Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Problema virus /!\

2 pages: 1 [2]
Problema virus /!\ Opzioni
Topic Precedente · Topic Sucessivo
diablotik
Inviato: Thursday, September 20, 2007 7:55:11 PM
Rank: Member

Iscritto dal : 9/14/2007
Posts: 6
vundo... a noi 2 ^^ anzi, mi sa che avrò ancora bisogno del vostro aiuto^^ aspettiamo i specialisti
Torna in alto
 
monsee
Inviato: Thursday, September 20, 2007 9:44:25 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Qualcosa con cui poter "aprire il fuoco" (i consigli del grande Kuma):
http://www.wininizio.it/forum/lofiversion/index.php/t28954.html

Devi scendere lungo la pagina fino a trovar la voce <b><font color=blue>Vundo_FIX</font id=blue></b>. Clicca su tale voce per scaricare il tool di rimozione. Dopo di che, segui le istruzioni scritte in grigio. Se non dovesse esser sufficiente, prova con le istruzioni scritte in violetto, scaricando e utilizzando il tool di rimozione (vedrai che c'è anche il link) "VirtumondoBegone".
Se non va risolve manco questo, significa che bisognerà scovar qualche cos'altro...
Torna in alto
 
diablotik
Inviato: Friday, September 21, 2007 2:33:23 PM
Rank: Member

Iscritto dal : 9/14/2007
Posts: 6
ecco il log del primo tool, dopo la rimozione...

VundoFix V6.5.8

Checking Java version...

Sun Java not detected
Scan started at 14.02.58 21/09/2007

Listing files found while scanning....

C:\windows\system32\adqofwyf.ini
C:\windows\system32\fhlsiblf.dll
C:\windows\system32\flbislhf.ini
C:\windows\system32\fywfoqda.dll
C:\WINDOWS\system32\hfuxpkfn.dll
C:\windows\system32\hlvcysqp.ini
C:\windows\system32\lyiuoyyr.ini
C:\windows\system32\ouynsrft.ini
C:\windows\system32\pqsycvlh.dll
C:\windows\system32\reqdyixs.ini
C:\windows\system32\ryyouiyl.dll
C:\windows\system32\sxiydqer.dll
C:\windows\system32\tfrsnyuo.dll

Beginning removal...

Attempting to delete C:\windows\system32\adqofwyf.ini
C:\windows\system32\adqofwyf.ini Has been deleted!

Attempting to delete C:\windows\system32\fhlsiblf.dll
C:\windows\system32\fhlsiblf.dll Has been deleted!

Attempting to delete C:\windows\system32\flbislhf.ini
C:\windows\system32\flbislhf.ini Has been deleted!

Attempting to delete C:\windows\system32\fywfoqda.dll
C:\windows\system32\fywfoqda.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hfuxpkfn.dll
C:\WINDOWS\system32\hfuxpkfn.dll Has been deleted!

Attempting to delete C:\windows\system32\hlvcysqp.ini
C:\windows\system32\hlvcysqp.ini Has been deleted!

Attempting to delete C:\windows\system32\lyiuoyyr.ini
C:\windows\system32\lyiuoyyr.ini Has been deleted!

Attempting to delete C:\windows\system32\ouynsrft.ini
C:\windows\system32\ouynsrft.ini Has been deleted!

Attempting to delete C:\windows\system32\pqsycvlh.dll
C:\windows\system32\pqsycvlh.dll Has been deleted!

Attempting to delete C:\windows\system32\reqdyixs.ini
C:\windows\system32\reqdyixs.ini Has been deleted!

Attempting to delete C:\windows\system32\ryyouiyl.dll
C:\windows\system32\ryyouiyl.dll Has been deleted!

Attempting to delete C:\windows\system32\sxiydqer.dll
C:\windows\system32\sxiydqer.dll Has been deleted!

Attempting to delete C:\windows\system32\tfrsnyuo.dll
C:\windows\system32\tfrsnyuo.dll Has been deleted!

Performing Repairs to the registry.
Done!


Purtroppo continuo ad avere problemi, provo con la seconda opzione
Torna in alto
 
diablotik
Inviato: Saturday, September 22, 2007 7:07:51 AM
Rank: Member

Iscritto dal : 9/14/2007
Posts: 6
scusate, ma la seconda opzione, é lo stesso tool solo che si fa in modalità provvisoria?Se é cosi, anche dopo quello ho problemi, anzi non mi ha individuato niente
Torna in alto
 
monsee
Inviato: Saturday, September 22, 2007 12:22:37 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Ovviamente, no: è il link che t'ho postato ad essere sbagliato e farti scaricare di nuovo VundoFix...
http://forum.swzone.it/showthread.php?threadid=91231
Eccoti il link ad una pagina di forum nella quale son stati postati 4 links per quattro diversi strumenti pensati per rimuovere il Vundo. A parte il VundoFix (che hai già) scarica gli altri tre (incluso il "FixVundo" della Symantec) e procedi nella tua battuta di caccia. Il modo esatto, l'ordine preciso e le modalità d'impiego dei 4 tools di rimozione li troverai spiegati con semplicità nello stesso post che contiene i links per scaricare.
Mi risulta sia possibile che con l'utilizzo di "Virtumondobegone" appaia la classica "schermata blu della morte": se capita, non te ne preoccupare, perché fa parte della procedura stessa e non comporta -a parte l'apparenza- il benché minimo problema. Riavvia e procedi senza tema per la strada intrapresa.


Edited by - monsee on 09/22/2007 12:23:29
Torna in alto
 
diablotik
Inviato: Sunday, September 23, 2007 1:09:26 PM
Rank: Member

Iscritto dal : 9/14/2007
Posts: 6
Ho seguito la procedura... vundofix non ha trovato niente, fixvundo neanche, virtumondobegone mi ha fatto avere la schermata blu, e la seconda volta non ha trovato niente... ecco i rapporti:

Fixvundo:

Symantec Trojan.Vundo Removal Tool 1.5.0

C:\Documents and Settings\fabio\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabioalbenga@hotmail.it\SharingMetadata\alyssa19936@hotmail.com\DFSR\Staging\CS{A0D10D5C-59BE-E25E-3345-9D4B8DE27DC9}\01\10-{A0D10D5C-59BE-E25E-3345-9D4B8DE27DC9}-v1-{56F917B7-E613-4462-9859-38223FAEDFC9}-v10-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\fabio\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabioalbenga@hotmail.it\SharingMetadata\alyssa19936@hotmail.com\DFSR\Staging\CS{A0D10D5C-59BE-E25E-3345-9D4B8DE27DC9}\11\13-{5845E4E3-251F-4499-BC67-899206BA61AD}-v11-{E13538C8-01B1-431D-AD4D-B0CA563C8FB7}-v13-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\fabio\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabioalbenga@hotmail.it\SharingMetadata\darkgd2@hotmail.fr\DFSR\Staging\CS{8CE37C3B-DEA0-9AE4-9058-FC3EE355EC27}\01\16-{8CE37C3B-DEA0-9AE4-9058-FC3EE355EC27}-v1-{56F917B7-E613-4462-9859-38223FAEDFC9}-v16-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\fabio\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabioalbenga@hotmail.it\SharingMetadata\darkgd2@hotmail.fr\DFSR\Staging\CS{8CE37C3B-DEA0-9AE4-9058-FC3EE355EC27}\99\99-{D7A82F33-A143-4F53-B29F-E779B4554A4D}-v99-{D7A82F33-A143-4F53-B29F-E779B4554A4D}-v99-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\fabio\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabioalbenga@hotmail.it\SharingMetadata\lelina_96@hotmail.it\DFSR\Staging\CS{EE5523CE-994E-FD4A-EC57-9C10C6D604A9}\01\12-{EE5523CE-994E-FD4A-EC57-9C10C6D604A9}-v1-{56F917B7-E613-4462-9859-38223FAEDFC9}-v12-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\fabio\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabioalbenga@hotmail.it\SharingMetadata\lelina_96@hotmail.it\DFSR\Staging\CS{EE5523CE-994E-FD4A-EC57-9C10C6D604A9}\19\20-{27CD7CF3-30AA-484F-B406-915B6BDB9C7F}-v19-{27CD7CF3-30AA-484F-B406-915B6BDB9C7F}-v20-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\fabio\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabioalbenga@hotmail.it\SharingMetadata\lelina_96@hotmail.it\DFSR\Staging\CS{EE5523CE-994E-FD4A-EC57-9C10C6D604A9}\21\22-{27CD7CF3-30AA-484F-B406-915B6BDB9C7F}-v21-{27CD7CF3-30AA-484F-B406-915B6BDB9C7F}-v22-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\fabio\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabioalbenga@hotmail.it\SharingMetadata\lelina_96@hotmail.it\DFSR\Staging\CS{EE5523CE-994E-FD4A-EC57-9C10C6D604A9}\25\27-{27CD7CF3-30AA-484F-B406-915B6BDB9C7F}-v25-{27CD7CF3-30AA-484F-B406-915B6BDB9C7F}-v27-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\fabio\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabioalbenga@hotmail.it\SharingMetadata\lelina_96@hotmail.it\DFSR\Staging\CS{EE5523CE-994E-FD4A-EC57-9C10C6D604A9}\32\42-{27CD7CF3-30AA-484F-B406-915B6BDB9C7F}-v32-{27CD7CF3-30AA-484F-B406-915B6BDB9C7F}-v42-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\fabio\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabioalbenga@hotmail.it\SharingMetadata\lobibello@hotmail.it\DFSR\Staging\CS{86302778-F14B-28BF-C2F1-EDB8C336D989}\01\11-{86302778-F14B-28BF-C2F1-EDB8C336D989}-v1-{56F917B7-E613-4462-9859-38223FAEDFC9}-v11-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\fabio\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabioalbenga@hotmail.it\SharingMetadata\lobibello@hotmail.it\DFSR\Staging\CS{86302778-F14B-28BF-C2F1-EDB8C336D989}\11\11-{3D684EA6-B0EB-4419-83AA-75393A4997C8}-v11-{3D684EA6-B0EB-4419-83AA-75393A4997C8}-v11-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\fabio\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabioalbenga@hotmail.it\SharingMetadata\lobibello@hotmail.it\DFSR\Staging\CS{86302778-F14B-28BF-C2F1-EDB8C336D989}\12\12-{3D684EA6-B0EB-4419-83AA-75393A4997C8}-v12-{3D684EA6-B0EB-4419-83AA-75393A4997C8}-v12-Downloaded.frx (WARNING: not scanned, path to long)
C:\System Volume Information: (not scanned)
Trojan.Vundo has not been found on your computer.

VirtumondoBegone:


[09/22/2007, 18:24:19] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\fabio\Desktop\VirtumundoBeGone.exe" )
[09/22/2007, 18:24:24] - User choose NOT to continue. Exiting...

[09/23/2007, 12:55:45] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\fabio\Desktop\VirtumundoBeGone.exe" )
[09/23/2007, 12:55:51] - Detected System Information:
[09/23/2007, 12:55:51] - Windows Version: 5.1.2600, Service Pack 2
[09/23/2007, 12:55:51] - Current Username: fabio (Admin)
[09/23/2007, 12:55:51] - Windows is in SAFE mode with Networking.
[09/23/2007, 12:55:51] - Searching for Browser Helper Objects:
[09/23/2007, 12:55:51] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/23/2007, 12:55:51] - BHO 2: {089FD14D-132B-48FC-8861-0048AE113215} ()
[09/23/2007, 12:55:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/23/2007, 12:55:51] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
[09/23/2007, 12:55:51] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
[09/23/2007, 12:55:51] - BHO 3: {733E9132-53CA-4C97-9AC9-145C4502FA20} ()
[09/23/2007, 12:55:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/23/2007, 12:55:51] - Checking for HKLM\...\Winlogon\Notify\urqrrsq
[09/23/2007, 12:55:51] - Found: HKLM\...\Winlogon\Notify\urqrrsq - This is probably Virtumundo.
[09/23/2007, 12:55:51] - Assigning {733E9132-53CA-4C97-9AC9-145C4502FA20} MSEvents Object
[09/23/2007, 12:55:51] - BHO list has been changed! Starting over...
[09/23/2007, 12:55:51] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/23/2007, 12:55:51] - BHO 2: {089FD14D-132B-48FC-8861-0048AE113215} ()
[09/23/2007, 12:55:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/23/2007, 12:55:52] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
[09/23/2007, 12:55:52] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
[09/23/2007, 12:55:52] - BHO 3: {733E9132-53CA-4C97-9AC9-145C4502FA20} (MSEvents Object)
[09/23/2007, 12:55:52] - ALERT: Found MSEvents Object!
[09/23/2007, 12:55:52] - BHO 4: {7A5B668D-7A1B-4BB2-86C5-C83C433618B4} ()
[09/23/2007, 12:55:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/23/2007, 12:55:52] - Checking for HKLM\...\Winlogon\Notify\mljjh
[09/23/2007, 12:55:52] - Key not found: HKLM\...\Winlogon\Notify\mljjh, continuing.
[09/23/2007, 12:55:52] - BHO 5: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[09/23/2007, 12:55:52] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/23/2007, 12:55:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/23/2007, 12:55:52] - No filename found. Continuing.
[09/23/2007, 12:55:52] - BHO 7: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} (Encarta Web Companion Oggetto helper)
[09/23/2007, 12:55:52] - BHO 8: {A43922EA-01EB-4073-87B5-45189A8E8F6C} ()
[09/23/2007, 12:55:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/23/2007, 12:55:52] - Checking for HKLM\...\Winlogon\Notify\mljjh
[09/23/2007, 12:55:52] - Key not found: HKLM\...\Winlogon\Notify\mljjh, continuing.
[09/23/2007, 12:55:52] - Finished Searching Browser Helper Objects
[09/23/2007, 12:55:52] - *** Detected MSEvents Object
[09/23/2007, 12:55:52] - Trying to remove MSEvents Object...
[09/23/2007, 12:55:53] - Terminating Process: IEXPLORE.EXE
[09/23/2007, 12:55:53] - Terminating Process: RUNDLL32.EXE
[09/23/2007, 12:55:53] - Disabling Automatic Shell Restart
[09/23/2007, 12:55:53] - Terminating Process: EXPLORER.EXE
[09/23/2007, 12:55:53] - Suspending the NT Session Manager System Service
[09/23/2007, 12:55:53] - Terminating Windows NT Logon/Logoff Manager
[09/23/2007, 12:55:53] - Re-enabling Automatic Shell Restart
[09/23/2007, 12:55:53] - File to disable: C:\WINDOWS\system32\urqrrsq.dll
[09/23/2007, 12:55:53] - Renaming C:\WINDOWS\system32\urqrrsq.dll -> C:\WINDOWS\system32\urqrrsq.dll.vir
[09/23/2007, 12:55:53] - File successfully renamed!
[09/23/2007, 12:55:53] - Removing HKLM\...\Browser Helper Objects\{733E9132-53CA-4C97-9AC9-145C4502FA20}
[09/23/2007, 12:55:53] - Removing HKCR\CLSID\{733E9132-53CA-4C97-9AC9-145C4502FA20}
[09/23/2007, 12:55:53] - Adding Kill Bit for ActiveX for GUID: {733E9132-53CA-4C97-9AC9-145C4502FA20}
[09/23/2007, 12:55:54] - Deleting ATLEvents/MSEvents Registry entries
[09/23/2007, 12:55:54] - Removing HKLM\...\Winlogon\Notify\urqrrsq
[09/23/2007, 12:55:54] - Searching for Browser Helper Objects:
[09/23/2007, 12:55:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/23/2007, 12:55:54] - BHO 2: {089FD14D-132B-48FC-8861-0048AE113215} ()
[09/23/2007, 12:55:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/23/2007, 12:55:54] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
[09/23/2007, 12:55:54] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
[09/23/2007, 12:55:54] - BHO 3: {7A5B668D-7A1B-4BB2-86C5-C83C433618B4} ()
[09/23/2007, 12:55:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/23/2007, 12:55:54] - Checking for HKLM\...\Winlogon\Notify\mljjh
[09/23/2007, 12:55:54] - Key not found: HKLM\...\Winlogon\Notify\mljjh, continuing.
[09/23/2007, 12:55:54] - BHO 4: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[09/23/2007, 12:55:54] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/23/2007, 12:55:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/23/2007, 12:55:54] - No filename found. Continuing.
[09/23/2007, 12:55:54] - BHO 6: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} (Encarta Web Companion Oggetto helper)
[09/23/2007, 12:55:54] - BHO 7: {A43922EA-01EB-4073-87B5-45189A8E8F6C} ()
[09/23/2007, 12:55:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/23/2007, 12:55:54] - Checking for HKLM\...\Winlogon\Notify\mljjh
[09/23/2007, 12:55:54] - Key not found: HKLM\...\Winlogon\Notify\mljjh, continuing.
[09/23/2007, 12:55:54] - Finished Searching Browser Helper Objects
[09/23/2007, 12:55:54] - Finishing up...
[09/23/2007, 12:55:54] - A restart is needed.
[09/23/2007, 12:55:54] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[09/23/2007, 12:56:04] - Attempting to Restart via STOP error (Blue Screen!)

[09/23/2007, 12:58:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\fabio\Desktop\VirtumundoBeGone.exe" )
[09/23/2007, 12:58:11] - Detected System Information:
[09/23/2007, 12:58:11] - Windows Version: 5.1.2600, Service Pack 2
[09/23/2007, 12:58:11] - Current Username: fabio (Admin)
[09/23/2007, 12:58:11] - Windows is in SAFE mode with Networking.
[09/23/2007, 12:58:11] - Searching for Browser Helper Objects:
[09/23/2007, 12:58:11] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/23/2007, 12:58:11] - BHO 2: {089FD14D-132B-48FC-8861-0048AE113215} ()
[09/23/2007, 12:58:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/23/2007, 12:58:11] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
[09/23/2007, 12:58:11] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
[09/23/2007, 12:58:11] - BHO 3: {7A5B668D-7A1B-4BB2-86C5-C83C433618B4} ()
[09/23/2007, 12:58:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/23/2007, 12:58:11] - Checking for HKLM\...\Winlogon\Notify\mljjh
[09/23/2007, 12:58:11] - Key not found: HKLM\...\Winlogon\Notify\mljjh, continuing.
[09/23/2007, 12:58:11] - BHO 4: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[09/23/2007, 12:58:11] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/23/2007, 12:58:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/23/2007, 12:58:11] - No filename found. Continuing.
[09/23/2007, 12:58:11] - BHO 6: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} (Encarta Web Companion Oggetto helper)
[09/23/2007, 12:58:11] - BHO 7: {A43922EA-01EB-4073-87B5-45189A8E8F6C} ()
[09/23/2007, 12:58:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/23/2007, 12:58:11] - Checking for HKLM\...\Winlogon\Notify\mljjh
[09/23/2007, 12:58:11] - Key not found: HKLM\...\Winlogon\Notify\mljjh, continuing.
[09/23/2007, 12:58:11] - Finished Searching Browser Helper Objects
[09/23/2007, 12:58:11] - Finishing up...
[09/23/2007, 12:58:11] - Nothing found! Exiting...

E ne metto anche uno di hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.04.48, on 23/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\wgnjagtw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programmi\file comuni\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FILECO~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FILECO~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programmi\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\McAfee\MSK\MskSrver.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\McAfee\MSK\MskAgent.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\vVX3000.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programmi\File comuni\Teleca Shared\CapabilityManager.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\File comuni\Teleca Shared\Generic.exe
C:\Programmi\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\fabio\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [MskAgentexe] C:\Programmi\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\sptcpcfy.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E06IXLRD_29958437] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B26307B1-1E5B-4D3A-A152-9B32BD15F446}: NameServer = 85.37.17.48 85.38.28.88
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programmi\Ares\chatServer.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\wgnjagtw.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FILECO~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmi\file comuni\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FILECO~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FILECO~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmi\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Programmi\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Servizio SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Programmi\SiteAdvisor\6172\SAService.exe

--
End of file - 9398 bytes

Vi sapro far sapere se ho ancora problemi... grazie di tutto monsee^^
Anzi, mi correggo all'istante, mi é appena uscita ancora una finestra di pubblicitò, antiviruspro... siamo sicuri che é il Vundo?
Torna in alto
 
monsee
Inviato: Sunday, September 23, 2007 6:09:41 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Sì, è Vundo (lo deduco dalla riga che riporto qui sotto):
<font color=red>O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\sptcpcfy.dll",sitypnow</font id=red>
Come noterai è particolarmente eclettico: ha nuovamente cambiato nome.
E penso che ci sia anche qualcos'altro (un adware, come minimo).
Sia VundoFix che VirtumondoBegone sono riusciti ad individuare e cancellar parecchie voci. Eppure, ciò non è bastato: il fetecchione è ancora bello arzillo e molto vispo. Il che mi fa pensare che l'infezione, sul computer, sia assai profondamente radicata. Se fossi in te, comincerei a prendere in serissima considerazione l'ipotesi della formattazione.
Ti posto il link a un caso abbastanza affine a quello tuo:
http://www.hwupgrade.it/forum/showthread.php?t=1557715&page=2

Edited by - monsee on 09/23/2007 18:13:27
Torna in alto
 
diablotik
Inviato: Monday, September 24, 2007 2:27:19 PM
Rank: Member

Iscritto dal : 9/14/2007
Posts: 6
Ho provato a postare il problema su quel forum... ti farò sapere^^
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: 1 [2]

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Problema virus /!\


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.