Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

dialer?

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

dialer?

Messaggioda trigly » gio mar 24, 2005 1:04 pm

Ho una connessione ADSL tuttavia ho scaricato qualche schifezza che mi sconnette dalla mia connessione e me ne avvia un'altra.
Come fare? Se serve il log di hijiack this lo riporto qui sotto

Logfile of HijackThis v1.98.2
Scan saved at 13:06:24, on 24/03/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\FILE COMUNI\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAMMI\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAMMI\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAMMI\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\PROGRAMMI\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\PROGRAMMI\VERBATIM STORE N GO\VERBATIM STORE 'N' GO.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\NRCHK.EXE
C:\WINDOWS\RELSD.EXE
C:\PROGRAMMI\INTEL\INTEL PSNCU\CPUNUMBER.EXE
C:\PROGRAMMI\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\PROGRAMMI\NIKON\NKVIEW4\NKVWMON.EXE
C:\PROGRAMMI\FOTOSTATION EASY\FOTOSTATION EASY AUTOLAUNCH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\1040\MSOFFICE.EXE
C:\PROGRAMMI\MICROSOFT ACTIVESYNC\WCESMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yoursearch.ws/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yoursearch.ws/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yoursearch.ws/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yoursearch.ws/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscalinet.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da PC Magazine
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAMMI\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\QUESTMOD.DLL (file missing)
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D8274} - C:\WINDOWS\SYSTEM\SPM8274.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAMMI\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAMMI\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAMMI\MCAFEE\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [AVPCC] C:\Programmi\AntiViral Toolkit Pro\avpcc.exe
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HP CD-Writer] C:\Programmi\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [VERBATIM STORE 'N' G] c:\programmi\verbatim store n go\verbatim store 'n' go.exe sys_auto_run C:\Programmi\Verbatim Store N Go
O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\svchst.exe /i
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Quicktime] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [ScheduIe] C:\WINDOWS\nrchk.exe /i
O4 - HKLM\..\Run: [TBllEe] C:\WINDOWS\relsd.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AVPCC Service] C:\Programmi\AntiViral Toolkit Pro\avpcc.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Programmi\Intel\Intel PSNCU\CPUNumber.exe" /nosplash
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAMMI\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "c:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Barra degli strumenti Microsoft Office.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: NkVwMon.exe.lnk = C:\Programmi\Nikon\NkView4\NkVwMon.exe
O4 - Startup: FotoStation Easy AutoLaunch.lnk = C:\Programmi\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmi\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAMMI\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAMMI\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.yeak.net
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ ... 1/chat.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat1.kataweb.it:4080/chat/data/ ... sichat.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {C6BEBA53-1F7E-4A0A-B738-61FBB49E0B06} (VPDefaultX Control) - http://www.e-works.it/support/supereva/ ... efault.cab
O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} (McAfee.com Component Download Manager Class) - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16e3881a13806596e4 ... 601_it.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://antivirus.interfree.it/xscan52.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {F57D27AE-CE57-4BC8-B232-EA57747BE5B7} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//jgypvmg//srhpcxp//xwqpygn//irkqpg//IT//arct.chm::/painter.dll
O21 - SSODL: YwGxnUJzDpI - {3F7A0F00-95D0-A5AA-D03E-4E0069530A52} - C:\WINDOWS\SYSTEM\FBERD.DLL


grazie
Trigly
Avatar utente
trigly
Aficionado
Aficionado
 
Messaggi: 37
Iscritto il: gio gen 13, 2005 10:14 am
Località: Chieti

Messaggioda crazy.cat » gio mar 24, 2005 1:58 pm

Togli queste voci, ma fatti un giro di controllo anche con Adware e Spybot ci sono alcuni spyware.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yoursearch.ws/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yoursearch.ws/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yoursearch.ws/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://yoursearch.ws/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://yoursearch.ws/browser/
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\QUESTMOD.DLL (file missing)
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D8274} - C:\WINDOWS\SYSTEM\SPM8274.DLL
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\svchst.exe /i
O4 - HKLM\..\Run: [Quicktime] C:\WINDOWS\shch.exe /i <---- E' lui
O4 - HKLM\..\Run: [ScheduIe] C:\WINDOWS\nrchk.exe /i
O4 - HKLM\..\Run: [TBllEe] C:\WINDOWS\relsd.exe
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.yeak.net
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16e3881a13806596e4 ... 601_it.cab
O16 - DPF: {F57D27AE-CE57-4BC8-B232-EA57747BE5B7} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//jgypvmg//srhpcxp//xwqpygn//irkqpg//IT//arct.chm::/painter.dll
O21 - SSODL: YwGxnUJzDpI - {3F7A0F00-95D0-A5AA-D03E-4E0069530A52} - C:\WINDOWS\SYSTEM\FBERD.DLL
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda trigly » gio mar 24, 2005 6:54 pm

Grazie, pare che si sia risolto tutto. Siete sempre gentilissimi e puntuali.
Non sono in grado di ricambiare purtroppo, ma vi ringrazio davvero tanto
Trigly
Avatar utente
trigly
Aficionado
Aficionado
 
Messaggi: 37
Iscritto il: gio gen 13, 2005 10:14 am
Località: Chieti

Messaggioda thomas » gio mar 24, 2005 7:26 pm

trigly ha scritto:Grazie, pare che si sia risolto tutto. Siete sempre gentilissimi e puntuali.
Non sono in grado di ricambiare purtroppo, ma vi ringrazio davvero tanto

Beh... se hai conoscenti con problemi sai dove indirizzarli!
Poi abbiamo una fornitissima sezione offtopic che non aspetta altro che la tua partecipazione!

Ciaoooo
"Am too late to get too high to get, too late to wash my face and hands "
Mr Hudson and the Library - Too Late Too Late
Avatar utente
thomas
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 6858
Iscritto il: mer lug 09, 2003 6:30 pm
Località: Parma


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising