View Full Version : help help help
fabius00
10-07-2004, 19:16
ragazzi ho aperto il pc e mi si è aperto sta cosa!!!!!!
http://fabius00.altervista.org/Immagine_1.jpg
che è? non riesco ne con spyware ne con antivirus!!!!
come se leva non è un desktop!!!!
se clicco col dx mi da come proprietà
indirizzo file:///C:/WINDOWS/Web/i_16.gif
(che ho cancellato) e se ci clicco sopra mi porta a questa pagina
[url]http://www.smart-security.info/?affid=RC_1
fabius00
10-07-2004, 19:35
quando lo spengo e lo riaccendo ora mi da la pagina bianca ma non il desk che avevo io!
inoltre la pgina internet di base iniziale è sempre http://dka.directwebsearch.net/main.html anche se la cambio!
e dopo aver aperto internet si rifa quel desktop il cui codice html è
<html><style>td {font: 14px Arial; color: white}</style><body bgcolor=black><table width=100% height=100%><td align="center"><table onclick="window.open('http://www.smart-security.info/?affid=RC_1');" style="cursor:hand" width=640 height=470 cellpadding=0 cellspacing=0 style="border:1px dashed gray"><tr><td bgcolor=black valign="top"><table width=640 border=0 cellpadding=0 cellspacing=0><tr><td rowspan=8><img src="i_01.gif" width=120 height=145></td><td rowspan=2><img src="i_02.gif" width=64 height=58></td><td colspan=2 rowspan=2><img src="i_03.gif" width=79 height=58></td><td rowspan=3><img src="i_04.gif" width=24 height=72></td><td rowspan=3><img src="i_05.gif" width=84 height=72></td><td rowspan=3><img src="i_06.gif" width=23 height=72></td><td colspan=2><img src="i_07.gif" width=82 height=14></td><td rowspan=3><img src="i_08.gif" width=12 height=72></td><td rowspan=5><img src="i_09.gif" width=152 height=90></td><td><img src="x.gif" width=1 height=14></td></tr><tr><td colspan=2 rowspan=2><img src="i_10.gif" width=82 height=58></td><td><img src="x.gif" width=1 height=44></td></tr><tr><td colspan=3 rowspan=3><img src="i_11.gif" width=143 height=32></td><td><img src="x.gif" width=1 height=14></td></tr><tr><td colspan=6><img src="i_12.gif" width=225 height=10></td><td><img src="x.gif" width=1 height=10></td></tr><tr><td colspan=2><img src="i_13.gif" width=108 height=8></td><td colspan=4><img src="i_14.gif" width=117 height=8></td><td><img src="x.gif" width=1 height=8></td></tr><tr><td colspan=3><img src="i_15.gif" width=143 height=5></td><td colspan=4 rowspan=3><img src="i_16.gif" width=166 height=55></td><td colspan=3 rowspan=3><img src="i_17.gif" width=211 height=55></td><td><img src="x.gif" width=1 height=5></td></tr><tr><td colspan=3><img src="i_18.gif" width=143 height=38></td><td><img src="x.gif" width=1 height=38></td></tr><tr><td colspan=2><img src="i_19.gif" width=136 height=12></td><td><img src="i_20.gif" width=7 height=12></td><td><img src="x.gif" width=1 height=12></td></tr><tr><td><img src="x.gif" width=120 height=1></td><td><img src="x.gif" width=64 height=1></td><td><img src="x.gif" width=72 height=1></td><td><img src="x.gif" width=7 height=1></td><td><img src="x.gif" width=24 height=1></td><td><img src="x.gif" width=84 height=1></td><td><img src="x.gif" width=23 height=1></td><td><img src="x.gif" width=35 height=1></td><td><img src="x.gif" width=47 height=1></td><td><img src="x.gif" width=12 height=1></td><td><img src="x.gif" width=152 height=1></td><td></td></tr></table><br><br><div style="padding:10"><strong>ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK. WHEN YOU VISIT SITES, SEND EMAILS... ALL YOUR ACTIONS ARE LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS. YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN.</strong><br><br>Every site you or somebody or even something, like spyware, opened in your browser, with all images, and all downloaded and maybe later removed movies or mp3 songs - <font color=yellow>ARE STILL THERE</font> and could broke your life!<br><br><p style="font: bold 24px Arial; color: yellow; margin-left:110">SECURE YOURSELF RIGHT NOW!</p></div></td></tr><tr><td><table width="100%" bgcolor="gray" cellpadding="10"><td align=center><a href="#" onclick="return false" style="color:black">Removal instructions</a></td></table></td></table></td></table></body></html>
Strano che tu abbia beccato qualcosa di losco :D :D :D
...in che sito 6 finito stavolta???? :asd: :asd:
fai uno scan con hijackthis e posta il log.
ciao.
