minore di capitale

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware e sicurezza
Reload this Page

Malware Removal - Aiuto

Registrati Sito Spy Elenco membri Donazione Ricerca Today's Posts Mark Forums Read Regole Forum

Register


 Default 

Malware Removal - Aiuto




Reply
Pagina 1 di 3 1 23
 
Thread Tools
  #1  
Old 8. Aprile 2008, 06:55
Membro Gruppo
  
Default Malware Removal - Aiuto

Abbiamo fatto tutti i passi fino a Java. scaricato, ma ha dichiarato: "Impossibile verificare l'autenticità ...... l'installazione e funzionamento di questo codice non è consentito." Si prega di avvisare.
  #2  
Old 8. Aprile 2008, 07:36
Moderatore del Gruppo
  
Default Malware Removal - Aiuto

Vai a Start> Pannello di controllo e aprire il pannello di controllo Java trovato lì. Usa la possibilità di aggiornamento e vedere se funziona.
__________________
  #3  
Old 8. Aprile 2008, 08:38
Membro Gruppo
  
Default Malware Removal - Aiuto

Citazione:
Originalmente inviato da evilfantasy View Post
Vai a Start> Pannello di controllo e aprire il pannello di controllo Java trovato lì. Usa la possibilità di aggiornamento e vedere se funziona.
Non vi è alcuna opzione di aggiornamento di Java esiste.
  #4  
Old 8. Aprile 2008, 08:39
Moderatore del Gruppo
  
Default Malware Removal - Aiuto

Provate a scaricarlo da qui www.java.com

Se non funziona poi passare alla fase successiva e ci occuperemo di un momento successivo.
__________________
  #5  
Old 8. Aprile 2008, 09:34
Gruppo Donatori
  
Default Malware Removal - Aiuto

Ci dovrebbe essere una icona Java Scommetto vostra nella categoria vista al tuo sguardo in alto a sinistra e "Passa alla visualizzazione classica" e si vedrà l'icona di un'applicazione Java.

Attached Anteprima
Malware Removal - Help-category.jpg   Malware Removal - Help-java.jpg  
  #6  
Old 8. Aprile 2008, 09:38
Membro Gruppo
  
Default Malware Removal - Aiuto

Abbiamo fatto tutti i passi e ci sono ancora gli stessi problemi

Qui ci sono i log ...

SUPERAntiSpyware Scan Entra
http://www.superantispyware.com

Generata 04/07/2008 alle 03:41 PM

Versione applicazione: 4.0.1154

Core Regole Database Version: 3432
Trace Regole Database Version: 1424

Tipo di scansione: Scansione completa
Totale Scan Time: 01:38:06

Memoria oggetti scanditi: 626
Memoria minacce rilevate: 4
Registro di oggetti scanditi: 6141
Registro di minacce rilevate: 38
File oggetti scanditi: 101242
File minacce rilevate: 114

Adware.Vundo Variante / Resident
C: \ WINDOWS \ SYSTEM32 \ IIFFGECT.DLL
C: \ WINDOWS \ SYSTEM32 \ IIFFGECT.DLL

Adware.Vundo-Variant/Small-A
C: \ WINDOWS \ SYSTEM32 \ BVJKLPEJ.DLL
C: \ WINDOWS \ SYSTEM32 \ BVJKLPEJ.DLL
HKLM \ Software \ Classes \ CLSID \ (65701471-4c01-4415-a067-51bacdf39b8b)
HKCR \ CLSID \ (65701471-4C01-4415-A067-51BACDF39B8B)
HKCR \ CLSID \ (65701471-4C01-4415-A067-51BACDF39B8B) \ InprocServer32
HKCR \ CLSID \ (65701471-4C01-4415-A067-51BACDF39B8B) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (65701471-4c01-4415-a067-51bacdf39b8b)
C: \ System Volume Information \ (202550A8 _RESTORE-7A33-4BCA-9586-051D24DDBF8F) \ RP26 \ A0001080.DLL
C: \ System Volume Information \ (202550A8 _RESTORE-7A33-4BCA-9586-051D24DDBF8F) \ RP28 \ A0001330.DLL
C: \ System Volume Information \ (202550A8 _RESTORE-7A33-4BCA-9586-051D24DDBF8F) \ RP28 \ A0001331.DLL
C: \ System Volume Information \ (202550A8 _RESTORE-7A33-4BCA-9586-051D24DDBF8F) \ RP28 \ A0001337.DLL
C: \ WINDOWS \ SYSTEM32 \ HXYIXXAO.DLL
C: \ WINDOWS \ SYSTEM32 \ NALJPONC.DLL

Trojan.Downloader-NewJuan/VM
C: \ WINDOWS \ SYSTEM32 \ FUCLNHJD.DLL
C: \ WINDOWS \ SYSTEM32 \ FUCLNHJD.DLL

