PDA

Visualizza versione completa : IE, barra non voluta


sal21
08-07-2005, 20.20.14
... e ora cosa Ŕ questa maledetta barra ?????????????
Non riesco a toglirla in nessun modo!!!!!!!!!1

trottolino
08-07-2005, 22.06.22
proprio qualche giorno fa... (http://www.wintricks.it/forum/showthread.php?s=&threadid=90621)

sal21
09-07-2005, 10.17.05
... in ogni caso posto il mio log:Logfile of HijackThis v1.99.1
Scan saved at 10.20.46, on 07/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT1\System32\smss.exe
C:\WINNT1\SYSTEM32\winlogon.exe
C:\WINNT1\system32\services.exe
C:\WINNT1\system32\lsass.exe
C:\WINNT1\system32\svchost.exe
C:\WINNT1\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.e xe
C:\WINNT1\SYSTEM32\DNTUS26.EXE
C:\WINNT1\System32\svchost.exe
C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.e xe
C:\WINNT1\system32\regsvc.exe
C:\WINNT1\system32\MSTask.exe
C:\WINNT1\System32\WBEM\WinMgmt.exe
C:\WINNT1\System32\inetsrv\inetinfo.exe
C:\WINNT1\System32\svchost.exe
C:\WINNT1\Explorer.EXE
C:\Programmi\Winamp\winampa.exe
C:\Programmi\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT1\system32\stdafx.exe
C:\WINNT1\system32\xpsp2.exe
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINNT1\system32\stdafx.exe
C:\Programmi\Microsoft Office\Office\1040\msoffice.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e
C:\CCProxy\CCProxy.exe
D:\winzip\WZQKPICK.EXE
C:\Programmi\AdwareAlert\Launcher.exe
C:\Programmi\FreePOPs\freepopsd.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
D:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.emghrtxjwhfuuclihqnbjgu.us/hRvv2wK4F6yeEYl0kL3qjtbsOnmhYSozw4WjGaCrvLwlMthjlv PLn2R7ODoRy5kF.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: (no name) - {79A9432F-9AC7-7831-D09A-9BAB3568292C} - C:\DOCUME~1\sal\DATIAP~1\DartPop\ace inter.exe
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programmi\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [License Creative Window Bird] C:\Documents and Settings\All Users.WINNT1\Dati applicazioni\cool dupe license creative\Phoneheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Programmi\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [Microsoft Security System] stdafx.exe
O4 - HKLM\..\Run: [Microsoft xpsp2] xpsp2.exe
O4 - HKLM\..\Run: [Bcvsrv32] bcvsrv32.exe
O4 - HKLM\..\Run: [Windows UpSkirt] choko.exe
O4 - HKLM\..\RunServices: [Microsoft Security System] stdafx.exe
O4 - HKLM\..\RunServices: [Bcvsrv32] bcvsrv32.exe
O4 - HKLM\..\RunServices: [Windows UpSkirt] choko.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Microsoft Security System] stdafx.exe
O4 - HKCU\..\Run: [Microsoft xpsp2] xpsp2.exe
O4 - HKCU\..\Run: [LogoPlan] C:\DOCUME~1\sal\DATIAP~1\CDROMP~1\link long road.exe
O4 - HKCU\..\RunServices: [System Updates Dll] syst32.exe
O4 - Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Global Startup: Barra degli strumenti Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e
O4 - Global Startup: Ms Office.lnk = C:\CCProxy\CCProxy.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\winzip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\programmi\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.e xe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT1\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINNT1\SYSTEM32\DNTUS26.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.e xe

joey
09-07-2005, 11.19.31
fai una cosa, fatti anche una bella scansione con Spybot - Search & Destroy, che ti puoi scaricare qua (http://www.safer-networking.org/it/spybotsd/) (Ŕ la home page, sulla sinistra c'Ŕ la voce download). almeno con sopybot pulisci il pc da eventuali spyware, adware & co. poi rifatti una scansione con hijackthis e rimanda il log. ok? :)
ps: io sono quello al cui post di qualche giorno fa ti hanno rimandato, sono fresco fresco di puliture varie :p

crazy.cat
09-07-2005, 15.14.07
Sconosciuti ma molto sospetti
O2 - BHO: (no name) - {79A9432F-9AC7-7831-D09A-9BAB3568292C} - C:\DOCUME~1\sal\DATIAP~1\DartPop\ace inter.exe
O4 - HKLM\..\Run: [License Creative Window Bird] C:\Documents and Settings\All Users.WINNT1\Dati applicazioni\cool dupe license creative\Phoneheck.exe
O4 - HKCU\..\Run: [LogoPlan] C:\DOCUME~1\sal\DATIAP~1\CDROMP~1\link long road.exe

Da eliminare, sconosciuti o virus riconosciuti
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.emghrtxjwhfuuclihqnbjgu....R7ODoRy5kF.html
O4 - HKLM\..\Run: [Microsoft Security System] stdafx.exe
O4 - HKLM\..\Run: [Microsoft xpsp2] xpsp2.exe
O4 - HKLM\..\Run: [Bcvsrv32] bcvsrv32.exe
O4 - HKLM\..\Run: [Windows UpSkirt] choko.exe
O4 - HKLM\..\RunServices: [Microsoft Security System] stdafx.exe
O4 - HKLM\..\RunServices: [Bcvsrv32] bcvsrv32.exe
O4 - HKLM\..\RunServices: [Windows UpSkirt] choko.exe
O4 - HKCU\..\Run: [Microsoft Security System] stdafx.exe
O4 - HKCU\..\Run: [Microsoft xpsp2] xpsp2.exe
O4 - HKCU\..\RunServices: [System Updates Dll] syst32.exe

Dalla modalitÓ provvisoria, rifai la scansione con hijackthis metti il flag sulle voci indicate e premi fix, poi oltre alla scansione con spybot fanne una anche con questo antivirus.
http://www.megalab.it/articoli.php?id=513

Dopo riavvia e controlla che non ricompaiono le voci indicate.

joey
09-07-2005, 15.55.50
perchŔ dici di farlo dalla modalitÓ provvisoria? io l'avevo fatto dalla "modalitÓ normale" e non Ŕ successo nulla di grave...

comunque un po' di roba da eliminare l'avevo riconosciuta anch'io...ihih... :p