da crazy.cat » lun gen 03, 2005 1:22 pm
Hai un bel po' di problemi.
Cerca questi file nel tuo pc fnsfs.dll e javadh.dll (ho bisogno poi di sapere se li trovi tutti e due o uno solo, penso che ci sia solo la prima) e li sposti sul desktop e li rinomini, riavvii il pc ed elimini subito il file che hai rinominato.
Dopo rifai la scansione con hijackthis ed elimini tutte le voci qui sotto.
Alcune avrebbe già dovuto togliertele spybot son degli spyware piuttosto comuni.
Ti fai una scansione con questo programma
http://www.MegaLab.it/2333
sempre dalla modalità provvisoria.
E cancella tutti i file temporanei di internet.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fnsfs.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fnsfs.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\fnsfs.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fnsfs.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fnsfs.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fnsfs.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fnsfs.dll/sp.html#28129
O2 - BHO: (no name) - {5ABA4630-77B6-3691-363B-47DBC9FA6B2E} - C:\WINDOWS\system32\javadh.dll
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programmi\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmi\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [d3qu32.exe] C:\WINDOWS\system32\d3qu32.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKCU\..\Run: [RealUpdater] C:\WINDOWS\System32\realupd.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programmi\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programmi\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk045XXUS
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111300000000} - mhtml:C:\\NO_SUCH_MHT.MHT!http://216.240.137.40/g1.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. ... 314a45eb37
O18 - Protocol hijack: mhtml -
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\msse32.exe
Controlla quanti file hai con nome services.exe questo si trova nella directory sbagliata e penso sia un virus, guarda se ne trovi uno anche in c:\windows\system32
O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\services.exe
Comincia a fare pulizia e facci sapere come và a finire.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.