View Full Version : problema con Esplora risorse
KiMa_ViC_
24-05-2005, 18:42
salve, quando apro Esplora risorse (o una qualunque cartella) il programma tenta una connessione ad internet (fortunatamente ho il firewall che blocca) e si connette all'ip 66.98.166.103.
ho l'antivirus aggiornato, ad-aware e spybot (search & destroy) ma non sono riusciti a rimuoverlo.
potete darmi una mano per piacere?
prova a scaricarti a-squared (http://www.emsisoft.it/it/) e farci una scansione poi prova un antivirus online e se non risolvi niente posta il log di hijackthis
66.98.166.103 è intestato a Everyones Internet, Inc. di Huston Texas.
E' un internet provider.
Credo che tu abbia uno spyware sul tuo PC
KiMa_ViC_
24-05-2005, 21:23
Ho fatto come avete detto ma niente :(
Posto il log di Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 22.21.08, on 24/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\NavNT\vptray.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SETI@home\SETI@home.exe
C:\Programmi\a2\a2guard.exe
C:\Programmi\Miranda IM\miranda32.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmi\NavNT\defwatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programmi\MPICH\mpd\bin\mpd.exe
C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programmi\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\alg.exe
C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\SlimBrowser\sbrowser.exe
C:\Programmi\InstantGet\InstantGet.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\KIMA_V~1\IMPOST~1\Temp\Rar$EX00.642\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: InstantGet IECatcher - {569E7719-1A11-415E-9206-AC1860FB8BFF} - C:\Programmi\InstantGet\IGCatcher.dll
O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\system32\winvbie.dll
O3 - Toolbar: InstantGet Bar - {98C92840-EB1C-40bd-B6A5-395EC9CD6510} - C:\Programmi\InstantGet\IGIEBar.dll
O3 - Toolbar: VisuExplorer - {92E1B3F7-0546-421E-9835-904D25B7BA66} - C:\WINDOWS\system32\msiev32.dll
O4 - HKLM\..\Run: [vptray] C:\Programmi\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [seticlient] C:\Programmi\SETI@home\SETI@home.exe -min
O4 - HKCU\..\Run: [a-squared] "C:\Programmi\a2\a2guard.exe"
O4 - Global Startup: Miranda IM.lnk = C:\Programmi\Miranda IM\miranda32.exe
O8 - Extra context menu item: &Download with InstantGet - res://C:\Programmi\InstantGet\IGCatcher.dll/IGLink.htm
O8 - Extra context menu item: Download &all with InstantGet - res://C:\Programmi\InstantGet\IGCatcher.dll/IGAll.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run InstantGet - {6DDFE91C-A45C-4812-8F57-098932C9D88D} - C:\Programmi\InstantGet\InstantGet.exe
O9 - Extra 'Tools' menuitem: &InstantGet - {6DDFE91C-A45C-4812-8F57-098932C9D88D} - C:\Programmi\InstantGet\InstantGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.tgmonline.it
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\NavNT\defwatch.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MPICH Daemon (C) 2001 Argonne National Lab (mpich_mpd) - Unknown owner - C:\Programmi\MPICH\mpd\bin\mpd.exe
O23 - Service: Norton AntiVirus Server - Symantec Corporation - C:\Programmi\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Vanno fixate le seguenti voci:
O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\system32\winvbie.dll
O3 - Toolbar: VisuExplorer - {92E1B3F7-0546-421E-9835-904D25B7BA66} - C:\WINDOWS\system32\msiev32.dll
disabilita il ripristino di sistema.
reboot in modalità provvisoria
start-esegui-CMD
cd \
cd windows\system32
regsvr32.exe /u winvbie.dll
regsvr32.exe /u msiev32.dll
del winvbie.dll
del msiev32.dll
exit
reboot in modalità normale
ciao
KiMa_ViC_
25-05-2005, 12:56
fatto, grazie mille per l'aiuto ^^
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.