Da qualche giorno gli antivirus non partono perché non trovano il collegamento al file .exe.
Se mi connetto ad internet si aprono numerose pagine strane.
Da una scansione online viene rilevato infetto da Trojan W32 Beagle in C:\WINDOWS\system32\wintems.exe
Credo sia un worm Beagle.
Ho letto l'articolo http://www.MegaLab.it/2657 e ho lanciato GMER con questo risultato:
GMER 1.0.12.12086 - http://www.gmer.net
Autostart scan 2007-03-12 11:48:48
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
fcyvs@DLLName = C:\WINDOWS\system32\fcyvs.dll
igfxcui@DLLName = igfxsrvc.dll
mljhebc@DLLName = mljhebc.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AVGEMS /*AVG E-mail Scanner*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe /*file not found*/
EvtEng /*EvtEng*/@ = C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
RegSrvc /*RegSrvc*/@ = C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
S24EventMonitor /*Spectrum24 Event Monitor*/@ = C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
VAIO Entertainment File Import Service /*VAIO Entertainment File Import Service*/@ = C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
VCI /*VAIO Cooporated Initialisation*/@ = C:\Programmi\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ApointC:\Programmi\Apoint\Apoint.exe = C:\Programmi\Apoint\Apoint.exe
@HKSERV.EXEC:\Programmi\Sony\HotKey Utility\HKserv.exe = C:\Programmi\Sony\HotKey Utility\HKserv.exe
@VAIO Update 2"C:\Programmi\sony\vaio update 2\VAIOUpdt.exe" /Stationary = "C:\Programmi\sony\vaio update 2\VAIOUpdt.exe" /Stationary
@SonyPowerCfgC:\Programmi\sony\vaio power management\SPMgr.exe = C:\Programmi\sony\vaio power management\SPMgr.exe
@OWS Setup CmdLine"C:\Programmi\File comuni\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /pkg "Office 2000 Server Extensions" = "C:\Programmi\File comuni\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /pkg "Office 2000 Server Extensions"
@DispatcherC:\WINDOWS\dispatcher.exe = C:\WINDOWS\dispatcher.exe
@2chkdskrundll32.exe "C:\WINDOWS\system32\epunkght.dll",setvm = rundll32.exe "C:\WINDOWS\system32\epunkght.dll",setvm
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/ = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@iTunesHelper"C:\Programmi\iTunes\iTunesHelper.exe" = "C:\Programmi\iTunes\iTunesHelper.exe"
@WinAntiVirusPro2006"C:\Programmi\WinAntiVirus Pro 2006\WinAV.exe" /min = "C:\Programmi\WinAntiVirus Pro 2006\WinAV.exe" /min
@uwa6pcw"C:\Programmi\File comuni\WinAntiVirus Pro 2006\uwa6pcw.exe" -c = "C:\Programmi\File comuni\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@drvsyskitC:\Documents and Settings\PAOLA\Dati applicazioni\hidires\hidr.exe = C:\Documents and Settings\PAOLA\Dati applicazioni\hidires\hidr.exe
@german.exeC:\WINDOWS\system32\wintems.exe = C:\WINDOWS\system32\wintems.exe
@Uniblue Registry BoosterC:\Programmi\Uniblue\Registry Booster\RegistryBooster.exe /S /*file not found*/ = C:\Programmi\Uniblue\Registry Booster\RegistryBooster.exe /S /*file not found*/
@eMuleAutoStartC:\Documents and Settings\andrea\emule\emule.exe -AutoStart /*file not found*/ = C:\Documents and Settings\andrea\emule\emule.exe -AutoStart /*file not found*/
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{C47A9554-195A-4769-9B13-04F15B450A39} = C:\WINDOWS\system32\mljhebc.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{ED58A35B-B554-42AF-A26C-6F3D424200D3} /*Sony Power Management Extensiond*/C:\Programmi\sony\vaio power management\SPMPanel.dll = C:\Programmi\sony\vaio power management\SPMPanel.dll
@{DEE12703-6333-4D4E-8F34-738C4DCC2E04} /*RecordNow! SendToExt*/C:\Programmi\Sonic\RecordNow!\shlext.dll = C:\Programmi\Sonic\RecordNow!\shlext.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{259F616C-A300-44F5-B04A-ED001A26C85C} /*SolidConverter extension*/C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll = C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
ShellExtension@{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} = C:\Programmi\WinAntiVirus Pro 2006\WAV6COM.dll
SolidConverterPDF@{259F616C-A300-44F5-B04A-ED001A26C85C} = C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ShellExtension@{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} = C:\Programmi\WinAntiVirus Pro 2006\WAV6COM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
SolidConverterPDF@{259F616C-A300-44F5-B04A-ED001A26C85C} = C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}C:\Programmi\WinAntiVirus Pro 2006\winpgi.dll = C:\Programmi\WinAntiVirus Pro 2006\winpgi.dll
@{259F616C-A300-44F5-B04A-ED001A26C85C}C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll = C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
@{51019736-A96D-4A34-9E6E-0AB5A38C9285}C:\WINDOWS\system32\winshfic.dll /*file not found*/ = C:\WINDOWS\system32\winshfic.dll /*file not found*/
@{6D81328C-1481-4D70-B2D1-CAF5A72B9505}C:\WINDOWS\system32\fcyvs.dll = C:\WINDOWS\system32\fcyvs.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar3.dll = c:\programmi\google\googletoolbar3.dll
@{B5141620-C2B2-4D95-9F0F-134D99C87AB0}C:\Programmi\WinAntiVirus Pro 2006\IEFWBHO.dll = C:\Programmi\WinAntiVirus Pro 2006\IEFWBHO.dll
@{C47A9554-195A-4769-9B13-04F15B450A39}C:\WINDOWS\system32\mljhebc.dll = C:\WINDOWS\system32\mljhebc.dll
@{D38439EC-4A7F-42b4-90C2-D810D7778FDD}C:\WINDOWS\system32\ioyqjras.dll /*file not found*/ = C:\WINDOWS\system32\ioyqjras.dll /*file not found*/
@{E03C740E-BB24-4d3c-B92A-6F84DE1DD99C}C:\WINDOWS\system32\lyqohory.dll /*file not found*/ = C:\WINDOWS\system32\lyqohory.dll /*file not found*/
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\AVASTSS.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.club-vaio.sony-europe.com/ = http://www.club-vaio.sony-europe.com/
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\INETCOMM.DLL
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Audio Filter.lnk = Audio Filter.lnk
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
Microsoft Office.lnk = Microsoft Office.lnk
---- EOF - GMER 1.0.12 ----
ora cosa faccio ?
Anticipatamente ringrazio.
Andrea