Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Big Problem with Dialer.Sfonditalia

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Big Problem with Dialer.Sfonditalia

Messaggioda Digital player » dom dic 25, 2005 8:11 pm

Hello
I'm a german guy with a big problem and please exscuse me for my bad english.I've got the Dialer Dialer.Sfonditalia and i don't know how i must remove it.I doesn't could read the guide on this site because i don't understand Italian.Can anybody help or give me an guide in english or german how i must remove the damned dialer ?!

Here the Namens of the many Dialers and sites and files that i've got :

Dialer namens:

Dialer.Sfonditalia 29874.exe
Dialer.Sfonditalia 9693.exe
IE4321.exe

Files on my pc:
exsplorer (is a link to www.**** ( please don't push the link)
Winmovieplugin (link to IE4321.exe)
explorer (is just a bad file)

Websites:
www.**** ( please don't push the link)

and the guide that i would have in german or english is concrete on this page:
http://www.MegaLab.it/2454

Programs that i have on my pc:
Win Xp
Norhton Internet Security 2005
Northon antivirus 2005
Ad-Aware SE Professional
eTrust Pest Patrol
EZ Antivirus

so please can anybody help me with this returned problem ???

please delete one of the 2self topics
Avatar utente
Digital player
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: dom dic 25, 2005 7:44 pm

Messaggioda ba_61 » dom dic 25, 2005 9:33 pm

Now, i try to explain (very slowly) [cry]

For the first time, you must download Hijack from here (Scarica ora!) and run the scan; after save the Log of this utility and copy a normal text in the Forum for analyse.

Then, after the control, you'll must to fix some bad voices in your Log (ex. R1, 014 or others, i don't know now).

Is only the start of the others passeges.

Try and i'll see you later.

bye [sbigot]
Avatar utente
ba_61
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 6290
Iscritto il: lun gen 10, 2005 11:36 pm

Re: Big Problem with Dialer.Sfonditalia

Messaggioda winman » lun dic 26, 2005 12:47 am

Digital player ha scritto:Hello
I'm a german guy with a big problem and please exscuse me for my bad english.I've got the Dialer Dialer.Sfonditalia and i don't know how i must remove it.I doesn't could read the guide on this site because i don't understand Italian.Can anybody help or give me an guide in english or german how i must remove the damned dialer ?!

Here the Namens of the many Dialers and sites and files that i've got :

Dialer namens:

Dialer.Sfonditalia 29874.exe
Dialer.Sfonditalia 9693.exe
IE4321.exe

Files on my pc:
exsplorer (is a link to www.**** ( please don't push the link)
Winmovieplugin (link to IE4321.exe)
explorer (is just a bad file)

Websites:
www.**** ( please don't push the link)

and the guide that i would have in german or english is concrete on this page:
http://www.MegaLab.it/2454

Programs that i have on my pc:
Win Xp
Norhton Internet Security 2005
Northon antivirus 2005
Ad-Aware SE Professional
eTrust Pest Patrol
EZ Antivirus

so please can anybody help me with this returned problem ???

please delete one of the 2self topics

I am sure that in Options of Internet Explorer there are some suspect connection that must be delete , so i advise searching for "services of Windows Xp" there much services that must be disable if you want increase your security ! Ah, i am forgetting , scan your hard-disk ! [afro]
Avatar utente
winman
Silver Member
Silver Member
 
Messaggi: 1398
Iscritto il: gio mar 31, 2005 5:23 pm
Località: pisa


Messaggioda ba_61 » lun dic 26, 2005 3:18 am

scan your hard-disk
Credo l'abbia già fatto [:-D]

@ Digital player: I think which yuo has already your HD with Norton and Ad-Aware (perhaps).
Avatar utente
ba_61
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 6290
Iscritto il: lun gen 10, 2005 11:36 pm

Re: Big Problem with Dialer.Sfonditalia

Messaggioda crazy.cat » lun dic 26, 2005 8:35 am

Digital player ha scritto:I'm a german guy with a big problem and please exscuse me for my bad english.

No problem my english is very very bad.