MyWay Search Assistant Computer
C: \ Program Files \ MYWAYSA \ SRCHASDE \ 1.bin \ DESRCAS.DLL
C: \ Program Files \ MYWAYSA \ SRCHASDE \ 1.bin \ DESRCAS.DLL
HKLM \ Software \ Classes \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75) \ programmabili
HKLM \ Software \ Classes \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ Control
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ MiscStatus
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ MiscStatus \ 1
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ ProgID
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ programmabili
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ TypeLib
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ Version
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ VersionIndependentProgID
HKLM \ Software \ Classes \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75) \ programmabili
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75)
HKU \. DEFAULT \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKU \ S-1-5-21-1376253242-3474823476-3209291414-1006 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKU \ S-1-5-18 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (4D25F926-B9FE-4682-BF72-8AB8210D6D75)

Adware.Vundo-Variante
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (D0CC2EC3-123 ter-4668-8346-A755825F6866)
HKCR \ CLSID \ (D0CC2EC3-123 ter-4668-8346-A755825F6866)
HKCR \ CLSID \ (D0CC2EC3-123 ter-4668-8346-A755825F6866) \ InprocServer32
HKCR \ CLSID \ (D0CC2EC3-123 ter-4668-8346-A755825F6866) \ InprocServer32 # ThreadingModel

Adware.Tracking Cookie
C: \ Documents and Settings \ Dustin \ cookies \ dustin@112.2o7 [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ 2o7 [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@a.websponsors [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ admarketplace [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin AdRevolver @ [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin AdRevolver @ [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ads.addynamix [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ads.pointroll [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ @ Dustin pubblicità [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@as-us.falkag [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ atdmt [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ atwola [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ belnk [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ bfast [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ bizrate [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ burstnet [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@c1.zedo [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ casalemedia [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@dist.belnk [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ @ Dustin doppio [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@e-2dj6wfkykpdzigp.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@e-2dj6wgmyoidjmfo.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@e-2dj6wjkokicpmlo.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@e-2dj6wjkygpczmep.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@e-2dj6wjliahajicp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@e-2dj6wjliwkc5kcp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@e-2dj6wjlockajgho.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@e-2dj6wjlykldpgfo.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@edge.ru4 [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ehg-bestbuy.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ehg-cbot.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ehg-dig.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ehg-gamespot.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ehg-hasbro.hitbox [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ehg-legonewyorkinc.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ehg-sonycomputer.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ fastclick [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ford.112.2o7 [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@hg1.hitbox [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ hitbox [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@icc.intellisrv [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ indextools [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ insightexpressai [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ interclick [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@login.tracking101 [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@media.fastclick [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin Mediaplex @ [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ nextag [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ overture [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@perf.overture [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@pt.crossmediaservic es [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ questionmarket [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin Realmedia @ [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ entrate [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ revsci [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ sys-servizio [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@sonycorporate.122.2 o7 [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ statcounter [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@stats.gamestop [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@statse.webtrendsliv e [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ tacoda [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ tribalfusion [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin VALUECLICK @ [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@www.burstbeacon [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@z1.adserver [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin Zedo @ [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ 2o7 [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ adknowledge [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ admarketplace [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ AdRevolver [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@ads.addynamix [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@ads.pointroll [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ Adtech [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@adv.surinter [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ pubblicità [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ apmebf [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@as-us.falkag [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ atdmt [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ burstnet [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ casalemedia [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ doppio [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@edge.ru4 [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@ehg-legonewyorkinc.hitbox [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@ehg-sonycomputer.hitbox [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ fastclick [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ hitbox [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ insightexpressai [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ interclick [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ Mediaplex [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@pt.crossmediaservices [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ questionmarket [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ Realmedia [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ entrate [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@server.cpmstar [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@stats.gamestop [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@statse.webtrendslive [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ trafficmp [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ tribalfusion [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ VALUECLICK [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ Zedo [2]. Txt



Malwarebytes' Anti-Malware 1,10
Database versione: 598

Tipo di scansione: Scansione completa (C: \ |)
Oggetti scandita: 135868
Tempo trascorso: 59 minuti (s), 20 secondi (s)

Processi di memoria infetti: 0
Moduli di memoria infetti: 2
Chiavi di registro infette: 14
Valori del registro infetti: 2
I dati del Registro di oggetti infetti: 1
Cartelle infette: 0
File infetti: 6

Processi di memoria infetti:
(N. oggetti dannosi individuati)

Moduli di memoria infetti:
C: \ WINDOWS \ SYSTEM32 \ pcpthqbs.dll (Trojan.Vundo) -> Unloaded modulo successo.
C: \ WINDOWS \ SYSTEM32 \ vtUkklLF.dll (Trojan.Vundo) -> Unloaded modulo successo.

Chiavi di registro infette:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (0d204632-0f04-4faa-965c-af04ba91e9aa) (Trojan.Vundo) -> Elimina il riavvio.
HKEY_CLASSES_ROOT \ CLSID \ (0d204632-0f04-4faa-965c-af04ba91e9aa) (Trojan.Vundo) -> Elimina il riavvio.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ aoprndtws (Malware.Trace) -> quarantena ed eliminato con successo.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ jkwslist (Malware.Trace) -> quarantena ed eliminato con successo.
HKEY_CURRENT_USER \ Software \ Microsoft \ aldd (Malware.Trace) -> quarantena ed eliminato con successo.
HKEY_CURRENT_USER \ Software \ Microsoft \ MS Juan (Malware.Trace) -> quarantena ed eliminato con successo.
HKEY_CURRENT_USER \ Software \ Microsoft \ affri (Malware.Trace) -> quarantena ed eliminato con successo.
HKEY_CURRENT_USER \ Software \ Microsoft \ affltid (Malware.Trace) -> quarantena ed eliminato con successo.
HKEY_CURRENT_USER \ Software \ Microsoft \ rdfa (Trojan.Vundo) -> quarantena ed eliminato con successo.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affltid (Malware.Trace) -> quarantena ed eliminato con successo.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affri (Malware.Trace) -> quarantena ed eliminato con successo.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Juan (Trojan.Vundo) -> quarantena ed eliminato con successo.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> quarantena ed eliminato con successo.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> quarantena ed eliminato con successo.

Valori del registro infetti:
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Toolbar \ WebBrowser \ (b7d3e479-cc68-42b5-A338-938ece35f419) (Adware.Softomate) -> quarantena ed eliminato con successo.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ BMf7889183 (Trojan.Agent) -> Elimina il riavvio.

I dati del Registro di oggetti infetti:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Authentication Packages (Trojan.Vundo) -> Data: c: \ windows \ system32 \ vtukkllf -> quarantena ed eliminato con successo.

Cartelle infette:
(N. oggetti dannosi individuati)

I file infetti:
C: \ WINDOWS \ SYSTEM32 \ pcpthqbs.dll (Trojan.Vundo) -> Elimina il riavvio.
C: \ WINDOWS \ SYSTEM32 \ sbqhtpcp.ini (Trojan.Vundo) -> quarantena ed eliminato con successo.
C: \ WINDOWS \ SYSTEM32 \ vtUkklLF.dll (Trojan.Vundo) -> Elimina il riavvio.
C: \ WINDOWS \ SYSTEM32 \ FLlkkUtv.ini (Trojan.Vundo) -> quarantena ed eliminato con successo.
C: \ WINDOWS \ SYSTEM32 \ FLlkkUtv.ini2 (Trojan.Vundo) -> quarantena ed eliminato con successo.
C: \ WINDOWS \ SYSTEM32 \ qwlinvmk.dll (Trojan.Agent) -> Elimina il riavvio.



