dialer dtyqi

[danny81]

Saluti a tutti !

Ho un quesito da porVi, da qualche giorno non appena mi collego ad internet mi cade la connessione predefinita e al suo posto si intromette un dialer denominato: dtyqi.
Il dialer si connette con il seguente numero: 472275054
Su risorse di rete vedo solo la connessione predefinita, nel momento in cui il dialer si intromette compare l' icona della nuova connessione e anche se provo a cancellarla ricompare.
Ho effettuato delle scansioni con l' antivirus ma non è emerso nulla.
Vi chiedo come posso riuscire ad eliminare questo dialer.
VI Ringrazio.

Saluti
Danny

[OYS]

Ciao, posta il log generato da HijackThis

[danny81]

grazie della risposta. Ma non riesco a collegarmi, non appena accedo le pagine web scompaiono e non ho la possibilità di scaricare una cartella compressa. come posso fare ?
grazie ancora.

[OYS]

La prossima volta shiaccia su "rispondi", se no ti apre una nuova discussione.

Ritornando al tuo problema, fai una scansione con systemscan.
Una volta eseguita la scansione portati in C:\suspectfile e carica il file report.txt su www.sendmefile.com e scrivi il link per poterlo scaricare.

Probabilmente però, anche systemscan sarà bloccato. Per cui se systemscan non va, usa http://www.runscanner.net/runscanner.zip

[Habanero]

ho unito le discussioni. danny81 come ti ha detto OYS, fa' attenzione a premere il pulsante giusto.

[danny81]

Runscanner logfile http://www.runscanner.net

000 General info
----------------
Computer name : NOME-8I55LI28RN
Type of scan : Full scan
RunScanner Version : 0.9.0.0
Creation time : 16/04/2007 10.47.58
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
User Language : Italiano (Italia)
IE version : 6.0.2900.2180
Windows folder : C:\WINDOWS

001 Running processes
---------------------
* c:\programmi\alwil software\avast4\aswupdsv.exe (ALWIL Software)
* c:\programmi\alwil software\avast4\ashserv.exe (ALWIL Software)
c:\windows\soundman.exe (Avance Logic, Inc.)
c:\programmi\microsoft hardware\keyboard\type32.exe (Microsoft Corporation)
c:\programmi\microsoft hardware\mouse\point32.exe (Microsoft Corporation)
c:\windows\system32\spool\drivers\w32x86\3\e_s10ic 2.exe (SEIKO EPSON CORPORATION)
c:\programmi\avpersonal\avgnt.exe (H+BEDV Datentechnik GmbH)
* c:\progra~1\alwils~1\avast4\ashdisp.exe (ALWIL Software)
c:\programmi\avpersonal\avguard.exe (H+BEDV Datentechnik GmbH)
* c:\windows\system32\ati2evxx.exe
c:\programmi\avpersonal\avwupsrv.exe (H+BEDV Datentechnik GmbH, Germany)
c:\programmi\file comuni\epson\ebapi\sagent2.exe (SEIKO EPSON CORPORATION)
* c:\programmi\alwil software\avast4\ashmaisv.exe (ALWIL Software)
* c:\programmi\alwil software\avast4\ashwebsv.exe (ALWIL Software)
c:\docume~1\danilo\impost~1\temp\directory temporanea 2 per runscanner1.zip\runscanner.exe (Runscanner.net)

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
C:\WINDOWS\soundman.exe (Avance Logic, Inc.)
c:\programmi\microsoft hardware\keyboard\type32.exe (Microsoft Corporation)
- point32.exe
c:\windows\system32\spool\drivers\w32x86\3\e_s10ic 2.exe (SEIKO EPSON CORPORATION)
c:\windows\system32\nerocheck.exe (Ahead Software Gmbh)
c:\programmi\avpersonal\avgnt.exe (H+BEDV Datentechnik GmbH)
* c:\progra~1\alwils~1\avast4\ashdisp.exe (ALWIL Software)

005 C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
----------------------------------------------------------------------------------
- c:\programmi\precisiontime\precisiontime.exe

