Salve pidue, intanto grazie mille per l’aiuto che mi stai dando. Ho letto i consigli che hai dato a cardanca e ho seguito tutto alla lettera. Ora ti posto i log di VirlT e di Hijack this.....secondo te ho risolto? VirlT si apre da solo, è normale?
VirIT eXplorer Lite Log
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
29/11/2006 - 11:26:15
[SCANSIONE DEL REGISTRO]
{DB893839-10F0-4AF9-92FA-B23528F530AF} Infetto da Trojan.Win32.Dialer.AB
* * * RIMOSSO * * *
{14D1A72D-8705-11D8-B120-0040F46CB696} Infetto da BHO.Agent.AZ
* * * RIMOSSO * * *
{f250d521-225d-4d6b-8829-e064f944e180} Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
{73364D99-1240-4dff-B12A-67E448373148} Infetto da Trojan.Win32.Agent.AHY
* * * RIMOSSO * * *
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.10243-23[1].exe Infetto da Trojan.Win32.Dialer.HH
* * * RIMOSSO * * *
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.10248-23[1].exe Infetto da Trojan.Win32.Dialer.AB
* * * RIMOSSO * * *
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.10253-23[1].exe Infetto da Trojan.Win32.Dialer.HH
* * * RIMOSSO * * *
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.10305-23[1].exe Infetto da Trojan.Win32.Dialer.GD
* * * RIMOSSO * * *
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.10367-23[1].exe Infetto da Trojan.Win32.Dialer.HH
* * * RIMOSSO * * *
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.10440-23[1].exe Infetto da Trojan.Win32.Dialer.HH
* * * RIMOSSO * * *
C:\Documents and Settings\icv\Impostazioni locali\Temporary Internet Files\Content.IE5\ITM18JID\idwikhrbd[1].txt Infetto da Trojan.Win32.Small.NE
* * * RIMOSSO * * *
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\OPEFG56V\idwikhrbd[1].txt Infetto da Trojan.Win32.Small.NU
* * * RIMOSSO * * *
C:\Documents and Settings\Proprietario\111414919.dll Infetto da BHO.Agent.AZ
* * * RIMOSSO * * *
C:\Documents and Settings\Proprietario\1122144256.dll Infetto da BHO.Agent.AZ
* * * RIMOSSO * * *
C:\Documents and Settings\Proprietario\1122144257.dll Infetto da BHO.Agent.AZ
* * * RIMOSSO * * *
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\2D74.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\2EAC.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\4D.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\71.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\Chii.exe Infetto da Trojan.Win32.Agent.AJB
* * * RIMOSSO * * *
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\m Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\Proprietario\Impostazioni locali\Temporary Internet Files\Content.IE5\H01YXAFI\dt013[1].exe Infetto da Trojan.Win32.Small.NU
* * * RIMOSSO * * *
C:\Documents and Settings\Proprietario\Impostazioni locali\Temporary Internet Files\Content.IE5\L1YMP2P4\idwikhrbd[1].txt Infetto da Trojan.Win32.Small.NU
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\10243-23.exe Infetto da Trojan.Win32.Dialer.HH
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\10248-23.exe Infetto da Trojan.Win32.Dialer.AB
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\10253-23.exe Infetto da Trojan.Win32.Dialer.HH
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\10305-23.exe Infetto da Trojan.Win32.Dialer.GD
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\10367-23.exe Infetto da Trojan.Win32.Dialer.HH
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\10440-23.exe Infetto da Trojan.Win32.Dialer.HH
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\1059845.exe Infetto da Trojan.Win32.Dialer.Gen
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\celebrita1.exe Infetto da Trojan.Win32.Dialer.Gen
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\gsa_01216.exe Infetto da Trojan.Win32.Dialer.FZ
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\ProWeb016.ocx Infetto da Dialer.98304
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll Infetto da Trojan.Win32.WebP2P.A
* * * RIMOSSO * * *
C:\WINDOWS\iexplorre32.dll Infetto da Trojan.Win32.Small.NE
* * * RIMOSSO * * *
C:\WINDOWS\msncomm.exe Infetto da Backdoor.Webdor.G
* * * RIMOSSO * * *
C:\WINDOWS\scrss32.dll Infetto da Trojan.Win32.Small.NE
* * * RIMOSSO * * *
C:\WINDOWS\service32.exeqcaepw Infetto da Trojan.Win32.Small.NE
* * * RIMOSSO * * *
C:\WINDOWS\service32.exewgfndi Infetto da Trojan.Win32.Small.NE
* * * RIMOSSO * * *
C:\WINDOWS\sndman.exe Infetto da Backdoor.Webdor.I
* * * RIMOSSO * * *
C:\WINDOWS\sys32exploer.dll Infetto da Trojan.Win32.Small.NE
* * * RIMOSSO * * *
C:\WINDOWS\system32:lzx32.sys:$DATA Possibile infezione da virus di nuova generazione
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\0XI745IJ\10367-23[1].exe Infetto da Trojan.Win32.Dialer.HH
* * * RIMOSSO * * *
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\45UR0PY7\10440-23[1].exe Infetto da Trojan.Win32.Dialer.HH
* * * RIMOSSO * * *
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\4P2NCHUZ\10248-23[1].exe Infetto da Trojan.Win32.Dialer.AB
* * * RIMOSSO * * *
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\81QFGT2N\10243-23[1].exe Infetto da Trojan.Win32.Dialer.HH
* * * RIMOSSO * * *
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\GX67WTQR\10305-23[1].exe Infetto da Trojan.Win32.Dialer.GD
* * * RIMOSSO * * *
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\KDQNGT67\10253-23[1].exe Infetto da Trojan.Win32.Dialer.HH
* * * RIMOSSO * * *
C:\WINDOWS\system32\ipv6mons.dll Infetto da Trojan.Win32.Agent.AHY
* * * RIMOSSO * * *
C:\WINDOWS\system32\ruaa.dll Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\WINDOWS\system32\winclean.exe Infetto da Trojan.Win32.Agent.AJB
* * * RIMOSSO * * *
C:\WINDOWS\Temp\4E.tmp Infetto da Trojan.Win32.Agent.AID
* * * RIMOSSO * * *
C:\WINDOWS\Temp\4F.tmp Infetto da Trojan.Win32.Agent.AID
* * * RIMOSSO * * *
C:\WINDOWS\Temp\72.tmp Infetto da Trojan.Win32.Agent.AID
* * * RIMOSSO * * *
C:\WINDOWS\Temp\eiyc1.exe Infetto da Trojan.Win32.Agent.ADM
* * * RIMOSSO * * *
Chiavi Registro infette: 4.
Files Infetti: 50.
Files Sospetti: 1.
Files Analizzati: 110451.
Files Totali: 110451.
Chiavi Registro rimosse: 4.
Virus Rimossi: 50.
Il log di Hijack invece è qiesto:
Logfile of HijackThis v1.99.1
Scan saved at 13.32.38, on 29/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\Directory temporanea 3 per hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-it10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-it10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-it10.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-it10.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-it10.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-it10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.symantec.com/techsupp/servlet/ProductMessages?module=4002&error=517&language=Italian&product=NAV&version=10.0&build=STANDARDR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Eac_Installer] C:\PROGRA~1\FILECO~1\EACCEL~1\INSTAL~1\eaccelsetup.exe -AskToResumeDL
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164635504972O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SrvDih - Unknown owner - \\?\C:\Programmi\File comuni\Services\lpt5.exe (file missing)
O23 - Service: SrvMef - Unknown owner - \\?\C:\Programmi\File comuni\Services\lpt4.exe (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas
www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: WebNpu - Unknown owner - \\?\C:\Programmi\Windows NT\lpt5.exe (file missing)
