www.MegaLab.it

da **filippou2** » ven dic 17, 2004 10:02 am

Ciao a tutti,
ho un problema anch' io con queste cose,ho provato a leggere i tanti post che ci sono,però non capivo bene il da farsi [cry]

Il mio problema è che explorer come pagina iniziale ha about:blank fisso,e poi ha una barra che chiama freshbar,e i pulsanti di explorer sono diventati +piccoli..
ho utilizzato i seguenti programmi:
adaware
spybot
noadaware
CWshredder
Spykiller2005
ho cancellato tutto quello che veniva fuori ma tanto la barra rimaneva..
poi ho controllato qui:
http://www.microsoft.com/italy/technet/ ... yware.mspx
dove parlava di questi problemi,consiglia di utilizzare programmi come filemon,l'ho fatto ma non ho capito a cosa serve,forse monitora i programmi attivi..
come antivirus ho il panda,ho fatto la scansione totale e aveva trovato dei virus che però ha tolto,però il problema rimane..
quindi che faccio??
[cry+]

da **crazy.cat** » ven dic 17, 2004 12:40 pm

Scansione con Hijackthis e manda qui il log

da **filippou2** » ven dic 17, 2004 1:35 pm

Eccolo

Logfile of HijackThis v1.98.2
Scan saved at 13.33.31, on 17/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAMMI\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\EUSEXE.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAMMI\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\PROGRAMMI\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAMMI\NOKIA\PC SUITE FOR NOKIA 3650\CONNMNGMNTBOX.EXE
C:\PROGRAMMI\NOKIA\PC SUITE FOR NOKIA 3650\ECTASKSCHEDULER.EXE
C:\PROGRAMMI\INTUWAVE\SHARED\MROUTERRUNTIME\MROUTERRUNTIME.EXE
C:\PROGRAMMI\NOKIA\PC SUITE FOR NOKIA 3650\ELOGERR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE
C:\PROGRAMMI\NOKIA\PC SUITE FOR NOKIA 3650\BROADCASTPROXY.EXE
C:\PROGRAMMI\NOKIA\PC SUITE FOR NOKIA 3650\SCRFS.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - :C:\PROGRAMMI\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX (file missing)
O2 - BHO: (no name) - {F195A1A9-4033-4E5B-B85C-848C3E31A83A} - C:\syslibie.dll (file missing)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\PROGRAMMI\BLACKPEARL\MSDXM.OCX
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\SYSTEM\IECUST.DLL
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [ServiceLayer] C:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [ICH Synth] eusexe.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmi\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [ZIBMACC] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\ZIBMACC.INF
O4 - HKLM\..\Run: [Set Drive Letter to G:] C:\WINDOWS\GDRIVE.EXE -N
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [AAACLEAN] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\AAACLEAN.INF
O4 - HKLM\..\Run: [AAAKEYBOARD] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\KBDCLEAN.INF
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Antivirus Platinum\Apvxdwin.exe" /s
O4 - HKLM\..\Run: [AntiSpam] C:\WINDOWS\SYSTEM\msantispam.exe
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Programmi\Trend PC-cillin 2000\PCCIOMON.EXE"
O4 - HKLM\..\Run: [pop3trap.exe] "C:\Programmi\Trend PC-cillin 2000\pop3trap.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Programmi\Panda Software\Panda Antivirus Platinum\Pavsched.exe"
O4 - HKLM\..\RunServices: [PAVFIRES] "C:\Programmi\Panda Software\Panda Antivirus Platinum\Firewall\Pavfires.exe"
O4 - HKLM\..\RunOnce: [test]
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAMMI\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [SpyKiller] C:\Programmi\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Programmi\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\RunOnce: [test]
O4 - Startup: PCSuiteperNokia3650 Detect.lnk = C:\Programmi\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
O4 - Startup: PCSuiteperNokia3650 TS.lnk = C:\Programmi\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAMMI\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAMMI\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O15 - Trusted Zone: http://*.63.219.181.7
O16 - DPF: {FFFF0017-0001-101A-A3C9-08002B2F49FB} - http://www.regnodelsesso.com/23a.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1774caa6a0c ... xIE601.cab
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\path.mht!http://195.225.176.5/d/knpxaff/hxhivau/obgawjq/rytgqp/arct.chm::/painter.exe
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://207.44.186.186/b/it.chm::/11449.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {AA14C86B-DA22-4811-8186-BB496A299C5F} (Be Here TotalView Player ActiveX Control, Version 3.0) - http://www.spincam.com/360video/plugins ... wer3_0.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ ... 1/chat.cab

da **filippou2** » ven dic 17, 2004 1:38 pm

Regno del sesso?!?!

Non che io sia immacolato però?!

da **crazy.cat** » ven dic 17, 2004 1:54 pm

Cancella i file temporanei di internet e poi con hijackthis togli queste voci.

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O2 - BHO: (no name) - {F195A1A9-4033-4E5B-B85C-848C3E31A83A} - C:\syslibie.dll (file missing)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\SYSTEM\IECUST.DLL
O4 - HKLM\..\RunOnce: [test]
O4 - HKCU\..\RunOnce: [test]
O15 - Trusted Zone: http://*.63.219.181.7

Anche queste da eliminare ma controlla che tutti gli exe siano poi spariti dal tuo pc.

O16 - DPF: {FFFF0017-0001-101A-A3C9-08002B2F49FB} - http://www.regnodelsesso.com/23a.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1774caa6a0c ... xIE601.cab
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\path.mht!http://195.225.176.5/d/knpxaff/hxhivau/obgawjq/rytgqp/arct.chm::/painter.exe
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://207.44.186.186/b/it.chm::/11449.exe

Questo lo hai installato tu?
O4 - HKLM\..\Run: [Set Drive Letter to G:] C:\WINDOWS\GDRIVE.EXE -N

Questo è sospetto??
O4 - HKLM\..\Run: [AntiSpam] C:\WINDOWS\SYSTEM\msantispam.exe ?????

da **filippou2** » ven dic 17, 2004 2:30 pm

Grande!ok adesso dovrebbe andare bene...ma mi dici una cosa?come mai gli altri programmi non fungevano e questo si?

da **crazy.cat** » ven dic 17, 2004 4:05 pm

Hijackthis vede cose che gli altri antispy non vedono e non eliminano.

Quelle due ultime voci
O4 - HKLM\..\Run: [Set Drive Letter to G:] C:\WINDOWS\GDRIVE.EXE -N
O4 - HKLM\..\Run: [AntiSpam] C:\WINDOWS\SYSTEM\msantispam.exe
le conoscevi?

da **filippou2** » ven dic 17, 2004 4:40 pm

Il primo è un applicazione dell'ibm(il pc è un ibm),il secondo francamente non la conosco,io le ho lasciate,e tralaltro il secondo se faccio la ricerca non lo trova

www.MegaLab.it

about:blank e freshbar

about:blank e freshbar

Chi c’è in linea