Non riesco eliminare hijack dirottatori e dailer's rilevati a seguito della scansione con VirIt V.1.5 e HijackThis v1.99.1
Invio i risultati di scansioni e ringrazio in anticipo per l'aiuto:
===================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\DOCUME~1\Administrator\Impostazioni locali\Temp\Directory temporanea 2 per hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.philips.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {387FBD8F-7E05-412C-88C9-DC62E21B03DB} - C:\WINDOWS\system32\eoel.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmi\SpywareGuard\dlprotect.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TGX2_VFD] "C:\WINDOWS\system32\TGVFDMsgservice.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Programmi\File comuni\TerraTec\Remote\TTTvRc.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ioeua] C:\Documents and Settings\utente.NOME-42BD382957\Dati applicazioni\citofarera\sysstvmr.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CPRun.lnk = C:\Philips\CPRun.exe
O4 - Startup: Power2Go Express.lnk = C:\Programmi\CyberLink\Power2Go\Power2GoExpress.exe
O4 - Global Startup: ABBYY Lingvo 6.0 Launcher.lnk = C:\Programmi\ABBYY Lingvo\LvAgent.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130341739546O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) -
http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) -
http://www.o2c.de/download/o2cplayer.cabO16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} -
http://www.softlab.name/closer/close.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{1B9D8318-5DE9-4B15-9C34-9F99B8137953}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{B37E57B6-F4B4-4D48-BBA9-5D1A979D6776}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5EF4597-C042-4AC1-B03A-FF5C8D1A1555}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDE83207-50F5-46FD-837D-601842FF2E54}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B9D8318-5DE9-4B15-9C34-9F99B8137953}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B9D8318-5DE9-4B15-9C34-9F99B8137953}: NameServer = 85.255.116.56,85.255.112.146
O17 - HKLM\System\CS3\Services\Tcpip\..\{1B9D8318-5DE9-4B15-9C34-9F99B8137953}: NameServer = 85.255.116.56,85.255.112.146
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas
www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
Scan Results:
scan start: 08/07/2006 16.58.27
scan stop: 08/07/2006 17.11.19
scanned items: 127104
found items: 11
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner
Infection Name Location Risk
Trojan.Qhosts HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins High
Trojan.Qhosts HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins## High
Trojan.Qhosts HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins##repiwoh High
Infotel srl HKCR\CLSID\{FFFF0003-0001-101A-A3C9-08002B2F49FB} Medium
Infotel srl HKCR\CLSID\{FFFF0003-0001-101A-A3C9-08002B2F49FB}\InprocServer32 Medium
Infotel srl HKLM\Software\Classes\CLSID\{FFFF0003-0001-101A-A3C9-08002B2F49FB} Medium
Infotel srl HKLM\Software\Classes\CLSID\{FFFF0003-0001-101A-A3C9-08002B2F49FB}\InprocServer32 Medium
Infotel srl HKLM\Software\Microsoft\Code Store Database\Distribution Units\{FFFF0003-0001-101A-A3C9-08002B2F49FB} Medium
Infotel srl HKLM\Software\Microsoft\Code Store Database\Distribution Units\{FFFF0003-0001-101A-A3C9-08002B2F49FB}\Contains Medium
Infotel srl HKLM\Software\Microsoft\Code Store Database\Distribution Units\{FFFF0003-0001-101A-A3C9-08002B2F49FB}\DownloadInformation Medium
Infotel srl HKLM\Software\Microsoft\Code Store Database\Distribution Units\{FFFF0003-0001-101A-A3C9-08002B2F49FB}\InstalledVersion Medium
===================================
VirIt V. 5.1 - 08/07/2006 - 14:03:50
[SCANSIONE DEL REGISTRO]
{FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Dialer.AL
{FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Dialer.AO
{FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Dialer.AP
{FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Small.DP
{FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Dialer.CI
{FFFF0003-0001-101a-a3c9-08002b2f49fb} Infetto da Trojan.Win32.Dialer.CM
{FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Small.LD
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\:AVTuJr.exe:$DATA Infetto da Trojan.Win32.Agent.AAA
C:\!KillBox:AVTuJr.exe:$DATA Infetto da Trojan.Win32.Agent.AAA
C:\!KillBox\Logs:AVTuJr.exe:$DATA Infetto da Trojan.Win32.Agent.AAA
C:\Documents and Settings\utente.NOME-42BD382957\Dati
applicazioni\citofarera\sysstvmr.exe Infetto da Trojan.Win32.Small.MI
C:\Documents and Settings\utente.NOME-42BD382957\Dati
applicazioni\Microsoft\Internet Explorer\Quick Launch\e1xplorer.lnk Infetto da
Trojan.Win32.Agent.SP
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\res.exe Infetto da
Trojan.Win32.Dialer.BG
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\res.exe Infetto da
Trojan.Win32.Dialer.BG
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\res.exe Infetto da
Trojan.Win32.Dialer.BG
C:\WINDOWS\Downloaded Program Files\res.exe Infetto da Trojan.Win32.Dialer.BG
C:\WINDOWS\Downloaded Program Files\UERST_0001_N68M0602NetInstaller.exe Infetto
da Adware.ErrorSafe.D
C:\WINDOWS\svchost.exe Infetto da Trojan.Win32.Delf.V
C:\WINDOWS\system32:hfaa.dll:$DATA Infetto da Trojan.Win32.Agent.AAX
C:\WINDOWS\Temp\owhs1.exe Infetto da Trojan.Win32.Agent.AAZ
C:\WINDOWS\Temp\owhs2.exe Infetto da Trojan.Win32.Agent.ABJ
Chiavi Registro infette: 7.
Files Infetti: 14.
Files Sospetti: 0.
Files Analizzati: 56119.
Files Totali: 56119.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
http://
