Maledettissimo isearch.
Sono almeno 2 mesi che lotto con questo coso.
Non ho toolbar, mi fa solo la colonna di sinistra e una fullscreen, tutti i giorni, nonostante spybot, cartelle e file concellati dal disco, ora ha addirittura raddoppiato la dose, prima faceva una sola fullscreen, ora ne fa 2.
Qualcuno di voi sa come toglierlo in modo definitivo?
Davvero devo andare sul loro sito e scaricare il loro .exe?VVoVe:
Ho cercato sul forum, ma parlano tutti di toolbar.
Grazie
[Sorridi domani sarà peggio]
prova anche con AdAware SE (è in rilievo), la scansione completa del disco falla dalla modalità provvisoria. Se non risolvi posta un log di HijackThis.
Ho già tolto qualcosa, comunque ecco il log che risulta:
Logfile of HijackThis v1.98.2
Scan saved at 10.01.30, on 27/08/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Programmi\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Foxmail\Foxmail.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Downloads\- Software\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat
6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} -
C:\Programmi\FreshDevices\FreshDownload\fdcatch.dl l
O2 - BHO: (no name) - {8085E374-ACBB-42F9-873F-49EC7E244F97} - C:\WINNT\system32\reeoea.dll (file
missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [Speed racer] C:\Programmi\Creative\SBLive2k\PlayCenter\CTSRReg. exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lar] C:\WINNT\system32\llass.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [SystemSearch] C:/WINNT/REGEDIT.EXE -s C:/WINNT/system.reg
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [lar] C:\WINNT\system32\llass.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Programmi\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: LG Sync Manager.lnk = C:\Programmi\LG PC Suite\LG Sync\LGSyncManager.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {11111111-1111-1111-1111-113300000000} -
mhtml:C:\\NO_SUCH_MHT.MHT!http://216.240.137.40/g1.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
http://www.cult3d.com/download/cult.cab
O16 - DPF: {5D589287-1496-4223-AE64-65FA078B5EAB} (Server Class) -
http://www.vrmedia.it/eXtremeVR/XVRPlayer.cab
O16 - DPF: {AEFD32B6-4815-11D2-98E4-00C04FCEFE77} (SnCAX Class) -
http://www.telepuntonet.com/SnC/AutoSetup/SnC.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) -
http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD9E91A9-9662-4FEA-8E71-B62A8AA63E88}: NameServer =
195.43.182.8,195.43.182.11,151.99.125.0
O18 - Protocol hijack: mhtml -
Grazie
[Sorridi domani sarà peggio]
AdAware SE (lo trovi in -links utili- in Rilievo) l'hai usato???
Scaricati CWShredder da -links utili-
Riavvia in modalità provvisoria, metti la spunta al fianco dei valori e clicca su Fix checked
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {8085E374-ACBB-42F9-873F-49EC7E244F97} - C:\WINNT\system32\reeoea.dll (file missing)
O4 - HKLM\..\Run: [lar] C:\WINNT\system32\llass.exe
O4 - HKLM\..\Run: [SystemSearch] C:/WINNT/REGEDIT.EXE -s C:/WINNT/system.reg
O4 - HKLM\..\RunServices: [lar] C:\WINNT\system32\llass.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {11111111-1111-1111-1111-113300000000} -
mhtml:C:\\NO_SUCH_MHT.MHT!http://216.240.137.40/g1.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O18 - Protocol hijack: mhtml -
Sempre dalla provvisoria cerca ed elimina
C:\WINNT\system32\llass.exe <==il file
Sempre dalla provvisoria apri CWShredder e clicca su Fix
Ora verifica se C:/WINNT/system.reg<=== il file è ancora presente.
Riavvia e posta un nuovo log di HJT
llass.exe lho tolto, ma il discorso di CWShredder no l'ho capito, cos'è un altro programma?
Comunque il log nuovo è questo:
Logfile of HijackThis v1.98.2
Scan saved at 11.29.53, on 27/08/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Programmi\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Foxmail\Foxmail.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Winamp\winamp.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Downloads\- Software\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=hom e
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Programmi\FreshDevices\FreshDownload\fdcatch.dl l
O2 - BHO: (no name) - {8085E374-ACBB-42F9-873F-49EC7E244F97} - C:\WINNT\system32\reeoea.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [Speed racer] C:\Programmi\Creative\SBLive2k\PlayCenter\CTSRReg. exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lar] C:\WINNT\system32\llass.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [SystemSearch] C:/WINNT/REGEDIT.EXE -s C:/WINNT/system.reg
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Programmi\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: LG Sync Manager.lnk = C:\Programmi\LG PC Suite\LG Sync\LGSyncManager.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {11111111-1111-1111-1111-113300000000} - mhtml:C:\\NO_SUCH_MHT.MHT!http://216.240.137.40/g1.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5D589287-1496-4223-AE64-65FA078B5EAB} (Server Class) - http://www.vrmedia.it/eXtremeVR/XVRPlayer.cab
O16 - DPF: {AEFD32B6-4815-11D2-98E4-00C04FCEFE77} (SnCAX Class) - http://www.telepuntonet.com/SnC/AutoSetup/SnC.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD9E91A9-9662-4FEA-8E71-B62A8AA63E88}: NameServer = 195.43.182.8,195.43.182.11,151.99.125.0
O18 - Protocol hijack: mhtml -
Grazie
[Sorridi domani sarà peggio]
anche a me era capitato, e dopo aver provato vari antivirus, ho risolto usando 'ad-aware' e 'BPS Spyware Remover'...
il secondo è shareware e dopo 15 0 30 giorbni scade, ******** messaggio modificato ********* ciau
Evitiamo di scrivere cose del genere, grazie!
Grazie.
Con Bps ho risolto finalmente.
[Sorridi domani sarà peggio]
******** messaggio modificato ********* ciau
Evitiamo di scrivere cose del genere, grazie! [/QUOTE]
sorry..hai pienamente ragione :P
Permessi di invio
Rispondi quotando