ho fatto la scansione con cwshredder per togliere about:blank kome pagina iniziale ed mi a dato questo risultato :
CWShredder v1.59.1 scan only report
Please understand that a CWShredder 'Scan only' report
might not be sufficient to troubleshoot an infected system.
You can use HijackThis for that:
http://www.merijn.org/files/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Windows XP (5.01.2600 )
Windows dir: C:\WINDOWS
Windows system dir: C:\WINDOWS\System32
AppData folder: C:\Documents and Settings\tony\Dati applicazioni
Username: tony
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar
Infected data: file://C:\DOCUME~1\tony\IMPOST~1\Temp\sp.html
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page
Infected data: file://C:\DOCUME~1\tony\IMPOST~1\Temp\sp.html
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar
Infected data: file://C:\DOCUME~1\tony\IMPOST~1\Temp\sp.html
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page
Infected data: file://C:\DOCUME~1\tony\IMPOST~1\Temp\sp.html
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
Infected data: file://C:\DOCUME~1\tony\IMPOST~1\Temp\sp.html
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant,http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Infected data: file://C:\DOCUME~1\tony\IMPOST~1\Temp\sp.html
Found Hosts file: C:\WINDOWS\System32\drivers\etc\hosts (1635 bytes, R)
Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe,
Found Win.ini file: C:\WINDOWS\win.ini (632 bytes, A)
Found System.ini file: C:\WINDOWS\system.ini (281 bytes, A)
- END OF REPORT -
kosa devo fare?