Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Apertura non richiesta delle pagine WEB Opzioni
edder33
Inviato: Monday, July 10, 2006 6:21:37 PM
Rank: Member

Iscritto dal : 7/10/2006
Posts: 0
Oltre all'apertura non richiesta delle pagine WEB, dalla scansione con VitIt 5.1 risultano infetti 7 Chiavi Registro infette da Trojan.Win32.Dailer.xx + 14 files infetti. Invio di seguito il LOG HijackThis v1.99.1 con i risultati di scansione.
Ringrazio in anticipo per aiuto.
Logfile of HijackThis v1.99.1
Scan saved at 15.31.43, on 08/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\DOCUME~1\Administrator\Impostazioni locali\Temp\Directory temporanea 2 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.philips.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {387FBD8F-7E05-412C-88C9-DC62E21B03DB} - C:\WINDOWS\system32\eoel.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmi\SpywareGuard\dlprotect.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TGX2_VFD] "C:\WINDOWS\system32\TGVFDMsgservice.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Programmi\File comuni\TerraTec\Remote\TTTvRc.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ioeua] C:\Documents and Settings\utente.NOME-42BD382957\Dati applicazioni\citofarera\sysstvmr.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CPRun.lnk = C:\Philips\CPRun.exe
O4 - Startup: Power2Go Express.lnk = C:\Programmi\CyberLink\Power2Go\Power2GoExpress.exe
O4 - Global Startup: ABBYY Lingvo 6.0 Launcher.lnk = C:\Programmi\ABBYY Lingvo\LvAgent.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130341739546
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.softlab.name/closer/close.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B9D8318-5DE9-4B15-9C34-9F99B8137953}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{B37E57B6-F4B4-4D48-BBA9-5D1A979D6776}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5EF4597-C042-4AC1-B03A-FF5C8D1A1555}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDE83207-50F5-46FD-837D-601842FF2E54}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B9D8318-5DE9-4B15-9C34-9F99B8137953}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B9D8318-5DE9-4B15-9C34-9F99B8137953}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CS3\Services\Tcpip\..\{1B9D8318-5DE9-4B15-9C34-9F99B8137953}: NameServer = 85.255.116.56,85.255.112.146
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
Scan Results:
scan start: 08/07/2006 16.58.27
scan stop: 08/07/2006 17.11.19
scanned items: 127104
found items: 11
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner
Infection Name Location Risk
Trojan.Qhosts HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins High
Trojan.Qhosts HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins## High
Trojan.Qhosts HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins##repiwoh High
Infotel srl HKCR\CLSID\{FFFF0003-0001-101A-A3C9-08002B2F49FB} Medium
Infotel srl HKCR\CLSID\{FFFF0003-0001-101A-A3C9-08002B2F49FB}\InprocServer32 Medium
Infotel srl HKLM\Software\Classes\CLSID\{FFFF0003-0001-101A-A3C9-08002B2F49FB} Medium
Infotel srl HKLM\Software\Classes\CLSID\{FFFF0003-0001-101A-A3C9-08002B2F49FB}\InprocServer32 Medium
Infotel srl HKLM\Software\Microsoft\Code Store Database\Distribution Units\{FFFF0003-0001-101A-A3C9-08002B2F49FB} Medium
Infotel srl HKLM\Software\Microsoft\Code Store Database\Distribution Units\{FFFF0003-0001-101A-A3C9-08002B2F49FB}\Contains Medium
Infotel srl HKLM\Software\Microsoft\Code Store Database\Distribution Units\{FFFF0003-0001-101A-A3C9-08002B2F49FB}\DownloadInformation Medium
Infotel srl HKLM\Software\Microsoft\Code Store Database\Distribution Units\{FFFF0003-0001-101A-A3C9-08002B2F49FB}\InstalledVersion Medium
Sponsor
Inviato: Monday, July 10, 2006 6:21:37 PM

 
steven75
Inviato: Monday, July 10, 2006 6:23:09 PM
Rank: Member

Iscritto dal : 5/8/2006
Posts: 0
Ciao non serve a niente aprire piu post per lo stesso problema , non si fà altro che fare confusione e disperdere notizie ....
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.