|
|||||||
|
|
|
 |
|
|
Strumenti |
21-09-2004, 12:29
|
#1 |
|
Senior Member
Iscritto dal: Oct 2000
Messaggi: 432
|
AIUTO...una toolbar che non riesco ad eliminare!!!
mi sapete dire di cosa si tratta e come faccio ad eliminarla!!!!
tante grazie. Aspetto con ansia le vostre risposte ciao ciao
__________________
"Nulla deve essere temuto nella vita. Deve solo essere compreso" Marie Courie "Compilatio non petita, bacarozio manifesta" |
|
|
|
21-09-2004, 18:10
|
#2 |
|
Senior Member
Iscritto dal: Mar 2004
Città: Rimini
Messaggi: 10296
|
Ciao,
l'immagine è un po' piccola, non riesco a riconoscere la toolbar. Come indicazione generica, se usi hijackthis, le toolbar vengono riconosciute alla voce "03" del log generato. Puoi killarla con hijackthis selezionandola e premendo il tasto FIX
__________________
sometimes they come back *** Life Happens! - (Professionista I.T. - Tecnico Telecomunicazioni) Latitude E6420 I7 2760QM SSD Crucial M4-512GB --- Tecra R840 I5 2520M SSD Samsung 830-256GB --- Macbook Pro 13,3" I5 2435M SSD Samsung 830-256GB |
|
|
|
|
21-09-2004, 19:48
|
#3 |
|
Senior Member
Iscritto dal: Oct 2000
Messaggi: 432
|
ti invio il log fornitomi da hijackthis :
Codice:
Logfile of HijackThis v1.97.7 Scan saved at 19.46.18, on 21/09/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe d:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\mysql\bin\mysqld-max-nt.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE C:\pgsql\bin\post_svc.exe C:\WINDOWS\System32\WFXSVC.EXE C:\pgsql\bin\postmaster.exe C:\PROGRA~1\Symantec\WinFax\WFXMOD32.EXE D:\Programmi\McAfee\McAfee Firewall\CPD.EXE D:\Programmi\McAfee\McAfee Firewall\CPD.EXE C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Launch Manager\LaunchAp.exe C:\Programmi\Launch Manager\HotkeyApp.exe C:\Programmi\Launch Manager\OSD.exe C:\Programmi\Launch Manager\Wbutton.exe C:\Programmi\Wistron\AVManager\AVManager.exe C:\Programmi\Messenger Plus! 2\MsgPlus.exe D:\Programmi\Grisoft\AVG6\avgcc32.exe C:\WINDOWS\System32\wfxsnt40.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe c:\progra~1\intern~1\iexplore.exe C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\mysql\bin\winmysqladmin.exe C:\Programmi\FreePOPs\freepopsd.exe D:\Programmi\GetRight\getright.exe D:\Programmi\GetRight\getright.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Siemens Data Suite\GPRSv2\Siemens GPRS.exe C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programmi\Internet Explorer\iexplore.exe D:\Downloads\rimuove toolbao\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://eonajhctavtx.net/GawO0ukQ2pKm...dpK6liTHWl.jsp O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] C:\Programmi\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Programmi\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Programmi\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Programmi\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [AVManager] "C:\Programmi\Wistron\AVManager\AVManager.exe" O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmi\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [Bat Skip] C:\PROGRA~1\Bait bold ball\SetupDrvFilm.exe O4 - HKLM\..\Run: [AVG_CC] D:\Programmi\Grisoft\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [MOD] C:\Programmi\Microangelo\muamgr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini" O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: Collegamento a winmysqladmin.exe.lnk = C:\mysql\bin\winmysqladmin.exe O4 - Startup: FreePOPs (2).lnk = C:\Programmi\FreePOPs\freepopsd.exe O4 - Startup: GetRight Tray Icon.lnk = D:\Programmi\GetRight\getright.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with GetRight - D:\Programmi\GetRight\GRdownload.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - D:\Programmi\GetRight\GRbrowse.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O10 - Unknown file in Winsock LSP: c:\programmi\panda software\panda titanium antivirus 2004\pavlsp.dll O10 - Unknown file in Winsock LSP: c:\programmi\panda software\panda titanium antivirus 2004\pavlsp.dll O10 - Unknown file in Winsock LSP: c:\programmi\panda software\panda titanium antivirus 2004\pavlsp.dll O10 - Unknown file in Winsock LSP: c:\programmi\panda software\panda titanium antivirus 2004\pavlsp.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{79E34D04-E493-4385-AE20-8E299D672A02}: NameServer = 194.185.97.134 194.185.97.134
__________________
"Nulla deve essere temuto nella vita. Deve solo essere compreso" Marie Courie "Compilatio non petita, bacarozio manifesta" |
|
|
|
|
21-09-2004, 20:32
|
#4 |
|
Senior Member
Iscritto dal: Mar 2004
Città: Rimini
Messaggi: 10296
|
Ciao,
la barra probabilmente è questa: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://eonajhctavtx.net/GawO0ukQ2pK...odpK6liTHWl.jsp Dico probabilmente perchè hai usato una vecchia versione di hijackthis. Scarica la nuova dal link che ho postato prima e, dopo aver killato quella voce metti un nuovo log. Forse c'è anche altro Edit: a proposito, dal log si nota che c'è un po' di porcheria (pericolosa) nella cartella "C:\windows\temp" Ti conviene svuotarla 
__________________
sometimes they come back *** Life Happens! - (Professionista I.T. - Tecnico Telecomunicazioni) Latitude E6420 I7 2760QM SSD Crucial M4-512GB --- Tecra R840 I5 2520M SSD Samsung 830-256GB --- Macbook Pro 13,3" I5 2435M SSD Samsung 830-256GB Ultima modifica di wgator : 21-09-2004 alle 20:49. |
|
|
|
|
21-09-2004, 20:57
|
#5 |
|
Senior Member
Iscritto dal: Oct 2000
Messaggi: 432
|
Avrò preso un virus che non riesco a eliminare!!!
