piccolo aiuto

xamm63 · 19-04-2006, 16:09

salve ragazzi come al solito avrei bisogno di un piccolo aiuto:

navigo con fire fox ed ogni tanto vengo rindirizzato a questa pagina:http://popunder.paypopup.com/default...dleWare&subid=

e poi e' un continuo che limewire parte da solo ....aiutoooooo

*Nexus* · 19-04-2006, 16:13

Fai una scansione con ewido, con il tuo antivirus, posta un log di hijackthis e immuniza il sistema con spywareblaster

xamm63 · 19-04-2006, 16:14

Logfile of HijackThis v1.99.1
Scan saved at 16.37.15, on 19/04/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWSB\SYSTEM\KERNEL32.DLL
C:\WINDOWSB\SYSTEM\MSGSRV32.EXE
C:\WINDOWSB\SYSTEM\SPOOL32.EXE
C:\WINDOWSB\SYSTEM\MPREXE.EXE
C:\WINDOWSB\SYSTEM\MSTASK.EXE
C:\WINDOWSB\SYSTEM\mmtask.tsk
C:\WINDOWSB\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWSB\EXPLORER.EXE
C:\WINDOWSB\RUNDLL32.EXE
C:\WINDOWSB\TASKMON.EXE
C:\WINDOWSB\SYSTEM\SYSTRAY.EXE
C:\WINDOWSB\SYSTEM\RMCTRL.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWSB\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\WINUPDATES\WINUPDATES.EXE
C:\WINDOWS\MOUSEPAD12.EXE
C:\WINDOWSB\CMD\COMMAND.EXE
C:\PROGRAMMI\WEBHANCER\PROGRAMS\WHAGENT.EXE
C:\PROGRAMMI\MESSENGER\MSMSGS.EXE
C:\WINDOWSB\SYSTEM\PSTORES.EXE
C:\ESM2\STMS.EXE
C:\PROGRAMMI\FILE COMUNI\WINDOWS\SERVICES32.EXE
C:\WINDOWSB\SYSTEM\WINOA386.MOD
C:\ESM2\EBRR.EXE
C:\WINDOWSB\SYSTEM\DDHELP.EXE
C:\WINDOWSB\SYSTEM\STIMON.EXE
C:\DOCUMENTI\PROGRAMMI\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\PROGRAMMI\TOOLBAR888\TOOLBAR888.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWSB\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWSB\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWSB\SYSTEM\rmctrl.exe
O4 - HKLM\..\Run: [BtStart] C:\Programmi\WIDCOMM\Software Bluetooth\bin\btstart.exe
O4 - HKLM\..\Run: [Multimedia Key] C:\PROGRA~2\MED280NT\DriBat32.EXE DKBoot.INI
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWSB\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winupdates] C:\Programmi\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winsupdater] C:\Programmi\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] WINLOG.EXE
O4 - HKLM\..\Run: [winupdate] C:\Programmi\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] P2PNETWORKING.EXE
O4 - HKLM\..\Run: [keyboard] C:\WINDOWS\KEYBOARD12.exe
O4 - HKLM\..\Run: [mousepad] C:\WINDOWS\MOUSEPAD12.exe
O4 - HKLM\..\Run: [newname] C:\WINDOWS\NEWNAME12.exe
O4 - HKLM\..\Run: [Command] C:\WINDOWSB\cmd\command.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Microsoft Startup Manager] C:\WINDOWSB\SYSTEM\sysservice.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWSB\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [] WINLOG.EXE
O4 - HKLM\..\RunServices: [p2pnetworking] P2PNETWORKING.EXE
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\Run: [NBJ] "C:\PROGRAMMI\AHEAD\NERO BACKITUP\NBJ.EXE"
O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-110-12-0000137.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\STMS.exe
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: @btrez.dll,-4015@1040,Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017@1040,Invia a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer

*Nexus* · 19-04-2006, 16:42

fixa:

C:\PROGRAMMI\WINUPDATES\WINUPDATES.EXE
C:\WINDOWSB\CMD\COMMAND.EXE
C:\PROGRAMMI\WEBHANCER\PROGRAMS\WHAGENT.EXE
C:\PROGRAMMI\FILE COMUNI\WINDOWS\SERVICES32.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\PROGRAMMI\TOOLBAR888\TOOLBAR888.DLL
O4 - HKLM\..\Run: [winupdates] C:\Programmi\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winsupdater] C:\Programmi\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [winupdate] C:\Programmi\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] P2PNETWORKING.EXE
O4 - HKLM\..\Run: [Command] C:\WINDOWSB\cmd\command.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Microsoft Startup Manager] C:\WINDOWSB\SYSTEM\sysservice.exe
O4 - HKLM\..\RunServices: [p2pnetworking] P2PNETWORKING.EXE
O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-110-12-0000137.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHance

Comunque è caldamente consigliata anche un scansione con un buon antivirus e un buon antispyware

marcocappe · 19-04-2006, 16:56

Fai una scansione con Ewido e poi fixa queste voci:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
TOOLBAR888.DLL
O4 - HKLM\..\Run: [winupdates] C:\Programmi\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winsupdater] C:\Programmi\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] WINLOG.EXE
O4 - HKLM\..\Run: [winupdate] C:\Programmi\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] P2PNETWORKING.EXE
O4 - HKLM\..\Run: [keyboard] C:\WINDOWS\KEYBOARD12.exe
O4 - HKLM\..\Run: [mousepad] C:\WINDOWS\MOUSEPAD12.exe
O4 - HKLM\..\Run: [newname] C:\WINDOWS\NEWNAME12.exe
O4 - HKLM\..\Run: [Command] C:\WINDOWSB\cmd\command.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Microsoft Startup Manager] C:\WINDOWSB\SYSTEM\sysservice.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [] WINLOG.EXE
O4 - HKLM\..\RunServices: [p2pnetworking] P2PNETWORKING.EXE
O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-110-12-0000137.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer

Cancella questi file se ancora presenti dopo la scansione:
C:\PROGRAMMI\WEBHANCER\PROGRAMS\WHAGENT.EXE
C:\PROGRAMMI\WINUPDATES\WINUPDATES.EXE
C:\PROGRAMMI\FILE COMUNI\WINDOWS\SERVICES32.EXE
C:\WINDOWSB\CMD\COMMAND.EXE

e questi se non sai a cosa fanno riferimento:
C:\WINDOWS\MOUSEPAD12.EXE
C:\WINDOWS\KEYBOARD12.exe
C:\WINDOWS\NEWNAME12.exe
e le relative voci di Hijackthis

marcocappe · 19-04-2006, 17:02

C'è anche un fix per il webhancer che forse può tornare utile:
http://securityresponse.symantec.com...xWebHancer.exe

19-04-2006, 16:09	#1
xamm63 Member Iscritto dal: Mar 2006 Messaggi: 37	piccolo aiuto salve ragazzi come al solito avrei bisogno di un piccolo aiuto: navigo con fire fox ed ogni tanto vengo rindirizzato a questa pagina:http://popunder.paypopup.com/default...dleWare&subid= e poi e' un continuo che limewire parte da solo ....aiutoooooo

19-04-2006, 16:56	#5
marcocappe Member Iscritto dal: Nov 2001 Messaggi: 226	Fai una scansione con Ewido e poi fixa queste voci: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) TOOLBAR888.DLL O4 - HKLM\..\Run: [winupdates] C:\Programmi\winupdates\winupdates.exe /auto O4 - HKLM\..\Run: [winsupdater] C:\Programmi\winsupdater\winsupdater.exe /auto O4 - HKLM\..\Run: [] WINLOG.EXE O4 - HKLM\..\Run: [winupdate] C:\Programmi\winupdate\winupdate.exe /auto O4 - HKLM\..\Run: [p2pnetworking] P2PNETWORKING.EXE O4 - HKLM\..\Run: [keyboard] C:\WINDOWS\KEYBOARD12.exe O4 - HKLM\..\Run: [mousepad] C:\WINDOWS\MOUSEPAD12.exe O4 - HKLM\..\Run: [newname] C:\WINDOWS\NEWNAME12.exe O4 - HKLM\..\Run: [Command] C:\WINDOWSB\cmd\command.exe O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe O4 - HKLM\..\Run: [Microsoft Startup Manager] C:\WINDOWSB\SYSTEM\sysservice.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [] WINLOG.EXE O4 - HKLM\..\RunServices: [p2pnetworking] P2PNETWORKING.EXE O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-110-12-0000137.exe O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer Cancella questi file se ancora presenti dopo la scansione: C:\PROGRAMMI\WEBHANCER\PROGRAMS\WHAGENT.EXE C:\PROGRAMMI\WINUPDATES\WINUPDATES.EXE C:\PROGRAMMI\FILE COMUNI\WINDOWS\SERVICES32.EXE C:\WINDOWSB\CMD\COMMAND.EXE e questi se non sai a cosa fanno riferimento: C:\WINDOWS\MOUSEPAD12.EXE C:\WINDOWS\KEYBOARD12.exe C:\WINDOWS\NEWNAME12.exe e le relative voci di Hijackthis Ultima modifica di marcocappe : 19-04-2006 alle 17:03.

19-04-2006, 16:13	#2
Nexus Senior Member Iscritto dal: May 2005 Città: Milano Messaggi: 365	Fai una scansione con ewido, con il tuo antivirus, posta un log di hijackthis e immuniza il sistema con spywareblaster

19-04-2006, 16:14	#3
xamm63 Member Iscritto dal: Mar 2006 Messaggi: 37	Logfile of HijackThis v1.99.1 Scan saved at 16.37.15, on 19/04/2006 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWSB\SYSTEM\KERNEL32.DLL C:\WINDOWSB\SYSTEM\MSGSRV32.EXE C:\WINDOWSB\SYSTEM\SPOOL32.EXE C:\WINDOWSB\SYSTEM\MPREXE.EXE C:\WINDOWSB\SYSTEM\MSTASK.EXE C:\WINDOWSB\SYSTEM\mmtask.tsk C:\WINDOWSB\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWSB\EXPLORER.EXE C:\WINDOWSB\RUNDLL32.EXE C:\WINDOWSB\TASKMON.EXE C:\WINDOWSB\SYSTEM\SYSTRAY.EXE C:\WINDOWSB\SYSTEM\RMCTRL.EXE C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE C:\WINDOWSB\SYSTEM\WMIEXE.EXE C:\PROGRAMMI\WINUPDATES\WINUPDATES.EXE C:\WINDOWS\MOUSEPAD12.EXE C:\WINDOWSB\CMD\COMMAND.EXE C:\PROGRAMMI\WEBHANCER\PROGRAMS\WHAGENT.EXE C:\PROGRAMMI\MESSENGER\MSMSGS.EXE C:\WINDOWSB\SYSTEM\PSTORES.EXE C:\ESM2\STMS.EXE C:\PROGRAMMI\FILE COMUNI\WINDOWS\SERVICES32.EXE C:\WINDOWSB\SYSTEM\WINOA386.MOD C:\ESM2\EBRR.EXE C:\WINDOWSB\SYSTEM\DDHELP.EXE C:\WINDOWSB\SYSTEM\STIMON.EXE C:\DOCUMENTI\PROGRAMMI\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\PROGRAMMI\TOOLBAR888\TOOLBAR888.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWSB\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWSB\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWSB\SYSTEM\rmctrl.exe O4 - HKLM\..\Run: [BtStart] C:\Programmi\WIDCOMM\Software Bluetooth\bin\btstart.exe O4 - HKLM\..\Run: [Multimedia Key] C:\PROGRA~2\MED280NT\DriBat32.EXE DKBoot.INI O4 - HKLM\..\Run: [PCHealth] C:\WINDOWSB\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [winupdates] C:\Programmi\winupdates\winupdates.exe /auto O4 - HKLM\..\Run: [winsupdater] C:\Programmi\winsupdater\winsupdater.exe /auto O4 - HKLM\..\Run: [] WINLOG.EXE O4 - HKLM\..\Run: [winupdate] C:\Programmi\winupdate\winupdate.exe /auto O4 - HKLM\..\Run: [p2pnetworking] P2PNETWORKING.EXE O4 - HKLM\..\Run: [keyboard] C:\WINDOWS\KEYBOARD12.exe O4 - HKLM\..\Run: [mousepad] C:\WINDOWS\MOUSEPAD12.exe O4 - HKLM\..\Run: [newname] C:\WINDOWS\NEWNAME12.exe O4 - HKLM\..\Run: [Command] C:\WINDOWSB\cmd\command.exe O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe O4 - HKLM\..\Run: [Microsoft Startup Manager] C:\WINDOWSB\SYSTEM\sysservice.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWSB\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [] WINLOG.EXE O4 - HKLM\..\RunServices: [p2pnetworking] P2PNETWORKING.EXE O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background O4 - HKCU\..\Run: [NBJ] "C:\PROGRAMMI\AHEAD\NERO BACKITUP\NBJ.EXE" O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-110-12-0000137.exe O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\STMS.exe O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra button: @btrez.dll,-4015@1040,Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017@1040,Invia a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer

19-04-2006, 16:42	#4
Nexus Senior Member Iscritto dal: May 2005 Città: Milano Messaggi: 365	fixa: C:\PROGRAMMI\WINUPDATES\WINUPDATES.EXE C:\WINDOWSB\CMD\COMMAND.EXE C:\PROGRAMMI\WEBHANCER\PROGRAMS\WHAGENT.EXE C:\PROGRAMMI\FILE COMUNI\WINDOWS\SERVICES32.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\PROGRAMMI\TOOLBAR888\TOOLBAR888.DLL O4 - HKLM\..\Run: [winupdates] C:\Programmi\winupdates\winupdates.exe /auto O4 - HKLM\..\Run: [winsupdater] C:\Programmi\winsupdater\winsupdater.exe /auto O4 - HKLM\..\Run: [winupdate] C:\Programmi\winupdate\winupdate.exe /auto O4 - HKLM\..\Run: [p2pnetworking] P2PNETWORKING.EXE O4 - HKLM\..\Run: [Command] C:\WINDOWSB\cmd\command.exe O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe O4 - HKLM\..\Run: [Microsoft Startup Manager] C:\WINDOWSB\SYSTEM\sysservice.exe O4 - HKLM\..\RunServices: [p2pnetworking] P2PNETWORKING.EXE O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-110-12-0000137.exe O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHance Comunque è caldamente consigliata anche un scansione con un buon antivirus e un buon antispyware

19-04-2006, 17:02	#6
marcocappe Member Iscritto dal: Nov 2001 Messaggi: 226	C'è anche un fix per il webhancer che forse può tornare utile: http://securityresponse.symantec.com...xWebHancer.exe

Strumenti
Mostra una versione stampabile Invia questa pagina per email