carMAN
21-09-2004, 11:29
mi sapete dire di cosa si tratta e come faccio ad eliminarla!!!!
tante grazie.
Aspetto con ansia le vostre risposte
ciao ciao
tante grazie.
Aspetto con ansia le vostre risposte
ciao ciao
View Full Version : AIUTO...una toolbar che non riesco ad eliminare!!!
wgator
21-09-2004, 17:10
Ciao,
l'immagine è un po' piccola, non riesco a riconoscere la toolbar.
Come indicazione generica, se usi hijackthis, le toolbar vengono riconosciute alla voce "03" del log generato.
Puoi killarla con hijackthis (http://www.tweakness.net/showfiles.php?fid=5) selezionandola e premendo il tasto FIX
l'immagine è un po' piccola, non riesco a riconoscere la toolbar.
Come indicazione generica, se usi hijackthis, le toolbar vengono riconosciute alla voce "03" del log generato.
Puoi killarla con hijackthis (http://www.tweakness.net/showfiles.php?fid=5) selezionandola e premendo il tasto FIX
carMAN
21-09-2004, 18:48
ti invio il log fornitomi da hijackthis :
Logfile of HijackThis v1.97.7
Scan saved at 19.46.18, on 21/09/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
d:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld-max-nt.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\pgsql\bin\post_svc.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\pgsql\bin\postmaster.exe
C:\PROGRA~1\Symantec\WinFax\WFXMOD32.EXE
D:\Programmi\McAfee\McAfee Firewall\CPD.EXE
D:\Programmi\McAfee\McAfee Firewall\CPD.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Launch Manager\LaunchAp.exe
C:\Programmi\Launch Manager\HotkeyApp.exe
C:\Programmi\Launch Manager\OSD.exe
C:\Programmi\Launch Manager\Wbutton.exe
C:\Programmi\Wistron\AVManager\AVManager.exe
C:\Programmi\Messenger Plus! 2\MsgPlus.exe
D:\Programmi\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\mysql\bin\winmysqladmin.exe
C:\Programmi\FreePOPs\freepopsd.exe
D:\Programmi\GetRight\getright.exe
D:\Programmi\GetRight\getright.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Siemens Data Suite\GPRSv2\Siemens GPRS.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
D:\Downloads\rimuove toolbao\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://eonajhctavtx.net/GawO0ukQ2pKmKt3xQBYgu6ulTERf1AZj_mmbFGQ00_iwBMozi5ybHodpK6liTHWl.jsp
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Programmi\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programmi\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programmi\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Programmi\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AVManager] "C:\Programmi\Wistron\AVManager\AVManager.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmi\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Bat Skip] C:\PROGRA~1\Bait bold ball\SetupDrvFilm.exe
O4 - HKLM\..\Run: [AVG_CC] D:\Programmi\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MOD] C:\Programmi\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Collegamento a winmysqladmin.exe.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Startup: FreePOPs (2).lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: GetRight Tray Icon.lnk = D:\Programmi\GetRight\getright.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - D:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Programmi\GetRight\GRbrowse.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O10 - Unknown file in Winsock LSP: c:\programmi\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\panda software\panda titanium antivirus 2004\pavlsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79E34D04-E493-4385-AE20-8E299D672A02}: NameServer = 194.185.97.134 194.185.97.134
Logfile of HijackThis v1.97.7
Scan saved at 19.46.18, on 21/09/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
d:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld-max-nt.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\pgsql\bin\post_svc.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\pgsql\bin\postmaster.exe
C:\PROGRA~1\Symantec\WinFax\WFXMOD32.EXE
D:\Programmi\McAfee\McAfee Firewall\CPD.EXE
D:\Programmi\McAfee\McAfee Firewall\CPD.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Launch Manager\LaunchAp.exe
C:\Programmi\Launch Manager\HotkeyApp.exe
C:\Programmi\Launch Manager\OSD.exe
C:\Programmi\Launch Manager\Wbutton.exe
C:\Programmi\Wistron\AVManager\AVManager.exe
C:\Programmi\Messenger Plus! 2\MsgPlus.exe
D:\Programmi\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\mysql\bin\winmysqladmin.exe
C:\Programmi\FreePOPs\freepopsd.exe
D:\Programmi\GetRight\getright.exe
D:\Programmi\GetRight\getright.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Siemens Data Suite\GPRSv2\Siemens GPRS.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
D:\Downloads\rimuove toolbao\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://eonajhctavtx.net/GawO0ukQ2pKmKt3xQBYgu6ulTERf1AZj_mmbFGQ00_iwBMozi5ybHodpK6liTHWl.jsp