La riga è proprio quella che mi hai indicato ma ricompare automaticamente dopo averla eliminata!!!! il nuovo risultato dello scan è questo Codice:
Logfile of HijackThis v1.98.2 Scan saved at 20.51.57, on 21/09/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe d:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\mysql\bin\mysqld-max-nt.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE C:\pgsql\bin\post_svc.exe C:\WINDOWS\System32\WFXSVC.EXE C:\pgsql\bin\postmaster.exe C:\PROGRA~1\Symantec\WinFax\WFXMOD32.EXE D:\Programmi\McAfee\McAfee Firewall\CPD.EXE D:\Programmi\McAfee\McAfee Firewall\CPD.EXE C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Launch Manager\LaunchAp.exe C:\Programmi\Launch Manager\HotkeyApp.exe C:\Programmi\Launch Manager\OSD.exe C:\Programmi\Launch Manager\Wbutton.exe C:\Programmi\Wistron\AVManager\AVManager.exe C:\Programmi\Messenger Plus! 2\MsgPlus.exe D:\Programmi\Grisoft\AVG6\avgcc32.exe C:\WINDOWS\System32\wfxsnt40.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe c:\progra~1\intern~1\iexplore.exe C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\mysql\bin\winmysqladmin.exe C:\Programmi\FreePOPs\freepopsd.exe D:\Programmi\GetRight\getright.exe D:\Programmi\GetRight\getright.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Siemens Data Suite\GPRSv2\Siemens GPRS.exe C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\iexplore.exe C:\j2sdk1.4.2\bin\java.exe D:\Downloads\rimuove toolbao\hijackthis\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dyrglryrfstfnxejapnxcrzdc.net...pK6liTHWl.html O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] C:\Programmi\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Programmi\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Programmi\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Programmi\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [AVManager] "C:\Programmi\Wistron\AVManager\AVManager.exe" O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmi\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [Bat Skip] C:\PROGRA~1\Bait bold ball\SetupDrvFilm.exe O4 - HKLM\..\Run: [AVG_CC] D:\Programmi\Grisoft\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [MOD] C:\Programmi\Microangelo\muamgr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini" O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: Collegamento a winmysqladmin.exe.lnk = C:\mysql\bin\winmysqladmin.exe O4 - Startup: FreePOPs (2).lnk = C:\Programmi\FreePOPs\freepopsd.exe O4 - Startup: GetRight Tray Icon.lnk = D:\Programmi\GetRight\getright.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with GetRight - D:\Programmi\GetRight\GRdownload.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - D:\Programmi\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{79E34D04-E493-4385-AE20-8E299D672A02}: NameServer = 194.185.97.134 194.185.97.134 O20 - AppInit_DLLs: PAVWAIT.DLL ciao ciao
__________________
"Nulla deve essere temuto nella vita. Deve solo essere compreso" Marie Courie "Compilatio non petita, bacarozio manifesta" |
|
|
|
|
21-09-2004, 22:24
|
#6 |
|
Senior Member
Iscritto dal: Mar 2004
Città: Rimini
Messaggi: 10296
|
Ciao,
aha! questa dll che viene caricata all'avvio potrebbe essere la causa di tutto O20 - AppInit_DLLs: PAVWAIT.DLL Allora, io proverei così: - svuotamento completo e totale delle cartelle temporanee (hai un trojan in C:\Windows\Temp) - svuoramento completo e totale della cartella dei temporanei di internet cookies compresi - ricerca, dopo aver attivato visualizzazione dei file nascosti e di sistema di PAVWAIT.DLL e immediata uccisione. (se non si lascia uccidere, vai da mod. provvisoria) - disattivazione del ripristino della configurazione di sistema Poi: - fixxa con hijackthis R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dyrglryrfstfnxejapnxc O4 - HKLM\..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.i O20 - AppInit_DLLs: PAVWAIT.DLL Prova anche (solo per scrupolo) a dare un'occhiata nella cartella "Windows\downloaded program files" se c'è qualche oggetto active x sconosciuto
__________________
sometimes they come back *** Life Happens! - (Professionista I.T. - Tecnico Telecomunicazioni) Latitude E6420 I7 2760QM SSD Crucial M4-512GB --- Tecra R840 I5 2520M SSD Samsung 830-256GB --- Macbook Pro 13,3" I5 2435M SSD Samsung 830-256GB |
|
|
|
|
22-09-2004, 12:23
|
#7 |
|
Senior Member
Iscritto dal: Oct 2000
Messaggi: 432
|
purtroppo non si è risolto nulla!!!!
