cc65
18-08-2006, 15:02
Ciao, ho un problema con il pc di un amico: non riusciva + a navigare, praticamente se si inserisce l'url della pag cercata IE non trova niente, ho effettuato una scansione con ewido ed ha trovato 2 troian.. + 170 adaware sospetti, ho proceduto con la cancellazzione ed almeno adesso , all'avvio, il pc non tenta + di collegarsi ad internet ( cosa che prima faceva) ma il problema che non si riesce a navigare rimane, cosa potrebbe essere?
Vi posto il log di hijackthis ( dopo aver usato ewido) sperando in un vostro aiuto.
Ho provato a reimpostare le " predefinite" di IE ma niente :(
Logfile of HijackThis v1.99.1
Scan saved at 14.49.24, on 18/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Winamp\Winampa.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\Java\j2re1.4.2_08\bin\jusched.exe
C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\timed.exe
C:\WINDOWS\volumec.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\RACLE~1\netdde.exe
C:\PROGRA~1\COMMON~1\FNTS~1\MIEXEC~1.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Netropa\Multimedia Keyboard\TrayMon.exe
C:\WINDOWS\timed.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Netropa\Onscreen Display\OSD.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX00.125\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {71DFB5D6-216C-02C8-11FA-57275389EBC5} - C:\WINDOWS\system32\zsbmvgv.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programmi\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:\WINDOWS\DOWNLO~1\instafin.dll (file missing)
O2 - BHO: (no name) - {71DFB5D6-216C-02C8-11FA-57275389EBC5} - C:\WINDOWS\system32\zsbmvgv.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Programmi\webHancer\programs\whiehlpr.dll (file missing)
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmi\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Programmi\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [ImMsn] C:\WINDOWS\timed.exe /i
O4 - HKLM\..\Run: [VolControl] C:\WINDOWS\volumec.exe -i
O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [eDonkey2000] "C:\Programmi\eDonkey2000\eDonkey2000.exe" -t
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Olit] "C:\WINDOWS\system32\RACLE~1\netdde.exe" -vt yazb
O4 - HKCU\..\Run: [Ggjqwhuw] C:\PROGRA~1\COMMON~1\FNTS~1\MIEXEC~1.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programmi\webhancer\programs\webhdll.dll' missing
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://l00kl23.com/default.cab?uid=8&id=51373&1s&ex&ppd=4&tag=32
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_it.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://it.errorsafe.com/pages/scanner_it/ErrorSafeScannerInstallIT.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{630DDFC5-ECF4-4934-9CB5-3D490609D7DF}: NameServer = 85.37.17.47 85.38.28.82
O20 - AppInit_DLLs: iexplore.dll C:\WINDOWS\system32\iexplore.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Vi ringrazio fin da ora, ciao.
Claudio
Vi posto il log di hijackthis ( dopo aver usato ewido) sperando in un vostro aiuto.
Ho provato a reimpostare le " predefinite" di IE ma niente :(
Logfile of HijackThis v1.99.1
Scan saved at 14.49.24, on 18/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Winamp\Winampa.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\Java\j2re1.4.2_08\bin\jusched.exe
C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\timed.exe
C:\WINDOWS\volumec.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\RACLE~1\netdde.exe
C:\PROGRA~1\COMMON~1\FNTS~1\MIEXEC~1.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Netropa\Multimedia Keyboard\TrayMon.exe
C:\WINDOWS\timed.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Netropa\Onscreen Display\OSD.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX00.125\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {71DFB5D6-216C-02C8-11FA-57275389EBC5} - C:\WINDOWS\system32\zsbmvgv.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programmi\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:\WINDOWS\DOWNLO~1\instafin.dll (file missing)
O2 - BHO: (no name) - {71DFB5D6-216C-02C8-11FA-57275389EBC5} - C:\WINDOWS\system32\zsbmvgv.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Programmi\webHancer\programs\whiehlpr.dll (file missing)
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmi\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Programmi\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [ImMsn] C:\WINDOWS\timed.exe /i
O4 - HKLM\..\Run: [VolControl] C:\WINDOWS\volumec.exe -i
O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [eDonkey2000] "C:\Programmi\eDonkey2000\eDonkey2000.exe" -t
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Olit] "C:\WINDOWS\system32\RACLE~1\netdde.exe" -vt yazb
O4 - HKCU\..\Run: [Ggjqwhuw] C:\PROGRA~1\COMMON~1\FNTS~1\MIEXEC~1.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programmi\webhancer\programs\webhdll.dll' missing
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://l00kl23.com/default.cab?uid=8&id=51373&1s&ex&ppd=4&tag=32
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_it.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://it.errorsafe.com/pages/scanner_it/ErrorSafeScannerInstallIT.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{630DDFC5-ECF4-4934-9CB5-3D490609D7DF}: NameServer = 85.37.17.47 85.38.28.82
O20 - AppInit_DLLs: iexplore.dll C:\WINDOWS\system32\iexplore.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Vi ringrazio fin da ora, ciao.
Claudio