Ciao a tutti mi chiamo Andrea.
Chiedo gentilmente il vostro aiuto perche sono infetto dai vundo.
ho fatto una scansione con Hijackthis, ma non so che fare ora, questo è il seguente log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.58.43, on 17/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
D:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
D:\WINDOWS\system32\svchost.exe
D:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Programmi\Intel\Intel(R) Active Monitor\imontray.exe
D:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Programmi\Analog Devices\SoundMAX\smax4.exe
D:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE
D:\Programmi\File comuni\Real\Update_OB\realsched.exe
D:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
D:\Programmi\Bonjour\mDNSResponder.exe
D:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
D:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXE
D:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
D:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
d:\programmi\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
D:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
D:\Programmi\CyberLink\Shared Files\RichVideo.exe
D:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\Intel\Intel(R) Active Monitor\imonnt.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\WebProxy.exe
K:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [IMONTRAY] D:\Programmi\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Programmi\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [APVXDWIN] "D:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [78bd78b2] rundll32.exe "D:\WINDOWS\system32\gixsrrri.dll",b
O4 - HKLM\..\Run: [BM9b6bebaa] Rundll32.exe "D:\WINDOWS\system32\qeghdikh.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingC9240] cmd /c del "D:\WINDOWS\system32\qeghdikh.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1207068076140
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://alessioperisano.spaces.live.c...d/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A15B0485-4B26-419F-9927-8C2C630A498A}: NameServer = 127.0.0.1
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - D:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - D:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - D:\Programmi\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: NMIndexingService - Unknown owner - D:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Panda Software Controller - Panda Software International - D:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXE
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - D:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - D:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - D:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - d:\programmi\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - D:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - D:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
--
End of file - 7693 bytes
Rispondi quotando