Logfile di Trend Micro HijackThis v2.0.2
Scan salvato a 11:21:13 AM, il 4/8/2008
Piattaforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Processi in esecuzione:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Program Files \ Common Files \ Symantec Shared \ ccProxy.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Norton Internet Security \ ISSVC.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Program Files \ Sony \ Shared Plug-Ins \ Media Manager \ MSSQL $ SONY_MEDIAMGR \ Binn \ Sqlservr.exe
C: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ navapsvc.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ la CCPD-LC \ symlcsvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe
C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Program Files \ Yahoo! \ Ricerca Protezione \ SearchProtection.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Analog Devices \ Core \ smax4pnp.exe
C: \ Program Files \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnd.exe
C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe
C: \ Program Files \ Intel \ Modem Monitor evento \ IntelMEM.exe
C: \ Program Files \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnf.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb1 0.exe
C: \ Program Files \ Hewlett-Packard \ HP Software Update \ HPWuSchd2.exe
C: \ Program Files \ HP \ hpcoretech \ hpcmpmgr.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Program Files \ Common Files \ LogiShrd \ LComMgr \ Communications_Helper.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Programmi \ LogitechDesktopMessenger. Exe
C: \ Program Files \ Stardock \ ObjectDock \ ObjectDock.exe
C: \ WINDOWS \ msn.com
C: \ Program Files \ Common Files \ Logishrd \ LQCVFX \ COCIManager.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://weather.wcco.com/cgi-bin/find...6251.001.99999
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window Title = Microsoft Internet Explorer fornito da En-Tel Communications, LLC
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn1 \ yt.dll
R3 - URLSearchHook: (no name) - (38E77F06-89FC-44F5-B3AB-11DDEB791947) - C: \ Program Files \ FrontierSH \ SrchHelp \ frSrcAs.dll
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn1 \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin per Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: (no name) - (38E77F01-89FC-44F5-B3AB-11DDEB791947) - C: \ Program Files \ FrontierSH \ SrchHelp \ frSrcAs.dll
O2 - BHO: (31e8cbc1-30d8-bf99-0294-19db1acbcf74) - (47fcbca1-bd91-4920-99fb-8d031cbc8e13) - C: \ WINDOWS \ system32 \ xygpcrbt.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: (no name) - (6A35C34E-EE48-425F-B809-C6D64566FE2A) - C: \ WINDOWS \ system32 \ khfDwuvw.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: (no name) - (8E1BFC0E-8AD2-424D-AC8A-06038481516E) - C: \ WINDOWS \ system32 \ ljJDSihG.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - (9ECB9560-04F9-4bbc-943D-298DDF1699E1) - C: \ Program Files \ Common Files \ Symantec Shared \ AdBlocking \ NISShExt.dll
O2 - BHO: FrontierBA BHO - (A93A3CC1-BA23-4d0d-9440-6A0148362B7E) - C: \ Program Files \ FrontierBA \ BrowserAssistant \ fbabar.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Programmi \ Google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: CNavExtBho Class - (BDF3E430-B101-42AD-A544-FADC6B084872) - C: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: Norton Internet Security - (0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7) - C: \ Program Files \ Common Files \ Symantec Shared \ AdBlocking \ NISShExt.dll
O3 - Toolbar: Norton AntiVirus - (42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) - C: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programmi \ Google \ googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn1 \ yt.dll
O3 - Toolbar: & Frontier Browser Assistente - (A93A3CC9-BA23-4d0d-9440-6A0148362B7E) - C: \ Program Files \ FrontierBA \ BrowserAssistant \ fbabar.dll
O4 - HKLM \ .. \ Run: [YSearchProtection] "C: \ Program Files \ Yahoo! \ Ricerca Protezione \ SearchProtection.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [Symantec NetDriver Monitor] C: \ PROGRA ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / Consumer
O4 - HKLM \ .. \ Run: [SoundMAXPnP] C: \ Program Files \ Analog Devices \ Core \ smax4pnp.exe
O4 - HKLM \ .. \ Run: [Share-to-Web Namespace Daemon] C: \ Program Files \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnd.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe"-start
O4 - HKLM \ .. \ Run: [ISUSPM Startup] C: \ PROGRA ~ 1 \ COMUNE ~ 1 \ strutture ~ 1 \ UPDATE ~ 1 \ ISUSPM.exe-startup
O4 - HKLM \ .. \ Run: [IntelMeM] C: \ Program Files \ Intel \ Modem Monitor evento \ IntelMEM.exe
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb1 0.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ Hewlett-Packard \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [HP Component Manager] "C: \ Program Files \ HP \ hpcoretech \ hpcmpmgr.exe"
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [LogitechCommunicationsManager] "C: \ Program Files \ Common Files \ LogiShrd \ LComMgr \ Communications_Helper.exe"
O4 - HKLM \ .. \ Run: [LogitechQuickCamRibbon] "C: \ Program Files \ Logitech \ QuickCam \ Quickcam.exe" / Nascondi
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Windows Live Messenger] msn.com
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe
O4 - HKLM \ .. \ Run: [BMf7889183] Rundll32.exe "C: \ WINDOWS \ system32 \ vmptfdge.dll", s
O4 - HKLM \ .. \ Run: [f4bba21f] rundll32.exe "C: \ WINDOWS \ system32 \ jmiaxofx.dll", b
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [CTSyncU.exe] "C: \ Program Files \ Creative \ Sync Manager Unicode \ CTSyncU.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = C: \ Program Files \ Stardock \ ObjectDock \ ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Programmi \ LogitechDesktopMessenger. Exe
O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra pulsante: Blog This - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C: \ Program Files \ Windows Live \ Writer \ WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: & blog in Windows Live Writer - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C: \ Program Files \ Windows Live \ Writer \ WriterBrowserExtension.dll
O9 - Extra pulsante: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra pulsante: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL = http://www.en-tel.com
Ø16 - DPF: (02BF25D5-8C17-4B23-BC80-D3488ABDDC6B) (QuickTime Plugin Control) -- http://appldnld.apple.com.edgesuite....x/qtplugin.cab
Ø16 - DPF: (406B5949-7190-4245-91A9-30A17DE16AD0) (Snapfish Activia) -- http://photos.walmart.com/WalmartActivia.cab
Ø16 - DPF: (5F8469B4-B055-49DD-83F7-62B522420ECC) (Facebook Photo Uploader Control) -- http://upload.facebook.com/controls/...toUploader.cab
Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://update.microsoft.com/windowsu...?1120134982093
Ø16 - DPF: (AB86CE53-AC9F-449F-9399-D8ABCA09EC09) (Get_ActiveX Control) -- https: / / h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
Ø16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
Ø16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
Ø16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Flags Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
Ø18 - Protocollo: bwfile-8876480 - (9462A756-7B47-47BC-8C80-C34B9B80B32B) - C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Programmi \ GAPlugProtocol-8876480.dll
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Notify: ljJDSihG - C: \ WINDOWS \ SYSTEM32 \ ljJDSihG.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (CCProxy) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Creative Service per CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: DSBrokerService - Sconosciuto proprietario - C: \ Program Files \ DellSupport \ brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C: \ Programmi \ Norton Internet Security \ ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C: \ Program Files \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Programmi \ Norton Internet Security \ Norton AntiVirus \ navapsvc.exe
O23 - Service: Intel NCS netservice (NETSVC) - Intel (R) Corporation - C: \ Program Files \ Intel \ PROSetWired \ NCS \ Sync \ NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C: \ Programmi \ Norton Internet Security \ Norton AntiVirus \ SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C: \ PROGRA ~ 1 \ COMUNE ~ 1 \ SYMANT ~ 1 \ SCRIPT ~ 1 \ SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ la CCPD-LC \ symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe

--
Fine del file - 15124 bytes
  #7  
Old 8. Aprile 2008, 09:45
Membro Gruppo
  
Default Malware Removal - Aiuto

Abbiamo fatto tutti i passi e che ancora non funziona.


Qui ci sono i log ...


SUPERAntiSpyware Scan Entra
http://www.superantispyware.com

Generata 04/07/2008 alle 03:41 PM

Versione applicazione: 4.0.1154

Core Regole Database Version: 3432
Trace Regole Database Version: 1424

Tipo di scansione: Scansione completa
Totale Scan Time: 01:38:06

Memoria oggetti scanditi: 626
Memoria minacce rilevate: 4
Registro di oggetti scanditi: 6141
Registro di minacce rilevate: 38
File oggetti scanditi: 101242
File minacce rilevate: 114

Adware.Vundo Variante / Resident
C: \ WINDOWS \ SYSTEM32 \ IIFFGECT.DLL
C: \ WINDOWS \ SYSTEM32 \ IIFFGECT.DLL

Adware.Vundo-Variant/Small-A
C: \ WINDOWS \ SYSTEM32 \ BVJKLPEJ.DLL
C: \ WINDOWS \ SYSTEM32 \ BVJKLPEJ.DLL
HKLM \ Software \ Classes \ CLSID \ (65701471-4c01-4415-a067-51bacdf39b8b)
HKCR \ CLSID \ (65701471-4C01-4415-A067-51BACDF39B8B)
HKCR \ CLSID \ (65701471-4C01-4415-A067-51BACDF39B8B) \ InprocServer32
HKCR \ CLSID \ (65701471-4C01-4415-A067-51BACDF39B8B) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (65701471-4c01-4415-a067-51bacdf39b8b)
C: \ System Volume Information \ (202550A8 _RESTORE-7A33-4BCA-9586-051D24DDBF8F) \ RP26 \ A0001080.DLL
C: \ System Volume Information \ (202550A8 _RESTORE-7A33-4BCA-9586-051D24DDBF8F) \ RP28 \ A0001330.DLL
C: \ System Volume Information \ (202550A8 _RESTORE-7A33-4BCA-9586-051D24DDBF8F) \ RP28 \ A0001331.DLL
C: \ System Volume Information \ (202550A8 _RESTORE-7A33-4BCA-9586-051D24DDBF8F) \ RP28 \ A0001337.DLL
C: \ WINDOWS \ SYSTEM32 \ HXYIXXAO.DLL
C: \ WINDOWS \ SYSTEM32 \ NALJPONC.DLL

Trojan.Downloader-NewJuan/VM
C: \ WINDOWS \ SYSTEM32 \ FUCLNHJD.DLL
C: \ WINDOWS \ SYSTEM32 \ FUCLNHJD.DLL

MyWay Search Assistant Computer
C: \ Program Files \ MYWAYSA \ SRCHASDE \ 1.bin \ DESRCAS.DLL
C: \ Program Files \ MYWAYSA \ SRCHASDE \ 1.bin \ DESRCAS.DLL
HKLM \ Software \ Classes \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75) \ programmabili
HKLM \ Software \ Classes \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ Control
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ MiscStatus
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ MiscStatus \ 1
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ ProgID
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ programmabili
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ TypeLib
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ Version
HKCR \ CLSID \ (4D25F924-B9FE-4682-BF72-8AB8210D6D75) \ VersionIndependentProgID
HKLM \ Software \ Classes \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (4D25F926-B9FE-4682-BF72-8AB8210D6D75) \ programmabili
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (4D25F921-B9FE-4682-BF72-8AB8210D6D75)
HKU \. DEFAULT \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKU \ S-1-5-21-1376253242-3474823476-3209291414-1006 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (4D25F926-B9FE-4682-BF72-8AB8210D6D75)
HKU \ S-1-5-18 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (4D25F926-B9FE-4682-BF72-8AB8210D6D75)

