Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Maledetta toolbar Azesearch

Maledetta toolbar Azesearch Opzioni
Topic Precedente · Topic Sucessivo
lumauro
Inviato: Wednesday, March 16, 2005 10:27:59 PM

Rank: Member

Iscritto dal : 12/27/2004
Posts: 19
Per colpa di un amico che mi ha fatto scaricare un file sbagliato, mi si è installata questa maledetta toolbar Azesearch.
Come accidenti devo fare per eliminarla?
Grazie e scusate.
Torna in alto
 
Sponsor
Inviato: Wednesday, March 16, 2005 10:27:59 PM

 
Torna in alto
 
lumauro
Inviato: Wednesday, March 16, 2005 10:42:49 PM

Rank: Member

Iscritto dal : 12/27/2004
Posts: 19
Questo è il mio hijack:

Logfile of HijackThis v1.99.0
Scan saved at 22.43.07, on 16/03/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\WINNT\System32\svchost.exe
f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
F:\WINNT\system32\regsvc.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\system32\stisvc.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
F:\WINNT\system32\GSICON.EXE
F:\WINNT\system32\dslagent.exe
F:\Programmi\ScanSoft\OmniPageSE\opware32.exe
F:\WINNT\system32\internat.exe
F:\Programmi\Grisoft\AVG Free\avgcc.exe
F:\Programmi\MemTurbo\MemTurbo.exe
F:\WINNT\System32\svchost.exe
F:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
F:\WINNT\system32\ZoneLabs\vsmon.exe
F:\Programmi\Internet Explorer\IEXPLORE.EXE
F:\Programmi\Outlook Express\msimn.exe
F:\WINNT\explorer.exe
F:\Programmi\Internet Explorer\IEXPLORE.EXE
F:\Antivirus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=F:\WINNT\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - F:\WINNT\system32\azesearch.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - F:\WINNT\system32\azesearch.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] sys.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Omnipage] F:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] F:\WINNT\system32\msconfig.exe /auto
O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\RunServices: [There is God?] Recycled.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] sys.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] sys.exe
O4 - Startup: MemTurbo.lnk = F:\Programmi\MemTurbo\MemTurbo.exe
O4 - Global Startup: AVG Free Control Center.lnk = F:\Programmi\Grisoft\AVG Free\avgcc.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azesearch.com/install/azesearch.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4438/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFF65CD4-36F6-4CF8-9E9E-3485BB56F26C}: NameServer = 85.37.17.11 151.99.125.1
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com McShield - Unknown - f:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - F:\WINNT\system32\ZoneLabs\vsmon.exe
Torna in alto
 
alfonso
Inviato: Wednesday, March 16, 2005 11:44:46 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - F:\WINNT\system32\azesearch.ocx
-
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Programmi\Canon\Easy-WebPrint\Toolband.dll
-
O3 - Toolbar: (no name) - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - F:\WINNT\system32\azesearch.ocx
-
O4 - HKLM\..\Run: [Sygate Personal Firewall] sys.exe
-
O4 - HKLM\..\RunServices: [There is God?] Recycled.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] sys.exe
-
O4 - HKCU\..\Run: [Sygate Personal Firewall] sys.exe
-
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azesearch.com/install/azesearch.cab
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
azesearch.ocx
Toolband.dll
sys.exe
Recycled.exe
==================================

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus.
Collaboratore Aiutamici
Torna in alto
 
lumauro
Inviato: Thursday, March 17, 2005 12:53:36 AM

Rank: Member

Iscritto dal : 12/27/2004
Posts: 19
Grazie. E' notte ma lo faccio lo stesso.
Non tocco, però, il toolbar di Easy-Print che dovrebbe essere un programma allegato alla mia nuova stampante Canon a getto d'inchiostro.
Almeno spero... :-)
Torna in alto
 
alfonso
Inviato: Thursday, March 17, 2005 11:07:20 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Rimuovi anche Toolband.dll, si tratta di un virus, elimina solo quello che ti ho indicato.

Poi rimetti il log aggiornato.
Collaboratore Aiutamici
Torna in alto
 
lumauro
Inviato: Thursday, March 17, 2005 9:59:29 PM

Rank: Member

Iscritto dal : 12/27/2004
Posts: 19
Eccomi qua. Credo di aver rimosso tutto, compreso il toolband. Grazie, Alfonso. Ti incollo il log con preghiera di confermarmi che è a posto.

Logfile of HijackThis v1.99.0
Scan saved at 21.59.36, on 17/03/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\WINNT\System32\svchost.exe
f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
F:\WINNT\system32\regsvc.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\system32\stisvc.exe
F:\WINNT\system32\ZoneLabs\vsmon.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
F:\WINNT\System32\svchost.exe
F:\WINNT\Explorer.EXE
F:\WINNT\system32\GSICON.EXE
F:\WINNT\system32\dslagent.exe
F:\Programmi\ScanSoft\OmniPageSE\opware32.exe
F:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
F:\WINNT\system32\internat.exe
F:\Programmi\Grisoft\AVG Free\avgcc.exe
F:\Programmi\MemTurbo\MemTurbo.exe
F:\Antivirus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=F:\WINNT\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Omnipage] F:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] F:\WINNT\system32\msconfig.exe /auto
O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: MemTurbo.lnk = F:\Programmi\MemTurbo\MemTurbo.exe
O4 - Global Startup: AVG Free Control Center.lnk = F:\Programmi\Grisoft\AVG Free\avgcc.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://F:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4438/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFF65CD4-36F6-4CF8-9E9E-3485BB56F26C}: NameServer = 85.37.17.11 151.99.125.1
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com McShield - Unknown - f:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - F:\WINNT\system32\ZoneLabs\vsmon.exe
Torna in alto
 
alfonso
Inviato: Friday, March 18, 2005 9:55:01 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ok il log e pulito.
Collaboratore Aiutamici
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Maledetta toolbar Azesearch


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.