"Open search web"

[AAANNNTTTOOO]

open search web

salve....

ho un problema...

1) appena apro internet explorer (ho internet explorer 6.0 su win xp pro)....mi manda su una pagina "open search the web"
(http://66.220.17.154/search/search....mp;src=toolbar3)

2) nei preferiti compaiono pagine tipo casino, vacanze, prestiti ecc. che non mi fa eliminare

3) in basso si apre un ulteriore barra per ricercare (che non riesco a levare anche se premo sulla classica x )



qualcuno ha mai avuto lo stesso problema???? come posso fare???

grazie MILLE

[holifay]

a furia di dirlo diventerò antipatica

Segui per bene le istruzioni di questo link e vedrai che molto probabilmente risolverai il problema.
http://forum.html.it/forum/showthrea...hreadid=811189

Se poi non risolvi ci risentiamo

[AAANNNTTTOOO]

ho fatto tutto (molte scanzioni le avevo già fatte in precedenza)..... questo è il log...


Logfile of HijackThis v1.99.1
Scan saved at 0.51.08, on 02/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\HSFPWCFG.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest. ExE
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Webroot\Washer\wwDisp.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
C:\Programmi\Wireless LAN Utility\SiWake.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Opera\Opera.exe
C:\WINDOWS\explorer.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\ewido\security suite\SecuritySuite.exe
C:\Programmi\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yqxuccoyodedyyvucs.com/xqkksS...Lij6sxSzsL.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.antoniogargano.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9EC0785B-D73A-17B1-5E35-E817287119BF} - C:\DOCUME~1\user\DATIAP~1\THISRO~1\SpamWindow.exe (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HSFPWCFG.EXE] C:\WINDOWS\HSFPWCFG.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Multi sixth lite clock] C:\Documents and Settings\All Users\Dati applicazioni\team inter multi sixth\Two Tons.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest. ExE
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KindUp] C:\DOCUME~1\user\DATIAP~1\CLOCKM~1\tick bleh.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Programmi\Webroot\Washer\wwDisp.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: SiWake.lnk = C:\Programmi\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA74F4A5-97DD-46B2-98F5-80BB23AD1E77}: NameServer = 85.37.17.9 151.99.125.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe

[LUCASS]

Hello sei infetto dall'adware lop bella bestia
Scarica findlop
http://metallica.geekstogo.com/findlop.zip
Scompatallo in C:\
Apri la cartella doppio click sul file findlop.bat
Visualizzerai un file txt copia e incolla il contenuto qui!!
Ciao ciao

NOTA:Kaspersky riconosce questo malware solo se fai l'aggiornamento con il database esteso altrimenti no

[antares11]

Originariamente inviato da holifay
a furia di dirlo diventerò antipatica

Segui per bene le istruzioni di questo link e vedrai che molto probabilmente risolverai il problema.
http://forum.html.it/forum/showthrea...hreadid=811189

Se poi non risolvi ci risentiamo

antipatica forse sì a qualcuno, ma non ad antares11, Lisa

magari non far sapere in giro che ci sono anche questi, per risolvere più di qualche problema con la sicurezza informatica

http://www.dslreports.com/faq/security
dal quale in particolare
http://www.dslreports.com/faq/8428

l'utenza nostrana deve essere invece coccolata perchè non spanda una sola lacrimuccia (di fastidio) e non si bagni metaforicamente di sudore dandosi da fare in proprio

su bambini, venite, venite che i maestri son qua tutti pronti e aspettano solo voi ...

mi si consenta :master:

p.s.: un saluto a Cinder, forumista poco noto ai più ma del quale questo forum sulla sicurezza può essere orgoglioso di averlo

[AAANNNTTTOOO]

ecco il risultato della scanzione...
che dici il pc è grave??? :maLOL:

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A8DB8BF391A80813.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\user\datiap~1\clockm~1\Site Chic Bits.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'user'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/16/2005 21:00:00
NextRun: 12/02/2005 22:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/26/2000
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[LUCASS]

Non mi far ridere
Per piacere vai su questo link http://www.mytempdir.com/295275
scarica il file remjob.bat disconettiti,chiudi tutto e doppio click su quel file,riavvia il pc e posta un log aggiornato e anche il log aggiornato di findlop

[AAANNNTTTOOO]

questo è il log di findlop

[TRACE] Enumerating jobs and queues


direi molto scarno rispetto a quello di prima VVoVe:

però quell'altro programma non mi ha dato nessun documento di testo come...findlop....

sono guarito???

[LUCASS]

Ciao intendevo il log di hijackthis anche li compariva senno che ho la sfera per capirlo

PS:Il file bat che hai scaricato lo puoi eliminare,serviva solo per eliminare un file e una cartella

[AAANNNTTTOOO]

ecco il log.... cosa dice la sfera???

Logfile of HijackThis v1.99.1
Scan saved at 22.06.12, on 02/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\HSFPWCFG.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest. ExE
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Webroot\Washer\wwDisp.exe
C:\Programmi\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
C:\Programmi\Wireless LAN Utility\SiWake.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Opera\Opera.exe
C:\Programmi\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yqxuccoyodedyyvucs.com/xqkksS...Lij6sxSzsL.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.antoniogargano.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9EC0785B-D73A-17B1-5E35-E817287119BF} - C:\DOCUME~1\user\DATIAP~1\THISRO~1\SpamWindow.exe (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HSFPWCFG.EXE] C:\WINDOWS\HSFPWCFG.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Multi sixth lite clock] C:\Documents and Settings\All Users\Dati applicazioni\team inter multi sixth\Two Tons.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest. ExE
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KindUp] C:\DOCUME~1\user\DATIAP~1\CLOCKM~1\tick bleh.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Programmi\Webroot\Washer\wwDisp.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: SiWake.lnk = C:\Programmi\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA74F4A5-97DD-46B2-98F5-80BB23AD1E77}: NameServer = 85.37.17.9 151.99.125.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe