Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

hijack-dirottatori, dailer Opzioni
edder33
Inviato: Monday, July 10, 2006 5:44:20 PM
Rank: Member

Iscritto dal : 7/10/2006
Posts: 0
Non riesco eliminare hijack dirottatori e dailer's rilevati a seguito della scansione con VirIt V.1.5 e HijackThis v1.99.1
Invio i risultati di scansioni e ringrazio in anticipo per l'aiuto:
===================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\DOCUME~1\Administrator\Impostazioni locali\Temp\Directory temporanea 2 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.philips.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {387FBD8F-7E05-412C-88C9-DC62E21B03DB} - C:\WINDOWS\system32\eoel.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmi\SpywareGuard\dlprotect.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TGX2_VFD] "C:\WINDOWS\system32\TGVFDMsgservice.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Programmi\File comuni\TerraTec\Remote\TTTvRc.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ioeua] C:\Documents and Settings\utente.NOME-42BD382957\Dati applicazioni\citofarera\sysstvmr.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CPRun.lnk = C:\Philips\CPRun.exe
O4 - Startup: Power2Go Express.lnk = C:\Programmi\CyberLink\Power2Go\Power2GoExpress.exe
O4 - Global Startup: ABBYY Lingvo 6.0 Launcher.lnk = C:\Programmi\ABBYY Lingvo\LvAgent.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130341739546
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.softlab.name/closer/close.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B9D8318-5DE9-4B15-9C34-9F99B8137953}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{B37E57B6-F4B4-4D48-BBA9-5D1A979D6776}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5EF4597-C042-4AC1-B03A-FF5C8D1A1555}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDE83207-50F5-46FD-837D-601842FF2E54}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B9D8318-5DE9-4B15-9C34-9F99B8137953}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B9D8318-5DE9-4B15-9C34-9F99B8137953}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CS3\Services\Tcpip\..\{1B9D8318-5DE9-4B15-9C34-9F99B8137953}: NameServer = 85.255.116.56,85.255.112.146
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe



Scan Results:
scan start: 08/07/2006 16.58.27
scan stop: 08/07/2006 17.11.19
scanned items: 127104
found items: 11
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner



Infection Name Location Risk
Trojan.Qhosts HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins High
Trojan.Qhosts HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins## High
Trojan.Qhosts HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins##repiwoh High
Infotel srl HKCR\CLSID\{FFFF0003-0001-101A-A3C9-08002B2F49FB} Medium
Infotel srl HKCR\CLSID\{FFFF0003-0001-101A-A3C9-08002B2F49FB}\InprocServer32 Medium
Infotel srl HKLM\Software\Classes\CLSID\{FFFF0003-0001-101A-A3C9-08002B2F49FB} Medium
Infotel srl HKLM\Software\Classes\CLSID\{FFFF0003-0001-101A-A3C9-08002B2F49FB}\InprocServer32 Medium
Infotel srl HKLM\Software\Microsoft\Code Store Database\Distribution Units\{FFFF0003-0001-101A-A3C9-08002B2F49FB} Medium
Infotel srl HKLM\Software\Microsoft\Code Store Database\Distribution Units\{FFFF0003-0001-101A-A3C9-08002B2F49FB}\Contains Medium
Infotel srl HKLM\Software\Microsoft\Code Store Database\Distribution Units\{FFFF0003-0001-101A-A3C9-08002B2F49FB}\DownloadInformation Medium
Infotel srl HKLM\Software\Microsoft\Code Store Database\Distribution Units\{FFFF0003-0001-101A-A3C9-08002B2F49FB}\InstalledVersion Medium
===================================
VirIt V. 5.1 - 08/07/2006 - 14:03:50
[SCANSIONE DEL REGISTRO]
{FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Dialer.AL
{FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Dialer.AO
{FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Dialer.AP
{FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Small.DP
{FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Dialer.CI
{FFFF0003-0001-101a-a3c9-08002b2f49fb} Infetto da Trojan.Win32.Dialer.CM
{FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Small.LD

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\:AVTuJr.exe:$DATA Infetto da Trojan.Win32.Agent.AAA
C:\!KillBox:AVTuJr.exe:$DATA Infetto da Trojan.Win32.Agent.AAA
C:\!KillBox\Logs:AVTuJr.exe:$DATA Infetto da Trojan.Win32.Agent.AAA
C:\Documents and Settings\utente.NOME-42BD382957\Dati

applicazioni\citofarera\sysstvmr.exe Infetto da Trojan.Win32.Small.MI
C:\Documents and Settings\utente.NOME-42BD382957\Dati

applicazioni\Microsoft\Internet Explorer\Quick Launch\e1xplorer.lnk Infetto da

Trojan.Win32.Agent.SP
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\res.exe Infetto da

Trojan.Win32.Dialer.BG
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\res.exe Infetto da

Trojan.Win32.Dialer.BG
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\res.exe Infetto da

Trojan.Win32.Dialer.BG
C:\WINDOWS\Downloaded Program Files\res.exe Infetto da Trojan.Win32.Dialer.BG
C:\WINDOWS\Downloaded Program Files\UERST_0001_N68M0602NetInstaller.exe Infetto

da Adware.ErrorSafe.D
C:\WINDOWS\svchost.exe Infetto da Trojan.Win32.Delf.V
C:\WINDOWS\system32:hfaa.dll:$DATA Infetto da Trojan.Win32.Agent.AAX
C:\WINDOWS\Temp\owhs1.exe Infetto da Trojan.Win32.Agent.AAZ
C:\WINDOWS\Temp\owhs2.exe Infetto da Trojan.Win32.Agent.ABJ

Chiavi Registro infette: 7.
Files Infetti: 14.
Files Sospetti: 0.
Files Analizzati: 56119.
Files Totali: 56119.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.http://
Sponsor
Inviato: Monday, July 10, 2006 5:44:20 PM

 
steven75
Inviato: Monday, July 10, 2006 6:21:11 PM
Rank: Member

Iscritto dal : 5/8/2006
Posts: 0
Ciao
Allora fai cosi:
1)installa un antivirus (Avast o AVG) -> li trovi nei software di aiutamici

2)installa un firewall (ZoneAlarm) ->anche questo su aiutamici

3)Installa il servicepack2

Poi:
- Scarica questi programmi (quelli che non hai)
Ti serviranno sia adesso per ripulire il log ma anche in seguito per la pulizia del tuo sistema.
<b>Antispyware e Protezioni</b>
Ad-aware - SpybotS&D - Spyware Blaster - CWShredder -> http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

<b>Antimlware</b>
Ewido
http://www.ewido.net/en/download/
PS: é shareware ma dopo i 14 gg di prova,smetterà di funzionare solo
la protezione in tempo reale, il programma potrai continuare ad aggiornarlo per fare lo scan del tuo pc.

<b>Pulizia files inutili</b>
Ccleaner -> <b>(Quando lo installi ricordati che se lasci le spunte di defuat ,verrà installata anche la toolbar yahoo)</b>
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1223

<b>Pulizia chiavi di registro obsolete</b>
RegSeeker
http://www.aiutamici.com/software/descrizione.asp?CodSw=931



- <b>Disattiva il ripristino di configurazione di sistema</b>,
guida-->> http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

- <b>Riavvia in modalità provvisoria</b>
guida-->> http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=NA

- Dai una ripulita ai files inutili,temp etc con Ccleaner
PS:prima di usarlo vai in opzioni-->avanzate e togli la spunta da:
(elimina file di windows solo se piu vecchi di 48 ore)

- Elimina le chiavi di registro ormai inutili con RegSeeker

- Fai una scansione con il tuo antivirus e con i programmi elencati sopra [SpybotS&D / Ad-aware / Ewido / CWShredder ]
- Applica le protezioni di spyware blaster

- Ritorna in modalità normale

- Al limite fai anche uno scan online:
BitDefender
oppure
Panda
http://steven.altervista.org/files/scan.html

Dopo tutte queste operazioni posta un log aggiornato di hijackthis e vediamo cosa è rimasto...
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.