Condividi:        

connessione indesiderata

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

connessione indesiderata

Postdi alekie » 09/05/06 19:20

Ciao a tutti,sono ale e sono nuovo di questo forum.Ho un problema e spero che qualcuno mi dia una mano.
Io ho alice adsl,ma ogni tanto la connessione si stacca e si attiva una connessione FastTrack e non sapendo cosa fosse ho fatto una ricerca e ho trovato un topic su questo forum che ne parla.
Purtroppo non ne capisco niente e vorrei sapere come devo fare per eliminarla dato che nn compare nelle connessioni e siccome senza accorgermene sono stato45min se si paga e quanto.Vi dico ke io nn ho dato nessun cenno di assenso per questa connessione,si installa e basta.
Grazie e scusate per le tante domande.
alekie
Newbie
 
Post: 4
Iscritto il: 09/05/06 19:10

Sponsor
 

Postdi markmoon » 10/05/06 19:40

scaricati Hjiackthis http://download.hijackthis.eu/hijackthis_199.zip
una volta avviato clicchi su 'Do a system scan only'
finito lo scan in basso a sin clicchi su 'Save log' ti salva un documento di testo,copialo qui nel forum
Avatar utente
markmoon
Utente Senior
 
Post: 437
Iscritto il: 28/04/06 19:03

Postdi alekie » 11/05/06 12:50

Logfile of HijackThis v1.99.1
Scan saved at 13.51.27, on 11/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX00.784\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06IXLRD_5213506] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Eurobarre.lnk = C:\Programmi\eurobarre\eb.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{086A1C4D-A84A-4762-9AA6-9189B3386856}: NameServer = 85.37.17.9 85.38.28.75
O17 - HKLM\System\CS2\Services\Tcpip\..\{086A1C4D-A84A-4762-9AA6-9189B3386856}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
alekie
Newbie
 
Post: 4
Iscritto il: 09/05/06 19:10

Postdi Luke57 » 11/05/06 14:30

Ciao, ne log non sembra siano presenti minacce. Comunque con la linea adsl non puoi avere brutte sorprese o dirottamenti su linee telefoniche ad alta tariffa.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi alekie » 11/05/06 14:33

Grazie ,alla prossima.
alekie
Newbie
 
Post: 4
Iscritto il: 09/05/06 19:10

Postdi Ottavia » 11/05/06 18:22

a me si era creata questa connnessione fast track dopo aver scaricato per errore un file chiamato NETVISION:EXE però la connessione apparriva nella cartella delle connessioni
Ottavia
Utente Senior
 
Post: 126
Iscritto il: 26/09/05 17:13

di nuovo

Postdi alekie » 22/05/06 14:38

Ciao a tutti,mi ricapitato di visualizzare dei siti attendibili e si èreinstallato il file NETVISION.exe che all'apertura di alcune pagine mi fa collegare con fasttracks.
Ho Alice adsl.Leggendo alcuni post ho installato STOP dialers...Ho fatto la cosa giusta?
per favore aiutatemi nn so su quali pagine posso navigare e nn vorrei far lievitare il costo della bolletta.
Grazie e scusatemi
alekie
Newbie
 
Post: 4
Iscritto il: 09/05/06 19:10

Postdi Luke57 » 22/05/06 15:02

Ciao, qui alcune indicazioni per il dialer netvision:
http://libererisonanze.blogspot.com/200 ... track.html
Con la linea ADSL il pericolo della bolletta lievitata non esiste in quanto la linea internet funziona solo con il numero telefonico indicato e, quindi, il dirottamento verso altri numeri non può avvenire. Altri fastidi vari dovuti ai dialer, quelli rimangono.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Controllo

Postdi syrincassidy » 07/07/07 16:07

Qualcuno può cortesemente controllarmi questo log?
Grazie sin d'ora

Logfile of HijackThis v1.99.1
Scan saved at 16.59.24, on 07/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Premium\sched.exe
C:\Programmi\AntiVir PersonalEdition Premium\avguard.exe
C:\Programmi\AntiVir PersonalEdition Premium\avesvc.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Programmi\TOSHIBA\TOSHIBA Applet\tme3srv.exe
C:\Programmi\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Programmi\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\Toshiba\Toshiba Applet\TMEPROP.exe
C:\Programmi\Toshiba\Toshiba Applet\DockMsgFrom.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\AntiVir PersonalEdition Premium\avgnt.exe
C:\Programmi\K-Meleon\K-Meleon.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\HybridTM_IR(A)\RC620_A.exe
C:\Programmi\Nortek Office Multimedia Keyboard & Mouse Driver\MouseDrv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\Nortek Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\ArcSoft\TotalMedia\TMMonitor.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
c:\programmi\a-squared free\a2free.exe
C:\Programmi\a-squared Free\a2service.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\K-Meleon\k-meleon.exe
C:\Documents and Settings\bruno.bianco\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.it/redirect/startpage/adsl/ita
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - c:\program files\LAB\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TMEPROP] C:\Programmi\Toshiba\Toshiba Applet\TMEPROP.exe -S
O4 - HKLM\..\Run: [DockMsgFrom] C:\Programmi\Toshiba\Toshiba Applet\DockMsgFrom.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [win32] C:\WINDOWS\system32\winpack32.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HybridTM_A] C:\Programmi\HybridTM_IR(A)\RC620_A.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Programmi\Nortek Office Multimedia Keyboard & Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Programmi\Nortek Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [win32] C:\WINDOWS\system32\winpack32.exe
O4 - HKCU\..\Run: [yamp] C:\\Documents and Settings\\bruno.bianco\\Desktop\\YAmp_M6.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TMMonitor.lnk = C:\Programmi\ArcSoft\TotalMedia\TMMonitor.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8118827460
O17 - HKLM\System\CCS\Services\Tcpip\..\{46BB0367-AABD-4F2B-8B80-575AF7873781}: NameServer = 193.12.150.2 212.247.152.2
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Mail Security Service (AntiVirMailService) - H+BEDV Datentechnik GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programmi\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Engine Service (AVEService) - H+BEDV Datentechnik GmbH - C:\Programmi\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TME3SRV - IEC - C:\Programmi\TOSHIBA\TOSHIBA Applet\tme3srv.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Programmi\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
syrincassidy
Newbie
 
Post: 3
Iscritto il: 07/07/07 16:02

Postdi Luke57 » 07/07/07 17:51

Scarica The Avenger
http://swandog46.geekstogo.com/avenger.zip
Avvia il programma,con le applicazioni chiuse e antivirus disattivato, clicca su Input Script Manually
clicca sulla icona con la lente di ingrandimento
si aprirà una nuova finestra con scritto View/edit script

In quella finestra bianca copia e incolla (ctrl+v) le scritte in neretto:


Files to delete:
C:\WINDOWS\system32\winpack32.exe

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | win32


Clicca sul pulsante Done
Adesso clicca sul semaforo con la luce verde
Rispondi Yes 2 volte
Il pc si dovrebbe riavviare,se non si riavvia,riavvialo manualmente

Al riavvio collegati e posta il contenuto del file C:\Avenger.txt

Apri inoltre hijackthis, premi "do a system scan only", cerca e spunta questa voce se presente:
O4 - HKCU\..\Run: [win32] C:\WINDOWS\system32\winpack32.exe

premi fix checked.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi syrincassidy » 07/07/07 20:26

Salve
Non ho capito se l'ultimo post era per me, cque....

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ykqdvstt

*******************

Script file located at: \??\C:\eivqimcp.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\winpack32.exe not found!
Deletion of file C:\WINDOWS\system32\winpack32.exe failed!

Could not process line:
C:\WINDOWS\system32\winpack32.exe
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|win32
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|win32 failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

P.S. la connessione falsa si chiama "Connection"
syrincassidy
Newbie
 
Post: 3
Iscritto il: 07/07/07 16:02

Postdi syrincassidy » 09/07/07 10:13

still waiting .... 8)
syrincassidy
Newbie
 
Post: 3
Iscritto il: 07/07/07 16:02

Postdi Luke57 » 09/07/07 10:31

Ciao, la procedura con avenger ha dato nulla di fatto, apri hijackthis, premi " do a system scan only", cerca e spunta le voci seguenti, se ci sono tutte:
O4 - HKLM\..\Run: [win32] C:\WINDOWS\system32\winpack32.exe
O4 - HKCU\..\Run: [win32] C:\WINDOWS\system32\winpack32.exe

premi fix checked.

Cerca ed elimina, se presente, il file:
C:\WINDOWS\system32\winpack32.exe
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "connessione indesiderata":


Chi c’è in linea

Visitano il forum: Nessuno e 31 ospiti

cron