avvisi di protezione

katodb · 27-04-2005, 22.16.02

Mentre sono su internet compare un triangolino giallo accanto l'orologio seguito da questa finestra:

Ho eseguito bit defender con questo risultato:
Inoltre ho eseguito anche vari pulitori (ad aware, spybot, microsoft antispyware, malware scanner che ha trovato diversi files infetti ma non li ha rimossi perchè ho la versione prova)senza eliminare i messaggi improvvisi.
domanda: cosa devo fare visto che mi si aprono finestre "on line dating" , "casino on line" e varie?

Statistics

Scan path : C:\
Folders : 3321
Files : 422974
Archives : 7018
Packed files : 37633
Identified viruses : 7
Infected files : 49
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 1
Copied files : 0
Moved files : 34
Renamed files : 0
I/O errors : 21
Scan time : 02:26:39
Scan speed (files/sec) : 48

Virus definitions : 36879333
Scan plugins : 13
Archive plugins : 38
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\Documents and Settings\Dario\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\UXGRMDA1\italy[1].htm Infected Exploit.Html.Codebase.Exec.Gen
C:\Documents and Settings\Dario\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\UXGRMDA1\italy[1].htm Disinfection failed
C:\Documents and Settings\Dario\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\UXGRMDA1\italy[1].htm Moved
C:\Documents and Settings\Dario\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\UXGRMDA1\ied_s7[1].chm=>/ied_s7.htm Infected Exploit.ADODB.Stream.Gen
C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\YXV8PCFE\italy2[1].htm Disinfection failed
C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\YXV8PCFE\italy2[1].htm Moved
C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\YXV8PCFE\input[1].php=>(gzip) Infected JS.DragDrop.A
C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\YXV8PCFE\q[1].chm=>/file.exe Infected BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\YXV8PCFE\q[1].chm=>/file.exe Disinfection failed
C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\G5AJ81U3\italy[1].htm Disinfection failed
C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\GTEZC1QV\gamesnp[1].htm Disinfection failed
C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\GTEZC1QV\gamesnp[1].htm Moved
C:\Documents and Settings\Dario\Impostazioni locali\Dati applicazioni\Identities\{477F6084-61AC-4BFC-90A2-897D880E08E3}\Microsoft\Outlook Express\Davide.dbx=>(message 6)=>[Subject: XBOX emulator][Date: Thu, 02 Jan 2003 17:33:25 +0000]=>(MIME part)=>xbox-emu.ace=>xbox_emulator.0.34.exe Infected Trojan.XEmu.A
C:\Programmi\ESET\infected\VO0AI3AA.NQF=>(Quaranti ne-PE) Infected Trojan.Downloader.Agent.IG
C:\Programmi\ESET\infected\VO0AI3AA.NQF=>(Quaranti ne-PE) Disinfection failed
C:\Programmi\ESET\infected\VO0AI3AA.NQF Moved

Gianluchetto · 27-04-2005, 22.38.06

Mah, vedo che molti file infetti sono nei file temporanei internet e nella posta... prima di tutto cancellali, poi rifai la scansione col tuo antivirus aggiornato. Se hai Xp dai anche un'occhiata qui per sicurezza

katodb · 28-04-2005, 20.07.59

altro avviso. Intanto il computer comincia a diventare lento nell'apertura delle finestre. C'è per caso qualche servizio di xp abilitato che posso togliere? ...la messaggistica è disabilitata

katodb · 28-04-2005, 23.25.39

Ciao, il log di hijackthis. I primi files che prima non c'erano ritornano sempre anche dopo averli cancellati:

Logfile of HijackThis v1.94.0
Scan saved at 23.23.39, on 28/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.ansa.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.qfind.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.qfind.net/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.qfind.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.qfind.net/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_1.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_1.dll (file missing)
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Cerca con &Google - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1100619703520
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

Grazie per qualsiasi aiuto

Bico Bico · 29-04-2005, 00.48.07

devi avere un bel pò di spyware. intanto prova a ripulire il sistema con i seguenti programmi antispyware:

Ad-aware
SpyBot S&D
Microsoft Windows Antispyware (beta)

poi penseremo al log di Hijack This

crazy.cat · 29-04-2005, 08.02.02

Devi usare anche il Lspfix.exe
http://www.cexx.org/lspfix.htm

per rimuovere tutte queste righe
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
e le dll collegate, praticamente devi tenere solo le dll che vedi nella finestra a sinistra, le altre le passi a destra e le elimini.

Nel log ti mancano tutte le righe 04 che indicano i programmi attivi nel tuo pc, e la cosa Ã¨ molto sospetta.

