2 virus trovati help

01-06-2005, 09:48

come mai non trovo più il thread di "come rimuovere about:blank"?

1 è il suddetto

il 2° è trojan.startpage.m che mi ha infettato il file
c://windows/system/bgbpld.dll

il log di hjackthis

Logfile of HijackThis v1.97.7
Scan saved at 10.38.56, on 01/06/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SDMAN.EXE
C:\PROGRAMMI\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IGFXTRAY.EXE
C:\SABRE\APPS\ATS\SSSCLNT.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMMI\USB DISK TOOL\USNDISKT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\WINAMP\WINAMPA.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SABSERV.EXE
C:\SABRE\APPS\OADP\OADP.EXE
C:\PROGRAMMI\NORTON ANTIVIRUS\NSCHED32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\SABRE\SBTIMER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\DOCUMENTI\HTML2POP3200WIN32\HTML2POP3.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
C:\DOCUMENTI\FABIO\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20037\3.00.05.dll (file missing)
O2 - BHO: (no name) - {0748F983-D206-11D9-8180-000BFEF957AB} - C:\WINDOWS\SYSTEM\BGBPLD.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Sabre Site Services] C:\SABRE\Apps\ATS\SSSClnt.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [USB Disk Tool] C:\Programmi\USB Disk Tool\USNDISKT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SDApp] C:\WINDOWS\SDMan.EXE
O4 - Startup: Server Sabre.lnk = C:\WINDOWS\sabserv.exe
O4 - Startup: Sabre Printing Module.lnk = C:\SABRE\Apps\OADP\Oadp.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00030410-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - Startup: Norton Program Scheduler.lnk = C:\Programmi\Norton AntiVirus\NSCHED32.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pagine simili - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Messenger Addon (HKLM)
O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...875.2120717593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binarie...ysnet32_EN.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = DNS2.INTERBUSINESS.IT
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.99.125.2,151.99.250.2

ho ovviamente eliminato le prime voci, ma il programma dove lo trovo per cancellarlo?

bluepix · 01-06-2005, 11:02

Segui questa procedura manuale con Hijackthis:

Step A:
1. Open HijackThis
2. Click Config
3.Check the: 'Mark everything found for fixing after scan' option.
4. Click Back
5. Click Scan
6. Click Fix checked

Step B:
1. Click Config
2. Click Misc Tools
3. OPEN ADS SPY.
4. Click Scan (this will find all hidden files that you will not see in the explorer)
5. Select all items (this has to me done manually)
6. CLICK REMOVE SELECTED

poi riposta il log che vediamo per startpage.m.
Non è semplice toglierli entrambi in un colpo solo perchè potrebbero interferire a vicenda.
Ciao

01-06-2005, 18:17

tutto ok! però oggi pomeriggio mi è tornato!

se.dll del kaiser

bluepix · 01-06-2005, 18:31

Quote:

Originariamente inviato da fabius00

tutto ok! però oggi pomeriggio mi è tornato!

se.dll del kaiser

Questo potrebbe servire al caso.
http://news.swzone.it/swznews-14856.php

ma in ogni caso serve il log di Hijackthis, magari dopo aver lanciato il programma di cui sopra.

ciao

juninho85 · 01-06-2005, 22:54

dovrebbe essere uno spyware abbastanza niubbo,newdot.net se non ricordo male...comunque prova con cwshredder o qualcosa del genere per rimuoverlo,in alternativa basta pure spybot

03-06-2005, 08:47

intanto grazie!

questo è il log di hjackthis dopo l'uso dei programmini che mi avete dato!

Logfile of HijackThis v1.97.7
Scan saved at 9.32.36, on 03/06/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SDMAN.EXE
C:\PROGRAMMI\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IGFXTRAY.EXE
C:\SABRE\APPS\ATS\SSSCLNT.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\USB DISK TOOL\USNDISKT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAMMI\WINAMP\WINAMPA.EXE
C:\WINDOWS\SABSERV.EXE
C:\SABRE\APPS\OADP\OADP.EXE
C:\PROGRAMMI\NORTON ANTIVIRUS\NSCHED32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\DOCUMENTI\FABIO\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Sabre Site Services] C:\SABRE\Apps\ATS\SSSClnt.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [USB Disk Tool] C:\Programmi\USB Disk Tool\USNDISKT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SDApp] C:\WINDOWS\SDMan.EXE
O4 - Startup: Server Sabre.lnk = C:\WINDOWS\sabserv.exe
O4 - Startup: Sabre Printing Module.lnk = C:\SABRE\Apps\OADP\Oadp.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00030410-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - Startup: Norton Program Scheduler.lnk = C:\Programmi\Norton AntiVirus\NSCHED32.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pagine simili - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Messenger Addon (HKLM)
O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...875.2120717593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binarie...ysnet32_EN.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = DNS2.INTERBUSINESS.IT
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.99.125.2,151.99.250.2

juninho85 · 03-06-2005, 08:52

ci sono diverse cose che puzzano...hai ancora quei due virus?hai provato a fare una pulita con spybot?

bluepix · 03-06-2005, 08:53

Ehm.. hai Hijackthis un po' datato.
Scarica l'ultima versione che è la v.1.99.1

03-06-2005, 08:55

Quote:

Originariamente inviato da bluepix

Ehm.. hai Hijackthis un po' datato.
Scarica l'ultima versione che è la v.1.99.1

so pigro!

mi ridfate il link?

bluepix · 03-06-2005, 09:22

http://www.hijackthis.de/downloads/hijackthis_199.zip

BravoGT83 · 03-06-2005, 09:30

Quote:

Originariamente inviato da bluepix

Ehm.. hai Hijackthis un po' datato.
Scarica l'ultima versione che è la v.1.99.1

infatti

03-06-2005, 09:49

Quote:

Originariamente inviato da bluepix

http://www.hijackthis.de/downloads/hijackthis_199.zip

ora faccio!

grazie mille

karloss · 12-11-2005, 18:08

aiuto, anche io ho questo virus
trojan.startpage.m

cancello il file se.dll
pulisco con spybot
e sparisce

ma TORNA non appena lancio IE

aiuto

andorra24 · 12-11-2005, 18:11

Quote:

Originariamente inviato da karloss

aiuto, anche io ho questo virus
trojan.startpage.m

cancello il file se.dll
pulisco con spybot
e sparisce

ma TORNA non appena lancio IE

aiuto

Ripeti l'operazione in modalita' provvisoria dopo aver disattivato il ripristino di sistema. Fai una scansione con ewido:http://download.ewido.net/ewido-setup.exe

01-06-2005, 09:48	#1
fabius00 Messaggi: n/a	2 virus trovati help come mai non trovo più il thread di "come rimuovere about:blank"? 1 è il suddetto il 2° è trojan.startpage.m che mi ha infettato il file c://windows/system/bgbpld.dll il log di hjackthis Logfile of HijackThis v1.97.7 Scan saved at 10.38.56, on 01/06/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SDMAN.EXE C:\PROGRAMMI\NORTON ANTIVIRUS\NAVAPW32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\IGFXTRAY.EXE C:\SABRE\APPS\ATS\SSSCLNT.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAMMI\USB DISK TOOL\USNDISKT.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAMMI\WINAMP\WINAMPA.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SABSERV.EXE C:\SABRE\APPS\OADP\OADP.EXE C:\PROGRAMMI\NORTON ANTIVIRUS\NSCHED32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\SABRE\SBTIMER.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\DOCUMENTI\HTML2POP3200WIN32\HTML2POP3.EXE C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAMMI\OUTLOOK EXPRESS\MSIMN.EXE C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE C:\DOCUMENTI\FABIO\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20037\3.00.05.dll (file missing) O2 - BHO: (no name) - {0748F983-D206-11D9-8180-000BFEF957AB} - C:\WINDOWS\SYSTEM\BGBPLD.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Sabre Site Services] C:\SABRE\Apps\ATS\SSSClnt.EXE O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [USB Disk Tool] C:\Programmi\USB Disk Tool\USNDISKT.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SDApp] C:\WINDOWS\SDMan.EXE O4 - Startup: Server Sabre.lnk = C:\WINDOWS\sabserv.exe O4 - Startup: Sabre Printing Module.lnk = C:\SABRE\Apps\OADP\Oadp.exe O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00030410-78E1-11D2-B60F-006097C998E7}\misc.exe O4 - Startup: Norton Program Scheduler.lnk = C:\Programmi\Norton AntiVirus\NSCHED32.EXE O8 - Extra context menu item: &Google Search - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Versione cache della pagina - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Pagine simili - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Collegamenti a ritroso - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O9 - Extra button: Messenger Addon (HKLM) O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...875.2120717593 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binarie...ysnet32_EN.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = DNS2.INTERBUSINESS.IT O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.99.125.2,151.99.250.2 ho ovviamente eliminato le prime voci, ma il programma dove lo trovo per cancellarlo?

