Condividi:        

Aiutooooo:problema con internet explorer e google!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Aiutooooo:problema con internet explorer e google!

Postdi atikia » 28/08/06 18:29

Ho un problema: Internet explorer mi apre siti non richiesti, si blocca mentre se lancio una ricerca con google mi si apre una finestra di questo tipo:
Looking for .... ?
Encyclopedia Article About ......

Read about any subject in the free online encyclopedia and dictionary.
Over 600,000 articles on any topic and completely free access to the entire
content.

thefreedictionary.com is the place that has what you want.

CLICK HERE TO ENTER

C'è qualcuno che ouò aiutarmi?
Ho fatto una scansione con l'antivirus Bitdefender ed è tutto a posto. Con Ad-aware anche. Con CWShreder pure. Aggiungo il logfile di Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 19.26.39, on 28/08/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAMMI\FILE COMUNI\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAMMI\FILE COMUNI\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\SOFTWIN\BITDEFENDER9\BDMCON.EXE
C:\PROGRAMMI\SOFTWIN\BITDEFENDER9\VSSERV.EXE
C:\PROGRAMMI\SOFTWIN\BITDEFENDER9\BDOESRV.EXE
C:\PROGRAMMI\FILE COMUNI\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
C:\PROGRAMMI\SOFTWIN\BITDEFENDER9\BDNAGENT.EXE
C:\WINDOWS\SYSTEM\E_S6I0E1.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BitDefender Virus Shield] "C:\Programmi\Softwin\BitDefender9\vsserv.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Programmi\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BitDefender Live Service] "C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRAMMI\SOFTWIN\BITDEFENDER9\bdnagent.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\SYSTEM\E_S6I0E1.EXE /P26 "EPSON Stylus DX4200 Series" /O5 "LPT1:" /M "Stylus DX4200"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Programmi\File comuni\Softwin\BitDefender Communicator\\xcommsvr.exe"
O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Programmi\File comuni\Softwin\BitDefender Scan Server\\bdss.exe"
O4 - HKLM\..\RunServices: [BitDefender Live! Init] "C:\Programmi\Softwin\BitDefender9\bdinit.exe"
O4 - HKCU\..\Run: [MsnMsgr] "c:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Startup: Barra degli strumenti Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra button: Alice - {0A7419E0-32D7-11DB-89AF-89F83699FF37} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O12 - Plugin for .do;jsessionid=0A5209D8B3C56C005E9EDE42A7B351D3: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

Mi arrangio con il PC ma non sono una grossa esperta, c'è qualcuno così gentile da darmi indicazioni su cosa fare? Grazieeee di cuore.
atikia
Newbie
 
Post: 2
Iscritto il: 28/08/06 17:48

Sponsor
 

Postdi andorra24 » 28/08/06 18:41

Ciao, il log e' pulito e non emerge nulla di strano. Fai un paio di scansioni di controllo:

http://www.superantispyware.com/downloa ... PYWAREFREE
http://www.ewido.net/en/onlinescan/
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi BilloKenobi » 28/08/06 20:12

non è un pò corto come log?.... mancano tutte le voci dalla O12 in giù... possibile che non abbia un plugin, un servizio attivo?...
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi Alexsandra » 28/08/06 20:23

E' Win 98 :D
Avatar utente
Alexsandra
Utente Senior
 
Post: 2358
Iscritto il: 09/01/06 20:31

Postdi BilloKenobi » 28/08/06 21:12

avà!!!!! vero.... non sono abituato a leggere il SO. dovrei imparare
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

i problemi continuano

Postdi atikia » 29/08/06 13:37

Per prima cosa grazie per le risposte...
Oggi all'avvio ho notato un aggiornamento configurazione ed in seguito il Firewall mi avvertiva di programmi che chiedevano di essere eseguiti: rrpb1.exe
bikini.exe
loadqm.exe
Il primo non sono riuscita a capire cosa sia e ho bloccato l'esecuzione con il firewall
Gli altri due gli ho rimossi dalla cartella di window.
Ho fatto una scansione con Superantispyware come consigliato ha rilevato:
Adware.Tracking Cookie
Trojan.Downloader-NetMon
In seguito ho rifatto un log con Hijackthis ed è diverso dal precedente:

