L'HOME PAGE NON E' PIU' LA STESSA

[geofree]

Salve a tutti!

Spero che qlc1 sul forum sappia aiutarmi: su Firefox la mia home page non è più la stessa, ma è cambiata dopo che ho cercato di accedere ad un sito dove avrei dovuto scaricare il programma BitTorrent (ANZI STATE ATTENTI che questo sito appare come primo in google ed anche evidenziato se mettete come chiave di ricerca "bit torrent"!!!)...

Credo sia un bel virus. Ora la mia home page è:
http://italian.ircfast2.com/index.php?rvs=hompag

Ho effettuato scan con AVG e Ad-Adaware ma non hanno rilevato niente...

HELP!

[Luke57]

Ciao, Prova ad effettuare una scansione con questo tool:
http://www.trendmicro.com/ftp/products/ ... redder.exe
lo metti sul desktop, lo avvi, premi fix e non scan only.
Se non trova niente, scarica runscanner da qui:
http://www.ilsoftware.it/querydl.asp?ID=1054
lo avvii, selezioni l'opzione "expert mode", premi "start scan", al termine della scansione premi sulla barra dei menu "Save .log file", sarà creato un file di testo, copi e incolli il contenuto in un post successivo.

[geofree]

Ciao Luke e grazie per linteressamento.

Allora ho scaricato cwshredder e nn mi ha trovato nulla.

Poi ho scaricato runscanner; ecco il file di testo che m esce:

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

000 General info
----------------
Computer name : GIOVANNI-O6GFVS
Creation time : 23/02/2008 13.18.32
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 6.0.2900.2180
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.6.1.0
User Language : Italiano (Italia)
User rights : Administrator
Windows folder : C:\WINDOWS

001 Running processes
---------------------
* c:\windows\system32\alg.exe (Microsoft Corporation)
* c:\windows\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\system32\services.exe (Microsoft Corporation)
c:\programmi\ati technologies\ati control panel\atiptaxx.exe (ATI Technologies, Inc.)
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\grisoft\avgfre~1\avgamsvr.exe (GRISOFT, s.r.o.)
c:\progra~1\grisoft\avgfre~1\avgcc.exe (GRISOFT, s.r.o.)
c:\progra~1\grisoft\avgfre~1\avgemc.exe (GRISOFT, s.r.o.)
c:\progra~1\grisoft\avgfre~1\avgupsvc.exe (GRISOFT, s.r.o.)
* c:\programmi\babylon\babylon-pro\babylon.exe (Babylon Ltd.)
* c:\programmi\dna\btdna.exe
c:\programmi\bufferzone\bzdcomlaunch.exe
c:\programmi\bufferzone\bzrpcss.exe
* c:\programmi\bufferzone\clientgui.exe
c:\windows\system32\drivers\cdantsrv.exe (C-Dilla Ltd)
* c:\windows\system32\csrss.exe (Microsoft Corporation)
* c:\programmi\bufferzone\clntsvc.exe
* c:\windows\system32\ctfmon.exe (Microsoft Corporation)
* c:\windows\explorer.exe (Microsoft Corporation)
c:\windows\system32\spool\printers\events.exe
c:\windows\system32\spool\printers\firedaemon.exe (Sublime Solutions Pty Ltd)
c:\programmi\mozilla firefox\firefox.exe (Mozilla)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\documents and settings\giovanni.giovanni-o6gfvs\impostazioni locali\dati applicazioni\google\update\1.0.103.3\googleupdate.exe (Google Inc.)
c:\windows\system32\hls32svc.exe (Aladdin Knowledge Systems Ltd.)
c:\programmi\java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
* c:\windows\v0220mon.exe (Creative Technology Ltd.)
c:\programmi\creative\creative live! cam\live! cam manager\ctlcmgr.exe (Creative Technology Ltd.)
* c:\windows\system32\lsass.exe (Microsoft Corporation)
c:\programmi\file comuni\microsoft shared\vs7debug\mdm.exe (Microsoft Corporation)
* c:\programmi\msn messenger\msnmsgr.exe (Microsoft Corporation)
* c:\programmi\msn messenger\usnsvc.exe (Microsoft Corporation)
c:\programmi\alice ti aiuta\bin\mpbtn.exe
c:\programmi\nokia\nokia pc suite 6\launchapplication.exe (Nokia)
c:\programmi\quicktime\qttask.exe (Apple Computer, Inc.)
c:\programmi\file comuni\real\update_ob\realsched.exe (RealNetworks, Inc.)
c:\windows\soundman.exe (Realtek Semiconductor Corp.)
* c:\documents and settings\giovanni.giovanni-o6gfvs\desktop\runscanner.exe (Runscanner.net)
c:\programmi\pc connectivity solution\servicelayer.exe (Nokia.)
* c:\windows\system32\spoolsv.exe (Microsoft Corporation)
c:\programmi\creative\creative live! cam\videofx\startfx.exe (Creative Technology Ltd.)
c:\windows\system32\slserv.exe
c:\programmi\elaborate bytes\virtualclonedrive\vcddaemon.exe (Elaborate Bytes AG)
c:\programmi\winamp\winampa.exe
* c:\programmi\msn messenger\livecall.exe (Microsoft Corporation)
* c:\windows\system32\smss.exe (Microsoft Corporation)
* c:\windows\system32\wdfmgr.exe (Microsoft Corporation)
* c:\documents and settings\giovanni.giovanni-o6gfvs\impostazioni locali\dati applicazioni\youtube\uploader\youtubeuploader.exe (YouTube, LLC)

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\programmi\ati technologies\ati control panel\atiptaxx.exe (ATI Technologies, Inc.)
c:\programmi\creative\creative live! cam\videofx\startfx.exe (Creative Technology Ltd.)
c:\progra~1\grisoft\avgfre~1\avgcc.exe (GRISOFT, s.r.o.)
* c:\programmi\babylon\babylon-pro\babylon.exe (Babylon Ltd.)
* c:\programmi\bufferzone\clientgui.exe
- taskmnegr.exe
c:\windows\system32\nerocheck.exe (Ahead Software Gmbh)
c:\programmi\nokia\nokia pc suite 6\launchapplication.exe (Nokia)
c:\windows\system32\psdrvcheck.exe
c:\programmi\quicktime\qttask.exe (Apple Computer, Inc.)
C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
c:\programmi\java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
c:\programmi\file comuni\real\update_ob\realsched.exe (RealNetworks, Inc.)
c:\programmi\elaborate bytes\virtualclonedrive\vcddaemon.exe (Elaborate Bytes AG)
c:\programmi\winamp\winampa.exe
c:\programmi\pjw\spguard\spguard.exe (Piotr J. Walczak)

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\programmi\dna\btdna.exe
c:\programmi\creative\creative live! cam\live! cam manager\ctlcmgr.exe (Creative Technology Ltd.)
* c:\documents and settings\giovanni.giovanni-o6gfvs\impostazioni locali\dati applicazioni\google\update\1.0.103.3\googleupdate.exe (Google Inc.)
- servicetaskmanager.exe

004 C:\Documents and Settings\Giovanni.GIOVANNI-O6GFVS\Menu Avvio\Programmi\Esecuzione automatica
-------------------------------------------------------------------------------------------------
* c:\docume~1\giovan~1.gio\impost~1\datiap~1\youtube\uploader\youtub~1.exe (YouTube, LLC)

005 C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica
------------------------------------------------------------------------------------------
c:\progra~1\adobe\acroba~2.0\reader\reader~1.exe (Adobe Systems Incorporated)
c:\progra~1\fileco~1\adobe\calibr~1\adobeg~1.exe (Adobe Systems, Inc.)
c:\progra~1\alicet~1\bin\matcli.exe (Motive Communications, Inc.)

008 Default user \Software\Microsoft\Windows\CurrentVersion\Run (+subkeys)
--------------------------------------------------------------------------
c:\progra~1\grisoft\avgfre~1\avgw.exe (GRISOFT, s.r.o.)
c:\programmi\nokia\nokia pc suite 6\pcsync2.exe (Time Information Services Ltd.)

009 System user\Software\Microsoft\Windows\CurrentVersion\Run (+subkeys)
------------------------------------------------------------------------
c:\progra~1\grisoft\avgfre~1\avgw.exe (GRISOFT, s.r.o.)
c:\programmi\nokia\nokia pc suite 6\pcsync2.exe (Time Information Services Ltd.)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
C:\WINDOWS\system32\ati2evxx.exe (ati2evxx.exe)
c:\progra~1\grisoft\avgfre~1\avgemc.exe (AVG E-mail Scanner)
c:\progra~1\grisoft\avgfre~1\avgamsvr.exe (AVG7 Alert Manager Server)
c:\progra~1\grisoft\avgfre~1\avgupsvc.exe (AVG7 Update Service)
c:\programmi\bufferzone\bzdcomlaunch.exe (BufferZone DCOM Helper)
c:\programmi\bufferzone\bzrpcss.exe (BufferZone RPC Helper)
* c:\programmi\bufferzone\clntsvc.exe (BufferZone Service)
c:\windows\system32\drivers\cdantsrv.exe (C-DillaSrv)
c:\windows\system32\spool\printers\firedaemon.exe (FireDaemon Service: dll32)
c:\windows\system32\spool\printers\firedaemon.exe (FireDaemon Service: events)
c:\windows\system32\hls32svc.exe (HL-Server)
c:\programmi\file comuni\installshield\driver\11\intel 32\idrivert.exe (InstallDriver Table Manager)
c:\programmi\file comuni\microsoft shared\vs7debug\mdm.exe (Machine Debug Manager)
c:\programmi\pc connectivity solution\servicelayer.exe (ServiceLayer)
C:\WINDOWS\system32\slserv.exe (SmartLinkService)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
C:\WINDOWS\system32\drivers\a347bus.sys (a347bus)
C:\WINDOWS\system32\drivers\a347scsi.sys (a347scsi)
C:\WINDOWS\system32\drivers\torususb.sys (ADSL Modem USB Service 1.09a)
C:\WINDOWS\system32\drivers\asapiw2k.sys (ASAPIW2K)
C:\WINDOWS\system32\drivers\ati2mtag.sys (ati2mtag)
C:\WINDOWS\system32\drivers\stmatm.sys (ATM/ADSL miniport)
* c:\windows\system32\drivers\avgclean.sys (AVG Clean Driver)
c:\windows\system32\drivers\avgtdi.sys (AVG Network Redirector)
c:\windows\system32\drivers\avg7core.sys (AVG7 Kernel)
c:\windows\system32\drivers\avg7rsxp.sys (AVG7 Resident Driver XP)
c:\windows\system32\drivers\avg7rsw.sys (AVG7 Wrap Driver)
- c:\windows\system32\drivers\changer.sys (Changer)
C:\WINDOWS\system32\drivers\o2mmb.sys (CONAN)
C:\WINDOWS\system32\drivers\atapi.sys (Controller disco rigido IDE/ESDI standard)
C:\WINDOWS\system32\drivers\elbycdio.sys (ElbyCDIO Driver)
C:\WINDOWS\system32\drivers\elbydelay.sys (ElbyDelay)
- c:\windows\system32\drivers\i2omgmt.sys (i2omgmt)
- c:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc)
C:\WINDOWS\system32\drivers\mbxstby.sys (MbxStby)
C:\WINDOWS\system32\drivers\mtlmnt5.sys (Mtlmnt5)
C:\WINDOWS\system32\drivers\mtlstrm.sys (Mtlstrm)
- c:\windows\system32\drivers\ndisrd.sys (ndisrd)
C:\WINDOWS\system32\drivers\ntmtlfax.sys (NtMtlFax)
C:\WINDOWS\system32\drivers\pfc.sys (Padus ASPI Shell)
- c:\windows\system32\drivers\pcidump.sys (PCIDump)
- c:\windows\system32\drivers\pdcomp.sys (PDCOMP)
- c:\windows\system32\drivers\pdframe.sys (PDFRAME)
- c:\windows\system32\drivers\pdreli.sys (PDRELI)
- c:\windows\system32\drivers\pdrframe.sys (PDRFRAME)
C:\WINDOWS\system32\drivers\pxhelp20.sys (PxHelp20)
C:\WINDOWS\system32\drivers\recagent.sys (RecAgent)
C:\WINDOWS\system32\drivers\redlight.sys (REDLIGHT)
C:\WINDOWS\system32\drivers\camav.sys (SAMSUNG Video Capture)
C:\WINDOWS\system32\drivers\alcxwdm.sys (Service for Realtek AC97 Audio (WDM))
C:\WINDOWS\system32\drivers\alcxsens.sys (Service for WDM 3D Audio Driver)
C:\WINDOWS\system32\drivers\sisagpx.sys (SiS AGP Filter)
C:\WINDOWS\system32\drivers\slnthal.sys (SlNtHal)
C:\WINDOWS\system32\drivers\slwdmsup.sys (SlWdmSup)
C:\WINDOWS\system32\drivers\slntamr.sys (SmartLink AMR_PCI Driver)
C:\WINDOWS\system32\drivers\vclone.sys (VClone)
- c:\windows\system32\drivers\wdica.sys (WDICA)

031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
c:\programmi\file comuni\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
c:\programmi\file comuni\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
c:\programmi\file comuni\microsoft shared\web folders\pkmcdo.dll (Microsoft Corporation) {CD00020A-8B95-11D1-82DB-00C04FB1625D}
GUID / CLSID not found {0A9007C0-4076-11D3-8789-0000F8105754}
c:\programmi\file comuni\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF40-A96B-11d1-9C6B-0000F875AC61}

035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
------------------------------------------------------------------
c:\windows\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}

