Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

maschera ke si apre quando cerco qualcosa con google. virus?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Postdi vero78 » 07/10/06 11:52

ho visto che, comunque, il file quzf (verde) è relativo ad un programma per ms-dos che si è scaricato da solo stanotte mentre procedevo con prevx. lo devo cancellare?
vero78
Utente Junior
 
Post: 60
Iscritto il: 03/10/06 14:54

Sponsor
 

Postdi vero78 » 07/10/06 12:10

e ho visto anche che su C ho dei file come zip, ua^cvdqd, dhbnothv...che sono e devo fare?
vero78
Utente Junior
 
Post: 60
Iscritto il: 03/10/06 14:54

Postdi holifay » 07/10/06 18:06

credo che i file zip siano i backup di avenger, per qualche motivo non ha finito il lavoro spostandoli in C:/avenger.

Vedi anche questa voce?

O4 - HKLM\..\Run: [sbclbeyj] C:\ua^cvdqd.bat

Cerca il file ua^cvdqd.bat in C e aprilo trascinandolo nel blocco note, oppure ci clicchi sopra con il tasto destro e selezioni "modifica". Poi copia ed incolla il contenuto qui. Dovrebbe essere di avenger. Se non lo trovi, elimina comunque anche questa voce dal log di HijackThis.

Io ti consiglierei anche una scansione online con Panda. Al termine clicca "see report", salvalo ed incolla il contenuto qui. http://www.pandasoftware.com/activescan/

Il resto del log è a posto. Mi raccomando di abilitare il firewall di windows, oppure di installarne uno free, come Kerio, Zone Alarm, Outpost...

Un'altra cosa che puoi fare è quella di aggiornare java (dal pannello di controllo) e di cancellare tutti i suoi file temporanei.

Installa anche queste patch per evitare di infettarti di nuovo con linkoptimizer: http://www.symantec.com/security_respon ... 99&tabid=2

Ciao :)
Pensi di avere un file infetto? Invialo a SuspectFile
holifay
Utente Junior
 
Post: 37
Iscritto il: 02/10/06 23:12

Postdi vero78 » 09/10/06 16:30

ho fatto tutto quello che mi hai detto. posto i log di panda e l'ultimo di hijackthis, sperando di aver finito!!! :-? :undecided:

Incident Status Location

Spyware:spyware/media-motor Not disinfected c:\windows\unstall.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\VERONICA\Cookies\veronica@ad.yieldmanager[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\VERONICA\Cookies\veronica@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\VERONICA\Cookies\veronica@as1.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\VERONICA\Cookies\veronica@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\VERONICA\Cookies\veronica@bluestreak[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\VERONICA\Cookies\veronica@c.enhance[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\VERONICA\Cookies\veronica@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\VERONICA\Cookies\veronica@cgi-bin[6].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\VERONICA\Cookies\veronica@doubleclick[2].txt
Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\VERONICA\Cookies\veronica@ilead.itrack[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\VERONICA\Cookies\veronica@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\VERONICA\Cookies\veronica@overture[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\VERONICA\Cookies\veronica@statcounter[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\VERONICA\Cookies\veronica@tradedoubler[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\VERONICA\Cookies\veronica@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\VERONICA\Cookies\veronica@xmts[2].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\VERONICA\Cookies\veronica@yadro[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\VERONICA\Dati applicazioni\Netscape\NSB\Profiles\amgpldfr.default\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\VERONICA\Dati applicazioni\Netscape\NSB\Profiles\amgpldfr.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\VERONICA\Dati applicazioni\Netscape\NSB\Profiles\amgpldfr.default\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\VERONICA\Dati applicazioni\Netscape\NSB\Profiles\amgpldfr.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\VERONICA\Dati applicazioni\Netscape\NSB\Profiles\amgpldfr.default\cookies.txt[.com.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\VERONICA\Dati applicazioni\Netscape\NSB\Profiles\amgpldfr.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\VERONICA\Dati applicazioni\Netscape\NSB\Profiles\amgpldfr.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\VERONICA\Dati applicazioni\Netscape\NSB\Profiles\amgpldfr.default\cookies.txt[.statse.webtrendslive.com/dcsrcbv8cf9xjyolo5f0sos1s_4m6i]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\VERONICA\Dati applicazioni\Netscape\NSB\Profiles\amgpldfr.default\cookies.txt[.atwola.com/]


Logfile of HijackThis v1.99.1
Scan saved at 17.27.52, on 09/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\VERONICA\Impostazioni locali\Temp\wz4c56\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Programmi\Agnitum\Outpost Firewall\outpost.exe" /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programmi\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9787617859
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EA31295-BF5A-41F7-930F-E6C836798D70}: NameServer = 213.205.32.70,213.205.36.70
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

GRAZIE!!!
vero78
Utente Junior
 
Post: 60
Iscritto il: 03/10/06 14:54

Postdi holifay » 09/10/06 16:41

Ti manca solo di cancellare questo file c:\\windows\\unstall.exe e poi di installare il Service Pack2 ;)

Ciao!
Pensi di avere un file infetto? Invialo a SuspectFile
holifay
Utente Junior
 
Post: 37
Iscritto il: 02/10/06 23:12

Postdi vero78 » 09/10/06 19:44

GRAZIE!! MA COME SI INSTALLA IL SERVICE PACK 32?
vero78
Utente Junior
 
Post: 60
Iscritto il: 03/10/06 14:54

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "maschera ke si apre quando cerco qualcosa con google. virus?":


Chi c’è in linea

Visitano il forum: Nessuno e 11 ospiti