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
c:\programmi\avpersonal\avguard.exe (AntiVir Service)
* c:\programmi\alwil software\avast4\aswupdsv.exe (avast! iAVS4 Control Service)
* C:\WINDOWS\system32\ati2evxx.exe (ati2evxx.exe)
c:\windows\system32\ati2sgag.exe (ATI Smart)
* c:\programmi\alwil software\avast4\ashserv.exe (avast! Antivirus)
* c:\programmi\alwil software\avast4\ashmaisv.exe (avast! Mail Scanner)
* c:\programmi\alwil software\avast4\ashwebsv.exe (avast! Web Scanner)
c:\programmi\avpersonal\avwupsrv.exe (AntiVir Update)
c:\programmi\file comuni\epson\ebapi\sagent2.exe (EPSON Printer Status Agent2)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
C:\WINDOWS\system32\drivers\alcxwdm.sys (Service for Avance AC97 Audio (WDM))
* C:\WINDOWS\system32\drivers\ati2mtag.sys (Video)
c:\programmi\avpersonal\avgntdw.sys (avgntdw)
* C:\WINDOWS\system32\drivers\hsf_bsc2.sys (NTRksample driver)
* C:\WINDOWS\system32\drivers\hsf_fall.sys (Fallback driver)
* C:\WINDOWS\system32\drivers\hsf_fsks.sys (FSKsNT driver)
- d:\install\gmsipci.sys (GMSIPCI)
* C:\WINDOWS\system32\drivers\hcf_msft.sys (Modem)
* C:\WINDOWS\system32\drivers\hsf_msft.sys (WinACHSF driver)
* C:\WINDOWS\system32\drivers\hsf_k56k.sys (K56NT driver)
- d:\ntaccess.sys (NTACCESS)
* C:\WINDOWS\system32\drivers\ptilink.sys (Driver Direct Parallel Link)
* C:\WINDOWS\system32\drivers\hsf_samp.sys (Rksample WDM driver)
* C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv)
- d:\ntglm7x.sys (SetupNTGLM7X)
* C:\WINDOWS\system32\drivers\hsf_faxx.sys (FaxNT driver)
* C:\WINDOWS\system32\drivers\hsf_tone.sys (TonesNT driver)
* C:\WINDOWS\system32\drivers\hsf_v124.sys (V124NT driver)

031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
c:\programmi\file comuni\microsoft shared\web folders\pkmcdo.dll (Microsoft Corporation) {CD00020A-8B95-11D1-82DB-00C04FB1625D}
* c:\progra~1\copern~1\copern~1.dll (Copernic Technologies Inc.) {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6}
* c:\progra~1\copern~1\copern~1.dll (Copernic Technologies Inc.) {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D}
c:\programmi\file comuni\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
c:\programmi\file comuni\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
c:\programmi\file comuni\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF40-A96B-11d1-9C6B-0000F875AC61}

036 HKCU\Software\Microsoft\Internet Explorer\Desktop\Components
----------------------------------------------------------------
About:Home

041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
* c:\programmi\copernic agent\copernicagentext.dll (Copernic Technologies Inc.) {F2E259E8-0FC8-438C-A6E0-342DD80FA53E}

042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
* c:\progra~1\copern~1\copern~1.exe (Copernic Technologies Inc.) {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084}
* c:\progra~1\copern~1\copern~1.exe (Copernic Technologies Inc.) {688DC797-DC11-46A7-9F1B-445F4F58CE6E}

044 HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
------------------------------------------------------------------
* c:\programmi\copernic agent\copernicagentext.dll (Copernic Technologies Inc.) {F2E259E8-0FC8-438C-A6E0-342DD80FA53E}

045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
----------------------------------------------------------------
* c:\programmi\copernic agent\copernicagentext.dll (Copernic Technologies Inc.) {F2E259E8-0FC8-438C-A6E0-342DD80FA53E}

061 HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
----------------------------------------------------------------------------
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
* c:\windows\system32\hticons.dll (Hilgraeve, Inc.) {88895560-9AA2-1069-930E-00AA0030EBC8}
c:\progra~1\fileco~1\micros~1\webfol~1\msonsext.dl l (Microsoft Corporation) {BDEADF00-C265-11D0-BCED-00A0C90AB50F}
c:\programmi\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}

063 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
---------------------------------------------------------------------
autocheck autochk *

065 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
----------------------------------------------------------------------------------
explorer.exe : c:\windows\system32\vkeufpiw.txt (Microsoft Corporation)

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
--------------------------------------------------------
* C:\WINDOWS\system32\ebpmon2.dll (SEIKO EPSON CORPORATION)

073 %windir%\Tasks
------------------
c:\windows\tasks\bxsghkmm.job
c:\windows\tasks\vdaq.job
c:\windows\tasks\ukweiyyf.job
c:\windows\tasks\wyvccvdd.job
c:\windows\tasks\nygpir.job
c:\windows\tasks\npr.job
c:\windows\tasks\uwptfo.job
c:\windows\tasks\uqano.job
c:\windows\tasks\cwieed.job
c:\windows\tasks\kcmkhcg.job
c:\windows\tasks\pbopl.job
c:\windows\tasks\rldmzb.job
c:\windows\tasks\agwujrvm.job
c:\windows\tasks\frp.job
c:\windows\tasks\gqbm.job
c:\windows\tasks\fiyjdonp.job
c:\windows\tasks\uguvp.job
c:\windows\tasks\xadeu.job
c:\windows\tasks\fwjitxf.job
c:\windows\tasks\wzsjqkbu.job
c:\windows\tasks\kytgxpzo.job
c:\windows\tasks\zhjonjr.job
c:\windows\tasks\vnhkz.job
c:\windows\tasks\fjmbukl.job
c:\windows\tasks\nxg.job
c:\windows\tasks\jqmf.job
c:\windows\tasks\ztck.job
c:\windows\tasks\dnwd.job
c:\windows\tasks\hiaxjiup.job
c:\windows\tasks\smgy.job
c:\windows\tasks\cmffrt.job
c:\windows\tasks\noxgptdr.job
c:\windows\tasks\dbvo.job
c:\windows\tasks\vwcqz.job
c:\windows\tasks\zlcb.job
c:\windows\tasks\dlw.job
c:\windows\tasks\ahwlaokx.job
c:\windows\tasks\ixy.job
c:\windows\tasks\azl.job
c:\windows\tasks\ekpcyj.job

100 Internet Explorer settings
------------------------------
Start Page HKCU : about:blank
Start Page HKLM : http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=hom e
Search Page HKCU : http://www.microsoft.com/isapi/redir...ie&ar=iesearch
Search Page HKLM : http://www.microsoft.com/isapi/redir...ie&ar=iesearch
Default_Page_URL HKLM : http://www.wellcome.it
Default_Search_URL HKLM : http://www.microsoft.com/isapi/redir...ie&ar=iesearch
SearchAssistant HKLM : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
CustomizeSearch HKLM : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
ShellNext HKCU : iexplore

102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
------------------------------------------------------------------
* c:\programmi\copernic agent\copernicagentext.dll (Copernic Technologies Inc.) {6F480F82-C3A6-4D35-96F7-B297AD49FBE8}
* c:\programmi\copernic agent\copernicagentext.dll (Copernic Technologies Inc.) {F2E259E8-0FC8-438C-A6E0-342DD80FA53E}

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* c:\windows\system32\macromed\flash\flash6.ocx (Macromedia, Inc.) {D27CDB6E-AE6D-11CF-96B8-444553540000}

106 HKLM\Software\Microsoft\Windows\CurrentVersion\URL
------------------------------------------------------
Default : http://
ftp : ftp://
gopher : gopher://
home : http://
mosaic : http://
www : http://

120 Domain/DNS hijacking
------------------------
NameServer {12152858-840F-42C6-89E7-0C0C44701654} : 212.151.136.246 130.244.127.169

161 HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System
------------------------------------------------------------------
dontdisplaylastusername : 0
shutdownwithoutlogon : 1
undockwithoutlogon : 1

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
c:\programmi\avpersonal\avshlext.dll (H+BEDV Datentechnik GmbH) {a7cda720-84ee-11d0-b5c0-00001b3ca278}
c:\programmi\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}

180 FileType Hijacking
----------------------
HKEY_CLASSES_ROOT batfile : "%1" %*
HKEY_CLASSES_ROOT cmdfile : "%1" %*
HKEY_CLASSES_ROOT comfile : "%1" %*
HKEY_CLASSES_ROOT exefile : "%1" %*
HKEY_CLASSES_ROOT htafile : C:\WINDOWS\System32\mshta.exe "%1" %*
HKEY_CLASSES_ROOT piffile : "%1" %*
HKEY_CLASSES_ROOT scrfile : "%1" /S

[danny81]

chiedo scusa dell' inserimento dei dati senza spiegazione.
purtoppo ho fatto appena in tempo a inviarveli in questo modo perchè il dialer si è intromesso. non so la modalità di entrata in sendmemail.
vi chiedo di controllare quanto ottenuto dalla scansione.
grazie infinite.

[OYS]

Questo dovrebbe essere un adware, per cui elimina la cartella precision time:


c:\programmi\precisiontime\precisiontime.exe


Poi fai start-->esegui-->regedit ed elimina questa sottochiavi:


HKEY_ALL_USERS\Software\Gator.com\PrecisionTime

HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\AppInfo\PrecisionTime

HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\PrecisionTime

HKEY_ALL_USERS\Software\Gator.com\PrecisionTime

HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentV ersion\Explorer\MenuOrder
\Start Menu\Programs\PrecisionTime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion
\Uninstall\PrecisionTime

[danny81]

purtroppo sono riuscito ad eliminare solo le sottochiavi LOCAL MACHINE che ha indicato sopra.
Le sottochiavi da lei denominate ALL USERS possono essere indicate anche solo come USERS ? perchè ho provato ad entrare in queste cartelle ma non mi danno una direzione giusta soprattutto per quanto riguarda Gator.com che non appare.
Credo che queste cartelle siano danneggiate perchè non hanno nessun titolo preciso se non delle sigle e una serie di numeri separati da trattini.
La ringrazio nuovamente.

[OYS]

Probabilmente sarà:

HKEY_CURRENT_USERS\Software ecc.