odiosa barra di explorer!!!

nestle · 30-10-2003, 17:47

non so perchè ma mi si è installata una barra in internet explorer sotto la barra dell'indirizzo.

sembra come se si fosse personalizzata con explorer (è una barra con link a siti di ricerca).
se faccio tasto destro sulle barra indirizzo mi permette di toglierla (si chiama chprprcrgrg)
ma ogni volta che riavvio explorer ricompare.

credi sia qualche spyware installato...

come posso fare? ho già usato adaware e spybot che mi hanno trovato varie cose ma non questa...

aiutatemi...

Adric · 31-10-2003, 06:34

Spostato nella sezione ANTIVIRUS E SICUREZZA

nestle · 31-10-2003, 07:25

ok grazie

MrOZ · 31-10-2003, 11:41

hhhhmmm... quel nome nn mi dice nulla

...

Prova a lanciare hijackthis (senza cancellare nulla) ed a postare qui il log

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Ciao.

nestle · 31-10-2003, 11:44

ciao e grazie

ti posto il log:

Logfile of HijackThis v1.97.3
Scan saved at 12.47.44, on 31/10/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe
C:\WINDOWS\System32\dslagent.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\llass.exe
C:\DOCUME~1\GABRIE~1\DATIAP~1\puichpre.exe
C:\Programmi\GetRight\getright.exe
C:\Programmi\GetRight\getright.exe
C:\DOCUME~1\GABRIE~1\IMPOST~1\Temp\Onv1.exe
C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe
C:\eDonkey2000\edonkey2000.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Gabriele Nestola\Impostazioni locali\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {dab851df-b6a6-4a3c-bfd4-127f6bd10323} - C:\DOCUME~1\GABRIE~1\DATIAP~1\frsscksttrwx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: chprprcrgrg - {ec5058fd-620c-42e8-8047-cbc260e27467} - C:\DOCUME~1\GABRIE~1\DATIAP~1\frsscksttrwx.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Programmi\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CXMon] "C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemSearch] REGEDIT.EXE -s C:\ie.reg
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmi\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1980935deffb305...dxIE601_it.cab
O16 - DPF: {99D8AF4F-307A-461C-A404-BFA33D502B31} (APStartX Control) - http://217.169.119.216/resources/APStart.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A7A9E25-06F2-449D-BB52-3F90C61F3369}: NameServer = 80.21.7.56 212.216.112.112
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A7A9E25-06F2-449D-BB52-3F90C61F3369}: NameServer = 80.21.7.56 212.216.112.112

MrOZ · 31-10-2003, 14:47

Cancella questo valore con hijackthis :

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1980935deffb30...RdxIE601_it.cab

Il resto devo ancora controllarlo x bene.

nestle · 31-10-2003, 14:55

fatto, ma pare non abbia risolto...

MrOZ · 31-10-2003, 18:52

Ho fatto 1 ricerca su internet e kiesto a qualcuno... mi sa ke le cose si complicano

C:\WINDOWS\system32\llass.exe è 1 trojan/backdoor --> guarda qui http://www.trendmicro.com/vinfo/viru...=BKDR_LARSLP.A

Quindi prima di tutto devi eliminare il trojan; poi devi terminare questo processo "puichpre.exe" nel task manager, chiudere tutte le finestre del browser, fare 1 scansione con hijackthis e selezionare ed eliminare queste voci:

O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)

O2 - BHO: (no name) - {dab851df-b6a6-4a3c-bfd4-127f6bd10323} - C:\DOCUME~1\GABRIE~1\DATIAP~1\frsscksttrwx.dll

O3 - Toolbar: chprprcrgrg - {ec5058fd-620c-42e8-8047-cbc260e27467} - C:\DOCUME~1\GABRIE~1\DATIAP~1\frsscksttrwx.dll

O4 - HKLM\..\Run: [SystemSearch] REGEDIT.EXE -s C:\ie.reg

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - »207.188.7.150/1980935deffb30...RdxIE60..

O16 - DPF: {99D8AF4F-307A-461C-A404-BFA33D502B31} (APStartX Control) - »217.169.119.216/resources/APStart.ocx

...ed alla fine ricontrollare tutto con hijackthis.

Ciao.

nestle · 31-10-2003, 18:54

grazie dell'interessamento ora provo

30-10-2003, 17:47	#1
nestle Senior Member Iscritto dal: Oct 2000 Città: Roma Messaggi: 1587	odiosa barra di explorer!!! non so perchè ma mi si è installata una barra in internet explorer sotto la barra dell'indirizzo. sembra come se si fosse personalizzata con explorer (è una barra con link a siti di ricerca). se faccio tasto destro sulle barra indirizzo mi permette di toglierla (si chiama chprprcrgrg) ma ogni volta che riavvio explorer ricompare. credi sia qualche spyware installato... come posso fare? ho già usato adaware e spybot che mi hanno trovato varie cose ma non questa... aiutatemi... __________________ il mio blog: http://gabrireef.blogspot.com/

31-10-2003, 06:34	#2
Adric Senior Member Iscritto dal: Oct 2001 Città: Lazio Età: 52 ex mod Messaggi: 9300	Spostato nella sezione ANTIVIRUS E SICUREZZA __________________ Guida CDR - SACD/DVD-A links - Pal,Secam, Ntsc - Fonts - Radio online - Jazz -Soul&Funky - siti traduzioni lingue non rispondo a msg privati sui monitor

