Buongiorno a tutti. Ho subito un attacco dal famigerato CoolWebSearch. Non mi si schioda una maledetta about:blank dalla pagina iniziale. Inoltre, ogni tanto, senza apparente motivo, mi esce fuori il riquadro di accesso remoto (sempre con la connessione predefinita, però). Spybot, Ad Aware, CWShredder, Hijackthis niente hanno potuto: individuano il problema, ma non lo risolvono. Vi mando qualche log, sperando mi possiate aiutare a risolvere questi problemi, magari anche ricorrendo alla modifica delle chiavi di configurazione.
Scansione di Spybot:
CoolWWWSearch.Bootconf: URL di ricerca di IE (Modifica al registro, nothing done)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank
CoolWWWSearch.Bootconf: Barra di ricerca di IE (Modifica al registro, nothing done)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar=about:blank
CoolWWWSearch.Bootconf: Barra di ricerca di IE (Modifica al registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar=about:blank
CoolWWWSearch.Bootconf: Pagina di ricerca di IE (Modifica al registro, nothing done)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page=http://www.google.com
CoolWWWSearch.Bootconf: Pagina di ricerca di IE (Modifica al registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page=http://www.google.com
CoolWWWSearch.Bootconf: URL di ricerca di IE (Modifica al registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank
Scansione di Hijackthis:
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\DSKRFUOUI.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\DSKRFUOUI.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\DSKRFUOUI.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\DSKRFUOUI.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\DSKRFUOUI.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\DSKRFUOUI.DLL/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Name - {1CE2E300-99B2-11D9-AAF2-444553540000} - C:\WINDOWS\SYSTEM\MSTMP.DLL
O2 - BHO: (no name) - {42297BCF-9A01-11D9-AAF2-F65100FEAC8F} - C:\WINDOWS\SYSTEM\DSKRFUOUI.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\SYSTEM\DOCNTROP.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.197,195.225.176.31
O18 - Filter: text/html - {42297BCE-9A01-11D9-AAF2-F6516FB20914} - C:\WINDOWS\SYSTEM\DSKRFUOUI.DLL
O18 - Filter: text/plain - {42297BCE-9A01-11D9-AAF2-F6516FB20914} - C:\WINDOWS\SYSTEM\DSKRFUOUI.DLL