16 16:50 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-01-16 16:17 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 14:08 . 2008-01-16 14:08 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-16 08:17 . 2008-01-16 08:17 <DIR> d-------- C:\Program Files\InCode Solutions
2008-01-11 18:17 . 2008-01-14 17:46 <DIR> d-------- C:\QUARANTENA_VIRIT
2008-01-11 18:01 . 2007-10-10 09:00 36,096 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-01-11 18:00 . 2008-01-14 17:46 <DIR> d-------- C:\VEXPLITE
2008-01-11 13:44 . 2008-01-16 08:32 <DIR> d-------- C:\WINDOWS\system32\New Folder
2008-01-11 13:33 . 2008-01-18 14:08 <DIR> d-------- C:\New Folder
2008-01-11 12:52 . 2008-01-11 12:52 812,344 --a------ C:\HJTInstall.exe
2008-01-11 12:45 . 2008-01-11 12:45 72,192 --a------ C:\bot.exe
2008-01-11 12:45 . 2008-01-11 12:45 54,764 --a------ C:\WINDOWS\system32\DXDSS.SYS.del
2008-01-02 10:47 . 2008-01-02 10:47 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-01-02 10:47 . 2008-01-02 10:47 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-01-02 10:47 . 2008-01-02 10:47 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-01-02 10:47 . 2006-10-10 08:54 138,240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-01-02 10:47 . 2006-10-10 08:54 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-01-02 10:47 . 2006-10-10 08:54 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-01-02 10:47 . 2006-10-10 08:54 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-01-02 10:47 . 2006-10-10 08:54 9,216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-01-02 10:47 . 2006-10-10 08:54 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2008-01-02 10:46 . 2008-01-02 10:47 <DIR> d-------- C:\Program Files\Nokia
2008-01-02 10:46 . 2006-10-10 08:54 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 03:42 333,312 ----a-w C:\WINDOWS\system32\ddccy.exe
2008-01-23 01:56 --------- d-----w C:\Program Files\eMule2
2008-01-11 11:53 --------- d-----w C:\Program Files\Trend Micro
2008-01-03 17:03 --------- d-----w C:\Program Files\tremdemo
2008-01-02 09:47 --------- d-----w C:\Program Files\DIFX
2007-12-03 12:19 --------- d-----w C:\Program Files\MeeSoft
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.
Codice: Seleziona tutto
<pre>
----a-w            15,360 2008-01-11 14:26:00  C:\New Folder\ctfmon .exe
----a-w           313,472 2008-01-23 03:42:07  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w           847,872 2008-01-23 02:13:49  C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
----a-w           184,320 2008-01-14 13:35:12  C:\Program Files\InterVideo\DVD Check\DVDCheck .exe
----a-w           222,720 2008-01-14 08:25:42  C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe
----a-w           350,720 2008-01-16 11:20:24  C:\Program Files\Unlocker\UnlockerAssistant    .exe
----a-w           350,720 2008-01-16 11:16:43  C:\Program Files\Unlocker\UnlockerAssistant   .exe
----a-w           350,720 2008-01-16 11:12:36  C:\Program Files\Unlocker\UnlockerAssistant  .exe
----a-w           350,720 2008-01-16 11:03:21  C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w            15,360 2008-01-11 14:26:00  C:\QUARANTENA_VIRIT\ctfmon .exe
----a-w            15,360 2008-01-23 03:15:40  C:\WINDOWS\system32\ctfmon .exe
</pre>



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7FB9E85-DCF7-4A0D-A9C3-34E9DF561A08}]
2008-01-23 04:42 329728 --------- C:\WINDOWS\system32\ddccy.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-11-01 13:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-23 04:27 739840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [ ]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2005-11-01 13:00 143360]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [ ]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-11-01 13:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoAutoTrayNotify"= 1 (0x1)
"NoTaskGrouping"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\ddccy.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddccy

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-184742797-2187047712-1964644841-1109\Scripts\Logon\0\0]
"Script"=x_laufwerk.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-184742797-2187047712-1964644841-1109\Scripts\Logon\0\1]
"Script"=explorer_details.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-184742797-2187047712-1964644841-1110\Scripts\Logon\0\0]
"Script"=x_laufwerk.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-184742797-2187047712-1964644841-1110\Scripts\Logon\0\1]
"Script"=explorer_details.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-184742797-2187047712-1964644841-1111\Scripts\Logon\0\0]
"Script"=x_laufwerk.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-184742797-2187047712-1964644841-1111\Scripts\Logon\0\1]
"Script"=explorer_details.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-184742797-2187047712-1964644841-1114\Scripts\Logon\0\0]
"Script"=x_laufwerk.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-184742797-2187047712-1964644841-1114\Scripts\Logon\0\1]
"Script"=explorer_details.vbs

R0 SI3112r;ATI-4379 Serial ATA Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2006-01-12 12:56]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2007-10-10 09:00]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-01-11 18:03]
S3 CommDrv;CommDrv;C:\WINDOWS\system32\CommDrv.sys []
S3 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [2008-01-16 17:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f872f27-1fec-11dc-9467-00161737b10c}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{364034cc-f407-11db-a8ed-0018debf41fb}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73dd8359-201b-11dc-9467-88d433f1eb9d}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcc6e2de-2090-11dc-946d-0016173ae61f}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 04:42:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\ntos.exe 497664 bytes executable
C:\WINDOWS\system32\wsnpoem