Logfile of HijackThis v1.99.1
Scan saved at 14.32.34, on 29/08/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAMMI\FILE COMUNI\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAMMI\FILE COMUNI\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\SOFTWIN\BITDEFENDER9\BDMCON.EXE
C:\PROGRAMMI\SOFTWIN\BITDEFENDER9\VSSERV.EXE
C:\PROGRAMMI\SOFTWIN\BITDEFENDER9\BDOESRV.EXE
C:\PROGRAMMI\FILE COMUNI\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
C:\PROGRAMMI\SOFTWIN\BITDEFENDER9\BDNAGENT.EXE
C:\WINDOWS\SYSTEM\E_S6I0E1.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TEMP\RRPB1.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SMTRAY.EXE
C:\PROGRAMMI\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {5AD08C81-F7AA-57FD-87B7-7305359AFBBE} - C:\WINDOWS\AHIWB1.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BitDefender Virus Shield] "C:\Programmi\Softwin\BitDefender9\vsserv.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Programmi\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BitDefender Live Service] "C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRAMMI\SOFTWIN\BITDEFENDER9\bdnagent.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\SYSTEM\E_S6I0E1.EXE /P26 "EPSON Stylus DX4200 Series" /O5 "LPT1:" /M "Stylus DX4200"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [RRPB1.EXE] C:\WINDOWS\TEMP\RRPB1.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Programmi\File comuni\Softwin\BitDefender Communicator\\xcommsvr.exe"
O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Programmi\File comuni\Softwin\BitDefender Scan Server\\bdss.exe"
O4 - HKLM\..\RunServices: [BitDefender Live! Init] "C:\Programmi\Softwin\BitDefender9\bdinit.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServicesOnce: [*lO] "C:\PROGRAMMI\FILE COMUNI\SYSTEM\JTEGPZL.EXE" a
O4 - HKCU\..\Run: [MsnMsgr] "c:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAMMI\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
O4 - Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Startup: Barra degli strumenti Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra button: Alice - {0A7419E0-32D7-11DB-89AF-89F83699FF37} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O12 - Plugin for .do;jsessionid=0A5209D8B3C56C005E9EDE42A7B351D3: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O20 - Winlogon Notify: SASWinLogon - C:\PROGRAMMI\SUPERANTISPYWARE\SASWINLO.DLL

I problemi con explorer rimangono: cosa posso fare ora?
Grazie per chi vorrà rispondermi
atikia
Newbie
 
Post: 2
Iscritto il: 28/08/06 17:48

Postdi Luke57 » 29/08/06 16:05

Ciao, sospetto un'infezione da linkoptimizer; allora
scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla

Poi fai una scansione con GMer dalla posizione Autostart, con le stesse procedure del precedente. Incolli il log generato nel suddetto block notes e poi incolli i due log in un post nel forum.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi dabor73 » 09/09/06 15:57

Come da te richiesto eccoti ti log:

rootkit.txt

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-09 16:22:34
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT sptd.sys ZwCreateKey
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateProcess
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateProcessEx
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateSection
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwWriteVirtualMemory


autostart

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-09-09 16:23:07
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
BackWeb Plug-in - 7681197 /*F-Secure Automatic Update*/@ = C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
btwdins /*Bluetooth Service*/@ = C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
EpsonBidirectionalService /*EpsonBidirectionalService*/@ = C:\Programmi\File comuni\EPSON\eEBAPI\eEBSVC.exe
EPSONStatusAgent2 /*EPSON Printer Status Agent2*/@ = C:\Programmi\File comuni\EPSON\eEBAPI\SAgent2.exe
F-Secure Gatekeeper Handler Starter /*FSGKHS*/@ = "C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe"
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
fsbwsys /*fsbwsys*/@ = "C:\Programmi\F-Secure\BackWeb\7681197\program\fsbwsys.exe"
FSMA /*F-Secure Management Agent*/@ = "C:\Programmi\F-Secure\Common\FSMA32.EXE"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\System32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
StarWindService /*StarWind iSCSI Service*/@ = C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
WinVNC4 /*VNC Server Version 4*/@ = "C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@WINDVDPatchCTHELPER.EXE = CTHELPER.EXE
@Jet DetectionC:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe = C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
@EPSON Stylus CX3200C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
@CloneCDElbyCDFL"C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL = "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
@F-Secure Manager"C:\Programmi\F-Secure\Common\FSM32.EXE" /splash = "C:\Programmi\F-Secure\Common\FSM32.EXE" /splash
@F-Secure TNB"C:\Programmi\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW = "C:\Programmi\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
@Acrobat Assistant 7.0"C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" = "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WINDOWS\service32.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{E37CB5F0-51F5-4395-A808-5FA49E399F83} = C:\WINDOWS\Downloaded Program Files\gbieh.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/(null) =
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{F5D92341-0A64-11D0-9956-0000E8096023} /*CD Copy Shell Extension*/(null) =
@{F5D92342-0A64-11D0-9956-0000E8096023} /*CD Wizard Shell Extension*/(null) =
@{32A9D769-5B55-4a25-9A62-86B5683FE50A} /*NikonView Drop Extension*/C:\Programmi\Nikon\NkView6\NkvDropExt.dll = C:\Programmi\Nikon\NkView6\NkvDropExt.dll
@{E37CB5F0-51F5-4395-A808-5FA49E399F83} /*GbPlugin ShlObj*/C:\WINDOWS\Downloaded Program Files\gbieh.dll = C:\WINDOWS\Downloaded Program Files\gbieh.dll
@{0E6C58A9-F592-4862-B35F-CA45E24003B3} /*CloneCD*/C:\Programmi\Elaborate Bytes\CloneCD\ElbyVCDShell.dll = C:\Programmi\Elaborate Bytes\CloneCD\ElbyVCDShell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\System32\BTNEIG~1.DLL = C:\WINDOWS\System32\BTNEIG~1.DLL
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Programmi\Unlocker\UnlockerCOM.dll = C:\Programmi\Unlocker\UnlockerCOM.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{23814B80-52A2-11d0-BC1A-004095606CB9} = C:\Programmi\F-Secure\Common\fpshx.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programmi\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{23814B80-52A2-11d0-BC1A-004095606CB9} = C:\Programmi\F-Secure\Common\fpshx.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{0000CC75-ACF3-4cac-A0A9-DD3868E06852}C:\Programmi\DAP\DAPBHO.dll = C:\Programmi\DAP\DAPBHO.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{14D1A72D-8705-11D8-B120-0040F46CB696}C:\Documents and Settings\Mario\83064123.dll = C:\Documents and Settings\Mario\83064123.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll
@{AE7CD045-E861-484f-8273-0445EE161910}C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll = C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
@{C41A1C0E-EA6C-11D4-B1B8-444553540000}C:\WINDOWS\Downloaded Program Files\gbieh.dll = C:\WINDOWS\Downloaded Program Files\gbieh.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.drunkendonkey.net/ita/ = http://www.drunkendonkey.net/ita/
@Local Page\blank.htm = \blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE30C0C3-D1C5-4105-AE05-B2086DFD2921} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.1.3 = 192.168.1.3
@NameServer192.168.1.1 = 192.168.1.1
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Avvio veloce di Adobe Acrobat.lnk = Avvio veloce di Adobe Acrobat.lnk
BTTray.lnk = BTTray.lnk
F-Secure Automatic Update.lnk = F-Secure Automatic Update.lnk
NkvMon.exe.lnk = NkvMon.exe.lnk
PCSuiteperNokia6600 Detect.lnk = PCSuiteperNokia6600 Detect.lnk
PCSuiteperNokia6600 TS.lnk = PCSuiteperNokia6600 TS.lnk

---- EOF - GMER 1.0.10 ----


Attendo notizie

Ciao ragazzi
dabor73
Newbie
 
Post: 4
Iscritto il: 09/09/06 15:49

Postdi Luke57 » 09/09/06 17:13

Ciao, anche un log di hijackthis recente , grazie. Il log di Gmer non corrisponde con quello di hijackthis del 29 agosto.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi andorra24 » 09/09/06 17:17

Luke57 ha scritto: Il log di Gmer non corrisponde con quello di hijackthis del 29 agosto.

Anche gli utenti non corrispondono :D :lol:
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi dabor73 » 09/09/06 17:33

