salve a tutti ho un problema con un virus e siccome non sono un esperta di informatica mi rivolgo a voi con la speranza di risolvere il problema.....l antivirus nod32 mi ha rilevato la presenza di un virus chiamato win32/adware virtmunde.ncd system32\rjastqil.dll ho fatto la scansione con spybot destroy ma non ho risolto...poi ho guardato qualche soluzione qui e là ma sinceramente non capisco molto...ho fatto logfile con hijackthis .questo è il risultato ma sinceramente non ci capisco niente...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.03.03, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\Norton Internet Security\ISSVC.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC EE.EXE
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
D:\documents and settings\rosalba\impostazioni locali\dati applicazioni\xbnxbtd.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
D:\Documents and Settings\ROSALBA\Dati applicazioni\U3\0000162152741BFF\LaunchPad.exe
I:\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\it.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bi...e=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\it.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {000E6615-D0A3-4400-B56B-49B7EC0EE982} - C:\WINDOWS\system32\mjerlxwh.dll (file missing)
O2 - BHO: (no name) - {001204BF-964A-4683-93C7-D363C6C961F8} - C:\WINDOWS\system32\mjerlxwh.dll (file missing)
O2 - BHO: (no name) - {001CCC2A-D0A3-4400-B56B-49B7EC0EE982} - C:\WINDOWS\system32\mjerlxwh.dll (file missing)
O2 - BHO: (no name) - {002D395C-C72B-45C4-8D91-21F0168C974f} - C:\WINDOWS\system32\mjerlxwh.dll (file missing)
O2 - BHO: (no name) - {00399854-D0A3-4400-B56B-49B7EC0EE982} - C:\WINDOWS\system32\mjerlxwh.dll (file missing)
O2 - BHO: (no name) - {004812FE-964A-4683-93C7-D363C6C961F8} - C:\WINDOWS\system32\mjerlxwh.dll (file missing)
O2 - BHO: (no name) - {007330A9-D0A3-4400-B56B-49B7EC0EE982} - C:\WINDOWS\system32\mjerlxwh.dll (file missing)
O2 - BHO: (no name) - {009025FD-964A-4683-93C7-D363C6C961F8} - C:\WINDOWS\system32\mjerlxwh.dll (file missing)
O2 - BHO: (no name) - {00E66153-D0A3-4400-B56B-49B7EC0EE982} - C:\WINDOWS\system32\mjerlxwh.dll (file missing)
O2 - BHO: (no name) - {01204BFB-964A-4683-93C7-D363C6C961F8} - C:\WINDOWS\system32\mjerlxwh.dll (file missing)
O2 - BHO: (no name) - {01CCC2A6-D0A3-4400-B56B-49B7EC0EE982} - C:\WINDOWS\system32\mjerlxwh.dll (file missing)
O2 - BHO: (no name) - {024097F6-964A-4683-93C7-D363C6C961F8} - C:\WINDOWS\system32\mjerlxwh.dll (file missing)
O2 - BHO: (no name) - {0399854C-D0A3-4400-B56B-49B7EC0EE982} - C:\WINDOWS\system32\mjerlxwh.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807. 1746\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F7441B16-13ED-4B4C-98C1-495B097DA96A} - C:\WINDOWS\system32\wvUmmNGY.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB VE.EXE /FU "C:\WINDOWS\TEMP\E_S8F.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Programmi\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Date Army Wma Spam] D:\Documents and Settings\All Users\Dati applicazioni\Peak ooze date army\OWNS DATA.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [58cd9153] rundll32.exe "C:\WINDOWS\system32\qmbptstv.dll",b
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BM5bfea2cf] Rundll32.exe "C:\WINDOWS\system32\rjastqjl.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC EE.EXE /FU "C:\WINDOWS\TEMP\E_SAD.tmp" /EF "HKCU"
spero che abbiate qualche consiglio da darmi in merito e ringrazio tutti anticipatamente....saluti da rosy