fabius00
11-07-2004, 09:46
a casa il pc lo usa ilk figlio della mia compagna ;)
cmq era un active desktop che ho rimosso ma la pagina internet iniziale anche se cambio l'indirizzo, ogni volta che spengo e riaccendo il pc dive nta sempre http://dka.directwebsearch.net/index.php
hai tolto la foto ma sicuramente nn hai risolto con il spy che hai preso ....se posti il log di highjackthis forse riusciremo a capire di che si tratta e cosa fare
fabius00
11-07-2004, 13:03
Originariamente inviato da popkorn
hai tolto la foto ma sicuramente nn hai risolto con il spy che hai preso ....se posti il log di highjackthis forse riusciremo a capire di che si tratta e cosa fare
eccolo
Logfile of HijackThis v1.97.7
Scan saved at 14.03.25, on 11/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Keyboard\Ikeymain.exe
C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Messenger Plus! 2\MsgPlus.exe
C:\Programmi\FSI\F-Prot\F-StopW.EXE
C:\Programmi\BulletProofSoft.com\SpywareRemover\SpyWatch.exe
C:\Programmi\BulletProofSoft.com\SpywareRemover\C0AB6AE.DLL
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\fabio1\Documenti\daniele\fabio\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dka.directwebsearch.net/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dka.directwebsearch.net/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dka.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://dka.directwebsearch.net/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dka.directwebsearch.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dka.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://dka.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fastweb.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://dka.directwebsearch.net/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dka.directwebsearch.net/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da FastWeb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://dka.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://dka.directwebsearch.net/search.php
O1 - Hosts: 69.31.79.187 auto.search.msn.com
O1 - Hosts: 69.31.79.187 auto.search.msn.com
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmi\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\System32\BPKwb.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmi\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AtiPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmi\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [F-StopW] C:\Programmi\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe
O4 - HKCU\..\Run: [SPYWATCH] C:\Programmi\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.fastweb.it
O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} (preload control) - http://www.thepaymentcentre.com/build/preload.cab
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.173.252/bonus.chm::/winpromo.exe
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/axexx.chm::/webload.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/it/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.4323611111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
fabius00
11-07-2004, 13:05
ho cancellato tute le R0e R1
dopo una veloce occhiata hai fatto bene.....ora entra in modalita provvisoria e trova e cancella il winupd.exe (C:\WINDOWS\System32\winupd.exe )
fabius00
11-07-2004, 13:29
Originariamente inviato da popkorn
dopo una veloce occhiata hai fatto bene.....ora entra in modalita provvisoria e trova e cancella il winupd.exe (C:\WINDOWS\System32\winupd.exe )
soolo in provvisoria?
ah! rivedendo cè da fixare anche questo
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.173.252/bonus.chm::/winpromo.exe
fabius00
11-07-2004, 13:45
Originariamente inviato da popkorn
ah! rivedendo cè da fixare anche questo
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.173.252/bonus.chm::/winpromo.exe
danke! dopo lo faccio ;)
fabius00
13-07-2004, 19:07
Originariamente inviato da fabius00
danke! dopo lo faccio ;)
ora sembra essere tuto ok!
fabius00
14-07-2004, 21:15
:eek: niente! lo ripreso proprio ora io ma girando sul forum :eek:
ad un tratto mi si sono aperte migliaia di pagine internet! e facendo ctrl alt del mi va sul desktop e ri ho quella zozzeria!!!!!
usa adware aggiornalo e fai pulizia da provvisoria
...
se non funziona
riposta il nuovo log di hijckthis
comunque penso sia un trojan
http://www.sophos.com/virusinfo/analyses/trojstartpabr.html
che paranoia :mad: , vedendo il link cha ha postato netquik se nn sene va con ad-aware mi sa che devi rifare tutto + quello indicato sul sito di Sophos
"You should also change your Internet Explorer settings using Tools|Internet options|General to remove any modifications made by the Trojan.
Replace the Hosts file from a backup or edit it in Notepad to remove the changes that the Trojan has made."
fabius00
15-07-2004, 09:08
Originariamente inviato da popkorn
che paranoia :mad: , vedendo il link cha ha postato netquik se nn sene va con ad-aware mi sa che devi rifare tutto + quello indicato sul sito di Sophos
"You should also change your Internet Explorer settings using Tools|Internet options|General to remove any modifications made by the Trojan.
Replace the Hosts file from a backup or edit it in Notepad to remove the changes that the Trojan has made."
bastardi
:muro:
sniper13
16-07-2004, 07:17
ciao... anch'io ho il problema della pagina iniziale di iexplorer... posto il log di hijackthis... magari mi potete aiutare :)
Logfile of HijackThis v1.97.7
Scan saved at 8:17:07, on 16/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\MEETBE~1\Mapipeakstupid.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\IMAP Notify\IMAPNotify.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\E_S00RP2.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\Speed Disk\nopdb.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.html?http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~4\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Flag Plan] C:\PROGRA~1\MEETBE~1\Mapipeakstupid.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: IMAP Notify.lnk = C:\Programmi\IMAP Notify\IMAPNotify.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38050.6806597222
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF2A1814-701B-407C-AFC8-A973F047EA6A}: NameServer = 193.70.192.25 193.70.152.25
prova a fixare queste
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/.../redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
O4 - HKLM\..\Run: [Flag Plan] C:\PROGRA~1\MEETBE~1\Mapipeakstupid.exe
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
e prova a eliminare (magari da provvisoria)
C:\PROGRA~1\MEETBE~1 (non è roba tua no?)
e file://c:\info6_s.cab
ti conviene poi terminare con qualche passata dei solito noti
adaware aggiornato in testa
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.