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\ddccy.dll
.
Completion time: 2008-01-23 4:44:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-23 03:44:39
.
2008-01-09 16:47:44 --- E O F ---
Tyrion
Newbie
 
Post: 4
Iscritto il: 25/01/08 14:47

Re: DDCCY.DLL impossibile da rimuovere

Postdi Luke57 » 25/01/08 18:57

Ciao, scarica SDFIX: http://downloads.andymanchesta.com/Remo ... /SDFix.exe

- Doppio click su SDFix.exe e il tool andrà ad estrarsi in C:\SDFix
- avvia il sistema in modalità provvisoria (premi f8 ripetutamente prima che si carichi windows, nella schermata grigfia che appare scegli modalità provvisoria spostandoti con le freccette e confermando con invio)
- Apri la cartella SDFix situata in C:\ e fai un doppio click su RunThis.bat per lanciare lo script
- seleziona Y per avviare la pulizia
- Quando te lo chiederà premi un tasto per riavviare(il sistema sarà piu lungo nell'avviarsi perchè lo script eseguirà l'eliminazione dei file trovati)
- Quando apparirà il desktop il tool terminerà il suo lavoro e visualizzerà il messaggio "Finished"
- Premi un tasto per terminare lo script e ricaricare le icone del desktop
- Il log sarà visualizzato automaticamente,altrimenti potrai trovarlo in C:\SDFix\Report.txt
Al riavvio scarica vundofix da qui:---> http://www.atribune.org/ccount/click.php?id=4
avvia vundofix.exe
clicca su scan for vundo
poi clicca su remove vundo
poi quando ti chiede di cancellare i file digli di si
il desktop diventerà bianco(niente paura)
riavvia il pc e posta anche il log di vundofix che si trova in C:/vundofix.txt
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: DDCCY.DLL impossibile da rimuovere

Postdi Tyrion » 28/01/08 11:37

*****************************************************
Questo é il log di SDfix:
*****************************************************

Ciao, scarica SDFIX: http://downloads.andymanchesta.com/Remo ... /SDFix.exe

- Doppio click su SDFix.exe e il tool andrà ad estrarsi in C:\SDFix
- avvia il sistema in modalità provvisoria (premi f8 ripetutamente prima che si carichi windows, nella schermata grigfia che appare scegli modalità provvisoria spostandoti con le freccette e confermando con invio)
- Apri la cartella SDFix situata in C:\ e fai un doppio click su RunThis.bat per lanciare lo script
- seleziona Y per avviare la pulizia
- Quando te lo chiederà premi un tasto per riavviare(il sistema sarà piu lungo nell'avviarsi perchè lo script eseguirà l'eliminazione dei file trovati)
- Quando apparirà il desktop il tool terminerà il suo lavoro e visualizzerà il messaggio "Finished"
- Premi un tasto per terminare lo script e ricaricare le icone del desktop
- Il log sarà visualizzato automaticamente,altrimenti potrai trovarlo in C:\SDFix\Report.txt
Al riavvio scarica vundofix da qui:---> http://www.atribune.org/ccount/click.php?id=4
avvia vundofix.exe
clicca su scan for vundo
poi clicca su remove vundo
poi quando ti chiede di cancellare i file digli di si
il desktop diventerà bianco(niente paura)
riavvia il pc e posta anche il log di vundofix che si trova in C:/vundofix.txtLuke57
Moderatore

Messaggi: 3947
Iscritto il: 11/08/05 19:10

*****************************************************
Quest'altro é il log di Vundofix:
*****************************************************


VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 03.27.52 23/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddccy.exe
C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddccy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccy.exe
C:\WINDOWS\system32\ddccy.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\yccdd.ini2
C:\WINDOWS\system32\yccdd.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddccy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccy.exe
C:\WINDOWS\system32\ddccy.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\yccdd.ini2
C:\WINDOWS\system32\yccdd.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 14:17:46 2008-01-25

Listing files found while scanning....


VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 14:18:10 2008-01-25

Listing files found while scanning....


VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 10:47:46 AM 1/28/2008

Listing files found while scanning....

C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddccy.exe
C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddccy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccy.exe
C:\WINDOWS\system32\ddccy.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\yccdd.ini2
C:\WINDOWS\system32\yccdd.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

*****************************************************
I files sono spariti, spero che ora sia finalmente tutto a posto.

GRAZIE!!!
Tyrion
Newbie
 
Post: 4
Iscritto il: 25/01/08 14:47

Re: DDCCY.DLL impossibile da rimuovere

Postdi Tyrion » 28/01/08 11:41

Ooooops! Avevo cantato vittoria troppo presto!
I files ddccy.dll e ddccy.exe sono di nuovo al loro posto! :(
Cosa mai li ricrea ogni volta?
Qualche altro suggerimento?
Tyrion
Newbie
 
Post: 4
Iscritto il: 25/01/08 14:47


Torna a Sicurezza e Privacy


Topic correlati a "DDCCY.DLL impossibile da rimuovere":


Chi c’è in linea

Visitano il forum: Nessuno e 29 ospiti