help help help

ragazzi ho aperto il pc e mi si è aperto sta cosa!!!!!!



che è? non riesco ne con spyware ne con antivirus!!!!

come se leva non è un desktop!!!!

se clicco col dx mi da come proprietà
indirizzo [url] file:///C:/WINDOWS/Web/i_16.gif

(che ho cancellato) e se ci clicco sopra mi porta a questa pagina
http://www.smart-security.info/?affid=RC_1

quando lo spengo e lo riaccendo ora mi da la pagina bianca ma non il desk che avevo io!

inoltre la pgina internet di base iniziale è sempre http://dka.directwebsearch.net/main.html anche se la cambio!

e dopo aver aperto internet si rifa quel desktop il cui codice html è

<html><style>td {font: 14px Arial; color: white}</style><body bgcolor=black><table width=100% height=100%><td align="center"><table onclick="window.open('http://www.smart-security.info/?affid=RC_1');" style="cursor:hand" width=640 height=470 cellpadding=0 cellspacing=0 style="border:1px dashed gray"><tr><td bgcolor=black valign="top"><table width=640 border=0 cellpadding=0 cellspacing=0><tr><td rowspan=8><img src="i_01.gif" width=120 height=145></td><td rowspan=2><img src="i_02.gif" width=64 height=58></td><td colspan=2 rowspan=2><img src="i_03.gif" width=79 height=58></td><td rowspan=3><img src="i_04.gif" width=24 height=72></td><td rowspan=3><img src="i_05.gif" width=84 height=72></td><td rowspan=3><img src="i_06.gif" width=23 height=72></td><td colspan=2><img src="i_07.gif" width=82 height=14></td><td rowspan=3><img src="i_08.gif" width=12 height=72></td><td rowspan=5><img src="i_09.gif" width=152 height=90></td><td><img src="x.gif" width=1 height=14></td></tr><tr><td colspan=2 rowspan=2><img src="i_10.gif" width=82 height=58></td><td><img src="x.gif" width=1 height=44></td></tr><tr><td colspan=3 rowspan=3><img src="i_11.gif" width=143 height=32></td><td><img src="x.gif" width=1 height=14></td></tr><tr><td colspan=6><img src="i_12.gif" width=225 height=10></td><td><img src="x.gif" width=1 height=10></td></tr><tr><td colspan=2><img src="i_13.gif" width=108 height=8></td><td colspan=4><img src="i_14.gif" width=117 height=8></td><td><img src="x.gif" width=1 height=8></td></tr><tr><td colspan=3><img src="i_15.gif" width=143 height=5></td><td colspan=4 rowspan=3><img src="i_16.gif" width=166 height=55></td><td colspan=3 rowspan=3><img src="i_17.gif" width=211 height=55></td><td><img src="x.gif" width=1 height=5></td></tr><tr><td colspan=3><img src="i_18.gif" width=143 height=38></td><td><img src="x.gif" width=1 height=38></td></tr><tr><td colspan=2><img src="i_19.gif" width=136 height=12></td><td><img src="i_20.gif" width=7 height=12></td><td><img src="x.gif" width=1 height=12></td></tr><tr><td><img src="x.gif" width=120 height=1></td><td><img src="x.gif" width=64 height=1></td><td><img src="x.gif" width=72 height=1></td><td><img src="x.gif" width=7 height=1></td><td><img src="x.gif" width=24 height=1></td><td><img src="x.gif" width=84 height=1></td><td><img src="x.gif" width=23 height=1></td><td><img src="x.gif" width=35 height=1></td><td><img src="x.gif" width=47 height=1></td><td><img src="x.gif" width=12 height=1></td><td><img src="x.gif" width=152 height=1></td><td></td></tr></table><br><br><div style="padding:10"><strong>ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK. WHEN YOU VISIT SITES, SEND EMAILS... ALL YOUR ACTIONS ARE LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS. YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN.</strong><br><br>Every site you or somebody or even something, like spyware, opened in your browser, with all images, and all downloaded and maybe later removed movies or mp3 songs - <font color=yellow>ARE STILL THERE</font> and could broke your life!<br><br><p style="font: bold 24px Arial; color: yellow; margin-left:110">SECURE YOURSELF RIGHT NOW!</p></div></td></tr><tr><td><table width="100%" bgcolor="gray" cellpadding="10"><td align=center><a href="#" onclick="return false" style="color:black">Removal instructions</a></td></table></td></table></td></table></body></html>

[MrOZ]

Strano che tu abbia beccato qualcosa di losco

...in che sito 6 finito stavolta????


fai uno scan con hijackthis e posta il log.

ciao.

a casa il pc lo usa ilk figlio della mia compagna

cmq era un active desktop che ho rimosso ma la pagina internet iniziale anche se cambio l'indirizzo, ogni volta che spengo e riaccendo il pc dive nta sempre http://dka.directwebsearch.net/index.php

[popkorn]

hai tolto la foto ma sicuramente nn hai risolto con il spy che hai preso ....se posti il log di highjackthis forse riusciremo a capire di che si tratta e cosa fare

Quote:

Originariamente inviato da popkorn
hai tolto la foto ma sicuramente nn hai risolto con il spy che hai preso ....se posti il log di highjackthis forse riusciremo a capire di che si tratta e cosa fare

eccolo

Logfile of HijackThis v1.97.7
Scan saved at 14.03.25, on 11/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Keyboard\Ikeymain.exe
C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Messenger Plus! 2\MsgPlus.exe
C:\Programmi\FSI\F-Prot\F-StopW.EXE
C:\Programmi\BulletProofSoft.com\SpywareRemover\SpyWatch.exe
C:\Programmi\BulletProofSoft.com\SpywareRemover\C0AB6AE.DLL
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\fabio1\Documenti\daniele\fabio\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dka.directwebsearch.net/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dka.directwebsearch.net/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dka.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://dka.directwebsearch.net/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dka.directwebsearch.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dka.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://dka.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fastweb.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://dka.directwebsearch.net/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dka.directwebsearch.net/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dka.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da FastWeb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://dka.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://dka.directwebsearch.net/search.php
O1 - Hosts: 69.31.79.187 auto.search.msn.com
O1 - Hosts: 69.31.79.187 auto.search.msn.com
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmi\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\System32\BPKwb.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmi\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AtiPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmi\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [F-StopW] C:\Programmi\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe
O4 - HKCU\..\Run: [SPYWATCH] C:\Programmi\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.fastweb.it
O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} (preload control) - http://www.thepaymentcentre.com/build/preload.cab
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.173.252/bonus.chm::/winpromo.exe
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/axexx.chm::/webload.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/it/bi.../GoogleNav.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...875.4323611111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/contro.../msnchat45.cab

ho cancellato tute le R0e R1

[popkorn]

dopo una veloce occhiata hai fatto bene.....ora entra in modalita provvisoria e trova e cancella il winupd.exe (C:\WINDOWS\System32\winupd.exe )

Quote:

Originariamente inviato da popkorn
dopo una veloce occhiata hai fatto bene.....ora entra in modalita provvisoria e trova e cancella il winupd.exe (C:\WINDOWS\System32\winupd.exe )

soolo in provvisoria?

[popkorn]

ah! rivedendo cè da fixare anche questo
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.173.252/bonus.chm::/winpromo.exe

[popkorn]

si in provvisoria..f8

Quote:

Originariamente inviato da popkorn
ah! rivedendo cè da fixare anche questo
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.173.252/bonus.chm::/winpromo.exe

danke! dopo lo faccio

Quote:

Originariamente inviato da fabius00
danke! dopo lo faccio

ora sembra essere tuto ok!

[popkorn]

Bene!!

niente! lo ripreso proprio ora io ma girando sul forum

ad un tratto mi si sono aperte migliaia di pagine internet! e facendo ctrl alt del mi va sul desktop e ri ho quella zozzeria!!!!!

[netquik]

usa adware aggiornalo e fai pulizia da provvisoria
...


se non funziona

riposta il nuovo log di hijckthis

[netquik]

comunque penso sia un trojan

http://www.sophos.com/virusinfo/anal...startpabr.html

[popkorn]

che paranoia , vedendo il link cha ha postato netquik se nn sene va con ad-aware mi sa che devi rifare tutto + quello indicato sul sito di Sophos
"You should also change your Internet Explorer settings using Tools|Internet options|General to remove any modifications made by the Trojan.
Replace the Hosts file from a backup or edit it in Notepad to remove the changes that the Trojan has made."

Quote:

Originariamente inviato da popkorn
che paranoia , vedendo il link cha ha postato netquik se nn sene va con ad-aware mi sa che devi rifare tutto + quello indicato sul sito di Sophos
"You should also change your Internet Explorer settings using Tools|Internet options|General to remove any modifications made by the Trojan.
Replace the Hosts file from a backup or edit it in Notepad to remove the changes that the Trojan has made."

bastardi

[sniper13]

ciao... anch'io ho il problema della pagina iniziale di iexplorer... posto il log di hijackthis... magari mi potete aiutare

Logfile of HijackThis v1.97.7
Scan saved at 8:17:07, on 16/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\MEETBE~1\Mapipeakstupid.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\IMAP Notify\IMAPNotify.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\E_S00RP2.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\Speed Disk\nopdb.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/i...redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~4\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Flag Plan] C:\PROGRA~1\MEETBE~1\Mapipeakstupid.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: IMAP Notify.lnk = C:\Programmi\IMAP Notify\IMAPNotify.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...050.6806597222
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF2A1814-701B-407C-AFC8-A973F047EA6A}: NameServer = 193.70.192.25 193.70.152.25