01-06-2005, 11:02	#2
bluepix Senior Member Iscritto dal: Dec 2004 Città: Magenta(MI) Messaggi: 1513	Segui questa procedura manuale con Hijackthis: Step A: 1. Open HijackThis 2. Click Config 3.Check the: 'Mark everything found for fixing after scan' option. 4. Click Back 5. Click Scan 6. Click Fix checked Step B: 1. Click Config 2. Click Misc Tools 3. OPEN ADS SPY. 4. Click Scan (this will find all hidden files that you will not see in the explorer) 5. Select all items (this has to me done manually) 6. CLICK REMOVE SELECTED poi riposta il log che vediamo per startpage.m. Non è semplice toglierli entrambi in un colpo solo perchè potrebbero interferire a vicenda. Ciao

01-06-2005, 18:17	#3
fabius00 Messaggi: n/a	tutto ok! però oggi pomeriggio mi è tornato! se.dll del kaiser

01-06-2005, 22:54	#5
juninho85 Bannato Iscritto dal: Mar 2004 Città: Galapagos Attenzione:utente flautolente,tienilo a mente Messaggi: 29028	dovrebbe essere uno spyware abbastanza niubbo,newdot.net se non ricordo male...comunque prova con cwshredder o qualcosa del genere per rimuoverlo,in alternativa basta pure spybot

03-06-2005, 08:47	#6
fabius00 Messaggi: n/a	intanto grazie! questo è il log di hjackthis dopo l'uso dei programmini che mi avete dato! Logfile of HijackThis v1.97.7 Scan saved at 9.32.36, on 03/06/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SDMAN.EXE C:\PROGRAMMI\NORTON ANTIVIRUS\NAVAPW32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\IGFXTRAY.EXE C:\SABRE\APPS\ATS\SSSCLNT.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAMMI\USB DISK TOOL\USNDISKT.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAMMI\WINAMP\WINAMPA.EXE C:\WINDOWS\SABSERV.EXE C:\SABRE\APPS\OADP\OADP.EXE C:\PROGRAMMI\NORTON ANTIVIRUS\NSCHED32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\DOCUMENTI\FABIO\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Sabre Site Services] C:\SABRE\Apps\ATS\SSSClnt.EXE O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [USB Disk Tool] C:\Programmi\USB Disk Tool\USNDISKT.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SDApp] C:\WINDOWS\SDMan.EXE O4 - Startup: Server Sabre.lnk = C:\WINDOWS\sabserv.exe O4 - Startup: Sabre Printing Module.lnk = C:\SABRE\Apps\OADP\Oadp.exe O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00030410-78E1-11D2-B60F-006097C998E7}\misc.exe O4 - Startup: Norton Program Scheduler.lnk = C:\Programmi\Norton AntiVirus\NSCHED32.EXE O8 - Extra context menu item: &Google Search - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: Versione cache della pagina - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Pagine simili - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Collegamenti a ritroso - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O9 - Extra button: Messenger Addon (HKLM) O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...875.2120717593 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binarie...ysnet32_EN.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = DNS2.INTERBUSINESS.IT O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.99.125.2,151.99.250.2

03-06-2005, 08:52	#7
juninho85 Bannato Iscritto dal: Mar 2004 Città: Galapagos Attenzione:utente flautolente,tienilo a mente Messaggi: 29028	ci sono diverse cose che puzzano...hai ancora quei due virus?hai provato a fare una pulita con spybot?

03-06-2005, 08:53	#8
bluepix Senior Member Iscritto dal: Dec 2004 Città: Magenta(MI) Messaggi: 1513	Ehm.. hai Hijackthis un po' datato. Scarica l'ultima versione che è la v.1.99.1

03-06-2005, 09:22	#10
bluepix Senior Member Iscritto dal: Dec 2004 Città: Magenta(MI) Messaggi: 1513	http://www.hijackthis.de/downloads/hijackthis_199.zip

12-11-2005, 18:08	#13
karloss Senior Member Iscritto dal: Mar 2001 Messaggi: 612	aiuto, anche io ho questo virus trojan.startpage.m cancello il file se.dll pulisco con spybot e sparisce ma TORNA non appena lancio IE aiuto

Strumenti
Mostra una versione stampabile Invia questa pagina per email