Condividi:        

Virus Virtumonde.....

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Virus Virtumonde.....

Postdi Zanzy » 25/12/08 19:32

Sono stato infettato da questo virus ma non riesco a rimuoverlo nè con i tool di rimozione nè con nod32,adaware,spybot,superantispyware e Malwarebytes' Anti-Malwar.
Potreste aiutarmi?


allego log Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.32.26, on 25/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5371617175
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5253C3F-1BEC-4674-B601-CD299EE6FC37}: NameServer = 85.37.17.11 85.38.28.69
O20 - AppInit_DLLs: ryievw.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 5384 bytes
Zanzy
Utente Senior
 
Post: 339
Iscritto il: 04/06/06 10:05

Sponsor
 

Re: Virus Virtumonde.....

Postdi shel » 25/12/08 20:26

ciao

apri hjt, spunta questa voce e premi fix checked

O20 - AppInit_DLLs: ryievw.dll




scarica Vundofix sul desktop

http://www.atribune.org/ccount/click.php?id=4

lancialo metti la spunta su "Run VundoFix as a task"
riceverai un messaggio che vundofix si chiuderà e riaprirà in un minuto o meno, quando il programma si riaprirà clicca OK
clicca su "Scan for Vundo" quando ha finito di fare la scansione clicca su "Remove vundo"
clicca YES alla domanda se vuoi rimuovere i files,quindi inizierà a rimuovere le dll del vundo ,quando ha finito ti dirà che dovrà spegnere il pc clicca OK.

Riaccendi il pc e allega il file C:\vundofix.txt in un post
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Virus Virtumonde.....

Postdi Zanzy » 25/12/08 21:12

Immagine

non c è niente da scegliere :/........ora provo a farla lo stesso e ti faccio sapere.....
Zanzy
Utente Senior
 
Post: 339
Iscritto il: 04/06/06 10:05

Re: Virus Virtumonde.....

Postdi Zanzy » 25/12/08 21:28

non ho trovato niente




VundoFix V7.0.6

Scan started at 21.12.43 25/12/2008

Listing files found while scanning....

No infected files were found.
Zanzy
Utente Senior
 
Post: 339
Iscritto il: 04/06/06 10:05

Re: Virus Virtumonde.....

Postdi shel » 25/12/08 21:38

hai provato a rilanciare malwarebytes e fare una scansione completa?
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Virus Virtumonde.....

Postdi shel » 25/12/08 22:32

scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Per eseguirlo,doppio click su Combofix.exe
Si aprirà una finestra blu....Attendere....
Dopo qualche attimo apparirà l'avviso che declina l'autore da ogni problema legato ad una errata utilizzazione del tool.
A questo punto selezionate 1 quindi ENTER per lanciare lo scan..
Attendere.....(non fare altre manovre duante lo scan, se spariscono le icone dal desktop è del tutto normale)
Un avviso ti segnalerà la fine dell'operazione e dopo qualche attimo apparirà il log con i dettagli dello scan.
IL log verrà memorizzato in C:\Combofix.txt
Allegalo o incollalo a un post






N.B.: Durante la scansione verranno creati alcuni file sul desktop e poi eliminati - spariranno tutte le icone del desktop - il firewall potrebbe avvisare che verranno rimossi alcuni driver (consentire)
ComboFix deve essere eseguito a macchina dedicata - disconnessi dalla rete, disabilitando momentaneamente i realtime dei software di sicurezza
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Virus Virtumonde.....

Postdi Zanzy » 26/12/08 12:29

Allora l'ho attivato e mi ha detto che c era un rootkit così mi ha chiesto di far riavviare il pc e dop averlo fatto si è avviato prima che si aprissero tutte le icone sul desktop.Dopodichèha completato la scansione.(ps la console di ripristino l ho disattivata perchè nel caso si rimuovono virus,malware o rootkit potrebbe essere la causa di una reinfezione).allego risultati di combofix



ComboFix 08-12-25.02 - Gianluca 2008-12-26 12:07:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.512.268 [GMT 1:00]
Eseguito da: c:\documents and settings\Gianluca\Desktop\ComboFix.exe
* Resident AV is active


ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\config.ini
c:\windows\system32\bfadff5_z.dll
c:\windows\system32\drivers\msqpdxowbmnykm.sys
c:\windows\system32\exrnwnrv.ini
c:\windows\system32\msqpdxxsmpiqqo.dll
c:\windows\system32\wdrcnyeh.dll
F:\resycled
f:\resycled\boot.com

----- BITS: Sites possivelmente infetados -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS
-------\Legacy_MSQPDXSERV.SYS
-------\Legacy_ISODRIVE
-------\Service_ISODrive


((((((((((((((((((((((((( Files Creati Da 2008-11-26 al 2008-12-26 )))))))))))))))))))))))))))))))))))
.

