Condividi:        

cmd.exe etiopian virus

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

cmd.exe etiopian virus

Postdi liviohg » 06/11/09 10:18

carissimi, mi sono beccato sto virus che mi compare ogni volta che accendo il computer. potrei anche mandarvi la schermata ma non so fare ad allegarla.
e' una schermata di dos e dice cmd.exe sulla barra in alto (c:\WINDOWS\system32\cmd.exe) e si spaccia per un antivirus. fatto sta che ho dei fastidi nel computer, setting che si desettano etc. nessun antivirus neanche online mi ha aiutato finora
che posso fare?
se mi dite come faccio ad allegare un'immagine posso farvi vedere di che si tratta
grazie mille
livio

Sposto in sezione più idonea, aurelio37
liviohg
Newbie
 
Post: 6
Iscritto il: 06/11/09 10:00

Sponsor
 

Re: cmd.exe etiopian virus

Postdi aurelio37 » 06/11/09 14:27

Ciao e benvenuto nel forum,
per postare l'immagine:
http://www.pc-facile.com/guide/linkare_ ... /30552.htm
Avatar utente
aurelio37
Moderatore
 
Post: 2736
Iscritto il: 07/02/07 11:36
Località: Milano

Re: cmd.exe etiopian virus

Postdi liviohg » 06/11/09 15:28

ecco, sono riuscito a caricare l'immagine, se non la vedete c'e' pure il link

Immagine


[img=http://img196.imageshack.us/img196/9480/68932135.jpg]


sapete dirmi che succede al mio computer? come faccio a liberarmi da questo fastidioso ospite?

vi ringrazio
livio
liviohg
Newbie
 
Post: 6
Iscritto il: 06/11/09 10:00

Re: cmd.exe etiopian virus

Postdi shel » 06/11/09 15:38

ciao

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
(non installare la recovery console)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.

non usare il pc durante la scansione, nemmeno il mouse!
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: cmd.exe etiopian virus

Postdi liviohg » 06/11/09 16:49

ciao
grazie
ecco il txt, fammi sapere che vuol dire per piacere


ComboFix 09-11-05.05 - Livio Mercurio 06/11/2009 18:39.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.584 [GMT 3:00]
Running from: c:\documents and settings\Livio Mercurio\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Antivirus.vbs

.
((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.

2009-11-03 18:29 . 2009-11-06 15:14 -------- d-----w- c:\documents and settings\Livio Mercurio\Local Settings\Application Data\WMTools Downloaded Files
2009-11-02 08:28 . 2009-11-02 08:28 1136 --sha-r- c:\windows\system32\AMAN.bat
2009-10-31 20:24 . 2009-10-31 20:24 -------- d-----w- c:\program files\Common Files\Skype
2009-10-26 18:43 . 2009-10-26 18:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-20 14:38 . 2009-10-20 14:38 -------- d-----w- c:\program files\IDAutomation.com Code 39 Free Font
2009-10-19 08:44 . 2008-06-19 14:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-19 08:43 . 2009-10-19 08:43 -------- d-----w- c:\program files\Panda Security
2009-10-10 14:58 . 2009-10-10 14:58 -------- d-----w- c:\program files\iPod
2009-10-10 14:58 . 2009-10-10 14:59 -------- d-----w- c:\program files\iTunes
2009-10-10 14:58 . 2009-10-10 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-10 14:57 . 2009-10-10 14:57 -------- d-----w- c:\program files\Bonjour
2009-10-10 14:56 . 2009-10-10 14:56 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 15:40 . 2009-08-20 12:13 -------- d-----w- c:\documents and settings\Livio Mercurio\Application Data\Skype
2009-11-06 13:00 . 2009-08-20 12:14 -------- d-----w- c:\documents and settings\Livio Mercurio\Application Data\skypePM
2009-11-04 04:26 . 2009-08-20 10:02 -------- d-----w- c:\program files\Google
2009-11-04 03:30 . 2009-08-20 10:05 -------- d-----w- c:\documents and settings\Livio Mercurio\Application Data\Rainlendar
2009-10-31 20:24 . 2009-08-20 12:11 -------- d-----r- c:\program files\Skype
2009-10-31 20:24 . 2009-08-20 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-26 19:02 . 2009-08-21 16:45 28616 ----a-w- c:\documents and settings\Livio Mercurio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-14 13:29 . 2009-08-20 09:43 -------- d-----w- c:\documents and settings\Livio Mercurio\Application Data\Apple Computer
2009-10-13 05:09 . 2009-08-20 09:36 -------- d-----w- c:\program files\Apple Software Update
2009-10-10 14:58 . 2009-08-20 09:34 -------- d-----w- c:\program files\Common Files\Apple
2009-10-07 07:42 . 2009-10-07 07:42 -------- d-----w- c:\program files\MSBuild
2009-10-07 07:42 . 2009-10-07 07:42 -------- d-----w- c:\program files\Reference Assemblies
2009-10-06 08:04 . 2009-10-06 08:04 -------- d-----w- c:\program files\WHO
2009-10-02 12:52 . 2009-10-02 12:00 -------- d-----w- c:\documents and settings\Livio Mercurio\Application Data\ICAClient
2009-10-02 12:00 . 2009-10-02 12:00 -------- d-----w- c:\program files\Citrix
2009-10-01 06:10 . 2009-10-01 06:10 -------- d-----w- c:\program files\ESET
2009-09-30 06:53 . 2009-09-30 06:53 -------- d-----w- c:\program files\Free Easy Burner
2009-09-27 08:50 . 2009-09-27 08:50 -------- d-----w- c:\documents and settings\Livio Mercurio\Application Data\Media Player Classic
2009-09-27 08:45 . 2008-10-09 12:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-27 08:45 . 2009-09-27 08:45 -------- d-----w- c:\program files\Common Files\PAC7302
2009-09-27 08:45 . 2009-09-27 08:45 -------- d-----w- c:\program files\DARFON
2009-09-27 08:44 . 2008-10-09 12:42 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-25 09:12 . 2009-09-25 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-09-23 07:26 . 2009-08-20 08:49 -------- d-----w- c:\program files\Alice MOBILE
2009-09-22 14:07 . 2009-09-07 10:54 -------- d-----w- c:\program files\Huawei Access Manager
2009-09-21 14:09 . 2009-09-21 14:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-19 10:35 . 2009-09-09 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-19 04:30 . 2009-08-20 09:58 -------- d-----w- c:\program files\Common Files\Real
2009-09-19 04:30 . 2009-09-19 04:30 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-19 04:25 . 2009-09-19 04:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-19 04:25 . 2008-10-09 12:37 -------- d-----w- c:\program files\Java
2009-09-19 04:25 . 2009-09-19 04:25 152576 ----a-w- c:\documents and settings\Livio Mercurio\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-19 04:22 . 2009-09-19 04:22 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-09-19 01:42 . 2009-09-19 01:42 23116 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-17 05:36 . 2009-09-17 15:48 364916 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2009-09-15 11:28 . 2009-09-17 15:48 106867 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll
2009-09-15 11:28 . 2009-09-17 15:48 422261 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
2009-09-15 11:27 . 2009-09-17 15:48 184693 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2009-09-11 16:40 . 2009-09-11 15:42 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-11 15:42 . 2009-09-11 15:42 -------- d-----w- c:\program files\Avira
2009-09-11 15:42 . 2009-09-11 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-11 15:38 . 2008-10-09 12:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-11 14:18 . 2007-01-31 11:59 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:13 . 2009-09-11 14:13 -------- d-----w- c:\program files\CCleaner
2009-09-09 14:18 . 2009-09-09 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-09 11:58 . 2009-09-17 15:48 475513 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2009-09-08 09:43 . 2009-09-08 09:43 -------- d-----w- c:\documents and settings\Livio Mercurio\Application Data\McAfee
