Salve a tutti
Nel mio PC un dialer stacca la connessione. Credo si tratti di SOFTPOIKL.EXE.
Analizzando il PC con HiJackThis, osservo la strana presenza di explorer.exe in C:\Documents and Settings\Admin\explorer.exe e in C:\windows\explorer.exe osservo anche la strana presenza di C:\WINDOWS\svchost.exe. Programmi collocati in posti errati.
a-squared Anti-Dialer, dice che questo explorer.exe è un Heuristic.Dialer.RAS.
Riesco a navigare quando, in task manager, chiudo explorer.exe la cosa non riesce sempre perché a volte il PC va in tilt, perché si chiude quello corretto.
Da ciò deduco che questo explorer.exe stacca la connessione. Ho cercato di pulire il PC con i programmi consigliati sul forum, ma questo explorer.exe si ripresenta.
Come posso pulire del tutto il PC da questo dialer ?
Posto un report di HiJackThis fatto dopo la scansione con a-squared Anti-Dialer. E il report di a-squared Anti-Dialer.
Grazie dell’attenzione.
----------------------------------------------------------
Report di a-squared Anti-Dialer
a-squared Anti-Dialer - Version 3.0
Last update: 28/10/2007 11.09.27
Scan settings:
Objects: Memory, C:\, E:\, F:\, G:\
Scan archives: On
ADS Scan: On
Scan start: 28/10/2007 12.43.33
[336] C:\Documents and Settings\Admin\explorer.exe detected: Heuristic.Dialer.RAS
C:\Documents and Settings\Admin\explorer.exe detected: Heuristic.Dialer.RAS
C:\Programmi\explorer.exe detected: Heuristic.Dialer.RAS
C:\WINDOWS\system32\iexplorer.exe detected: Heuristic.Dialer.RAS
Scanned
Files: 9413
Processes: 36
Found
Files: 3
Processes: 1
------------------------------------------------------------------
report di HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.26.32, on 28/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\a-squared Free\a2service.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Documents and Settings\Admin\explorer.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Corel\programs\MFIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\Admin\Documenti\antivirus\HiJackThis01\Hi JackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WIND OWS\SERVICES.EXE,C:\DOCUME~1\ADMIN\IMPOST~1\TEMP\S O
FTPOIKL.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: &Google - {AA58ED58-01DD-4D91-8333-CF10577473F7} - C:\Documents and
Settings\Admin\Google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Programmi\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ScreenPrint32] C:\Programmi\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [crtfmon] C:\Documents and Settings\Admin\explorer.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programmi\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [POPUPWATCH] C:\Programmi\BulletProofSoft.com\SpywareRemover\po pup-watch\PopUpWatch.exe
/STARTUP
O4 - HKCU\..\Run: [SpyEmergency] "C:\Programmi\Netgate\Spy Emergency 2006\SpyEmergency.exe"
O4 - HKCU\..\Policies\Explorer\Run: [SYSTEM] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Programmi\Corel\programs\MFIndexer.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programmi\ATI Multimedia\tv\EXPLBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BD0D1F18-5561-11DC-A0D9-692F56D89593} - http://0n2.m1wgy8.my-prog-best.com/code/2022.exe
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.instantdoor.com/11201-23.exe
O20 - Winlogon Notify: reset5 - reset5.dll (file missing)
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared
Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6827 bytes
Rispondi quotando