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Programmi\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programmi\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programmi\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Programmi\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AVManager] "C:\Programmi\Wistron\AVManager\AVManager.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmi\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Bat Skip] C:\PROGRA~1\Bait bold ball\SetupDrvFilm.exe
O4 - HKLM\..\Run: [AVG_CC] D:\Programmi\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MOD] C:\Programmi\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Collegamento a winmysqladmin.exe.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Startup: FreePOPs (2).lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: GetRight Tray Icon.lnk = D:\Programmi\GetRight\getright.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - D:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Programmi\GetRight\GRbrowse.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O10 - Unknown file in Winsock LSP: c:\programmi\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\panda software\panda titanium antivirus 2004\pavlsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79E34D04-E493-4385-AE20-8E299D672A02}: NameServer = 194.185.97.134 194.185.97.134
wgator
21-09-2004, 19:32
Ciao,
la barra probabilmente è questa:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://eonajhctavtx.net/GawO0ukQ2pK...odpK6liTHWl.jsp
Dico probabilmente perchè hai usato una vecchia versione di hijackthis. Scarica la nuova dal link che ho postato prima e, dopo aver killato quella voce metti un nuovo log. Forse c'è anche altro
Edit:
a proposito, dal log si nota che c'è un po' di porcheria (pericolosa) nella cartella "C:\windows\temp"
Ti conviene svuotarla :)
la barra probabilmente è questa:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://eonajhctavtx.net/GawO0ukQ2pK...odpK6liTHWl.jsp
Dico probabilmente perchè hai usato una vecchia versione di hijackthis. Scarica la nuova dal link che ho postato prima e, dopo aver killato quella voce metti un nuovo log. Forse c'è anche altro
Edit:
a proposito, dal log si nota che c'è un po' di porcheria (pericolosa) nella cartella "C:\windows\temp"
Ti conviene svuotarla :)
carMAN
21-09-2004, 19:57
Avrò preso un virus che non riesco a eliminare!!!
La riga è proprio quella che mi hai indicato ma ricompare automaticamente dopo averla eliminata!!!!
il nuovo risultato dello scan è questo
Logfile of HijackThis v1.98.2
Scan saved at 20.51.57, on 21/09/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
d:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld-max-nt.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\pgsql\bin\post_svc.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\pgsql\bin\postmaster.exe
C:\PROGRA~1\Symantec\WinFax\WFXMOD32.EXE
D:\Programmi\McAfee\McAfee Firewall\CPD.EXE
D:\Programmi\McAfee\McAfee Firewall\CPD.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Launch Manager\LaunchAp.exe
C:\Programmi\Launch Manager\HotkeyApp.exe
C:\Programmi\Launch Manager\OSD.exe
C:\Programmi\Launch Manager\Wbutton.exe
C:\Programmi\Wistron\AVManager\AVManager.exe
C:\Programmi\Messenger Plus! 2\MsgPlus.exe
D:\Programmi\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\mysql\bin\winmysqladmin.exe
C:\Programmi\FreePOPs\freepopsd.exe
D:\Programmi\GetRight\getright.exe
D:\Programmi\GetRight\getright.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Siemens Data Suite\GPRSv2\Siemens GPRS.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\j2sdk1.4.2\bin\java.exe
D:\Downloads\rimuove toolbao\hijackthis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dyrglryrfstfnxejapnxcrzdc.net/GawO0ukQ2pKmKt3xQBYgu6ulTERf1AZj_mmbFGQ00_iCfZZggCgYtodpK6liTHWl.html
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Programmi\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programmi\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programmi\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Programmi\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AVManager] "C:\Programmi\Wistron\AVManager\AVManager.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmi\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Bat Skip] C:\PROGRA~1\Bait bold ball\SetupDrvFilm.exe
O4 - HKLM\..\Run: [AVG_CC] D:\Programmi\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MOD] C:\Programmi\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Collegamento a winmysqladmin.exe.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Startup: FreePOPs (2).lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: GetRight Tray Icon.lnk = D:\Programmi\GetRight\getright.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - D:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{79E34D04-E493-4385-AE20-8E299D672A02}: NameServer = 194.185.97.134 194.185.97.134
O20 - AppInit_DLLs: PAVWAIT.DLL
cosa posso fare?
ciao ciao
La riga è proprio quella che mi hai indicato ma ricompare automaticamente dopo averla eliminata!!!!