2008-12-25 21:12 . 2008-12-25 21:12 <DIR> d-------- C:\VundoFix Backups
2008-12-25 20:57 . 2008-12-25 20:58 <DIR> d-------- c:\programmi\SpywareBlaster
2008-12-25 20:57 . 2008-12-25 21:02 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-25 00:45 . 2008-12-25 00:45 <DIR> d-------- c:\documents and settings\Gianluca\Dati applicazioni\Malwarebytes
2008-12-25 00:44 . 2008-12-25 00:44 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-12-24 14:58 . 2008-12-24 14:58 <DIR> d-------- c:\programmi\Trend Micro
2008-12-24 14:32 . 2008-12-24 14:33 <DIR> d-------- c:\programmi\jv16 PowerTools 2008
2008-12-23 16:41 . 2008-12-23 16:41 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2008-12-23 16:23 . 2008-12-23 16:23 <DIR> d-------- c:\programmi\Adobe Media Player
2008-12-23 16:18 . 2008-12-23 16:18 <DIR> d-------- c:\programmi\File comuni\Adobe AIR
2008-12-23 14:39 . 2008-12-23 14:39 268 --ah----- C:\sqmdata01.sqm
2008-12-23 14:39 . 2008-12-23 14:39 268 --ah----- C:\sqmdata00.sqm
2008-12-23 14:39 . 2008-12-23 14:39 244 --ah----- C:\sqmnoopt01.sqm
2008-12-23 14:39 . 2008-12-23 14:39 244 --ah----- C:\sqmnoopt00.sqm
2008-12-22 14:36 . 2008-12-22 14:36 603,904 --a------ c:\windows\system32\TUProgSt.exe
2008-12-22 14:36 . 2008-12-22 14:36 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
2008-12-22 14:36 . 2008-12-11 13:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
2008-12-20 16:10 . 2008-12-20 16:34 <DIR> d-------- c:\documents and settings\Gianluca\Dati applicazioni\Download Manager
2008-12-20 13:38 . 2008-12-20 13:37 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-20 13:16 . 2008-12-20 13:17 <DIR> d-------- c:\programmi\TomTom HOME 2
2008-12-20 13:15 . 2008-12-20 13:15 <DIR> d-------- c:\programmi\TomTom DesktopSuite
2008-12-18 00:16 . 2008-12-25 20:20 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2008-12-18 00:16 . 2008-12-25 20:20 <DIR> d-------- c:\documents and settings\Gianluca\Dati applicazioni\SUPERAntiSpyware.com
2008-12-18 00:16 . 2008-12-18 00:16 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-12-17 15:37 . 2008-12-17 16:10 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-12-16 15:53 . 2008-12-16 15:53 <DIR> d-------- c:\programmi\Windows Live
2008-12-16 13:47 . 2008-12-16 13:47 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TomTom
2008-12-16 13:46 . 2008-12-16 13:46 <DIR> d-------- c:\documents and settings\Gianluca\Dati applicazioni\TomTom
2008-12-07 13:01 . 2008-01-01 00:00 60,273 --a------ c:\windows\system32\pthreadGC2.dll
2008-12-07 13:01 . 2008-08-01 22:21 6,144 --a------ c:\windows\system32\ff_acm.acm
2008-12-07 12:59 . 2008-12-07 13:00 <DIR> d-------- c:\programmi\Winamp
2008-12-07 12:59 . 2008-12-07 13:09 <DIR> d-------- c:\documents and settings\Gianluca\Dati applicazioni\Winamp
2008-12-06 20:46 . 2008-12-06 20:48 <DIR> d-------- c:\documents and settings\Gianluca\Dati applicazioni\vlc
2008-12-06 20:45 . 2008-12-06 20:45 <DIR> d-------- c:\programmi\VideoLAN
2008-12-06 18:45 . 2008-12-23 00:38 <DIR> d-------- c:\programmi\TuneUp Utilities 2009
2008-12-06 18:45 . 2008-12-06 18:45 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2008-12-06 18:44 . 2008-12-06 18:44 <DIR> d--hs---- c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-06 14:03 . 2008-12-06 14:03 <DIR> d-------- c:\documents and settings\Gianluca\Dati applicazioni\Nokia
2008-12-06 14:03 . 2008-12-06 14:03 <DIR> d-------- c:\documents and settings\Gianluca\Dati applicazioni\Datalayer
2008-12-06 14:01 . 2008-12-06 14:03 <DIR> d-------- c:\documents and settings\Gianluca\Phone Browser
2008-12-06 13:53 . 2008-12-06 13:53 <DIR> d-------- c:\programmi\DIFX
2008-12-06 13:51 . 2008-12-06 13:53 <DIR> d-------- c:\documents and settings\Gianluca\Dati applicazioni\PC Suite
2008-12-06 13:51 . 2008-12-06 13:53 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2008-12-06 13:50 . 2008-12-17 14:26 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Downloaded Installations
2008-12-06 13:50 . 2006-05-29 08:26 50,688 --a------ c:\windows\system32\nmwcdcls.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 19:17 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-12-25 19:17 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-24 18:50 --------- d-----w c:\programmi\ESET
2008-12-24 13:31 --------- d-----w c:\documents and settings\Gianluca\Dati applicazioni\uTorrent
2008-12-24 11:13 --------- d-----w c:\programmi\eMule
2008-12-23 16:29 --------- d-----w c:\programmi\File comuni\Adobe
2008-12-23 16:05 --------- d-----w c:\programmi\CCleaner
2008-12-20 12:37 --------- d-----w c:\programmi\Java
2008-12-16 15:00 --------- d-----w c:\programmi\Messenger Plus! Live
2008-12-16 14:26 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-11-19 17:28 --------- d-----w c:\programmi\Axon Data
2008-11-10 15:56 --------- d-----w c:\documents and settings\Gianluca\Dati applicazioni\Orbit
2008-11-05 17:19 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2008-11-05 12:26 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\SlySoft
2008-11-05 12:11 --------- d-----w c:\programmi\SlySoft
2008-11-05 12:09 --------- d-----w c:\programmi\DVD Shrink
2008-10-30 21:13 --------- d-----w c:\programmi\LifeView DTV
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\programmi\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2008-07-07 949376]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"2kadiras"="2kadiras.exe" [2003-07-18 c:\windows\2kadiras.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
DSLMON.lnk - c:\programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe [2008-07-06 929861]
VIA RAID TOOL.lnk - c:\programmi\VIA\RAID\raid_tool.exe [2008-07-07 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.mjpg"= P1170JPG.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2002-10-12 20:00 294912 c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVRemote]
--a------ 2006-02-06 15:44 53248 c:\programmi\LifeView DTV\RemoteControl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

R0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2008-07-07 77312]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-07-07 15424]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-22 603904]
R3 LVHybrid;LVHybrid service;c:\windows\system32\DRIVERS\LVHybrid.sys [2008-07-21 660736]
R3 PD1170VID;Creative WebCam Notebook;c:\windows\system32\DRIVERS\p1170vid.sys [2008-07-11 105984]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2008-10-03 64640]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9a3e4ba-cb6e-11dd-9723-4d6564696130}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb5a16cc-6aca-11dd-b0bc-4d6564696130}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
\Shell\Open\command - g:\resycled\boot.com g:
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-26 c:\windows\Tasks\ggslosgq.job
- c:\windows\system32\rundll32.exe [2008-04-13 18:14]
.
- - - - ORFÃOS REMOVIDOS - - - -

Notify-WgaLogon - (no file)


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Gianluca\Dati applicazioni\Mozilla\Firefox\Profiles\03avmdcd.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - component: c:\programmi\Mozilla Firefox\components\iamfamous.dll
FF - plugin: c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-26 12:11:28
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\programmi\ESET\nod32krn.exe
c:\windows\system32\IoctlSvc.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-26 12:15:57 - macchina è stato riavviato [Gianluca]
ComboFix-quarantined-files.txt 2008-12-26 11:15:52

Pre-Run: 27,556,372,480 byte disponibili
Post-Run: 27,425,292,288 byte disponibili

196 --- E O F --- 2008-12-18 18:30:11
Zanzy
Utente Senior
 
Post: 339
Iscritto il: 04/06/06 10:05

Re: Virus Virtumonde.....

Postdi shel » 26/12/08 17:28

ha eliminato parecchie schifezze nel pc

controlla anche tutte le pen drive e hard disk esterni con bitdefender

http://www.bitdefender.com/scan8/ie.html


vediamo se luke e' d'accordo
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Virus Virtumonde.....

Postdi Zanzy » 27/12/08 13:45

Ho avuto tanti problemi con bitdifender(tra l altro non compatibile con nod32) sia nell usarlo(si bloccava tutto)sia nel disinstallarlo(le ho provate tutte ci sono riuscito solo disabilitandolo con un altro programma e levando parte dei file in modalità provvisoria)e non potevo neanche connettermi a internet dato che si bloccava tutto se cercavo di difendermi.
In linea di massima il pc va bene e non da + problemi ma vorrei fare un ulteriore controllo.
Zanzy
Utente Senior
 
Post: 339
Iscritto il: 04/06/06 10:05

Re: Virus Virtumonde.....

Postdi Zanzy » 27/12/08 13:49

tra l altro ora windows mi mostra la schermata di scelta utente (che ne è solo 1 e non so levarla)e mi segnala che il firewall di btdefende è disattivato-.-'
Zanzy
Utente Senior
 
Post: 339
Iscritto il: 04/06/06 10:05

: Virus Vundo.....

Postdi lyx » 07/01/09 17:54

1. ho dei grossssissssssimi problemi con questo virus(trojan vundo activity).dopo averlo rimosso con super antispyware, ho fatto la scansione dell intero sistema con vundofix.exe ma non ha rilevato più niente.solo che adesso mi trovo il pc bloccato al 100%. lo comprato solo un mese fa!!non so cosa fare???!explorer è diventato lentissimo.tra due settimane mi finisce anche l'abb di norton protection center e ho paura che il sistema diventi ancora + vulnerabile con un altro antivirus.
mi potete dare degli suggerimenti??perché combino solo guaio se tocco i comp....sono mezza esperta ma cmq ne faccio di guai....ho letto gli altri articoli ma non nn saprei davvero che fare
2.poi ho notato che un aggiornamento di vista mi ha aggiunto un nuovo account, chiamato net machine,il quale aveva preso il controllo del sistema.lo cancellato con tutti i suoi file, ma in molte applicazioni o cartelle vista non mi fa entrare. esce un messagio con scritto... nn si dispone delle autorizzazioni necessarie(SONO AMMINISTRATORE DEL SISTEMA),la creazione dei punti di ripristino è disattivata,utilità di pianificazione anche..così nn riesco nemmeno a ripristinare il pc allo stato originale.
poi volevo capire come hanno fatto gestione delle attività e le opzioni sulla privacy di explorer a disattivarsi??perchè il computer è diventato un macello!!!!
vi sarei gratta se potreste aiutarmi.sono sotto esami e non posso mandare il pc in assistenza.
aspetto con ansia qualche risposta
grazie

P.S. Va bè che mette allegria, ma era un pò esagerato ;)
Scolorito da Luke57
lyx
Utente Junior
 
Post: 12
Iscritto il: 19/06/08 09:58

Re: Virus Virtumonde.....

Postdi Luke57 » 07/01/09 23:02

Ciao, scarica combofix da qui sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Vai in start>esegui>nel box bianco copia e incolla, virgolette comprese:

"%userprofile%\desktop\combofix.exe" /killall

Premi OK, parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione, se dovessero scomparire le icone sul desktop e la barra delle applicazioni, non è nulla di cui preoccuparsi),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , posta il contenuto del file
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Virus Virtumonde.....

Postdi marypollon » 08/01/09 00:38

Salve a tutti!Ho anche io questo problema.Ho effettuato scansioni con superantiSpyware (che mi ha rimosso alcuni adware e virus) e bitdefender ,ma nulla hanno risolto.Ho fixato alcune voci sospette con Hijackthis ma evidentemente non tutte xkè il problema persiste.Il Nod mi rileva (anzi sul pc di mio fratello) in continuazione 2 file .dll rendendo impossibile la navigazione xkè se provo a cancellarlo si riapre.Tramite Hijackthis sono riuscita a rimuovere superantivirus 2009 che ha creato non pochi problemi sul pc.
Ho letto il consiglio sul programma combo sul desktop ma prima di farlo devo fixare altre voci?Ho notato ke ad ogni riavvio compaiono file diversi sostituendosi ad altri soprattutto quando ne cancello alcuni.Grazie in anticipo.
Ecco il primo log:

Logfile of HijackThis v1.99.1
Scan saved at 23.47.46, on 07/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\vitto\impostazioni locali\dati applicazioni\gyiuu.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Vitto\Desktop\Programmi di installazione\vitto\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it/ig/dell?hl=it&clie ... bd=1071016
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.it/hws/sb/dell-row-re ... channel=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.it/ig/dell?hl=it&clie ... bd=1071016
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programmi\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {864627ab-4c51-44c8-9e8d-0e51581b20ec} - C:\WINDOWS\system32\dazetaha.dll (file missing)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmi\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [0c052cd6] rundll32.exe "C:\WINDOWS\system32\jepazeje.dll",b
O4 - HKLM\..\Run: [suwodegude] Rundll32.exe "C:\WINDOWS\system32\vewalimu.dll",s
O4 - HKLM\..\Run: [CPM0f361f4a] Rundll32.exe "c:\windows\system32\parahuri.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [gyiuu] "c:\documents and settings\vitto\impostazioni locali\dati applicazioni\gyiuu.exe" gyiuu
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.redfunny.com
O15 - Trusted Zone: http://www.skymasters.biz
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ohfenomeno.spaces.live.com/Photo ... nPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C582D42-F273-4E04-A3A5-850FDCED866A}: NameServer = 62.101.81.81,192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL c:\windows\system32\dowileyi.dll c:\windows\system32\bewihafe.dll C:\WINDOWS\system32\kovuduhi.dll c:\windows\system32\parahuri.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\parahuri.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Programmi\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe


la prima voce 020 ,che ho fixato, indica i 2 file (dowileyi e kovuduhi) che il nod mi apre in continuazione.I file bewihafe e parahuri sn stati cancellati dal registro da superantispyware

Log successivo:

Logfile of HijackThis v1.99.1
Scan saved at 0.02.34, on 08/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Documents and Settings\Vitto\Desktop\Programmi di installazione\vitto\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it/ig/dell?hl=it&clie ... bd=1071016
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.it/hws/sb/dell-row-re ... channel=it
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.it/ig/dell?hl=it&clie ... bd=1071016
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programmi\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {864627ab-4c51-44c8-9e8d-0e51581b20ec} - C:\WINDOWS\system32\dazetaha.dll (file missing)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmi\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [suwodegude] Rundll32.exe "C:\WINDOWS\system32\vewalimu.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ohfenomeno.spaces.live.com/Photo ... nPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C582D42-F273-4E04-A3A5-850FDCED866A}: NameServer = 62.101.81.81,192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\kovuduhi.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Programmi\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe

Grazie! ;)
Avatar utente
marypollon
Utente Junior
 
Post: 22
Iscritto il: 17/09/06 18:17
Località: Napoli

Re: Virus Virtumonde.....

Postdi marypollon » 08/01/09 01:13

Rileggendo bene il secondo log sicuro dovrò fixare:
O4 - HKLM\..\Run: [suwodegude] Rundll32.exe "C:\WINDOWS\system32\vewalimu.dll",s
O20 - AppInit_DLLs: C:\WINDOWS\system32\kovuduhi.dll

però se nn sbaglio ci ho già provato e al riavvio sn ritornati :-?
Avatar utente
marypollon
Utente Junior
 
Post: 22
Iscritto il: 17/09/06 18:17
Località: Napoli

Re: Virus Virtumonde.....

Postdi marypollon » 08/01/09 01:41

Ah un'altra cosa.Per migliorare le prestazioni del pc mi conviene fixare:
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" (se non necessario x mio fratello)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

devo fixare o è preferibile ,trattandosi di file non sospetti,da msconfig deselezionare i programmi che non voglio caricare all'avvio?

Grazie ancora...purtroppo non è il mio pc che conosco come le mie tasche per cui ci vado èiù cauta :undecided:
Avatar utente
marypollon
Utente Junior
 
Post: 22
Iscritto il: 17/09/06 18:17
Località: Napoli

Re: Virus Virtumonde.....

Postdi Luke57 » 08/01/09 08:02

marypollon ha scritto:Ah un'altra cosa.Per migliorare le prestazioni del pc mi conviene fixare:
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" (se non necessario x mio fratello)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

devo fixare o è preferibile ,trattandosi di file non sospetti,da msconfig deselezionare i programmi che non voglio caricare all'avvio?

Grazie ancora...purtroppo non è il mio pc che conosco come le mie tasche per cui ci vado èiù cauta :undecided:

Ciao, utilizza combofix per come ho spiegato all'utente sopra. Con il solo ausilio di hijackthis il vundo non se ne va nemmeno a morire.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Virus Virtumonde.....

Postdi marypollon » 08/01/09 12:49

Infatti non va.Ora provo con questo programma e vi faccio sapere.Grazie!
Avatar utente
marypollon
Utente Junior
 
Post: 22
Iscritto il: 17/09/06 18:17
Località: Napoli

Re: Virus Virtumonde.....

Postdi marypollon » 08/01/09 13:03

Ecco il report di combo..credo abbia risolto nn mi compare più l'avviso del nod


ComboFix 09-01-07.02 - Vitto 2009-01-08 12.53.53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1013.699 [GMT 1:00]
Eseguito da: c:\documents and settings\Vitto\desktop\combofix.exe
Interruttori di comando utilizzati :: /killall
* Creato nuovo punto di ripristino
* Resident AV is active


ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Desktop\webmediaplayer.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Condizioni generali.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Disinstalla.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Riservatezza.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\WebMediaPlayer.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.url
c:\documents and settings\Vitto\Dati applicazioni\inst.exe
c:\documents and settings\Vitto\Impostazioni locali\Dati applicazioni\gyiuu.dat
c:\documents and settings\Vitto\Impostazioni locali\Dati applicazioni\gyiuu.exe
c:\documents and settings\Vitto\Impostazioni locali\Dati applicazioni\gyiuu_nav.dat
c:\documents and settings\Vitto\Impostazioni locali\Dati applicazioni\gyiuu_navps.dat
c:\programmi\webmediaplayer
c:\programmi\webmediaplayer\resources\wmp_translation_file.xml
c:\programmi\webmediaplayer\skins\classic.skn
c:\programmi\webmediaplayer\sqlite3.dll
c:\programmi\webmediaplayer\WebMediaPlayer.exe
c:\windows\system32\anuwihub.ini
c:\windows\system32\cmmgr32.exe
c:\windows\system32\ejezapej.ini
c:\windows\system32\fepabavi.dll
c:\windows\system32\ieupdates.exe
c:\windows\system32\jepazeje.dll
c:\windows\system32\kovuduhi.dll
c:\windows\system32\nirotona.dll
c:\windows\system32\sysmon.exe
c:\windows\system32\tifileze.dll
c:\windows\system32\x64

----- BITS: Sites possivelmente infetados -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((( Files Creati Da 2008-12-08 al 2009-01-08 )))))))))))))))))))))))))))))))))))
.

2009-01-08 12:47 . 2009-01-08 12:47 24,928 --a------ c:\documents and settings\Vitto\ejgqbkoq.exe
2009-01-07 22:59 . 2009-01-07 22:59 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2009-01-07 22:59 . 2009-01-07 22:59 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2009-01-07 22:59 . 2009-01-07 22:59 <DIR> d-------- c:\documents and settings\Vitto\Dati applicazioni\SUPERAntiSpyware.com
2009-01-07 22:46 . 2009-01-07 22:46 <DIR> d-------- c:\programmi\Trend Micro
2009-01-06 17:29 . 2009-01-06 17:29 0 --a------ c:\windows\nsreg.dat
2008-12-21 13:20 . 2008-12-21 13:20 <DIR> d-------- c:\programmi\Microsoft Silverlight
2008-12-21 13:20 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2008-12-21 13:18 . 2008-12-21 13:18 <DIR> d-------- c:\programmi\Microsoft Sync Framework
2008-12-18 07:42 . 2008-12-18 07:42 236 --a------ C:\sqmdata14.sqm
2008-12-18 07:42 . 2008-12-18 07:42 200 --a------ C:\sqmnoopt14.sqm
2008-12-15 10:58 . 2008-12-15 10:58 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-15 10:58 . 2008-12-15 10:58 236 --a------ C:\sqmdata13.sqm
2008-12-15 10:58 . 2008-12-15 10:58 200 --a------ C:\sqmnoopt13.sqm
2008-12-14 23:08 . 2008-12-14 23:08 <DIR> d-------- c:\programmi\Windows Live SkyDrive
2008-12-13 22:54 . 2008-12-13 22:54 236 --a------ C:\sqmdata12.sqm
2008-12-13 22:54 . 2008-12-13 22:54 200 --a------ C:\sqmnoopt12.sqm
2008-12-13 07:44 . 2008-12-13 07:44 236 --a------ C:\sqmdata11.sqm
2008-12-13 07:44 . 2008-12-13 07:44 200 --a------ C:\sqmnoopt11.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 22:47 --------- d-----w c:\programmi\AdunanzA
2008-12-21 12:19 --------- d-----w c:\programmi\Windows Live
2008-12-15 09:58 --------- d-----w c:\programmi\Java
2008-12-04 23:38 308,072 ----a-w c:\windows\WLXPGSS.SCR
2008-11-23 15:41 --------- d-----w c:\programmi\Eset
2008-09-11 18:21 47,360 ----a-w c:\documents and settings\Vitto\Dati applicazioni\pcouffin.sys
1601-01-01 00:12 41,984 --sha-w c:\windows\system32\ribodapi.dll
2008-09-08 13:19 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008090820080909\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 137752]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-07-25 1015808]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PDVDDXSrv"="c:\programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2007-10-19 921600]
"type32"="c:\programmi\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"IntelliPoint"="c:\programmi\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"PMX Daemon"="ICO.EXE" [2007-03-08 c:\windows\system32\ico.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2006-02-16 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon]
2006-06-20 14:29 258048 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\kovuduhi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\File comuni\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\jqs.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [2006-02-16 5632]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2006-06-09 23552]
R4 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\programmi\Broadcom\ASFIPMon\AsfIpMon.exe -service --> c:\programmi\Broadcom\ASFIPMon\AsfIpMon.exe -service [?]
R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2008-12-21 55136]
R4 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R4 SeaPort;SeaPort;c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2007-10-19 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2007-10-19 14336]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{864627ab-4c51-44c8-9e8d-0e51581b20ec} - c:\windows\system32\dazetaha.dll


