Facendo un scansione ho trovato sul pc questi 3 virus:
C:\Documents and settings\****\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\javast.jar-54b649-1d414016.zip »ZIP »GetAccess.class - Java/TrojanDownloader.OpenConnection.AJ cavallo di troia
C:\Documents and Settings\****\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\javast.jar-54b649-1d414016.zip »ZIP »Installer.class - Java/TrojanDownloader.OpenConnection cavallo di troia
C:\Documents and Settings\****\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\javast.jar-54b649-1d414016.zip »ZIP »NewSecurityClassLoader.class - Java/Exploit.Bytverify cavallo di troia
di questi il nod32 indica che 1 è attivo.
Ho affettuato la scansione anke xkè in un altro forum controllando un pannello ke indica gli accessi eseguiti con ora e Ip ho notato 3 accessi eseguiti con successo al mio account da 3 Ip sconosciuti e dopo pochi minuti un accesso effettuato poi dal mio Ip.Premetto ke ho un Ip statico x cui è stato semplice accorgermene.
Ho installato e effettuat scansioni con Spybot e adware e quest'ultimo sembrava ke con il nod avesse messo in quarantena i 3 virus (tutto ciò ieri).Oggi ho rifatto la scansione col nod e i 3 virus ci sono ancora si apre la finestra x poter scegliere le possibili azioni ma è cliccabile solo il tasto "nessuna azione"
Ho effettuato la scansione anke con Hijackthis e questo è il risultato:
Logfile of HijackThis v1.99.1
Scan saved at 0.57.51, on 19/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmi\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmi\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Eset\nod32.exe
C:\Documents and Settings\Marianna\Desktop\Programmi di Installazione\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmi\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMLREF] C:\Programmi\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\RunServices: [WinVNC] "C:\PROGRAMMI\ORL\VNC\WINVNC.EXE" -service
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
Non so più ke fare se potete darmi una mano voi + esperti di me ve ne sarei grata
Grazie mille a tutti!