il nuovo risultato dello scan è questo
Logfile of HijackThis v1.98.2
Scan saved at 20.51.57, on 21/09/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
d:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld-max-nt.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\pgsql\bin\post_svc.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\pgsql\bin\postmaster.exe
C:\PROGRA~1\Symantec\WinFax\WFXMOD32.EXE
D:\Programmi\McAfee\McAfee Firewall\CPD.EXE
D:\Programmi\McAfee\McAfee Firewall\CPD.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Launch Manager\LaunchAp.exe
C:\Programmi\Launch Manager\HotkeyApp.exe
C:\Programmi\Launch Manager\OSD.exe
C:\Programmi\Launch Manager\Wbutton.exe
C:\Programmi\Wistron\AVManager\AVManager.exe
C:\Programmi\Messenger Plus! 2\MsgPlus.exe
D:\Programmi\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\mysql\bin\winmysqladmin.exe
C:\Programmi\FreePOPs\freepopsd.exe
D:\Programmi\GetRight\getright.exe
D:\Programmi\GetRight\getright.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Siemens Data Suite\GPRSv2\Siemens GPRS.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\j2sdk1.4.2\bin\java.exe
D:\Downloads\rimuove toolbao\hijackthis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dyrglryrfstfnxejapnxcrzdc.net/GawO0ukQ2pKmKt3xQBYgu6ulTERf1AZj_mmbFGQ00_iCfZZggCgYtodpK6liTHWl.html
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Programmi\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programmi\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programmi\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Programmi\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AVManager] "C:\Programmi\Wistron\AVManager\AVManager.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmi\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Bat Skip] C:\PROGRA~1\Bait bold ball\SetupDrvFilm.exe
O4 - HKLM\..\Run: [AVG_CC] D:\Programmi\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MOD] C:\Programmi\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Collegamento a winmysqladmin.exe.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Startup: FreePOPs (2).lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: GetRight Tray Icon.lnk = D:\Programmi\GetRight\getright.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - D:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{79E34D04-E493-4385-AE20-8E299D672A02}: NameServer = 194.185.97.134 194.185.97.134
O20 - AppInit_DLLs: PAVWAIT.DLL
cosa posso fare?
ciao ciao
wgator
21-09-2004, 21:24
Ciao,
aha! questa dll che viene caricata all'avvio potrebbe essere la causa di tutto
O20 - AppInit_DLLs: PAVWAIT.DLL
Allora, io proverei così:
- svuotamento completo e totale delle cartelle temporanee (hai un trojan in C:\Windows\Temp)
- svuoramento completo e totale della cartella dei temporanei di internet cookies compresi
- ricerca, dopo aver attivato visualizzazione dei file nascosti e di sistema di PAVWAIT.DLL e immediata uccisione. (se non si lascia uccidere, vai da mod. provvisoria)
- disattivazione del ripristino della configurazione di sistema
Poi:
- fixxa con hijackthis
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dyrglryrfstfnxejapnxc
O4 - HKLM\..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.i
O20 - AppInit_DLLs: PAVWAIT.DLL
Prova anche (solo per scrupolo) a dare un'occhiata nella cartella "Windows\downloaded program files" se c'è qualche oggetto active x sconosciuto
aha! questa dll che viene caricata all'avvio potrebbe essere la causa di tutto
O20 - AppInit_DLLs: PAVWAIT.DLL
Allora, io proverei così:
- svuotamento completo e totale delle cartelle temporanee (hai un trojan in C:\Windows\Temp)
- svuoramento completo e totale della cartella dei temporanei di internet cookies compresi
- ricerca, dopo aver attivato visualizzazione dei file nascosti e di sistema di PAVWAIT.DLL e immediata uccisione. (se non si lascia uccidere, vai da mod. provvisoria)
- disattivazione del ripristino della configurazione di sistema
Poi:
- fixxa con hijackthis
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dyrglryrfstfnxejapnxc
O4 - HKLM\..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.i
O20 - AppInit_DLLs: PAVWAIT.DLL
Prova anche (solo per scrupolo) a dare un'occhiata nella cartella "Windows\downloaded program files" se c'è qualche oggetto active x sconosciuto
carMAN
22-09-2004, 11:23
purtroppo non si è risolto nulla!!!!
Quella maledetta barra continua a ritornare imperterrita.
ecco il nuovo risultato dello scan, come vedi la stringa R0 continua a ritornare!!!
