|
|||||||
|
|
|
 |
|
|
Strumenti |
15-02-2005, 11:32
|
#1 |
|
Member
Iscritto dal: Oct 2002
Città: Trapani
Messaggi: 167
|
Dialer sempre presenti:(
Ciao,
come Sistema operativo uso Windows XP, Service Pack 2, Firewall: Sygate Personal Firewall pro 5.5, Antivirus: Nod32. Il problema è che nn elimino questi cavalli di troia. Questi i nomi e dove sono collocati: C:\WINDOWS\system32\BysTJIKQ.dll - Win32/Dialer.CO C:\WINDOWS\system32\DjeiBmA.dll -Win32/Dialer.CO C:\WINDOWS\system32\dSeYuljdR.dll -Win32/Dialer.CO C:\WINDOWS\system32\Ey00IjWi.dll -Win32/Dialer.CO C:\WINDOWS\system32\MDdEOfQNSTg.dll-Win32/Dialer.CO C:\WINDOWS\system32\mvdjjsTwb.dll -Win32/Dialer.CO C:\WINDOWS\system32\oBLwrbSr.dll -Win32/Dialer.CO C:\WINDOWS\system32\uwukoDyrlgV.dll/ -Win32/Dialer.CO C:\WINDOWS\system32\WxJXBrpkr.dll -Win32/Dialer.CO Il nod32 dopo la scansione li ha visualizzati ed eliminati però a distanza di alcuni giorni mi sono riapparsi, cambiano credo le lettere iniziali. A volte mi appare uno solo di questi tipi di files all'accensione del Pc e precisamente quando mi collego. E nuovamente l'antivirus li rileva e dice di averli eliminati, ma come mai riappaiono? Ho fatto una scansione col programma Hijackthis. ecco il log: Logfile of HijackThis v1.99.0 Scan saved at 12.17.54, on 15/02/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe G:\Programmi\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\downlo~1\73h2f\njhd83da.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Eset\nod32kui.exe C:\WINDOWS\system32\rmctrl.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe C:\Programmi\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE G:\Programmi\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.it/redirect/startpage/dial_up/ita/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2.it/redirect/startpage/dial_up/ita/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - TELE2Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O1 - Hosts: 64.91.255.87 www.dcsresearch.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Programmi\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1 \tools\iesdsg.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [SmcService] G:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3 O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\spydoctor.exe" /Q O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Programmi\Adobe\Acrobat 7.0 \Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://G:\PROGRA~1\MICROS~1\OFFICE11 \EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1 \OFFICE11\REFIEBAR.DLL O9 - Extra button: Alice - {169AB6C2-C7C3-4B94-B3F1-B24F41D02E63} - http://gw.aliceadsl.it/alice (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.it/redirect/startpage/dial_up/ita/ O16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://69.44.122.156/scanner/axscanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...uweb_site.cab? 1096491496984 O23 - Service: Servizio iPod - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: LEC TranslateDotNet Server - Unknown - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing) O23 - Service: NOD32 Kernel Service - Unknown - C:\Programmi\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32 \nvsvc32.exe O23 - Service: Sygate Personal Firewall Pro - Sygate Technologies, Inc. - G:\Programmi\Sygate\SPF\smc.exe Cosa dovrei fare?
__________________
La generosità ha maggior valore se costa sacrificio... |
|
|
|
15-02-2005, 11:41
|
#2 |
|
Senior Member
Iscritto dal: Feb 2002
Città: Discovery
Messaggi: 34710
|
installa spysweeper e giant/microsoft. con jv16 pulisci l'avvio e il registro e disabilita il ripristino conf. di sistema.
ciao. 
__________________
Good afternoon, gentlemen, I'm a H.A.L. computer. |
|
|
|
|
15-02-2005, 12:00
|
#3 |
|
Member
Iscritto dal: Oct 2002
Città: Trapani
Messaggi: 167
|
Ciao,
cos'è JV16? è un pacchetto di programmi? Dove lo trovo?
__________________
La generosità ha maggior valore se costa sacrificio... |
|
|
|
|
15-02-2005, 12:01
|
#4 |
|
Member
Iscritto dal: Oct 2002
Città: Trapani
Messaggi: 167
|
spysweeper e giant/microsoft.
questi dove li trovo? 
__________________
La generosità ha maggior valore se costa sacrificio... |
|
|
|
|
15-02-2005, 12:25
|
#5 |
|
Senior Member
Iscritto dal: Sep 2004
Città: Prov. Novara/Palmdale
Messaggi: 5228
|
|
|
|
|
|
15-02-2005, 13:37
|
#6 | |
|
Senior Member
Iscritto dal: Feb 2002
Città: Discovery
Messaggi: 34710
|
Quote:
per la serie google quanto è bello.
__________________
Good afternoon, gentlemen, I'm a H.A.L. computer. |
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 08:15.
