finestre che si aprono da sole...

[andrecelagrosso]

Ciao a tutti, allora per il problema in oggetto ho scaricato un programmino che mi è stato consigliato: HijackThis
In pratica ho fatto il file di log e devo eliminare i file sospetti che mi procurerebbero questo inconveniente. Anche l'autori del programma consigliano di sentire qlc esperto per evitare di eliminare file importanti che provocherebbero danni al sistema...per cui confido in voi

Ecco il file :

Logfile of HijackThis v1.98.2
Scan saved at 18.06.44, on 14/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\sstray.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\CA\eTrust\Antivirus\realmon.exe
C:\programmi\sgrunt\IE4321.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\MSMSGS.EXE
C:\Programmi\CA\eTrust\Antivirus\InoRpc.exe
C:\Programmi\CA\eTrust\Antivirus\InoRT.exe
C:\Programmi\CA\eTrust\Antivirus\InoTask.exe
C:\WINDOWS\LogWatNT.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmi\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Programmi\Bargain Buddy\bin\apuc.dll (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmi\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\Programmi\CA\eTrust\Antivirus\realmon.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\woccfrxe.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmi\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Olympic] c:\programmi\sgrunt\IE4321.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\MSMSGS.EXE" /background
O4 - Startup: VisionGS.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra button: SEARCH - {FE5A1910-F121-11d2-BE9E-01C04A7936B1} - http://www.google.com.super-fast-sea...a.com/find.htm (file missing)
O9 - Extra button: ENTERTAINMENT - {FE5A1910-F121-11d2-BE9E-01C04A7936B2} - http://www.google.com.super-fast-sea...sua.com/av.htm (file missing)
O9 - Extra button: PILLS - {FE5A1910-F121-11d2-BE9E-01C04A7936B3} - http://www.google.com.super-fast-sea...ua.com/med.htm (file missing)
O9 - Extra button: SECURITY - {FE5A1910-F121-11d2-BE9E-01C04A7936B4} - http://www.google.com.super-fast-sea....com/check.htm (file missing)
O9 - Extra button: SEARCH - {FE5A1910-F121-11d2-BE9E-01C04A7936B5} - http://www.google.com.super-fast-search.apsua.com (file missing)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://www.google.com.super-fast-sea...om/c/c.pl?url=
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.yeak.net
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://16980.dialer.lincassa.com/topannunci-live.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.sgrunt.biz/closer/close.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{47422173-26A9-4206-8AB9-DC68B202B46F}: NameServer = 217.141.255.204 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{47422173-26A9-4206-8AB9-DC68B202B46F}: NameServer = 217.141.255.204 151.99.125.1
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Jibkifho.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)

COSA ELIMINO? AIUTOOOOO!!

[Habanero]

prima di postare il log hai già provato con programmi antispyware come AD-Aware (aggiornato) vero???

in attesa di regole precise a riguardo che presto arriveranno...
http://forum.html.it/forum/showthrea...hreadid=751679

[Cinder]

Oltre a scansionare il pc con programmi antispy aggiornati ( come adaware il cui download e settaggio li trovi qui ) fai anche qualche scansione con un antivirus aggiornato eliminando tutto ciò che trova oppure con scansioni on line

http://www.pandasoftware.com/actives..._principal.htm

http://housecall.trendmicro.com/

Guardando un pò il tuo log si vede che hai un pc pieno di dialer, spyware, browser helper object, file host sovrascritto ma soprattutto alcuni valori del tuo log fanno capo a 2 trojan (Troj/Webber-D e Troj/AdClick-AC) da elimiare appunto con un antivirus aggiornato.

Buona scansione