Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

aiuto! probabile dialer nel pc

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

aiuto! probabile dialer nel pc

Postdi mary77 » 01/03/08 20:54

salve a tutti, credo di avere scaricato un dialer... mi ha bloccato ie e poi ho individuato sul pc dei file exe con logo un mappamondo e sul desktop si è creata un'icona a fomra di mappamondo e col nome accesso. ho eliminato questi file e l'icona, ma il pc è più lento e non so se è tutto ok.
vi posto il filelog di hijack e attendo un vostro parere. grazie!

Logfile of HijackThis v1.99.1
Scan saved at 20.06.46, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Officescan NT\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Officescan NT\tmlisten.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Officescan NT\CNTAoSMgr.exe
C:\WINDOWS\TEMP\UX87EB.EXE
C:\WINDOWS\Explorer.EXE
C:\Officescan NT\pccntmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SealedMedia\sealmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\07029536\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telecom Italia s.p.a.
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Officescan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [RUN_PWR_SETTINGS] %windir%\system32\RunSet-1.2.vbs
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Free Internet Window Washer] C:\PROGRA~1\FREEIN~1\Clearpch.exe -Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: MapiProfileTI.lnk = C:\WINDOWS\MapiProfileTI.vbs
O4 - Global Startup: SecurityBar2003.vbs
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://noiportal.telecomitalia.it
O15 - Trusted Zone: http://organigramma.griffon.local
O15 - Trusted Zone: *.griffon.local
O15 - Trusted Zone: http://atomwfe1.telecomitalia.it
O15 - Trusted Zone: http://atomwfe2.telecomitalia.it
O15 - Trusted Zone: http://griffon.ittelecom.open.telecomitalia.it
O15 - Trusted Zone: http://griffon.open.telecomitalia.it
O15 - Trusted Zone: http://hr.open.telecomitalia.it
O15 - Trusted Zone: http://mpa.dg.telecomitalia.it
O15 - Trusted Zone: http://mpad.dg.telecomitalia.it
O15 - Trusted Zone: http://mpaf.dg.telecomitalia.it
O15 - Trusted Zone: http://paperless.open.telecomitalia.it
O15 - Trusted Zone: http://tils.open.telecomitalia.it
O15 - Trusted Zone: http://dwh-o2c.telecomitalia.local
O15 - Trusted Zone: http://soa404.telecomitalia.local
O15 - Trusted Zone: http://organigramma.griffon.local (HKLM)
O15 - Trusted Zone: *.griffon.local (HKLM)
O15 - Trusted Zone: http://atomwfe1.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://atomwfe2.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://griffon.ittelecom.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://griffon.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://hr.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://paperless.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://tils.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://dwh-o2c.telecomitalia.local (HKLM)
O15 - Trusted Zone: http://soa404.telecomitalia.local (HKLM)
O15 - Trusted IP range: 10.74.27.45
O15 - Trusted IP range: http://10.74.27.45
O15 - Trusted IP range: http://10.173.215.15
O15 - Trusted IP range: http://10.173.50.7
O15 - Trusted IP range: 10.74.27.45 (HKLM)
O15 - Trusted IP range: http://10.74.27.45 (HKLM)
O15 - Trusted IP range: http://10.173.215.15 (HKLM)
O15 - Trusted IP range: http://10.173.50.7 (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = telecomitalia.local
O17 - HKLM\Software\..\Telephony: DomainName = telecomitalia.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{166468D2-0542-4C0B-AFB2-FD9011E5AD42}: Domain = telecomitalia.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CC74C13-DBE6-491B-9B23-D9EF55783752}: NameServer = 85.37.17.10 85.38.28.86
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = telecomitalia.local
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Servizio di configurazione Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Officescan NT\ntrtscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Officescan NT\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Officescan NT\TmProxy.exe
mary77
Newbie
 
Post: 5
Iscritto il: 03/09/07 15:13

Sponsor
 

Re: aiuto! probabile dialer nel pc

Postdi Opensource » 02/03/08 16:16

ciao
disattiva il ripristino automatico di sistema (importante per la rimozione di malware), scarica ccleaner, spybot s&d e asquared anti dialer; installali e aggiornali.Con cleaner(togli il segno di spunta da impostazioni,avanzate e da elimina files temp solo se più vecchi di 48 ore o qualcosa del genere).
Riavvia in modalità provvisoria ed elimina questi con hijackthis:

C:\WINDOWS\TEMP\UX87EB.EXE

O4 - HKLM\..\Run: [RUN_PWR_SETTINGS] %windir%\system32\RunSet-1.2.vbs

O4 - Global Startup: MapiProfileTI.lnk = C:\WINDOWS\MapiProfileTI.vbs

O4 - Global Startup: SecurityBar2003.vbs

O15 - Trusted Zone: *.griffon.local

O15 - Trusted Zone: *.griffon.local (HKLM)

O15 - Trusted IP range: 10.74.27.45

O15 - Trusted IP range: 10.74.27.45 (HKLM)

poi fai una ricerca di questi files e se presenti eliminali:

UX87EB.EXE,RunSet-1.2.vbs,MapiProfileTI.vbs,SecurityBar2003.vbs.

scansiona con spybot s&d e correggi gli errori che ti dà, poi scansiona con asquuared ed elimina i file che ti indicherà come infetti ed infine passa una scansione con ccleaner utilizzando tutti i suoi strumenti.

infine riavvia in modalità normale e posta un nuovo log.
Avatar utente
Opensource
Utente Senior
 
Post: 684
Iscritto il: 02/11/06 20:45


Torna a Sicurezza e Privacy


Topic correlati a "aiuto! probabile dialer nel pc":

Aiuto urgente!!!
Autore: templare77
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti