Accedi per seguire   
Seguaci 0
luigi1986

Malware Ripetititvi

5 messaggi in questa discussione

Salve,

da tempo, quando faccio la scansione con ad-aware, mi compaiono una ventina di avvisi di virus(più precisamente malware)che di consueto elimino, ma, questi ultimi compaiono precisamente alla prossima scansione.per questo vi posoto il mio log!Grazie

Logfile of HijackThis v1.99.1

Scan saved at 2.10.43, on 14/07/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

C:\Programmi\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Programmi\ewido anti-malware\ewidoctrl.exe

C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE

C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe

C:\Programmi\Ahead\InCD\InCD.exe

C:\Programmi\QuickTime\qttask.exe

C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe

C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe

C:\Programmi\Creative\MediaSource\RemoteControl\RcMan.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE

C:\Programmi\MSN Messenger\MsnMsgr.Exe

C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe

C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe

C:\Programmi\Creative\MediaSource\RemoteControl\OSDMenu.EXE

C:\Documents and Settings\PUCA\Documenti\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.libero.it:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar\01.01.2607.0\it\msntb.dll

O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Programmi\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [inCD] C:\Programmi\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [DVD43] "C:\Programmi\DVD Region+CSS Free\DVDRegionFree.exe" /hidden

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [RemoveWGA] C:\Documents and Settings\PUCA\Impostazioni locali\Temporary Internet Files\Content.IE5\KTU78XUN\RemoveWGA.exe -startup

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKCU\..\Run: [RemoteCenter] C:\Programmi\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\nbj.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.gazzettino.it/script/AxisCamControl.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C37487D7-9FC0-44C5-88CE-88B0C887950B}: NameServer = 193.70.152.15,193.70.152.25

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Il log è apposto apparte una voce che si rimuove così..

Apri IE -> Strumenti -> Opzioni Internet -> Svuota cookie, Svuota File Tempoaranei

Come si chiamano questi malware che ti segna? :)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

i files infetti cono i nomi dei malware sono:

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\153B24\Counter.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\153B24\Gummy.class

nome malware: JS:gummy(trj)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\153B24\VerifierBug.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\153B24\Worker.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\153B24\Xeyond.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\8D056\Worker.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\DF824\Counter.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\DF824\Gummy.class

nome malware:JS:Gummy [Trj]

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\DF824\VerifierBug.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\DF824\web.exe

nome malware:Win32:Trojan-gen. {Other}

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\DF824\Worker.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\DF824\Xeyond.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\3742CC\Counter.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\3742CC\Gummy.class

nome malware:JS:Gummy [Trj]

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\3742CC\VerifierBug.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\3742CC\Worker.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\3742CC\Xeyond.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\D13AF\Counter.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\D13AF\Gummy.class

nome malware:JS:Gummy [Trj]

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\D13AF\VerifierBug.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\D13AF\Worker.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\D13AF\Xeyond.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\374732\Counter.class

nome malware:VBS:malware(gen)

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\374732\Gummy.class

nome malware:JS:Gummy [Trj]

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\374732\VerifierBug.class

nome malware:VBS:Malware [Gen]

:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\374732\web.exe

nome malware:Win32:Agent-OZ [Trj]

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\374732\Worker.class

nome malware:VBS:Malware [Gen]

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\374732\Xeyond.class

nome malware:VBS:Malware [Gen]

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\257A62\Counter.class

nome malware:VBS:Malware [Gen]

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\257A62\Gummy.class

nome malware:JS:Gummy [Trj]

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\257A62\VerifierBug.class

nome malware:VBS:Malware [Gen]

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\257A62\Worker.class

nome malware:VBS:Malware [Gen]

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\257A62\Xeyond.class

nome malware:VBS:Malware [Gen]

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\8D056\Counter.class

nome malware:VBS:Malware [Gen]

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\8D056\Gummy.class

nome malware:JS:Gummy [Trj]

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\8D056\VerifierBug.class

nome malware:VBS:Malware [Gen]

C:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\8D056\web.exe

nome malware:Win32:Agent-MS [Trj]

:\DOCUME~1\PUCA\IMPOST~1\Temp\AAWTMP\C2174609\8D056\Xeyond.class

nome malware:VBS:Malware [Gen]

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Sono tutti nella cartella dei file temporanei, puoi elimuarli tranquillamente...

Per prima cosa, prova con Ccleaner

ma prima di effettuare la pulizia, vai in Opzioni\Avanzate e togli la spunta a :

capt0013pz.jpg

(in seguito... Ccleaner usalo una volta al mese... se lo usi più spesso NON svuotare la cartella prefetch... se svuoti questa cartella troppo spesso potresti rallentare il sistema)

Quindi controlla che tutti i files siano stati eliminati....

Se per caso non dovesse eliminarti qualcosa, perchè in uso:

# Assicurati che l'opzione "Visualizza cartelle e file nascosti" sia attivata.

(Pannello di controllo > Opzioni Cartella > Visualizzazione)

# Avvia il Pc in Modalità Provvisoria

# Da START\ESEGUI digita (copia e incolla) C:\DOCUME~1\PUCA\IMPOST~1\Temp\

# seleziona Tutti i files (CTRL + 5 [sul tastierino]) ed eliminali

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Accedi per seguire   
Seguaci 0