Buon anti trojan

gymvideo · 13-07-2005, 16:07:13

Ciao, ho problemi di trojan ed ho scaricato anti-trojan solamente che non li rimuove tutti, infatti antivir ne rileva sempre qualcuno in +

La questione sta diventando seccante anche perch� ad-aware mi rileva oltre 200 spyware e sono sicuro che sia dipeso dai trojan

NO FORMAT non ne ho alcuna voglia

**killers** · 13-07-2005, 16:08:57

prova a postare il log di hijack clicca qui
per i trojan ci sarebbe lo stinger

**MASTER WORLD** · 13-07-2005, 16:15:57

usa panda

gymvideo · 13-07-2005, 16:17:23

Eccolo

Logfile of HijackThis v1.99.1
Scan saved at 16.14.33, on 13/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\DirectX Extensions\DXDebugService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\WildTangent\Apps\CDA\GameDrvr.exe
C:\Programmi\WildTangent\Apps\GameChannel.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\SurfAccuracy\SAcc.exe
c:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\cmd.exe
C:\Programmi\ISTsvc\istsvc.exe
C:\programmi\180searchassistant\sais.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ARESCOM\Modem Telindus Arescom ND220b\dslmon.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\OpenOffice.org 1.9.104\program\soffice.exe
C:\Programmi\OpenOffice.org 1.9.104\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\gymvideo\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA

EF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Programmi\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Programmi\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [WT GameChannel] C:\Programmi\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [Windows Installer] C:\WINDOWS\system32\ntdll.exe
O4 - HKLM\..\Run: [Windows Spooler] C:\WINDOWS\system32\spoolsv32.exe
O4 - HKLM\..\Run: [Windows DLL Host] C:\WINDOWS\system32\dllhost32.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programmi\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [rsf] C:\WINDOWS\rsf.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [sais] c:\programmi\180searchassistant\sais.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Programmi\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Emule\emule.exe -AutoStart
O4 - Startup: OpenOffice.org 1.9.104.lnk = C:\Programmi\OpenOffice.org 1.9.104\program\quickstart.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmi\SideFind\sidefind.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Programmi\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Programmi\IDA\ida.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .xml: C:\Programmi\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A

} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E07FA2D-A0E5-4989-997A-A8B772E4C9CF}: NameServer = 85.37.17.47 151.99.125.1
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Programmi\File comuni\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

**Peppigno** · 13-07-2005, 19:11:24

usa Avast Antivirus e fagli fare lo scan al boot.

**8cloud8** · 13-07-2005, 19:13:13

Io uso a-squared2 e mi sembra molto buono...

**ZandroCuzensa** · 13-07-2005, 19:25:07

Peppigno

usa Avast Antivirus e fagli fare lo scan al boot.

Straquoto

**killers** · 14-07-2005, 10:00:29

gymvideo

Eccolo

per il log fai cosi':
1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/vi...CodSw=257&SH=N

2) riavvia in modalit� provvisoria, leggi qui come fare
http://www.aiutamici.com/software/vi...CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/de...asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalit� provvisoria, eliminale dalla modalit� normale e riavvia il computer).

==================================
O2 - BHO: andEliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: andEliteBar - {825CF5BD-8862-4430-B771-0C15C5CAEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
-
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Programmi\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Programmi\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [WT GameChannel] C:\Programmi\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [Windows Installer] C:\WINDOWS\system32\ntdll.exe
O4 - HKLM\..\Run: [Windows Spooler] C:\WINDOWS\system32\spoolsv32.exe
O4 - HKLM\..\Run: [Windows DLL Host] C:\WINDOWS\system32\dllhost32.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programmi\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [rsf] C:\WINDOWS\rsf.exe
-
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [sais] c:\programmi\180searchassistant\sais.exe
-
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmi\SideFind\sidefind.dll
-
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
ntdll.exe
spoolsv32.exe
dllhost32.exe
rsf.exe
==================================

ELIMINA LE CARTELLE IN ROSSO
C:\WINDOWS\EliteToolBar
C:\Programmi\WildTangent
C:\Programmi\SurfAccuracy
C:\Programmi\ISTsvc
c:\programmi\180searchassistant
C:\Programmi\SideFind

Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA
poi clicca il pulsante PAGINA PREDEFINITA e su OK

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/vi...CodSw=388&SH=N

sempre in modalit� provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.

Nel sistema manca un programma Firewall, installa questo
http://www.aiutamici.com/software/vi...=home&CodSw=56

Fai inoltre un controllo antivirus on line per verificare se ci sono virus nel sistema da questo indirizzo
http://security.symantec.com/default...d=it&venid=sym

Amministratori
206567@RedazioneGV	233018@techGV
Guardian
215617@Don Dema	153820@Illuminated
5880@iMaX
Moderatori
95216@Alienware	234323@Bismark
236104@gabry1710	172466@King_Of_Kings_21
26508@Metalmark	28512@MikiM
235165@Redazione Gamesvillage	233457@TheGu
236103@thekingdani	87740@titan2010

Discussione: Buon anti trojan

Strumenti Discussione

Buon anti trojan

Regole di Scrittura