If this files are on your pc, close the process from task manager if active, and delete the files
Dialer.Sfonditalia 29874.exe
Dialer.Sfonditalia 9693.exe
IE4321.exe

Delete all suspect link on desktop, favorities, start menù.
Run Hijackthis and fix the lines similar to these

O4 - HKLM..Run: [Olympic] C:\Documents and Settings\Utente\Dati applicazioni\IE4321.exe
O15 - Trusted Zone: www.archiviosex.***
O15 - Trusted Zone: www.sgrunt.***
O15 - Trusted Zone: www.skymasters.***
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Digital player » lun dic 26, 2005 9:14 am

So here the lines:
Codice: Seleziona tutto
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4289
R3 - URLSearchHook: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\internet Grolms\icg Messenger\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopUpBlocker ; XpTuner2004 - {49E0E0F0-5C30-11D4-945D-000000000010} - C:\PROGRA~1\SIMONT~1\XP-TUN~1\PopUp.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\internet Grolms\icg Messenger\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [CaAvTray] "C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programme\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\internet Grolms\icg Messenger\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Programme\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ITD7] "C:\Programme\Steganos Internet Trace Destructor 7\ITD7.exe" -boot
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\internet Grolms\icg Messenger\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office-Indexerstellung.lnk = C:\MSOffice\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office-Schnellstart.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\internet Grolms\icg Messenger\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\internet Grolms\icg Messenger\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\internet Grolms\icg Messenger\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: IEPrint - http://www.visiontech.ltd.uk/software/download/IEPrint.CAB
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe


Yes that are the lines and in there are no running system processes.I think this lines:

-R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4289

-O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz

are the problem but i'dont know it exactly.

edit: I've updatet all of my programs and i scaned my hd full with all programs.
Avatar utente
Digital player
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: dom dic 25, 2005 7:44 pm

Messaggioda crazy.cat » lun dic 26, 2005 9:40 am

fix this lines
Digital player ha scritto:-R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4289
-O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz


You must read which files exe is the dialer in the property of the connection of one of the icons on the desktop. (Destinazione for me in italian)
Immagine

Dobule click one of the icons and you see the name of the files exe new that want to be connected to Internet or active in task manager
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Digital player » lun dic 26, 2005 9:55 am

After the Dialer come back i've updatet the list this time completly:
Codice: Seleziona tutto
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programme\Norton Internet Security\ISSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\ACD Systems\DE\DevDetect.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Programme\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
C:\internet Grolms\icg Messenger\ICQLite\ICQLite.exe
C:\Programme\Daily Weather Forecast\weather.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Steganos Internet Trace Destructor 7\ITD7.exe
C:\MSOffice\Office\FINDFAST.EXE
C:\WINDOWS\System32\svchost.exe
C:\CRACKS\PROGRA~1\MOZILL~1\GOZILLA\MOZILLA\MOZILLA.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Microsoft Encarta\Encarta Enzyklopädie Professional 2005\EDICT.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Messenger\msmsgs.exe
C:\internet Grolms\Programme\Hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4289
R3 - URLSearchHook: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\internet Grolms\icg Messenger\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopUpBlocker ; XpTuner2004 - {49E0E0F0-5C30-11D4-945D-000000000010} - C:\PROGRA~1\SIMONT~1\XP-TUN~1\PopUp.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\internet Grolms\icg Messenger\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [CaAvTray] "C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programme\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\internet Grolms\icg Messenger\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Programme\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ITD7] "C:\Programme\Steganos Internet Trace Destructor 7\ITD7.exe" -boot
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\internet Grolms\icg Messenger\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office-Indexerstellung.lnk = C:\MSOffice\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office-Schnellstart.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\internet Grolms\icg Messenger\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\internet Grolms\icg Messenger\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\internet Grolms\icg Messenger\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: IEPrint - http://www.visiontech.ltd.uk/software/download/IEPrint.CAB
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe


The Windows Movie plugin are away but the exsplorer file returns .When I dobule click the file exsplorer i come to an italian site and there are standing Enter in italian.

edit: I've already write the Dialer Namens but if you want i write they again:
Dialer.Sfonditalia 29874.exe
Dialer.Sfonditalia 9693.exe
Avatar utente
Digital player
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: dom dic 25, 2005 7:44 pm

Messaggioda crazy.cat » lun dic 26, 2005 10:11 am

If you delete this files
Dialer.Sfonditalia 29874.exe
Dialer.Sfonditalia 9693.exe
they return back?

if you watch the properties of exsplorer which files exe is connect to you.

