infetto da dialer

[ChiHuaHua86]

è un pc aziendale che per fortuna nn usa + la 56k, ma da allora è rimasto infetto da un dialer che ogni 10 minuti compone un numero ( il pc è a roma, io a ravenna, nn posso fare controlli aggiuntivi)

il log di HijackThis è:
Logfile of HijackThis v1.99.1
Scan saved at 11.31.11, on 07/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\winlogon.exe
C:\Programmi\CA\SharedComponents\iTechnology\igateway.exe
C:\Programmi\CA\eTrustITM\InoRpc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\CA\eTrustITM\InoRT.exe
C:\Programmi\CA\eTrustITM\InoTask.exe
C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\CA\eTrustITM\eaps.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\CA\eTrustITM\realmon.exe
C:\Programmi\Sharp\Sharpdesk\IndexTray.exe
C:\Programmi\Sharp\Sharpdesk\Indexer.exe
C:\Programmi\Sharp\Sharpdesk\SharpTray.exe
C:\Programmi\Sharp\Sharpdesk\FtpServer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\SHARP\SHARPD~1\Indexer.exe
C:\DOCUME~1\VIRGIL~1.SAN\IMPOST~1\Temp\fyzkaa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\CASIO\Photo Loader\Plauto.exe
C:\Programmi\SHARP\Printer Status Monitor\Smon.exe
C:\Programmi\SHARP\Sharpdesk\nsapp.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\CA\eTrustITM\Apache\Bin\Apache.exe
C:\Programmi\CA\eTrustITM\Apache\Bin\Apache.exe
C:\Programmi\Microsoft Office\Office10\OUTLOOK.EXE
C:\Programmi\Sharp\Sharpdesk\xocr32b.exe
C:\Programmi\TUN\EMUL\emul32.exe
C:\Programmi\TUN\COMMON\TunCR32A.EXE
C:\Programmi\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\virgilio.xxxxxxxx\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/indexbb.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.101.225:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.108.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PRONoMgrWired] c:\Programmi\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Programmi\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [IndexTray] C:\Programmi\Sharp\Sharpdesk\IndexTray.exe
O4 - HKLM\..\Run: [Indexer] C:\Programmi\Sharp\Sharpdesk\Indexer.exe
O4 - HKLM\..\Run: [SharpTray] C:\Programmi\Sharp\Sharpdesk\SharpTray.exe
O4 - HKLM\..\Run: [TypeRegChecker] C:\Programmi\Sharp\Sharpdesk\TypeRegChecker.exe
O4 - HKLM\..\Run: [FtpServer.exe] C:\Programmi\Sharp\Sharpdesk\FtpServer.exe -usedefault
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [fyzkaa.exe] C:\DOCUME~1\VIRGIL~1.SAN\IMPOST~1\Temp\fyzkaa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: jjflugce.exe
O4 - Startup: xcira.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader residente.lnk = C:\Programmi\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Printer Status Monitor.lnk = C:\Programmi\SHARP\Printer Status Monitor\Smon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1170950379015
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6576392-EBA9-4E84-A08E-A8ADDF85128F}: NameServer = 192.168.101.205,151.29.125.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Programmi\Sharp\Sharpdesk\ExplorerExtensions.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Apache Content Server (ApacheContentServer) - Unknown owner - C:\Programmi\CA\eTrustITM\Apache\Bin\Apache.exe" -k runservice (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Programmi\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: Servizio RPC eTrust ITM (InoRPC) - Computer Associates International, Inc. - C:\Programmi\CA\eTrustITM\InoRpc.exe
O23 - Service: Servizio Realtime eTrust ITM (InoRT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrustITM\InoRT.exe
O23 - Service: Servizio processi eTrust ITM (InoTask) - Computer Associates International, Inc. - C:\Programmi\CA\eTrustITM\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Programmi\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

[Scarymiss]

Ciao Chihuahua, le voci sospette nel tuo log di Hjt sono:

C:\Programmi\CA\eTrustITM\InoTask.exe

C:\Programmi\CA\eTrustITM\InoRT.exe

C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

O4 - HKLM\..\Run: [FtpServer.exe]

C:\Programmi\Sharp\Sharpdesk\FtpServer.exe -usedefault

O4 - HKLM\..\Run: [fyzkaa.exe]

C:\DOCUME~1\VIRGIL~1.SAN\IMPOST~1\Temp\fyzkaa.exe

O4 - Startup: jjflugce.exe

O4 - Startup: xcira.exe

Prova a passarli con l'antivirus e casomai fixali. Spero possa aiutare.

[ChiHuaHua86]

ah, escludendo CA e Sharp il resto credo sia da fixare

[Il programmatore]

Se fossi in te farei una scansione con Spyboth S & D...
A me una volta ha trovato un Dialer (che non sapevo di avere) e sono riuscito ad eliminarlo...
Per scaricarlo vai su: http://www.ilsoftware.it/querydl.asp?ID=654.

[wizard1993]

Quote:

Originariamente inviato da Il programmatore

Se fossi in te farei una scansione con Spyboth S & D...
A me una volta ha trovato un Dialer (che non sapevo di avere) e sono riuscito ad eliminarlo...
Per scaricarlo vai su: http://www.ilsoftware.it/querydl.asp?ID=654.

un consiglio del genere era utile 2 anni fa; oggi gli antispyware si chiamano avg antispyware spysweeper e asquared

[Il programmatore]

Beh, il Dialer l'ho eliminato 2 mesi fa con Spybot S & D...

[Scarymiss]

SPybot in effetti sembra tralasciare troppo ma a me è sempre stato consigliato come il migliore, dopodichè ho scoperto questo forum..

[Il programmatore]

In effetti Spybot è ormai superato, ho appena cancellato quest'ultimo e Ad-Aware e li ho sostituiti con A-squared...