Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

about blank

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

about blank

Messaggioda trigly » sab gen 15, 2005 1:25 pm

Avevo anche io il problema "about blank" nella pagina iniziale; seguendo le vostre istruzioni sono riuscito ad eliminarlo (almeno spero) e vi ringrazio.
Ho fatto una scansione con hijackthis e questo è il log. Crdo che i problemi non siano pochi. Mi date una mano?

Logfile of HijackThis v1.98.2
Scan saved at 13:23:38, on 15/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\FILE COMUNI\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\IENN32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\PROGRAMMI\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAMMI\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAMMI\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAMMI\PANDA SOFTWARE\PANDA ANTIVIRUS TITANIUM\APVXDWIN.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAMMI\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\PROGRAMMI\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\PROGRAMMI\VERBATIM STORE N GO\VERBATIM STORE 'N' GO.EXE
C:\PROGRAMMI\ISTSVC\ISTSVC.EXE
C:\PROGRAMMI\INTEL\INTEL PSNCU\CPUNUMBER.EXE
C:\PROGRAMMI\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAMMI\CAERE\PAGEKEEPER30\SYSTEM\PKJOBS.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\MSOFFICE\OFFICE\MSOFFICE.EXE
C:\PROGRAMMI\NIKON\NKVIEW4\NKVWMON.EXE
C:\PROGRAMMI\FOTOSTATION EASY\FOTOSTATION EASY AUTOLAUNCH.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\1040\MSOFFICE.EXE
C:\PROGRAMMI\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAMMI\CAERE\PAGEKEEPER30\SYSTEM\PKSLAPI.EXE
C:\PROGRAMMI\CAERE\PAGEKEEPER30\SYSTEM\PKTOPASS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscalinet.it/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)
O2 - BHO: Class - {EE7D83AF-7B9D-6B09-3E59-713C735C30F9} - C:\WINDOWS\CRLE.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAMMI\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL
O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAMMI\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAMMI\MCAFEE\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAMMI\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [AVPCC] C:\Programmi\AntiViral Toolkit Pro\avpcc.exe
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HP CD-Writer] C:\Programmi\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [VERBATIM STORE 'N' G] c:\programmi\verbatim store n go\verbatim store 'n' go.exe sys_auto_run C:\PROGRAMMI\VERBATIM STORE N GO
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AVPCC Service] C:\Programmi\AntiViral Toolkit Pro\avpcc.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [RNBOStart] c:\WINDOWS\SYSTEM\sentstrt.exe
O4 - HKLM\..\RunServices: [IENN32.EXE] C:\WINDOWS\SYSTEM\IENN32.EXE
O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Programmi\Intel\Intel PSNCU\CPUNumber.exe" /nosplash
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAMMI\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "c:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpyBan] "C:\PROGRAM FILES\SPYBAN\SPYBAN.EXE" /s
O4 - Startup: Lavori di PageKeeper.lnk = C:\Programmi\Caere\PageKeeper30\system\PKJobs.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Startup: Barra degli strumenti Microsoft Office.lnk = C:\MSOffice\Office\MSOFFICE.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: NkVwMon.exe.lnk = C:\Programmi\Nikon\NkView4\NkVwMon.exe
O4 - Startup: FotoStation Easy AutoLaunch.lnk = C:\Programmi\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmi\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAMMI\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAMMI\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAMMI\SIDEFIND\SIDEFIND.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.yeak.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ ... 1/chat.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat1.kataweb.it:4080/chat/data/ ... sichat.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {C6BEBA53-1F7E-4A0A-B738-61FBB49E0B06} (VPDefaultX Control) - http://www.e-works.it/support/supereva/ ... efault.cab
O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} (McAfee.com Component Download Manager Class) - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16e3881a13806596e4 ... 601_it.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://antivirus.interfree.it/xscan52.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O21 - SSODL: YwGxnUJzDpI - {3F7A0F00-95D0-A5AA-D03E-4E0069530A52} - C:\WINDOWS\SYSTEM\FBERD.DLL
Trigly
Avatar utente
trigly
Aficionado
Aficionado
 
Messaggi: 37
Iscritto il: gio gen 13, 2005 10:14 am
Località: Chieti

Messaggioda crazy.cat » sab gen 15, 2005 1:27 pm

Non hai tolto tutto. dammi qualche minuto e poi ti rispondo.
benvenuto nel forum

Hai 3 antivirus installati???

Cerca queste dll FBERD.DLL,CRLE.DLL,yauhe.dll se le trovi nel pc le sposti e le rinomini, riavii e cancelli i files rinominati.
Cancelli tutti i file temporanei di internet e tutte le righe qui sotto


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://yoursearch.ws/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yauhe.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yauhe.dll/sp.html#28129
O2 - BHO: Class - {EE7D83AF-7B9D-6B09-3E59-713C735C30F9} - C:\WINDOWS\CRLE.DLL (file missing)
O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.yeak.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O21 - SSODL: YwGxnUJzDpI - {3F7A0F00-95D0-A5AA-D03E-4E0069530A52} - C:\WINDOWS\SYSTEM\FBERD.DLL

Questo è sconosciuto
O4 - HKLM\..\RunServices: [IENN32.EXE] C:\WINDOWS\SYSTEM\IENN32.EXE


Questo se non ho capito male è un programma antispyware che ti installa a sua volta uno spyware!!!!

O4 - HKCU\..\Run: [SpyBan] "C:\PROGRAM FILES\SPYBAN\SPYBAN.EXE" /s
SpyBan Description:
SpyBan claim to protect your privacy by removing spyware and adware. Unfortunately, when testing SpyBan 1.4, it installed the Look2Me Spyware which is not mentioned during the installation of SpyBan. SpyBan 1.4 does not show any EULA during the installation or on their web site.
At Download.com, it is noted that SpyBan bundles other products: 'SpyBan is a cutting edge software that is able to detect and remove all popular forms of spyware programs including Trojans, system monitors, keyloggers, and adware.


Per questo segui le struzioni
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAMMI\SIDEFIND\SIDEFIND.DLL
http://www.pestpatrol.com/pestinfo/s/sidefind.asp

fai una scansione anche con questo dalla modalità provvisoria
http://www.MegaLab.it/3002

Dopo riavii il pc riprovi a navigare e controlli che le voci qui sopra non ricompaiono più.
E facci sapere come và
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda trigly » mer feb 09, 2005 5:29 pm

Vi rispondo con u n po' di ritardo; sono stato via diversi giorni.
Credo però di avere risolto buona parte dei problemi grazie al vostro aiuto. Certamente ho eliminato la pagina iniziale about blank e qualche altro fastidio.
Grazie ancora
Trigly
Avatar utente
trigly
Aficionado
Aficionado
 
Messaggi: 37
Iscritto il: gio gen 13, 2005 10:14 am
Località: Chieti


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising