www.MegaLab.it

[cangian]

Ciao a tutti
il mio problema è che non riesco a rimuovere la pagina about blank da ie
ho letto i vostri post e ho fatto lo scanner con hijakthis questo è il risultato:

Logfile of HijackThis v1.99.0
Scan saved at 16.12.40, on 24/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\javave.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZipToA.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\Real Alternative\Update_OB\realsched.exe
D:\Programmi\ZoneAlarm\zlclient.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\sysnz32.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\89.tmp.exe
C:\Documents and Settings\Administrator\Desktop\Nuova cartella (5)\hijackthis\HijackThis.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\hkopd.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\hkopd.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\hkopd.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\hkopd.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\hkopd.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\hkopd.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\hkopd.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {655D0127-F3EA-9D3F-A9C1-EB30C4513FF5} - C:\WINNT\system32\appds32.dll
O2 - BHO: Class - {88236E47-541E-4C7C-499B-3A3A14538FA4} - C:\WINNT\system32\ipqq.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programmi\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [System Failure Statistic] cnstat.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\Real Alternative\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programmi\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Winlogun] C:\WINNT\system32\winlogin.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sysnz32.exe] C:\WINNT\sysnz32.exe
O4 - HKLM\..\Run: [89.tmp] C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\89.tmp.exe
O4 - HKLM\..\Run: [89.tmp.exe] C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\89.tmp.exe
O4 - HKLM\..\RunServices: [System Failure Statistic] cnstat.exe
O4 - HKCU\..\Run: [System Failure Statistic] cnstat.exe
O4 - Startup: StickIt Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Salva oggetto con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {E0B9CDC5-D326-4B80-9BEF-599E37F34240} - (no file) (HKCU)
O9 - Extra button: Corel Network monitor worker - {FD5DCA67-3391-44F1-980C-D1D5B55166AE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {FD5DCA67-3391-44F1-980C-D1D5B55166AE} - (no file) (HKCU)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} - http://69.31.84.84/123/enter.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Damage Cleanup Server Control) - http://213.158.72.33/housecall/xscan53.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.atlanteitaliano.it/ecwplugins/ncs.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://ssl.tele2.com/inc/accounthelper.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/se ... loader.cab
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - (no file)
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINNT\javave.exe
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - E:\anti\PcCtlCom.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - E:\anti\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - E:\anti\TmPfw.exe
O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - E:\anti\tmproxy.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\system32\ZipToA.exe

come avrete capito non sono esperto nell'uso del pc e vi chiedo
un aiuto per capire cosa devo fare.
Grazie a tutti

[Michael]

Il tuo Log non è pulito ecco il risultato del tuo log:
http://www.hijackthis.de/logfiles/f5389 ... 12678.html
L'analisi sarà conservata solamente per 3 giorni
perché non provi ad utilizzare Avast e disinstallare Norton?

[crazy.cat]

perché non provi ad utilizzare Avast e disinstallare Norton?

non usa Norton, ma dovrebbe avere Trend Micro antivirus.
Però mi sembra ci siano due firewall che sono abbastanza inutili
O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - E:\anti\TmPfw.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe


Hai molti problemi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\hkopd.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\hkopd.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\hkopd.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\hkopd.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\hkopd.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\hkopd.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\hkopd.dll/sp.html#44768
O2 - BHO: Class - {655D0127-F3EA-9D3F-A9C1-EB30C4513FF5} - C:\WINNT\system32\appds32.dll
O2 - BHO: Class - {88236E47-541E-4C7C-499B-3A3A14538FA4} - C:\WINNT\system32\ipqq.dll
O4 - HKLM\..\Run: [System Failure Statistic] cnstat.exe
O4 - HKLM\..\Run: [Winlogun] C:\WINNT\system32\winlogin.exe
O4 - HKLM\..\Run: [sysnz32.exe] C:\WINNT\sysnz32.exe
O4 - HKLM\..\Run: [89.tmp] C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\89.tmp.exe
O4 - HKLM\..\Run: [89.tmp.exe] C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\89.tmp.exe
O4 - HKLM\..\RunServices: [System Failure Statistic] cnstat.exe
O4 - HKCU\..\Run: [System Failure Statistic] cnstat.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {E0B9CDC5-D326-4B80-9BEF-599E37F34240} - (no file) (HKCU)
O9 - Extra button: Corel Network monitor worker - {FD5DCA67-3391-44F1-980C-D1D5B55166AE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {FD5DCA67-3391-44F1-980C-D1D5B55166AE} - (no file) (HKCU)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} - http://69.31.84.84/123/enter.cab
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - (no file)
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINNT\javave.exe

Utilizza questo programma
http://www.MegaLab.it/2427
e vai a selezionare questi file hkopd.dll,appds32.dll,ipqq.dll per farglieli cancellare riavviando subito il pc.
Parti in modalità provvisoria e cancelli le righe che ti ho indicato più sopra, rifai la scansione con hijackthis e metti il flag su tutte le righe, poi premi Fix.
Ti conviene poi fare una scansione sempre dalla modalità provvisoria con questo sistema
http://www.MegaLab.it/2333
Alla fine delle pulizie rifai la scansione con hijackthis e riposti il log che vediamo cosa è rimasto.

Il consiglio di abbandonare Trend micro antivirus per Avast rimane valido, perché Trend micro è molto debole verso i virus Trojan e mi sembra tu ne abbia presi parecchi.
(A meno che tu non sia in una rete aziendale e obbligato ad usare quell'antivirus.

Benvenuto e facci sapere.

[cangian]

ho risolto; poi ho messo Avast come mi avete consigliato.
grazie