Usa anche una versione di hijackthis piÃ¹ nuova, e dopo qualche pulizia riproponi qui il log
http://www.merijn.org/files/hijackthis.zip

katodb · 29-04-2005, 18.41.56

in attesa di usare lspfix, ho più volte ripulito con gli antispyware suggrito da bico bico ma questo non risolve il problema perchè c'è qualcosa che poi rigenera tutto......più tardi posto i risultati dopo le nuove pulizie

grazie

Giorgius · 30-04-2005, 08.48.12

Elimina Emule, il "magazzino" dei Trojan Virus "integrati" nei files.

katodb · 30-04-2005, 14.11.02

Quota:

Originariamente inviato da Giorgius
Elimina Emule, il "magazzino" dei Trojan Virus "integrati" nei files.

uso e-mule da molto tempo e tutto quello che prelevo lo passo al controllo di svariati programmi. Non ho mai avuto i problemi di questi giorni e il mulo lo uso da molto tempo. Ma pensate che si possano attivare connessioni diverse da quella di alice adsl che su per adesso a costi più alti e a me sconosciuti.

Intanto ecco il log di HijackThis dopo i vostri consigli

Logfile of HijackThis v1.99.1
Scan saved at 14.06.03, on 30/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\System32\msole32.exe
C:\Utilities\Aldo Mod\emule.exe
C:\Documents and Settings\Dario\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ansa.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_1.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_1.dll (file missing)
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Cerca con &Google - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1100619703520
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41248073-5650-477F-898B-55A71A5D8F4A}: NameServer = 80.21.193.22 151.99.125.1
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dl l
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programmi\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe

grazie

Bico Bico · 30-04-2005, 15.04.11

allora, devi eliminare:

C:\WINDOWS\System32\msole32.exe - probabilmente è un worm: http://www.virus-buster.com/en/virus...tions/sambud.n

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/

R3 - Default URLSearchHook is missing

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

poi volendo ci sarebbero tutti i vari ricordini lasciati in giro dalle scansioni online:

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

infine c'è anche questo servizio relativo all'iPod. non possedendone uno non so dirti con certezza se si può eliminare o meno:

O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)

katodb · 01-05-2005, 02.54.11

ok fatto, ti dirò come va

katodb · 02-05-2005, 18.29.15

adesso sembra tutto a posto, ho eliminato il file msole32.exe e rilanciato i vari pulitori....è rimasta solo una generale lentezza di internet explorer. Forse ho da chiudere qualche applicazione di troppo
(quel file relativo all'iPod non riesco a rimuoverlo con HijackThis, perchè rispunta sempre)

Logfile of HijackThis v1.99.1
Scan saved at 18.30.01, on 02/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Softwin\BitDefender8\vsserv.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dario\Desktop\pulitori periodici\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ansa.it/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_1.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_1.dll (file missing)
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Cerca con &Google - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{41248073-5650-477F-898B-55A71A5D8F4A}: NameServer = 80.21.193.22 151.99.125.1
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dl l
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programmi\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe

27-04-2005, 22.16.02	#1
katodb Senior Member Registrato: 12-10-2002 Loc.: Palermo Messaggi: 312	avvisi di protezione Mentre sono su internet compare un triangolino giallo accanto l'orologio seguito da questa finestra: Ho eseguito bit defender con questo risultato: Inoltre ho eseguito anche vari pulitori (ad aware, spybot, microsoft antispyware, malware scanner che ha trovato diversi files infetti ma non li ha rimossi perchè ho la versione prova)senza eliminare i messaggi improvvisi. domanda: cosa devo fare visto che mi si aprono finestre "on line dating" , "casino on line" e varie? Statistics Scan path : C:\ Folders : 3321 Files : 422974 Archives : 7018 Packed files : 37633 Identified viruses : 7 Infected files : 49 Warnings : 0 Suspect files : 0 Disinfected files : 0 Deleted files : 1 Copied files : 0 Moved files : 34 Renamed files : 0 I/O errors : 21 Scan time : 02:26:39 Scan speed (files/sec) : 48 Virus definitions : 36879333 Scan plugins : 13 Archive plugins : 38 Unpack plugins : 4 Mail plugins : 6 System plugins : 1 Scan options Detection [X] Scan boot sectors [X] Scan archives [X] Scan packed files [X] Scan email File mask [ ] Programs [X] All files [ ] User defined extensions: [ ] Exclude extensions: ; Action Infected objects [ ] Ignore [X] Disinfect [ ] Delete [ ] Copy to quarantine [ ] Move to quarantine [ ] Rename [ ] Prompt user Second action [ ] Ignore [ ] Delete [ ] Copy to quarantine [X] Move to quarantine [ ] Rename [ ] Prompt user Scan options [X] Enable warnings [X] Enable heuristics [ ] Show all files in log [X] Report file: vscan.log [ ] Append to existing report Summary: C:\Documents and Settings\Dario\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\UXGRMDA1\italy[1].htm Infected Exploit.Html.Codebase.Exec.Gen C:\Documents and Settings\Dario\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\UXGRMDA1\italy[1].htm Disinfection failed C:\Documents and Settings\Dario\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\UXGRMDA1\italy[1].htm Moved C:\Documents and Settings\Dario\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\UXGRMDA1\ied_s7[1].chm=>/ied_s7.htm Infected Exploit.ADODB.Stream.Gen C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\YXV8PCFE\italy2[1].htm Disinfection failed C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\YXV8PCFE\italy2[1].htm Moved C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\YXV8PCFE\input[1].php=>(gzip) Infected JS.DragDrop.A C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\YXV8PCFE\q[1].chm=>/file.exe Infected BehavesLike:Win32.ExplorerHijack C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\YXV8PCFE\q[1].chm=>/file.exe Disinfection failed C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\G5AJ81U3\italy[1].htm Disinfection failed C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\GTEZC1QV\gamesnp[1].htm Disinfection failed C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\GTEZC1QV\gamesnp[1].htm Moved C:\Documents and Settings\Dario\Impostazioni locali\Dati applicazioni\Identities\{477F6084-61AC-4BFC-90A2-897D880E08E3}\Microsoft\Outlook Express\Davide.dbx=>(message 6)=>[Subject: XBOX emulator][Date: Thu, 02 Jan 2003 17:33:25 +0000]=>(MIME part)=>xbox-emu.ace=>xbox_emulator.0.34.exe Infected Trojan.XEmu.A C:\Programmi\ESET\infected\VO0AI3AA.NQF=>(Quaranti ne-PE) Infected Trojan.Downloader.Agent.IG C:\Programmi\ESET\infected\VO0AI3AA.NQF=>(Quaranti ne-PE) Disinfection failed C:\Programmi\ESET\infected\VO0AI3AA.NQF Moved Ultima modifica di katodb : 28-04-2005 alle ore 20.11.29

27-04-2005, 22.38.06	#2
Gianluchetto Hero Member Registrato: 04-11-2004 Loc.: Seveso Beach Messaggi: 576	Mah, vedo che molti file infetti sono nei file temporanei internet e nella posta... prima di tutto cancellali, poi rifai la scansione col tuo antivirus aggiornato. Se hai Xp dai anche un'occhiata qui per sicurezza ___________________________________ This post is a natural product made from recycled electrons. The slight variations in spelling, grammar and punctuation enhance its individual character and individuality and are in no way to be considered flaws or defects.

29-04-2005, 00.48.07	#5
Bico Bico Images And Words Registrato: 15-12-2002 Loc.: Roma Messaggi: 2.362	devi avere un bel pò di spyware. intanto prova a ripulire il sistema con i seguenti programmi antispyware: Ad-aware SpyBot S&D Microsoft Windows Antispyware (beta) poi penseremo al log di Hijack This ___________________________________ Step after step we try controlling our fate, when we finally start living it's become too late. Trapped inside this Octavarium! ..:: La configurazione del mio PC ::.. \| powered by Athlon 64 Ultima modifica di Bico Bico : 29-04-2005 alle ore 19.14.07

29-04-2005, 08.02.02	#6
crazy.cat Gold Member Top Poster Registrato: 20-08-2002 Loc.: Mestre Messaggi: 3.563	Devi usare anche il Lspfix.exe http://www.cexx.org/lspfix.htm per rimuovere tutte queste righe O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll e le dll collegate, praticamente devi tenere solo le dll che vedi nella finestra a sinistra, le altre le passi a destra e le elimini. Nel log ti mancano tutte le righe 04 che indicano i programmi attivi nel tuo pc, e la cosa Ã¨ molto sospetta. Usa anche una versione di hijackthis piÃ¹ nuova, e dopo qualche pulizia riproponi qui il log http://www.merijn.org/files/hijackthis.zip ___________________________________ Solo gli operai sanno quanto vale il tempo; se lo fanno sempre pagare.

30-04-2005, 15.04.11	#10
Bico Bico Images And Words Registrato: 15-12-2002 Loc.: Roma Messaggi: 2.362	allora, devi eliminare: C:\WINDOWS\System32\msole32.exe - probabilmente è un worm: http://www.virus-buster.com/en/virus...tions/sambud.n R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/ R3 - Default URLSearchHook is missing O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) poi volendo ci sarebbero tutti i vari ricordini lasciati in giro dalle scansioni online: O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab infine c'è anche questo servizio relativo all'iPod. non possedendone uno non so dirti con certezza se si può eliminare o meno: O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing) ___________________________________ Step after step we try controlling our fate, when we finally start living it's become too late. Trapped inside this Octavarium! ..:: La configurazione del mio PC ::.. \| powered by Athlon 64

28-04-2005, 20.07.59	#3
katodb Senior Member Registrato: 12-10-2002 Loc.: Palermo Messaggi: 312	altro avviso. Intanto il computer comincia a diventare lento nell'apertura delle finestre. C'è per caso qualche servizio di xp abilitato che posso togliere? ...la messaggistica è disabilitata

28-04-2005, 23.25.39	#4
katodb Senior Member Registrato: 12-10-2002 Loc.: Palermo Messaggi: 312	Ciao, il log di hijackthis. I primi files che prima non c'erano ritornano sempre anche dopo averli cancellati: Logfile of HijackThis v1.94.0 Scan saved at 23.23.39, on 28/04/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.ansa.it/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.qfind.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.qfind.net/search.php?qq=%s R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.qfind.net/search.php?qq=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.qfind.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.qfind.net/ R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_1.dll (file missing) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Security\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_1.dll (file missing) O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Cerca con &Google - C:\WINDOWS\WEB\selsearch.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1100619703520 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get.../ultrashim.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab Grazie per qualsiasi aiuto

29-04-2005, 18.41.56	#7
katodb Senior Member Registrato: 12-10-2002 Loc.: Palermo Messaggi: 312	in attesa di usare lspfix, ho più volte ripulito con gli antispyware suggrito da bico bico ma questo non risolve il problema perchè c'è qualcosa che poi rigenera tutto......più tardi posto i risultati dopo le nuove pulizie grazie

30-04-2005, 08.48.12	#8
Giorgius Gold Member Top Poster Registrato: 26-08-2000 Loc.: tokyo city Messaggi: 8.374	Elimina Emule, il "magazzino" dei Trojan Virus "integrati" nei files.

01-05-2005, 02.54.11	#11
katodb Senior Member Registrato: 12-10-2002 Loc.: Palermo Messaggi: 312	ok fatto, ti dirò come va

02-05-2005, 18.29.15	#12
katodb Senior Member Registrato: 12-10-2002 Loc.: Palermo Messaggi: 312	adesso sembra tutto a posto, ho eliminato il file msole32.exe e rilanciato i vari pulitori....è rimasta solo una generale lentezza di internet explorer. Forse ho da chiudere qualche applicazione di troppo (quel file relativo all'iPod non riesco a rimuoverlo con HijackThis, perchè rispunta sempre) Logfile of HijackThis v1.99.1 Scan saved at 18.30.01, on 02/05/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programmi\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Softwin\BitDefender8\vsserv.exe C:\Programmi\Outlook Express\msimn.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Documents and Settings\Dario\Desktop\pulitori periodici\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ansa.it/ O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_1.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Security\SPYBOT~1\SDHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_1.dll (file missing) O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Cerca con &Google - C:\WINDOWS\WEB\selsearch.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{41248073-5650-477F-898B-55A71A5D8F4A}: NameServer = 80.21.193.22 151.99.125.1 O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dl l O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programmi\Softwin\BitDefender8\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe

Utenti attualmente attivi che stanno leggendo questa discussione: 1 (0 utenti e 1 ospiti)

Strumenti discussione
Visualizza versione stampabile Invia questa pagina via e-mail

Discussioni simili
Discussione	Autore discussione	Forum	Risposte	Ultimo messaggio
Come eliminare certi avvisi di protezione ?	Dreamax65	Windows 7/Vista/XP/ 2003	5	04-03-2009 17.05.48
hotmail .it e avvisi protezione	Papillon56	Internet e Reti locali	4	04-03-2008 01.47.24
Avvisi di protezione	MARIOKING	Windows 7/Vista/XP/ 2003	3	04-02-2007 13.32.20
Avvisi di protezione windows + info sul search	helen	Windows 7/Vista/XP/ 2003	3	23-05-2005 09.07.05
Disattivare gli avvisi di protezione di XP SP2	fireball	Windows 7/Vista/XP/ 2003	5	28-10-2004 20.56.19