31-10-2003, 07:25	#3
nestle Senior Member Iscritto dal: Oct 2000 Città: Roma Messaggi: 1587	ok grazie __________________ il mio blog: http://gabrireef.blogspot.com/

31-10-2003, 11:44	#5
nestle Senior Member Iscritto dal: Oct 2000 Città: Roma Messaggi: 1587	ciao e grazie ti posto il log: Logfile of HijackThis v1.97.3 Scan saved at 12.47.44, on 31/10/2003 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe C:\WINDOWS\System32\dslagent.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\WINDOWS\system32\llass.exe C:\DOCUME~1\GABRIE~1\DATIAP~1\puichpre.exe C:\Programmi\GetRight\getright.exe C:\Programmi\GetRight\getright.exe C:\DOCUME~1\GABRIE~1\IMPOST~1\Temp\Onv1.exe C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe C:\eDonkey2000\edonkey2000.exe C:\WINDOWS\explorer.exe C:\Programmi\Outlook Express\msimn.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Gabriele Nestola\Impostazioni locali\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {dab851df-b6a6-4a3c-bfd4-127f6bd10323} - C:\DOCUME~1\GABRIE~1\DATIAP~1\frsscksttrwx.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: chprprcrgrg - {ec5058fd-620c-42e8-8047-cbc260e27467} - C:\DOCUME~1\GABRIE~1\DATIAP~1\frsscksttrwx.dll O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [AHQInit] C:\Programmi\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [CXMon] "C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SystemSearch] REGEDIT.EXE -s C:\ie.reg O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmi\GetRight\getright.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1980935deffb305...dxIE601_it.cab O16 - DPF: {99D8AF4F-307A-461C-A404-BFA33D502B31} (APStartX Control) - http://217.169.119.216/resources/APStart.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1A7A9E25-06F2-449D-BB52-3F90C61F3369}: NameServer = 80.21.7.56 212.216.112.112 O17 - HKLM\System\CS1\Services\Tcpip\..\{1A7A9E25-06F2-449D-BB52-3F90C61F3369}: NameServer = 80.21.7.56 212.216.112.112 __________________ il mio blog: http://gabrireef.blogspot.com/

31-10-2003, 14:55	#7
nestle Senior Member Iscritto dal: Oct 2000 Città: Roma Messaggi: 1587	fatto, ma pare non abbia risolto... __________________ il mio blog: http://gabrireef.blogspot.com/

31-10-2003, 11:41	#4
MrOZ Senior Member Iscritto dal: Jun 2003 Città: "Mantua me genuit" Trattative concluse: 1 fracco!!! Devianze: MacTard iMac 27" i5 2,8Ghz 4GB IPHONE 5 32GB Black Iscritto dal: Nov 2002 Messaggi: 4426	hhhhmmm... quel nome nn mi dice nulla ... Prova a lanciare hijackthis (senza cancellare nulla) ed a postare qui il log http://www.spywareinfo.com/~merijn/files/hijackthis.zip Ciao.

31-10-2003, 14:47	#6
MrOZ Senior Member Iscritto dal: Jun 2003 Città: "Mantua me genuit" Trattative concluse: 1 fracco!!! Devianze: MacTard iMac 27" i5 2,8Ghz 4GB IPHONE 5 32GB Black Iscritto dal: Nov 2002 Messaggi: 4426	Cancella questo valore con hijackthis : O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1980935deffb30...RdxIE601_it.cab Il resto devo ancora controllarlo x bene.

31-10-2003, 18:52	#8
MrOZ Senior Member Iscritto dal: Jun 2003 Città: "Mantua me genuit" Trattative concluse: 1 fracco!!! Devianze: MacTard iMac 27" i5 2,8Ghz 4GB IPHONE 5 32GB Black Iscritto dal: Nov 2002 Messaggi: 4426	Ho fatto 1 ricerca su internet e kiesto a qualcuno... mi sa ke le cose si complicano C:\WINDOWS\system32\llass.exe è 1 trojan/backdoor --> guarda qui http://www.trendmicro.com/vinfo/viru...=BKDR_LARSLP.A Quindi prima di tutto devi eliminare il trojan; poi devi terminare questo processo "puichpre.exe" nel task manager, chiudere tutte le finestre del browser, fare 1 scansione con hijackthis e selezionare ed eliminare queste voci: O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file) O2 - BHO: (no name) - {dab851df-b6a6-4a3c-bfd4-127f6bd10323} - C:\DOCUME~1\GABRIE~1\DATIAP~1\frsscksttrwx.dll O3 - Toolbar: chprprcrgrg - {ec5058fd-620c-42e8-8047-cbc260e27467} - C:\DOCUME~1\GABRIE~1\DATIAP~1\frsscksttrwx.dll O4 - HKLM\..\Run: [SystemSearch] REGEDIT.EXE -s C:\ie.reg O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - »207.188.7.150/1980935deffb30...RdxIE60.. O16 - DPF: {99D8AF4F-307A-461C-A404-BFA33D502B31} (APStartX Control) - »217.169.119.216/resources/APStart.ocx ...ed alla fine ricontrollare tutto con hijackthis. Ciao.

31-10-2003, 18:54	#9
nestle Senior Member Iscritto dal: Oct 2000 Città: Roma Messaggi: 1587	grazie dell'interessamento ora provo __________________ il mio blog: http://gabrireef.blogspot.com/

Strumenti
Mostra una versione stampabile Invia questa pagina per email