Infatti sono un altro

ora ti mando anche hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 18.32.32, on 09/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\F-Secure\Common\FSM32.EXE
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Nikon\NkView6\NkvMon.exe
C:\Programmi\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Programmi\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\EPSON\eEBAPI\eEBSVC.exe
C:\Programmi\File comuni\EPSON\eEBAPI\SAgent2.exe
C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmi\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Programmi\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programmi\F-Secure\Common\FSMA32.EXE
C:\Programmi\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\F-Secure\Common\FSMB32.EXE
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\F-Secure\Common\FCH32.EXE
C:\Programmi\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Programmi\F-Secure\Common\FAMEH32.EXE
C:\Programmi\F-Secure\Anti-Virus\fsqh.exe
C:\Programmi\F-Secure\Anti-Virus\fsrw.exe
C:\Programmi\F-Secure\Common\FNRB32.EXE
C:\Programmi\F-Secure\Anti-Virus\fsav32.exe
C:\Programmi\F-Secure\Common\FIH32.EXE
C:\Programmi\F-Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Programmi\F-Secure\FSGUI\fsguidll.exe
C:\Programmi\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\Mario\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Mario\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\EasyPHP1-8\EasyPHP.exe
C:\PROGRA~1\EASYPH~1\Apache\apache.exe
C:\PROGRA~1\EASYPH~1\Apache\apache.exe
C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Macromedia\Dreamweaver 8\Dreamweaver.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Documents and Settings\Mario\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drunkendonkey.net/ita/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmi\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\Mario\83064123.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Barradell'Accessibilità - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\Programmi\WAT_IT\Accessibility_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Programmi\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: PCSuiteperNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteperNokia6600 TS.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Programmi\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE30C0C3-D1C5-4105-AE05-B2086DFD2921}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\eEBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\eEBAPI\SAgent2.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Programmi\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programmi\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmi\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmi\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmi\F-Secure\Common\FSMA32.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing)



Grazie lo stesso!!!! :D :lol:
dabor73
Newbie
 
Post: 4
Iscritto il: 09/09/06 15:49

Postdi Luke57 » 09/09/06 17:34

Ciao, è vero, ma ha esordito con un " come da te richiesto", avrà cambiato nick ;)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi dabor73 » 09/09/06 17:58

No scusate...sono un altro..... :roll: :roll:

Solo che ho notato il post e visto che ho lo stesso problema...

ho postato i 2 log....

Aspetto notizie per la rimozione del problema...sigh sigh :aaah :aaah
dabor73
Newbie
 
Post: 4
Iscritto il: 09/09/06 15:49

Postdi a.medos » 09/09/06 18:19

Ciao,
Ho provato a dare una occhiata ai tuoi log, dabor73
Per me il problema è la voce

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WINDOWS\service32.exe /*file not found*/

Dovrebbe bastare la rimozione del file c:\windows\service32.exe usando il killbox, impostandola al riavvio del pc.
Ho visto un' altra voce strana, ma non so interpretarla.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{E37CB5F0-51F5-4395-A808-5FA49E399F83} = C:\WINDOWS\Downloaded Program Files\gbieh.dll

Per me anche quella è da eliminare, ma non sono certo.
Chiedo conferma...
Ciao!
a.medos
Utente Junior
 
Post: 10
Iscritto il: 06/09/06 15:26

Postdi Luke57 » 09/09/06 18:37

Ciao, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14D1A72D-8705-11D8-B120-0040F46CB696}

Files to delete:
C:\Documents and Settings\Mario\83064123.dll


Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Posta il log di Avenger (C:/avenger.txt) con l´esito dello script

Inoltre disistalla DAP , pare sia un apportatore di schifezze.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi dabor73 » 09/09/06 18:55

Innanzitutto un grazie grande come una casa.......


il tutto ora funziona!!!!! ;)

Potresti dirmi quale era il problema in modo che non si ripeta piu???


GRAZIEEEEEEEEEEEEEEEE

Eccoti il log

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lknttobj

*******************

Script file located at: \??\C:\tcfhomrh.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\Mario\83064123.dll deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.


Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1 not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1 failed!
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14D1A72D-8705-11D8-B120-0040F46CB696} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
dabor73
Newbie
 
Post: 4
Iscritto il: 09/09/06 15:49

Postdi a.medos » 09/09/06 20:44

Anche Banco do Brasil è riportato come un Trojan.
quindi anche la gbieh.dll è da eliminare.
Perlomeno cercando con google gbieh.dll ottengo questi risultati....
a.medos
Utente Junior
 
Post: 10
Iscritto il: 06/09/06 15:26

Postdi Luke57 » 09/09/06 21:41

a.medos ha scritto:Anche Banco do Brasil è riportato come un Trojan.
quindi anche la gbieh.dll è da eliminare.
Perlomeno cercando con google gbieh.dll ottengo questi risultati....

Ciao, da qui sembrerebbe di no:
http://www.castlecops.com/tk1227-gbieh_dll.html
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "Aiutooooo:problema con internet explorer e google!":

Google vocale
Autore: crisge73
Forum: Discussioni
Risposte: 19

Chi c’è in linea

Visitano il forum: Nessuno e 47 ospiti