Quella maledetta barra continua a ritornare imperterrita. ecco il nuovo risultato dello scan, come vedi la stringa R0 continua a ritornare!!! Logfile of HijackThis v1.98.2 Scan saved at 12.21.55, on 22/09/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe d:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\mysql\bin\mysqld-max-nt.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\pgsql\bin\post_svc.exe C:\pgsql\bin\postmaster.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE C:\WINDOWS\System32\WFXSVC.EXE C:\PROGRA~1\Symantec\WinFax\WFXMOD32.EXE D:\Programmi\McAfee\McAfee Firewall\CPD.EXE D:\Programmi\McAfee\McAfee Firewall\CPD.EXE C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Launch Manager\LaunchAp.exe C:\Programmi\Launch Manager\HotkeyApp.exe C:\Programmi\Launch Manager\OSD.exe C:\Programmi\Launch Manager\Wbutton.exe C:\Programmi\Wistron\AVManager\AVManager.exe C:\Programmi\Messenger Plus! 2\MsgPlus.exe D:\Programmi\Grisoft\AVG6\avgcc32.exe C:\WINDOWS\System32\wfxsnt40.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe c:\progra~1\intern~1\iexplore.exe C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\mysql\bin\winmysqladmin.exe C:\Programmi\FreePOPs\freepopsd.exe D:\Programmi\GetRight\getright.exe D:\Programmi\GetRight\getright.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Siemens Data Suite\GPRSv2\Siemens GPRS.exe C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\iexplore.exe D:\Downloads\rimuove toolbao\hijackthis\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ [b] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qszdgxzoxbsrmvcvnutla.net...pK6liTHWl.html [\B] O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] C:\Programmi\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Programmi\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Programmi\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Programmi\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [AVManager] "C:\Programmi\Wistron\AVManager\AVManager.exe" O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmi\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [Bat Skip] C:\PROGRA~1\Bait bold ball\SetupDrvFilm.exe O4 - HKLM\..\Run: [AVG_CC] D:\Programmi\Grisoft\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [MOD] C:\Programmi\Microangelo\muamgr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: Collegamento a winmysqladmin.exe.lnk = C:\mysql\bin\winmysqladmin.exe O4 - Startup: FreePOPs (2).lnk = C:\Programmi\FreePOPs\freepopsd.exe O4 - Startup: GetRight Tray Icon.lnk = D:\Programmi\GetRight\getright.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with GetRight - D:\Programmi\GetRight\GRdownload.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - D:\Programmi\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{79E34D04-E493-4385-AE20-8E299D672A02}: NameServer = 194.185.97.134 194.185.97.134
__________________
"Nulla deve essere temuto nella vita. Deve solo essere compreso" Marie Courie "Compilatio non petita, bacarozio manifesta" |
|
|
|
|
23-09-2004, 15:20
|
#8 |
|
Member
Iscritto dal: Nov 2003
Messaggi: 60
|
immagino che ti sia comparsa dopo aver installato qualche plug-in di messenger !?!?!?
allora vai sul sito della toolbar cerca help e scarica il loro unistaller e vedrai che saprisce tutto, è successoa anche a me |
|
|
|
|
23-09-2004, 16:12
|
#9 |
|
Senior Member
Iscritto dal: Oct 2000
Messaggi: 432
|
purtroppo non ho installato nessun plugin di messenger....
e poi non capisco quale sia il sito della toolbar ma la toolbar che hai avuto tu e come quella mostrata nella figura in allegato?
__________________
"Nulla deve essere temuto nella vita. Deve solo essere compreso" Marie Courie "Compilatio non petita, bacarozio manifesta" |
|
|
|
|
23-09-2004, 16:45
|
#10 |
|
Member
Iscritto dal: Nov 2003
Messaggi: 60
|
esattamente la stessa, io ero finito su quel sito dopo un'installazione di msn!
ero andato sul sito che usava per fare le ricerche e c'era spiegato il modo per disinstallare la tool bar |
|
|
|
|
23-09-2004, 17:41
|
#11 |
|
Senior Member
Iscritto dal: Oct 2000
Messaggi: 432
|
ti ringrazio ...
ho risolto ogni problema ciao ciao
__________________
"Nulla deve essere temuto nella vita. Deve solo essere compreso" Marie Courie "Compilatio non petita, bacarozio manifesta" |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 12:01.