I use google in order translate the phrases therefore is not easy to explain and to understand
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Digital player » lun dic 26, 2005 10:14 am

crazy.cat ha scritto:If you delete this files
Dialer.Sfonditalia 29874.exe
Dialer.Sfonditalia 9693.exe
they return back?

if you watch the properties of exsplorer which files exe is connect to you.

I use google in order translate the phrases therefore is not easy to explain and to understand


Yes they returned back.When the Dialer comes back i watch the exe files.
Avatar utente
Digital player
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: dom dic 25, 2005 7:44 pm

Messaggioda Digital player » lun dic 26, 2005 11:19 am

the icons like exsplorer are links to bad sites.They are just Links without or with a hide exe.
Avatar utente
Digital player
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: dom dic 25, 2005 7:44 pm

Messaggioda Rancid » lun dic 26, 2005 11:42 am

Try this trick: open the taskmanager then click on one of the dialer icon that are on your desktop, now look on the taskmanager and you will see a new process running which is strictly related to the dialer, close the process and search/delete the file, then run all the operations suggested in this thread
Non è la mera fotografia che mi interessa. Quel che voglio è catturare quel minuto, parte della realtà.
The Medium Is The Messagge
Avatar utente
Rancid
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2417
Iscritto il: mar nov 25, 2003 1:58 pm
Località: Haunted City

Messaggioda Digital player » lun dic 26, 2005 12:11 pm

I've got no succes
Avatar utente
Digital player
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: dom dic 25, 2005 7:44 pm

Messaggioda crazy.cat » lun dic 26, 2005 1:42 pm

Install spysweeper
http://www.snapfiles.com/get/spysweeper.html
upgrade definitions, scan your pc.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Michael » lun dic 26, 2005 6:01 pm

Please, delete this voice:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4289
Aufidersen

I'm sorry, I speak a little English and I not speak German, in fact I speak Italian only...
Ultima modifica di Michael il sab dic 31, 2005 5:00 pm, modificato 1 volta in totale.
Avatar utente
Michael
Silver Member
Silver Member
 
Messaggi: 1543
Iscritto il: mer dic 01, 2004 7:13 pm
Località: xxx

Messaggioda Digital player » mar dic 27, 2005 10:06 am

Now i will try to install some anti-dailer software .But Thank you all for your answers [applauso]
Avatar utente
Digital player
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: dom dic 25, 2005 7:44 pm

Messaggioda Digital player » gio dic 29, 2005 7:22 pm

Now i've got spysweeper and i've got no more problems.But there are 1 problem.The Spy sweeper is software is an 30 day trial version.Either i buy spysweeper or i found a new "free" anti-Dailer program.I thank you all for your good answers .Does anybody know another free anti-Dailer program ?
Avatar utente
Digital player
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: dom dic 25, 2005 7:44 pm

Messaggioda crazy.cat » gio dic 29, 2005 8:00 pm

Very good for cleaning and real time monitor to prevent infections
Microsoft antispyware
Spycleaner free

Other tools for cleaning
Spybot S&D
Ad-Aware
Malwaredestroyer

The best to prevent infections, install and apply all protections, often update and apply new protection.
http://www.javacoolsoftware.com/spywareblaster.html
And unlike other programs, SpywareBlaster does not have to remain running in the background.

You succeed to understand what I write?
Google translate well?
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Digital player » sab dic 31, 2005 1:42 pm

I'dont translate the english wiht GOOGLE !!!.But now you can closed the thread and thank you all for your answers and your help and yes.
Avatar utente
Digital player
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: dom dic 25, 2005 7:44 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 8 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising