Ste182
13-06-2005, 12:54
Ciao a tutti!
Ogni volta che avvio Internet Explorer mi viene caricata la pagina www.mysearchnow.com come pagina iniziale ed inoltre questa specie di dialer mi rallenta di brutto la connessione..
non riesco a risolvere il problema nč con SPybot nč con Adware.
ho provato a cercare il processo manualmente ma non l'ho trovato..ho scaricato HIJACKTHIS e la scansione mi ha dato i seguenti risultati:
Logfile of HijackThis v1.97.7
Scan saved at 13.53.02, on 13/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Vivanco\ScanPanel\ScnPanel.exe
C:\Programmi\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\STE\Impostazioni locali\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eogkvbwsirqefxhkhjoupqi.com/I6140pafrf7a4hZQ4Itfl2bkHr5YoYfbcnch0OxIKF3PbWT5iST3Jr9P/6ACk3UM.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jcskhgzuskltinqedir.biz/I6140pafrf7ujkXKfEnYEUA827/bzUbsreg2kFVrhKY.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\System32\winvbie.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Update Machine] memstat.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [Microsoft Update Machine] memstat.exe
O4 - HKLM\..\RunServices: [win-xp] winis.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] memstat.exe
O4 - HKCU\..\Run: [Close Junk] C:\DOCUME~1\STE\DATIAP~1\CAKE1B~1\PlatformElse.exe
O4 - HKCU\..\RunServices: [win-xp] winis.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ScanPanel.lnk = C:\Program Files\Vivanco\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Alice (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//uivmzih//ovjkhwu//izpoops//irkqpg//IT//arct.chm::/painter.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09DBBFC3-6F25-4D57-95D3-B37F8C9A8DF1}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{799E54DE-B536-4A21-B43B-87C3B9A77A26}: NameServer = 85.37.17.15 151.99.125.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{09DBBFC3-6F25-4D57-95D3-B37F8C9A8DF1}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS3\Services\Tcpip\..\{09DBBFC3-6F25-4D57-95D3-B37F8C9A8DF1}: NameServer = 151.99.125.2,151.99.125.3
Spero che qualcuno di voi mi aiuti a risolvere il problema..
Ogni volta che avvio Internet Explorer mi viene caricata la pagina www.mysearchnow.com come pagina iniziale ed inoltre questa specie di dialer mi rallenta di brutto la connessione..
non riesco a risolvere il problema nč con SPybot nč con Adware.
ho provato a cercare il processo manualmente ma non l'ho trovato..ho scaricato HIJACKTHIS e la scansione mi ha dato i seguenti risultati:
Logfile of HijackThis v1.97.7
Scan saved at 13.53.02, on 13/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Vivanco\ScanPanel\ScnPanel.exe
C:\Programmi\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\STE\Impostazioni locali\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eogkvbwsirqefxhkhjoupqi.com/I6140pafrf7a4hZQ4Itfl2bkHr5YoYfbcnch0OxIKF3PbWT5iST3Jr9P/6ACk3UM.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jcskhgzuskltinqedir.biz/I6140pafrf7ujkXKfEnYEUA827/bzUbsreg2kFVrhKY.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\System32\winvbie.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Update Machine] memstat.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [Microsoft Update Machine] memstat.exe
O4 - HKLM\..\RunServices: [win-xp] winis.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] memstat.exe
O4 - HKCU\..\Run: [Close Junk] C:\DOCUME~1\STE\DATIAP~1\CAKE1B~1\PlatformElse.exe
O4 - HKCU\..\RunServices: [win-xp] winis.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ScanPanel.lnk = C:\Program Files\Vivanco\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Alice (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//uivmzih//ovjkhwu//izpoops//irkqpg//IT//arct.chm::/painter.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09DBBFC3-6F25-4D57-95D3-B37F8C9A8DF1}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{799E54DE-B536-4A21-B43B-87C3B9A77A26}: NameServer = 85.37.17.15 151.99.125.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{09DBBFC3-6F25-4D57-95D3-B37F8C9A8DF1}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS3\Services\Tcpip\..\{09DBBFC3-6F25-4D57-95D3-B37F8C9A8DF1}: NameServer = 151.99.125.2,151.99.125.3
Spero che qualcuno di voi mi aiuti a risolvere il problema..