Logfile of HijackThis v1.98.2
Scan saved at 12.21.55, on 22/09/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
d:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld-max-nt.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\pgsql\bin\post_svc.exe
C:\pgsql\bin\postmaster.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\WFXSVC.EXE
C:\PROGRA~1\Symantec\WinFax\WFXMOD32.EXE
D:\Programmi\McAfee\McAfee Firewall\CPD.EXE
D:\Programmi\McAfee\McAfee Firewall\CPD.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Launch Manager\LaunchAp.exe
C:\Programmi\Launch Manager\HotkeyApp.exe
C:\Programmi\Launch Manager\OSD.exe
C:\Programmi\Launch Manager\Wbutton.exe
C:\Programmi\Wistron\AVManager\AVManager.exe
C:\Programmi\Messenger Plus! 2\MsgPlus.exe
D:\Programmi\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\mysql\bin\winmysqladmin.exe
C:\Programmi\FreePOPs\freepopsd.exe
D:\Programmi\GetRight\getright.exe
D:\Programmi\GetRight\getright.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Siemens Data Suite\GPRSv2\Siemens GPRS.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
D:\Downloads\rimuove toolbao\hijackthis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
[B]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qszdgxzoxbsrmvcvnutla.net/GawO0ukQ2pKmKt3xQBYgu6ulTERf1AZj_mmbFGQ00_ikuPGIdrG/FYdpK6liTHWl.html
[\B]
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Programmi\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programmi\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programmi\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Programmi\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AVManager] "C:\Programmi\Wistron\AVManager\AVManager.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmi\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Bat Skip] C:\PROGRA~1\Bait bold ball\SetupDrvFilm.exe
O4 - HKLM\..\Run: [AVG_CC] D:\Programmi\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MOD] C:\Programmi\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Collegamento a winmysqladmin.exe.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Startup: FreePOPs (2).lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: GetRight Tray Icon.lnk = D:\Programmi\GetRight\getright.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - D:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{79E34D04-E493-4385-AE20-8E299D672A02}: NameServer = 194.185.97.134 194.185.97.134
Quella maledetta barra continua a ritornare imperterrita.
ecco il nuovo risultato dello scan, come vedi la stringa R0 continua a ritornare!!!
Logfile of HijackThis v1.98.2
Scan saved at 12.21.55, on 22/09/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
d:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld-max-nt.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\pgsql\bin\post_svc.exe
C:\pgsql\bin\postmaster.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\WFXSVC.EXE
C:\PROGRA~1\Symantec\WinFax\WFXMOD32.EXE
D:\Programmi\McAfee\McAfee Firewall\CPD.EXE
D:\Programmi\McAfee\McAfee Firewall\CPD.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Launch Manager\LaunchAp.exe
C:\Programmi\Launch Manager\HotkeyApp.exe
C:\Programmi\Launch Manager\OSD.exe
C:\Programmi\Launch Manager\Wbutton.exe
C:\Programmi\Wistron\AVManager\AVManager.exe
C:\Programmi\Messenger Plus! 2\MsgPlus.exe
D:\Programmi\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\mysql\bin\winmysqladmin.exe
C:\Programmi\FreePOPs\freepopsd.exe
D:\Programmi\GetRight\getright.exe
D:\Programmi\GetRight\getright.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Siemens Data Suite\GPRSv2\Siemens GPRS.exe
C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
D:\Downloads\rimuove toolbao\hijackthis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
[B]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qszdgxzoxbsrmvcvnutla.net/GawO0ukQ2pKmKt3xQBYgu6ulTERf1AZj_mmbFGQ00_ikuPGIdrG/FYdpK6liTHWl.html
[\B]
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Programmi\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programmi\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programmi\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Programmi\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AVManager] "C:\Programmi\Wistron\AVManager\AVManager.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmi\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Bat Skip] C:\PROGRA~1\Bait bold ball\SetupDrvFilm.exe
O4 - HKLM\..\Run: [AVG_CC] D:\Programmi\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MOD] C:\Programmi\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Collegamento a winmysqladmin.exe.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Startup: FreePOPs (2).lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: GetRight Tray Icon.lnk = D:\Programmi\GetRight\getright.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - D:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{79E34D04-E493-4385-AE20-8E299D672A02}: NameServer = 194.185.97.134 194.185.97.134
whipalsh
23-09-2004, 14:20
immagino che ti sia comparsa dopo aver installato qualche plug-in di messenger !?!?!?
allora vai sul sito della toolbar cerca help e scarica il loro unistaller e vedrai che saprisce tutto, è successoa anche a me
allora vai sul sito della toolbar cerca help e scarica il loro unistaller e vedrai che saprisce tutto, è successoa anche a me
carMAN
23-09-2004, 15:12
purtroppo non ho installato nessun plugin di messenger....
e poi non capisco quale sia il sito della toolbar
ma la toolbar che hai avuto tu e come quella mostrata nella figura in allegato?
e poi non capisco quale sia il sito della toolbar
ma la toolbar che hai avuto tu e come quella mostrata nella figura in allegato?
whipalsh
23-09-2004, 15:45
esattamente la stessa, io ero finito su quel sito dopo un'installazione di msn!
ero andato sul sito che usava per fare le ricerche e c'era spiegato il modo per disinstallare la tool bar
ero andato sul sito che usava per fare le ricerche e c'era spiegato il modo per disinstallare la tool bar
carMAN
23-09-2004, 16:41
ti ringrazio ...
ho risolto ogni problema
ciao ciao
ho risolto ogni problema
ciao ciao
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.