2009-09-04 21:03 . 2007-01-31 11:59 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 10:54 . 2009-09-17 15:48 127346 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
2009-09-03 10:54 . 2009-09-17 15:48 237940 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
2009-09-03 06:23 . 2009-09-09 14:16 22848 ----a-w- c:\documents and settings\Livio Mercurio\Application Data\Mozilla\Firefox\Profiles\iwiwn4it.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-09-03 06:23 . 2009-09-09 14:16 19792 ----a-w- c:\documents and settings\Livio Mercurio\Application Data\Mozilla\Firefox\Profiles\iwiwn4it.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-08-29 07:36 . 2007-01-31 11:58 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2007-01-31 12:01 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2007-01-31 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2007-01-31 12:07 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-20 12:14 . 2009-08-20 12:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-20 12:10 . 2009-08-20 12:10 0 ----a-w- c:\windows\nsreg.dat
2009-08-18 09:32 . 2009-09-17 15:48 1921400 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2009-08-14 14:04 . 2009-08-14 14:04 239088 ----a-w- c:\documents and settings\Livio Mercurio\Application Data\Mozilla\plugins\npgoogletalk.dll
2007-11-09 13:10 . 2007-11-09 13:10 30288 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 13:10 . 2007-11-09 13:10 79440 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 13:10 . 2007-11-09 13:10 75344 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 13:10 . 2007-11-09 13:10 140880 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 13:10 . 2007-11-09 13:10 42576 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 13:10 . 2007-11-09 13:10 50768 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2007-11-09 13:10 . 2007-11-09 13:10 34384 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-11-09 13:11 . 2007-11-09 13:11 685648 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 13:11 . 2007-11-09 13:11 30288 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX5000 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"EPSON Stylus DX5000 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"Google Update"="c:\documents and settings\Livio Mercurio\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-20 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"aman"="c:\windows\system32\AMAN.bat" [2009-11-02 1136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NECMFK"="c:\program files\necmfk\necmfk.exe" [2001-08-23 66879]
"Backdrop"="c:\windows\System32\Bginfo.exe" [2005-09-12 741421]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-25 31232]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-02-18 1044480]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-12-05 487424]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-19 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-19 198160]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-08-09 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\Livio Mercurio\Start Menu\Programs\Startup\
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2006-1-21 118784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSN2Lite\Psn2Lite.exe [2002-4-29 520192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-25 18:20 40448 ------w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Livio Mercurio\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Livio Mercurio\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [19/10/2009 11:44 28544]
R1 Ps2LedIF;Ps2LedIF;c:\windows\system32\drivers\Ps2LedIF.sys [13/02/2008 15:15 5174]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [05/12/2007 18:42 46656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/09/2009 18:42 108289]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [25/04/2006 21:00 3456]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [05/12/2007 19:17 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [05/12/2007 18:42 249856]
R3 Ps2Led;NEC Note Keyboard with One-touch start buttons;c:\windows\system32\drivers\Ps2Led.sys [13/02/2008 15:15 7456]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/05/2007 16:59 30336]
S2 gupdate1ca218eb54e84d8;Google Update Service (gupdate1ca218eb54e84d8);c:\program files\Google\Update\GoogleUpdate.exe [20/08/2009 15:06 133104]
S2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\onda_mon.exe [20/08/2009 11:49 86016]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [20/08/2009 11:49 104960]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [20/08/2009 11:49 110080]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [20/08/2009 11:49 104960]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [20/08/2009 11:49 104960]
S3 PAC7302;USB 1.1 WEB CAMERA VGA;c:\windows\system32\drivers\PAC7302.SYS [09/08/2007 18:21 460672]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{12LOP3S8-1VRX-81VS-JKL6-61OP5G7774441}]
c:\kalba\MAAFENA\LAXOURY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AC76BA86-7AD7-1033-7B44-A80000000002}]
msiexec.exe /fu {AC76BA86-7AD7-1033-7B44-A80000000002}
.
Contents of the 'Scheduled Tasks' folder