040 HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
------------------------------------------------------------
c:\programmi\secured_emule\tbsec0.dll (Conduit Ltd.) {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}

041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
c:\programmi\msn apps\msn toolbar\01.02.5000.1021\it\msntb.dll (Microsoft Corporation) {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
c:\programmi\secured_emule\tbsec0.dll (Conduit Ltd.) {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}

045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
----------------------------------------------------------------
c:\programmi\secured_emule\tbsec0.dll (Conduit Ltd.) {1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}
c:\programmi\msn apps\msn toolbar\01.02.5000.1021\it\msntb.dll (Microsoft Corporation) {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

047 Trusted zones
-----------------
Zone: : msn

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045}
c:\programmi\secured_emule\tbsec0.dll (Conduit Ltd.) {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}
c:\programmi\java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
c:\programmi\msn apps\msn toolbar\01.02.5000.1021\it\msntb.dll (Microsoft Corporation) {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
c:\programmi\msn apps\st\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation) {9394EDE7-C8B5-483E-8773-474BF36AF6E4}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
c:\progra~1\alcoho~1\alcoho~1\axshlex.dll (Alcohol Soft Development Team) {32020A01-506E-484D-A2A8-BE3CF17601C3}
c:\programmi\grisoft\avg free\avgse.dll (GRISOFT, s.r.o.) {9F97547E-460A-42C5-AE0C-81C61FFAEBC3}
c:\programmi\grisoft\avg free\avgse.dll (GRISOFT, s.r.o.) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
* c:\windows\system32\rlshellext.dll {E2958773-ACDB-4553-A069-A1EEB4AFBA0F}
c:\progra~1\fileco~1\micros~1\webfol~1\msonsext.dll (Microsoft Corporation) {BDEADF00-C265-11d0-BCED-00A0C90AB50F}
c:\progra~1\fileco~1\micros~1\webfol~1\msonsext.dll (Microsoft Corporation) {BDEADF00-C265-11D0-BCED-00A0C90AB50F}
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
* c:\programmi\microsoft office\office10\olkfstub.dll (Microsoft Corporation) {0006F045-0000-0000-C000-000000000046}
c:\programmi\nokia\nokia pc suite 6\phonebrowser.dll (Nokia) {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}
c:\programmi\real\realplayer\rpshell.dll (RealNetworks, Inc.) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
* c:\windows\system32\rlshellext.dll {37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}
* c:\windows\system32\rlshellext.dll {F594B094-8768-4632-8143-12852EBBD688}
* c:\windows\system32\rlshellext.dll {F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}
* c:\windows\system32\rlshellext.dll {E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}
c:\programmi\elaborate bytes\virtualclonedrive\elbyvcdshell.dll (Elaborate Bytes AG) {B7056B8E-4F99-44f8-8CBD-282390FE5428}
c:\programmi\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79305-84BE-11CE-9641-444553540000}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79306-84BE-11CE-9641-444553540000}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
c:\programmi\adobe\acrobat 7.0\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
C:\WINDOWS\system32\ati2evxx.dll

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
C:\WINDOWS\system32\pdf995mon.dll

100 Internet Explorer settings
------------------------------
SearchUrl HKCU : http://home.microsoft.com/access/autosearch.asp?p=%s
Start Page HKCU : http://google.com

102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
------------------------------------------------------------------
GUID / CLSID not found {32683183-48a0-441b-a342-7c2a440a9478}
GUID / CLSID not found {4528BBE0-4E08-11D5-AD55-00010333D0AD}
GUID / CLSID not found {4528BBE0-4E08-11D5-AD55-00010333D0AD}

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* c:\windows\downlo~1\acdcto~1.ocx (Autodesk) {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122}
c:\programmi\java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.) {8AD9C840-044E-11D1-B3E9-00805F499D93}
c:\programmi\java\jre1.5.0_05\bin\npjpi150_05.dll (Sun Microsystems, Inc.) {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
c:\programmi\java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.) {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
c:\programmi\java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.) {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
* c:\windows\downlo~1\acprev~1.ocx (Autodesk) {F281A59C-7B65-11D3-8617-0010830243BD}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
Translate with &Babylon : res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

120 Domain/DNS hijacking
------------------------
NameServer {3373A69B-3840-4B86-9A03-E10F8054C7E1} : 62.211.69.150,212.48.4.15

170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
------------------------------------------------------------------------
{1088329c-68fd-11db-ab4c-00030d13eb4e} : G:\LaunchU3.exe -a

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
c:\programmi\grisoft\avg free\avgse.dll (GRISOFT, s.r.o.) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
c:\programmi\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}

[Luke57]

Ciao, nel report non scorgo minacce.