istBar

[boombastic]

Ad ogni avvio Microsoft Antispyware mi dice che istBar cerca di installarsi,io clicco su remove e me lo rimuove.Poi per sicurezza faccio una scansione di tutto il sistema,la rifaccio anche con adaware ma al riavvio mi ricompare lo stesso messaggio
C'è un modo per rimuovere manualmente questo spywareo qualunque cosa sia?

[hurryowl]

pest patrol lo rimuove.

[bluepix]

Anche AD-Aware e Spybot

[boombastic]

Ho provato sia con AdAware che con Sybot,effettivamente me lo rilevano e lo tolgono ma al riavvio L'antispyware della microsoft mi dice che è ancora lì!

[bluepix]

Log di Hijackthis please

[boombastic]

Grazie:

Logfile of HijackThis v1.99.1
Scan saved at 16.32.08, on 06/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
d:\Programmi\Sophos\Remote Update\cachemgr.exe
D:\Programmi\Java\jre1.5.0\bin\jusched.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
D:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Sophos SWEEP for NT\SWNETSUP.EXE
D:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Sophos SWEEP for NT\SWEEPSRV.SYS
D:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Sophos SWEEP for NT\ICMON.EXE
D:\Programmi\Sophos\Remote Update\imonitor.exe
C:\WINDOWS\System32\MsPMSPSv.exe
d:\Programmi\Raxco\PerfectDisk\PDSched.exe
D:\Programmi\Crystal XP\YzToolbar\YzToolbar.exe
C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia Premium DVD\EDICT.EXE
C:\WINDOWS\System32\WISPTIS.EXE
D:\Programmi\OriginLab\OriginPro70\Origin70.exe
D:\Programmi\Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX00.202\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.unipg.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.unipg.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - -{8E718888-423F-11D2-876E-00A0C9082467} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programmi\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [0PvF] C:\WINDOWS\oawojudb.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [0Pvùõš/‚²�ÆßfÏNb_»C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\oawojudb.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] D:\Programmi\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk = D:\Programmi\ERUNT\AUTOBACK.EXE
O4 - Startup: Y'z Toolbar.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = D:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Programmi\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Remote Update Monitor.lnk = D:\Programmi\Sophos\Remote Update\imonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Scarica con il Wizard di LeechGet - file://d:\Programmi\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Scarica con LeechGet - file://d:\Programmi\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Scarica pagina con LeechGet - file://d:\Programmi\LeechGet 2004\\Parser.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1111394801481
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - d:\Programmi\Sophos\Remote Update\cachemgr.exe
O23 - Service: PDEngine - Raxco Software, Inc. - d:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - d:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Programmi\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Programmi\Sophos SWEEP for NT\SWEEPSRV.SYS

[bluepix]

Da fixare

R3 - Default URLSearchHook is missing

O3 - Toolbar: (no name) - -{8E718888-423F-11D2-876E-00A0C9082467} - (no file)

O4 - HKLM\..\Run: [0PvF] C:\WINDOWS\oawojudb.exe
O4 - HKLM\..\Run: [0Pvùõš/‚²�ÆßfÏNb_»C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\oawojudb.exe


O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:


e poi cancella il file:C:\WINDOWS\oawojudb.exe