GianFisa
17-01-2005, 20:15
è da oggi...qualsiasi cosa cerco vengono fuori cose assurde...porno..tutto in inglese succede anche a voi?
ciao
ciao
View Full Version : Google non funziona
ingpeo
17-01-2005, 20:30
No. Sei sicuro di non esserti beccato qualche spyware?
mirkobob
17-01-2005, 20:35
CERTI SPYWARE SONO MICIDIALI...
Scaricati qualche programma per rimuoverli..
Ciao
Scaricati qualche programma per rimuoverli..
Ciao
GianFisa
17-01-2005, 20:41
lo immaginavo ma adaware nn becca niente spybot nemmeno...
GianFisa
17-01-2005, 20:49
guardate qua: ho cercato da www.google.it hardware upgrade (solo pagine in italiano)
http://gianfisa.altervista.org/google.jpg
bah... a voi non da così vero?
sembra cerchi solo pagine commerciali...
http://gianfisa.altervista.org/google.jpg
bah... a voi non da così vero?
sembra cerchi solo pagine commerciali...
ingpeo
17-01-2005, 20:52
No, mi vengono il link al sito giusto.
GianFisa
17-01-2005, 20:58
Che strano...
altavista cmq mi funziona benissimo...
altavista cmq mi funziona benissimo...
GianFisa
18-01-2005, 18:41
Raga ho provato anche a passare ewido e Nod32 ma google non va ancora...
aristippo
18-01-2005, 18:53
Non ti resta che dare un occhio con HijackThis (http://hijackthis.de/index.php) .
Ciao e auguri.
Massimo:)
Ciao e auguri.
Massimo:)
GianFisa
18-01-2005, 19:25
Risolto con HijackThis grazie 1000!
Non lo avevo mai provato sto programma è ottimo anche perchè e molto manuale...
ciao!
Non lo avevo mai provato sto programma è ottimo anche perchè e molto manuale...
ciao!
aristippo
18-01-2005, 19:26
Mi fa piacere.
Io infatti ho risolto spesso laddove i vari spybot,adaware,ecc.non erano riusciti.
Ciao
Massimo:)
Io infatti ho risolto spesso laddove i vari spybot,adaware,ecc.non erano riusciti.
Ciao
Massimo:)
cova
19-01-2005, 09:34
Originariamente inviato da GianFisa
Risolto con HijackThis grazie 1000!
Non lo avevo mai provato sto programma è ottimo anche perchè e molto manuale...
ciao!
Sono nella tua stessa situazione, con google che fa ricerche strane e propone risultati imbarazzanti: naturalmente ho già provato a bonificare con tutti i classici sw, ed ora sto provando HijackThis: ho il timore di levare roba innocua, qualcuno ha maggiori info su questo tipo di infezione ?
:)
Risolto con HijackThis grazie 1000!
Non lo avevo mai provato sto programma è ottimo anche perchè e molto manuale...
ciao!
Sono nella tua stessa situazione, con google che fa ricerche strane e propone risultati imbarazzanti: naturalmente ho già provato a bonificare con tutti i classici sw, ed ora sto provando HijackThis: ho il timore di levare roba innocua, qualcuno ha maggiori info su questo tipo di infezione ?
:)
RBlade79
19-01-2005, 09:43
Originariamente inviato da cova
Sono nella tua stessa situazione, con google che fa ricerche strane e propone risultati imbarazzanti: naturalmente ho già provato a bonificare con tutti i classici sw, ed ora sto provando HijackThis: ho il timore di levare roba innocua, qualcuno ha maggiori info su questo tipo di infezione ?
:)
Ci sono molti spyware che fanno più o meno le stesse cose...per la rimozione, se vuoi postare il file log di HijackThis ti posso dare una mano a vedere cosa eliminare con sicurezza e cosa no.
Finalmente un conterraneo! :) Sei di AL città o provincia?
Sono nella tua stessa situazione, con google che fa ricerche strane e propone risultati imbarazzanti: naturalmente ho già provato a bonificare con tutti i classici sw, ed ora sto provando HijackThis: ho il timore di levare roba innocua, qualcuno ha maggiori info su questo tipo di infezione ?
:)
Ci sono molti spyware che fanno più o meno le stesse cose...per la rimozione, se vuoi postare il file log di HijackThis ti posso dare una mano a vedere cosa eliminare con sicurezza e cosa no.
Finalmente un conterraneo! :) Sei di AL città o provincia?
cova
19-01-2005, 09:54
:) Provincia....Valenza per la precisione
Ho risolto con HijackThis. Grande software!!!
Il log era questo:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINNT\system32\DSMANA~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Programmi\Meaya\Popup Ad Filter\PopFilter.exe
O8 - Extra context menu item: Allow Popups - C:\Programmi\Meaya\Popup Ad Filter\WhiteGetUrl.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://www.djphina.com:1024/img/NetCamPlayerWeb.ocx
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.atlanteitaliano.it/ecwplugins/ncs.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://192.168.1.249:8098/tsweb/msrdp.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://kamera.szczecinek.net.pl/activex/AxisCamControl.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{329324BA-5DA9-49C5-A0E2-3AEF61E81A95}: NameServer = 192.168.1.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{329324BA-5DA9-49C5-A0E2-3AEF61E81A95}: NameServer = 192.168.1.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{329324BA-5DA9-49C5-A0E2-3AEF61E81A95}: NameServer = 192.168.1.25
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NOD32 Kernel Service - Unknown - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
Ho rimosso quasi tutte le R, la 02, la 03 e qualche 017. A quel punto il real time dell'anti spyware della MS mi ha avvertito che coolwebsearch si voleva re-installare e l'ho troncato. Riavviato ed ora google funzia normalmente :D
Ho risolto con HijackThis. Grande software!!!
Il log era questo:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINNT\system32\DSMANA~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Programmi\Meaya\Popup Ad Filter\PopFilter.exe
O8 - Extra context menu item: Allow Popups - C:\Programmi\Meaya\Popup Ad Filter\WhiteGetUrl.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://www.djphina.com:1024/img/NetCamPlayerWeb.ocx
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.atlanteitaliano.it/ecwplugins/ncs.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://192.168.1.249:8098/tsweb/msrdp.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://kamera.szczecinek.net.pl/activex/AxisCamControl.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{329324BA-5DA9-49C5-A0E2-3AEF61E81A95}: NameServer = 192.168.1.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{329324BA-5DA9-49C5-A0E2-3AEF61E81A95}: NameServer = 192.168.1.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{329324BA-5DA9-49C5-A0E2-3AEF61E81A95}: NameServer = 192.168.1.25
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NOD32 Kernel Service - Unknown - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
Ho rimosso quasi tutte le R, la 02, la 03 e qualche 017. A quel punto il real time dell'anti spyware della MS mi ha avvertito che coolwebsearch si voleva re-installare e l'ho troncato. Riavviato ed ora google funzia normalmente :D
Ultrastito
02-02-2005, 10:23
Jo il vostro stesso problema mi apre sempre exactsearch.com ho scaricato hijackthis ed il log è il seguente, cosa devo eliminare???
Logfile of HijackThis v1.99.0
Scan saved at 11.26.11, on 02/02/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\System32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.exe
D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINNT\loadqm.exe
D:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
D:\Programmi\BullsEye Network\bin\bargains.exe
D:\Programmi\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
D:\WINNT\System32\internat.exe
D:\Programmi\Pinnacle\Shared Files\Programs\PCLEScheduler.exe
D:\Documents and Settings\Administrator\Documenti\Roba da salvare\Html2pop3\html2pop3.exe
D:\Programmi\Outlook Express\msimn.exe
D:\Programmi\MSN Messenger\msnmsgr.exe
D:\Programmi\ICQLite\ICQLite.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Programmi\Real\RealPlayer\RealPlay.exe
D:\Programmi\WinRAR\WinRAR.exe
D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX00.563\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gradinatasud.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programmi\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Programmi\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\MSN Apps\MSN Toolbar\01.02.3000.1001\it\msntb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - D:\WINNT\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programmi\ICQToolbar\toolbaru.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - D:\PROGRA~1\YOURSI~1\ysb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\MSN Apps\MSN Toolbar\01.02.3000.1001\it\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Wxp4] D:\WINNT\System32\Norton Update.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasDtServ] gcasDtServ.exe
O4 - HKLM\..\Run: [ICQ Lite] D:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "D:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [BullsEye Network] D:\Programmi\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [PCTVRemote] D:\Programmi\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [wingo] D:\WINNT\System32\wingo.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programmi\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Pinnacle Scheduler.lnk = D:\Programmi\Pinnacle\Shared Files\Programs\PCLEScheduler.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Scarica con Download &Express - D:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: D:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23DDDA36-162C-47DF-8548-DD9DC4528306}: NameServer = 195.130.224.18 195.130.225.129
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - D:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: ZESOFT - Unknown - D:\WINNT\zeta.exe
Credo che quello che nomina Bullseye è il primo da levare giusto??