2009-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 09:34]

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 12:06]

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 12:06]

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-842925246-839522115-1005Core.job
- c:\documents and settings\Livio Mercurio\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 12:13]

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-842925246-839522115-1005UA.job
- c:\documents and settings\Livio Mercurio\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 12:13]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uWindow Title = Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://alicemobile.mobi/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 172.27.1.3:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Livio Mercurio\Application Data\Mozilla\Firefox\Profiles\iwiwn4it.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Livio Mercurio\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Livio Mercurio\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Antivirus - c:\windows\system32\Antivirus.vbs
AddRemove-IDAutomation.com Code 39 Free Font - c:\program files\IDAutomation.com



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 18:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\vrlogon.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll

- - - - - - - > 'lsass.exe'(656)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
Completion time: 2009-11-06 18:45
ComboFix-quarantined-files.txt 2009-11-06 15:45

Pre-Run: 22,022,623,232 bytes free
Post-Run: 22,119,092,224 bytes free

- - End Of File - - 1EBC8451A5B7975AFA272565A3823DFB
liviohg
Newbie
 
Post: 6
Iscritto il: 06/11/09 10:00

Re: cmd.exe etiopian virus

Postdi Luke57 » 07/11/09 11:07

Ciao, pare che combofix l'abbia eliminato, hai ancora problemi?
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: cmd.exe etiopian virus

Postdi liviohg » 07/11/09 15:57

niente da fare, al riavvio mi compare sempre la stessa finestra etiope.
ma devo dire che almeno riesco a mantenere i settaggi delle cartelle, che prima mi saltavano in continuazione
liviohg
Newbie
 
Post: 6
Iscritto il: 06/11/09 10:00

Re: cmd.exe etiopian virus

Postdi Luke57 » 07/11/09 17:32

liviohg ha scritto:niente da fare, al riavvio mi compare sempre la stessa finestra etiope.
ma devo dire che almeno riesco a mantenere i settaggi delle cartelle, che prima mi saltavano in continuazione

Ciao, scarica Malwarebytes http://www.malwarebytes.org/mbam/program/mbam-setup.exe

installalo e aggiornalo. Fai una scansione completa, posta il report dello scan.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: cmd.exe etiopian virus

Postdi liviohg » 08/11/09 15:00

niente da fare, quando riavvio compare la finestra rossa
ho fatto due scansioni, la prima l'ho dovuta interrompere qui c'e' il log file, ti metto anche l'altro della seconda scansione in un secondo messaggio


Malwarebytes' Anti-Malware 1.41
Versione del database: 3122
Windows 5.1.2600 Service Pack 3

08/11/2009 10:28:05
mbam-log-2009-11-08 (10-28-05).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 47065
Tempo trascorso: 22 minute(s), 18 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{12lop3s8-1vrx-81vs-jkl6-61op5g7774441} (Trojan.Agent) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
liviohg
Newbie
 
Post: 6
Iscritto il: 06/11/09 10:00

Re: cmd.exe etiopian virus

Postdi liviohg » 08/11/09 15:01

ecco il secondo log file

Malwarebytes' Anti-Malware 1.41
Versione del database: 3122
Windows 5.1.2600 Service Pack 3

08/11/2009 13:55:42
mbam-log-2009-11-08 (13-55-42).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 189776
Tempo trascorso: 1 hour(s), 23 minute(s), 8 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 1
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\WIN\DOWS (Backdoor.IRCBot) -> Quarantined and deleted successfully.

File infetti:
(Nessun elemento malevolo rilevato)
liviohg
Newbie
 
Post: 6
Iscritto il: 06/11/09 10:00


Torna a Sicurezza e Privacy


Topic correlati a "cmd.exe etiopian virus":

Virus o cosa?
Autore: danibi60
Forum: Sicurezza e Privacy
Risposte: 26

Chi c’è in linea

Visitano il forum: Nessuno e 36 ospiti