Dialer Instant access [era:Help me please]

[djkarl9]

salve ha tutti ho bisogno di aiuto...allora io credo di avere un dialer anzi sicuramente...praticamente io mi connetto tranquillamente a internet e dopo un pò si disconnettee mi compare sul desktop l'icona "Istant Access" questa tenta di connettersi ad una connessione a pagamento ma Armor, il firewall, blocca tutto...e di conseguenza io mi connetto di nuovo a internet dopo 2-3 tentativi...cosa fare??? e a volte sono attivi processi del genere: 162Cfjva.exe totalmente sconosciuti oppure il processo Siemens-Speed.exe...help me please...grazie anticipatamente

[OYS]

posta il contenuto del file log (blocco note) generato da HijackThis

Fai una scansione con systemscan.
Una volta eseguita la scansione portati in C:\suspectfile e carica il file report.txt su www.sendmefile.com e scrivi il link per poterlo scaricare

[Habanero]

djkarl9 ben venuto sul forum.
Ti esorto a leggere il regolamento:
http://forum.html.it/forum/showthrea...hreadid=997970

La prossima volta scegli un titolo significativo.

[djkarl9]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at Dj kArL 15.24.19, on 21/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Armor2net\Armor2net Personal Firewall\Armor2net.exe
C:\Programmi\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\uwjzua.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\WINDOWS\System32\svchost.exe
D:\DOCUMENTI\My Completed Downloads\emule0.47c-Xtreme5.4.1\emule.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bak\ctfmon.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\162Cfjva.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\*********\eb.exe
C:\Documents and Settings\Utente\Desktop\ET.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\162L61sa.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\DAP\DAP.EXE
C:\Documents and Settings\Utente\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: A2NPopUpKiller Class - {8A321C7D-9CED-45A8-870D-DAE843A45FD0} - C:\Programmi\Armor2net\Armor2net Personal Firewall\PopUpKiller.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Armor2net] C:\Programmi\Armor2net\Armor2net Personal Firewall\Armor2net.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [XboxStat] "c:\Programmi\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [uwjzua.exe] C:\DOCUME~1\Utente\IMPOST~1\Temp\uwjzua.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\programmi\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\programmi\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\programmi\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\programmi\armor2net\armor2net personal firewall\netdog.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://miticokarl.spaces.live.com//P...d/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2C1655-E0D3-4A1B-B8FA-47D2ADE72BEF}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E23FF618-1F71-4781-A001-8246CDF27520}: NameServer = 193.70.152.15 193.70.152.25
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9215 bytes

Skusate ke non ho letto il regolamento...skusate regà!!!

[OYS]

Premi fix checked dopo aver selezionato questi:

C:\DOCUME~1\Utente\IMPOST~1\Temp\uwjzua.exe

C:\DOCUME~1\Utente\IMPOST~1\Temp\162Cfjva.exe

C:\DOCUME~1\Utente\IMPOST~1\Temp\162L61sa.exe

O4 - HKLM\..\Run: [uwjzua.exe] C:\DOCUME~1\Utente\IMPOST~1\Temp\uwjzua.exe



Questo è tuo vero? se non è tuo, fixa pure questo:


C:\Documents and Settings\Utente\Desktop\ET.exe


Forse questi non si lascieranno eliminare (oppure si ricreeranno al prossimo riavvio):162Cfjva.exe 162L61sa.exe uwjzua.exe. Aspetto il responso di systemscan per darti nuove istruzioni

[djkarl9]

Warning! You should have already downloaded the last Systemscan version (sys45307.exe).
If you can't download it probably your browser is blocking popups.
Please enable popup on your PC and try again.

Systemscan will be available within 27 seconds. Please reload this page after that time.

ecco cosa mi dice quando vado a scaricare systemscan...e i popup sono abilitati...e cmq esatto hai ragione si ricreeranno..

[djkarl9]

ei ragazzi ho trovato una cosa interessante qui C:\DOCUME~1\Utente\IMPOST~1\Temp posso postare uno screenshot???

eccolo: Screenshot

[OYS]

Si posta uno screenshot. Siccome non riesci a scaricare systemscan, scarica questo:
www.runscanner.net

[OYS]

Originariamente inviato da djkarl9 eccolo: Screenshot

Non riesco a vederlo

[djkarl9]

si ora si vede...cmq con run scanner...cosa devo fare dopo aver fatto la scansione???