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.enterpage.info/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
LSP: c:\windows\system32\imon.dll
TCP: {3C582D42-F273-4E04-A3A5-850FDCED866A} = 62.101.81.81,192.168.0.1
FF - ProfilePath - c:\documents and settings\Vitto\Dati applicazioni\Mozilla\Firefox\Profiles\gw9a5izc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\programmi\Picasa2\npPicasa2.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 12:57:23
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Broadcom\ASFIPMon\AsfIpMon.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Eset\nod32krn.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-08 13:01:37 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2009-01-08 12:01:35

Pre-Run: 232.335.777.792 byte disponibili
Post-Run: 233,176,739,840 byte disponibili

193 --- E O F --- 2008-12-17 23:00:44
Avatar utente
marypollon
Utente Junior
 
Post: 22
Iscritto il: 17/09/06 18:17
Località: Napoli

Re: Virus Virtumonde.....

Postdi marypollon » 08/01/09 13:05

il log di hijackthis mi sembra pulito:

Logfile of HijackThis v1.99.1
Scan saved at 13:04, on 2009-01-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Vitto\Desktop\Programmi di installazione\vitto\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enterpage.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.it/ig/dell?hl=it&client=dell ... bd=1071016
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programmi\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmi\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ohfenomeno.spaces.live.com/Photo ... nPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C582D42-F273-4E04-A3A5-850FDCED866A}: NameServer = 62.101.81.81,192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Programmi\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe
Avatar utente
marypollon
Utente Junior
 
Post: 22
Iscritto il: 17/09/06 18:17
Località: Napoli

Re: Virus Virtumonde.....

Postdi lyx » 08/01/09 13:08

mi è ventuto un colpo!!!!...aprendo il link che mi hai consigliato, windows defender mi segnala un'altro trojan chiamato win32/agent/bypass.gen!k sul programma stesso salvato nel desktop!!!!
dopo vari tentativi di scaricare combofix.exe ho fatto ignora e l'ho scaricato sul pc.l'ho scannerizato con norton e con superspyware ma non mi ha segnalato nulla...adesso sono da un altro pc e non mi ha dato problemi nel scaricarlo...
cmq di virus bloccati da norton ne ho trovati tanti, non solo vundo.
che faccio provo lo stesso con combofix????...anche se windows defender lo segnala come un trojan???ripeto che ho utilizzato i link sopra
lyx
Utente Junior
 
Post: 12
Iscritto il: 19/06/08 09:58

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "Virus Virtumonde.....":

Virus o cosa?
Autore: danibi60
Forum: Sicurezza e Privacy
Risposte: 26

Chi c’è in linea

Visitano il forum: Nessuno e 118 ospiti