Pagina 1 di 1

about blank

MessaggioInviato: sab gen 15, 2005 1:25 pm
da trigly
Avevo anche io il problema "about blank" nella pagina iniziale; seguendo le vostre istruzioni sono riuscito ad eliminarlo (almeno spero) e vi ringrazio.
Ho fatto una scansione con hijackthis e questo è il log. Crdo che i problemi non siano pochi. Mi date una mano?

Logfile of HijackThis v1.98.2
Scan saved at 13:23:38, on 15/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\FILE COMUNI\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\IENN32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\PROGRAMMI\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAMMI\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAMMI\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAMMI\PANDA SOFTWARE\PANDA ANTIVIRUS TITANIUM\APVXDWIN.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAMMI\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\PROGRAMMI\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\PROGRAMMI\VERBATIM STORE N GO\VERBATIM STORE 'N' GO.EXE
C:\PROGRAMMI\ISTSVC\ISTSVC.EXE
C:\PROGRAMMI\INTEL\INTEL PSNCU\CPUNUMBER.EXE
C:\PROGRAMMI\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAMMI\CAERE\PAGEKEEPER30\SYSTEM\PKJOBS.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\MSOFFICE\OFFICE\MSOFFICE.EXE
C:\PROGRAMMI\NIKON\NKVIEW4\NKVWMON.EXE
C:\PROGRAMMI\FOTOSTATION EASY\FOTOSTATION EASY AUTOLAUNCH.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\1040\MSOFFICE.EXE
C:\PROGRAMMI\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAMMI\CAERE\PAGEKEEPER30\SYSTEM\PKSLAPI.EXE
C:\PROGRAMMI\CAERE\PAGEKEEPER30\SYSTEM\PKTOPASS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscalinet.it/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)
O2 - BHO: Class - {EE7D83AF-7B9D-6B09-3E59-713C735C30F9} - C:\WINDOWS\CRLE.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAMMI\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL
O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAMMI\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAMMI\MCAFEE\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAMMI\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [AVPCC] C:\Programmi\AntiViral Toolkit Pro\avpcc.exe
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HP CD-Writer] C:\Programmi\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [VERBATIM STORE 'N' G] c:\programmi\verbatim store n go\verbatim store 'n' go.exe sys_auto_run C:\PROGRAMMI\VERBATIM STORE N GO
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AVPCC Service] C:\Programmi\AntiViral Toolkit Pro\avpcc.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [RNBOStart] c:\WINDOWS\SYSTEM\sentstrt.exe
O4 - HKLM\..\RunServices: [IENN32.EXE] C:\WINDOWS\SYSTEM\IENN32.EXE
O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Programmi\Intel\Intel PSNCU\CPUNumber.exe" /nosplash
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAMMI\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "c:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpyBan] "C:\PROGRAM FILES\SPYBAN\SPYBAN.EXE" /s
O4 - Startup: Lavori di PageKeeper.lnk = C:\Programmi\Caere\PageKeeper30\system\PKJobs.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Startup: Barra degli strumenti Microsoft Office.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: NkVwMon.exe.lnk = C:\Programmi\Nikon\NkView4\NkVwMon.exe
O4 - Startup: FotoStation Easy AutoLaunch.lnk = C:\Programmi\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmi\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAMMI\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAMMI\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAMMI\SIDEFIND\SIDEFIND.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.yeak.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ ... 1/chat.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat1.kataweb.it:4080/chat/data/ ... sichat.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {C6BEBA53-1F7E-4A0A-B738-61FBB49E0B06} (VPDefaultX Control) - http://www.e-works.it/support/supereva/ ... efault.cab
O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} (McAfee.com Component Download Manager Class) - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16e3881a13806596e4 ... 601_it.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://antivirus.interfree.it/xscan52.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O21 - SSODL: YwGxnUJzDpI - {3F7A0F00-95D0-A5AA-D03E-4E0069530A52} - C:\WINDOWS\SYSTEM\FBERD.DLL

MessaggioInviato: sab gen 15, 2005 1:27 pm
da crazy.cat
Non hai tolto tutto. dammi qualche minuto e poi ti rispondo.
benvenuto nel forum

Hai 3 antivirus installati???

Cerca queste dll FBERD.DLL,CRLE.DLL,yauhe.dll se le trovi nel pc le sposti e le rinomini, riavii e cancelli i files rinominati.
Cancelli tutti i file temporanei di internet e tutte le righe qui sotto


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yauhe.dll/sp.html#28129
O2 - BHO: Class - {EE7D83AF-7B9D-6B09-3E59-713C735C30F9} - C:\WINDOWS\CRLE.DLL (file missing)
O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.yeak.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O21 - SSODL: YwGxnUJzDpI - {3F7A0F00-95D0-A5AA-D03E-4E0069530A52} - C:\WINDOWS\SYSTEM\FBERD.DLL

Questo è sconosciuto
O4 - HKLM\..\RunServices: [IENN32.EXE] C:\WINDOWS\SYSTEM\IENN32.EXE


Questo se non ho capito male è un programma antispyware che ti installa a sua volta uno spyware!!!!

O4 - HKCU\..\Run: [SpyBan] "C:\PROGRAM FILES\SPYBAN\SPYBAN.EXE" /s
SpyBan Description:
SpyBan claim to protect your privacy by removing spyware and adware. Unfortunately, when testing SpyBan 1.4, it installed the Look2Me Spyware which is not mentioned during the installation of SpyBan. SpyBan 1.4 does not show any EULA during the installation or on their web site.
At Download.com, it is noted that SpyBan bundles other products: 'SpyBan is a cutting edge software that is able to detect and remove all popular forms of spyware programs including Trojans, system monitors, keyloggers, and adware.


Per questo segui le struzioni
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAMMI\SIDEFIND\SIDEFIND.DLL
http://www.pestpatrol.com/pestinfo/s/sidefind.asp

fai una scansione anche con questo dalla modalità provvisoria
http://www.MegaLab.it/3002

Dopo riavii il pc riprovi a navigare e controlli che le voci qui sopra non ricompaiono più.
E facci sapere come và

MessaggioInviato: mer feb 09, 2005 5:29 pm
da trigly
Vi rispondo con u n po' di ritardo; sono stato via diversi giorni.
Credo però di avere risolto buona parte dei problemi grazie al vostro aiuto. Certamente ho eliminato la pagina iniziale about blank e qualche altro fastidio.
Grazie ancora