Logfile of HijackThis v1.99.0
Scan saved at 11.26.11, on 02/02/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\System32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.exe
D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINNT\loadqm.exe
D:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
D:\Programmi\BullsEye Network\bin\bargains.exe
D:\Programmi\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
D:\WINNT\System32\internat.exe
D:\Programmi\Pinnacle\Shared Files\Programs\PCLEScheduler.exe
D:\Documents and Settings\Administrator\Documenti\Roba da salvare\Html2pop3\html2pop3.exe
D:\Programmi\Outlook Express\msimn.exe
D:\Programmi\MSN Messenger\msnmsgr.exe
D:\Programmi\ICQLite\ICQLite.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Programmi\Real\RealPlayer\RealPlay.exe
D:\Programmi\WinRAR\WinRAR.exe
D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX00.563\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gradinatasud.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programmi\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Programmi\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\MSN Apps\MSN Toolbar\01.02.3000.1001\it\msntb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - D:\WINNT\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programmi\ICQToolbar\toolbaru.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - D:\PROGRA~1\YOURSI~1\ysb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\MSN Apps\MSN Toolbar\01.02.3000.1001\it\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] D:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Wxp4] D:\WINNT\System32\Norton Update.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasDtServ] gcasDtServ.exe
O4 - HKLM\..\Run: [ICQ Lite] D:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "D:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [BullsEye Network] D:\Programmi\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [PCTVRemote] D:\Programmi\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [wingo] D:\WINNT\System32\wingo.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programmi\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Pinnacle Scheduler.lnk = D:\Programmi\Pinnacle\Shared Files\Programs\PCLEScheduler.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Scarica con Download &Express - D:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: D:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23DDDA36-162C-47DF-8548-DD9DC4528306}: NameServer = 195.130.224.18 195.130.225.129
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - D:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: ZESOFT - Unknown - D:\WINNT\zeta.exe
Credo che quello che nomina Bullseye è il primo da levare giusto??
bluepix
02-02-2005, 10:52
dovresti eliminare tutto quello che segue:
D:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
D:\Programmi\BullsEye Network\bin\bargains.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gradinatasud.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Programmi\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\MSN Apps\MSN Toolbar\01.02.3000.1001\it\msntb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - D:\WINNT\System32\msbe.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - D:\PROGRA~1\YOURSI~1\ysb.dll
O4 - HKLM\..\Run: [msnappau] "D:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [BullsEye Network] D:\Programmi\BullsEye Network\bin\bargains.exe
O4 - HKCU\..\Run: [wingo] D:\WINNT\System32\wingo.exe
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softw.../0006_adult.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares...ysb_regular.cab
e forse anche il seguente se non sai cos'è:
O23 - Service: ZESOFT - Unknown - D:\WINNT\zeta.exe
PS: Aggiorna anche Windows Explorer da Microsoft
D:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
D:\Programmi\BullsEye Network\bin\bargains.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gradinatasud.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Programmi\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\MSN Apps\MSN Toolbar\01.02.3000.1001\it\msntb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - D:\WINNT\System32\msbe.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - D:\PROGRA~1\YOURSI~1\ysb.dll
O4 - HKLM\..\Run: [msnappau] "D:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [BullsEye Network] D:\Programmi\BullsEye Network\bin\bargains.exe
O4 - HKCU\..\Run: [wingo] D:\WINNT\System32\wingo.exe
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softw.../0006_adult.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares...ysb_regular.cab
e forse anche il seguente se non sai cos'è:
O23 - Service: ZESOFT - Unknown - D:\WINNT\zeta.exe
PS: Aggiorna anche Windows Explorer da Microsoft
RBlade79
02-02-2005, 10:56
Originariamente inviato da Ultrastito
...
Io eliminerei:
D:\Programmi\BullsEye Network\bin\bargains.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O4 - HKLM\..\Run: [BullsEye Network] D:\Programmi\BullsEye Network\bin\bargains.exe
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softw.../0006_adult.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares...ysb_regular.cab
...inizia con questi. Ci sono altre cose che non mi convincono ma così dovresti già dare una bella sfoltita...
EDIT: oops, non avevo visto il post di bluepix...
...
Io eliminerei:
D:\Programmi\BullsEye Network\bin\bargains.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O4 - HKLM\..\Run: [BullsEye Network] D:\Programmi\BullsEye Network\bin\bargains.exe
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softw.../0006_adult.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares...ysb_regular.cab
...inizia con questi. Ci sono altre cose che non mi convincono ma così dovresti già dare una bella sfoltita...
EDIT: oops, non avevo visto il post di bluepix...
Ultrastito
02-02-2005, 11:13
Tutti quelli che mi avete detto li ho tolti ora riavvio windows e aggiorno IE
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.