Adware.Vundo-Variante
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (D0CC2EC3-123 ter-4668-8346-A755825F6866)
HKCR \ CLSID \ (D0CC2EC3-123 ter-4668-8346-A755825F6866)
HKCR \ CLSID \ (D0CC2EC3-123 ter-4668-8346-A755825F6866) \ InprocServer32
HKCR \ CLSID \ (D0CC2EC3-123 ter-4668-8346-A755825F6866) \ InprocServer32 # ThreadingModel

Adware.Tracking Cookie
C: \ Documents and Settings \ Dustin \ cookies \ dustin@112.2o7 [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ 2o7 [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@a.websponsors [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ admarketplace [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin AdRevolver @ [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin AdRevolver @ [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ads.addynamix [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ads.pointroll [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ @ Dustin pubblicità [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@as-us.falkag [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ atdmt [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ atwola [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ belnk [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ bfast [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ bizrate [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ burstnet [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@c1.zedo [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ casalemedia [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@dist.belnk [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ @ Dustin doppio [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@e-2dj6wfkykpdzigp.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@e-2dj6wgmyoidjmfo.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@e-2dj6wjkokicpmlo.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@e-2dj6wjkygpczmep.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@e-2dj6wjliahajicp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@e-2dj6wjliwkc5kcp.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@e-2dj6wjlockajgho.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@e-2dj6wjlykldpgfo.stats.esomniture [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@edge.ru4 [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ehg-bestbuy.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ehg-cbot.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ehg-dig.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ehg-gamespot.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ehg-hasbro.hitbox [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ehg-legonewyorkinc.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ehg-sonycomputer.hitbox [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ fastclick [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@ford.112.2o7 [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@hg1.hitbox [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ hitbox [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@icc.intellisrv [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ indextools [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ insightexpressai [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ interclick [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@login.tracking101 [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@media.fastclick [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin Mediaplex @ [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ nextag [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ overture [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@perf.overture [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@pt.crossmediaservic es [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ questionmarket [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin Realmedia @ [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ entrate [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ revsci [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ sys-servizio [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@sonycorporate.122.2 o7 [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ statcounter [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@stats.gamestop [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@statse.webtrendsliv e [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ tacoda [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin @ tribalfusion [2]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin VALUECLICK @ [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@www.burstbeacon [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ dustin@z1.adserver [1]. Txt
C: \ Documents and Settings \ Dustin \ cookies \ Dustin Zedo @ [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ 2o7 [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ adknowledge [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ admarketplace [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ AdRevolver [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@ads.addynamix [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@ads.pointroll [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ Adtech [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@adv.surinter [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ pubblicità [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ apmebf [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@as-us.falkag [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ atdmt [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ burstnet [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ casalemedia [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ doppio [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@edge.ru4 [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@ehg-legonewyorkinc.hitbox [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@ehg-sonycomputer.hitbox [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ fastclick [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ hitbox [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ insightexpressai [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ interclick [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ Mediaplex [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@pt.crossmediaservices [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ questionmarket [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ Realmedia [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ entrate [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@server.cpmstar [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@stats.gamestop [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan@statse.webtrendslive [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ trafficmp [1]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ tribalfusion [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ VALUECLICK [2]. Txt
C: \ Documents and Settings \ Dylan \ cookies \ dylan @ Zedo [2]. Txt







Malwarebytes' Anti-Malware 1,10
Database versione: 598

Tipo di scansione: Scansione completa (C: \ |)
Oggetti scandita: 135868
Tempo trascorso: 59 minuti (s), 20 secondi (s)

Processi di memoria infetti: 0
Moduli di memoria infetti: 2
Chiavi di registro infette: 14
Valori del registro infetti: 2
I dati del Registro di oggetti infetti: 1
Cartelle infette: 0
File infetti: 6

Processi di memoria infetti:
(N. oggetti dannosi individuati)

Moduli di memoria infetti:
C: \ WINDOWS \ SYSTEM32 \ pcpthqbs.dll (Trojan.Vundo) -> Unloaded modulo successo.
C: \ WINDOWS \ SYSTEM32 \ vtUkklLF.dll (Trojan.Vundo) -> Unloaded modulo successo.

Chiavi di registro infette:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (0d204632-0f04-4faa-965c-af04ba91e9aa) (Trojan.Vundo) -> Elimina il riavvio.
HKEY_CLASSES_ROOT \ CLSID \ (0d204632-0f04-4faa-965c-af04ba91e9aa) (Trojan.Vundo) -> Elimina il riavvio.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ aoprndtws (Malware.Trace) -> quarantena ed eliminato con successo.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ jkwslist (Malware.Trace) -> quarantena ed eliminato con successo.
HKEY_CURRENT_USER \ Software \ Microsoft \ aldd (Malware.Trace) -> quarantena ed eliminato con successo.
HKEY_CURRENT_USER \ Software \ Microsoft \ MS Juan (Malware.Trace) -> quarantena ed eliminato con successo.
HKEY_CURRENT_USER \ Software \ Microsoft \ affri (Malware.Trace) -> quarantena ed eliminato con successo.
HKEY_CURRENT_USER \ Software \ Microsoft \ affltid (Malware.Trace) -> quarantena ed eliminato con successo.
HKEY_CURRENT_USER \ Software \ Microsoft \ rdfa (Trojan.Vundo) -> quarantena ed eliminato con successo.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affltid (Malware.Trace) -> quarantena ed eliminato con successo.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affri (Malware.Trace) -> quarantena ed eliminato con successo.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Juan (Trojan.Vundo) -> quarantena ed eliminato con successo.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> quarantena ed eliminato con successo.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> quarantena ed eliminato con successo.

Valori del registro infetti:
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Toolbar \ WebBrowser \ (b7d3e479-cc68-42b5-A338-938ece35f419) (Adware.Softomate) -> quarantena ed eliminato con successo.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ BMf7889183 (Trojan.Agent) -> Elimina il riavvio.

I dati del Registro di oggetti infetti:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Authentication Packages (Trojan.Vundo) -> Data: c: \ windows \ system32 \ vtukkllf -> quarantena ed eliminato con successo.

Cartelle infette:
(N. oggetti dannosi individuati)

I file infetti:
C: \ WINDOWS \ SYSTEM32 \ pcpthqbs.dll (Trojan.Vundo) -> Elimina il riavvio.
C: \ WINDOWS \ SYSTEM32 \ sbqhtpcp.ini (Trojan.Vundo) -> quarantena ed eliminato con successo.
C: \ WINDOWS \ SYSTEM32 \ vtUkklLF.dll (Trojan.Vundo) -> Elimina il riavvio.
C: \ WINDOWS \ SYSTEM32 \ FLlkkUtv.ini (Trojan.Vundo) -> quarantena ed eliminato con successo.
C: \ WINDOWS \ SYSTEM32 \ FLlkkUtv.ini2 (Trojan.Vundo) -> quarantena ed eliminato con successo.
C: \ WINDOWS \ SYSTEM32 \ qwlinvmk.dll (Trojan.Agent) -> Elimina il riavvio.








Logfile di Trend Micro HijackThis v2.0.2
Scan salvato a 11:21:13 AM, il 4/8/2008
Piattaforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Processi in esecuzione:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Program Files \ Common Files \ Symantec Shared \ ccProxy.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Norton Internet Security \ ISSVC.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Program Files \ Sony \ Shared Plug-Ins \ Media Manager \ MSSQL $ SONY_MEDIAMGR \ Binn \ Sqlservr.exe
C: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ navapsvc.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ la CCPD-LC \ symlcsvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe
C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Program Files \ Yahoo! \ Ricerca Protezione \ SearchProtection.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Analog Devices \ Core \ smax4pnp.exe
C: \ Program Files \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnd.exe
C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe
C: \ Program Files \ Intel \ Modem Monitor evento \ IntelMEM.exe
C: \ Program Files \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnf.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb1 0.exe
C: \ Program Files \ Hewlett-Packard \ HP Software Update \ HPWuSchd2.exe
C: \ Program Files \ HP \ hpcoretech \ hpcmpmgr.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Program Files \ Common Files \ LogiShrd \ LComMgr \ Communications_Helper.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Programmi \ LogitechDesktopMessenger. Exe
C: \ Program Files \ Stardock \ ObjectDock \ ObjectDock.exe
C: \ WINDOWS \ msn.com
C: \ Program Files \ Common Files \ Logishrd \ LQCVFX \ COCIManager.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://mysearch.myway.com/jsp/frontiersidebar.jsp?p=CI
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://weather.wcco.com/cgi-bin/find...6251.001.99999
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window Title = Microsoft Internet Explorer fornito da En-Tel Communications, LLC
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn1 \ yt.dll
R3 - URLSearchHook: (no name) - (38E77F06-89FC-44F5-B3AB-11DDEB791947) - C: \ Program Files \ FrontierSH \ SrchHelp \ frSrcAs.dll
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn1 \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin per Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: (no name) - (38E77F01-89FC-44F5-B3AB-11DDEB791947) - C: \ Program Files \ FrontierSH \ SrchHelp \ frSrcAs.dll
O2 - BHO: (31e8cbc1-30d8-bf99-0294-19db1acbcf74) - (47fcbca1-bd91-4920-99fb-8d031cbc8e13) - C: \ WINDOWS \ system32 \ xygpcrbt.dll
O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ WINDOWS \ system32 \ dla \ tfswshx.dll
O2 - BHO: (no name) - (6A35C34E-EE48-425F-B809-C6D64566FE2A) - C: \ WINDOWS \ system32 \ khfDwuvw.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: (no name) - (8E1BFC0E-8AD2-424D-AC8A-06038481516E) - C: \ WINDOWS \ system32 \ ljJDSihG.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - (9ECB9560-04F9-4bbc-943D-298DDF1699E1) - C: \ Program Files \ Common Files \ Symantec Shared \ AdBlocking \ NISShExt.dll
O2 - BHO: FrontierBA BHO - (A93A3CC1-BA23-4d0d-9440-6A0148362B7E) - C: \ Program Files \ FrontierBA \ BrowserAssistant \ fbabar.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Programmi \ Google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: CNavExtBho Class - (BDF3E430-B101-42AD-A544-FADC6B084872) - C: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: Norton Internet Security - (0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7) - C: \ Program Files \ Common Files \ Symantec Shared \ AdBlocking \ NISShExt.dll
O3 - Toolbar: Norton AntiVirus - (42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) - C: \ Program Files \ Norton Internet Security \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programmi \ Google \ googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ cpn1 \ yt.dll
O3 - Toolbar: & Frontier Browser Assistente - (A93A3CC9-BA23-4d0d-9440-6A0148362B7E) - C: \ Program Files \ FrontierBA \ BrowserAssistant \ fbabar.dll
O4 - HKLM \ .. \ Run: [YSearchProtection] "C: \ Program Files \ Yahoo! \ Ricerca Protezione \ SearchProtection.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [Symantec NetDriver Monitor] C: \ PROGRA ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / Consumer
O4 - HKLM \ .. \ Run: [SoundMAXPnP] C: \ Program Files \ Analog Devices \ Core \ smax4pnp.exe
O4 - HKLM \ .. \ Run: [Share-to-Web Namespace Daemon] C: \ Program Files \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnd.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe"-start
O4 - HKLM \ .. \ Run: [ISUSPM Startup] C: \ PROGRA ~ 1 \ COMUNE ~ 1 \ strutture ~ 1 \ UPDATE ~ 1 \ ISUSPM.exe-startup
O4 - HKLM \ .. \ Run: [IntelMeM] C: \ Program Files \ Intel \ Modem Monitor evento \ IntelMEM.exe
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb1 0.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ Hewlett-Packard \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [HP Component Manager] "C: \ Program Files \ HP \ hpcoretech \ hpcmpmgr.exe"
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [LogitechCommunicationsManager] "C: \ Program Files \ Common Files \ LogiShrd \ LComMgr \ Communications_Helper.exe"
O4 - HKLM \ .. \ Run: [LogitechQuickCamRibbon] "C: \ Program Files \ Logitech \ QuickCam \ Quickcam.exe" / Nascondi
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Windows Live Messenger] msn.com
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe
O4 - HKLM \ .. \ Run: [BMf7889183] Rundll32.exe "C: \ WINDOWS \ system32 \ vmptfdge.dll", s
O4 - HKLM \ .. \ Run: [f4bba21f] rundll32.exe "C: \ WINDOWS \ system32 \ jmiaxofx.dll", b
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [CTSyncU.exe] "C: \ Program Files \ Creative \ Sync Manager Unicode \ CTSyncU.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - Startup: Stardock ObjectDock.lnk = C: \ Program Files \ Stardock \ ObjectDock \ ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Programmi \ LogitechDesktopMessenger. Exe
O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra pulsante: Blog This - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C: \ Program Files \ Windows Live \ Writer \ WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: & blog in Windows Live Writer - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C: \ Program Files \ Windows Live \ Writer \ WriterBrowserExtension.dll
O9 - Extra pulsante: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra pulsante: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL = http://www.en-tel.com
Ø16 - DPF: (02BF25D5-8C17-4B23-BC80-D3488ABDDC6B) (QuickTime Plugin Control) -- http://appldnld.apple.com.edgesuite....x/qtplugin.cab
Ø16 - DPF: (406B5949-7190-4245-91A9-30A17DE16AD0) (Snapfish Activia) -- http://photos.walmart.com/WalmartActivia.cab
Ø16 - DPF: (5F8469B4-B055-49DD-83F7-62B522420ECC) (Facebook Photo Uploader Control) -- http://upload.facebook.com/controls/...toUploader.cab
Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://update.microsoft.com/windowsu...?1120134982093
Ø16 - DPF: (AB86CE53-AC9F-449F-9399-D8ABCA09EC09) (Get_ActiveX Control) -- https: / / h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
Ø16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
Ø16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
Ø16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Flags Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
Ø18 - Protocollo: bwfile-8876480 - (9462A756-7B47-47BC-8C80-C34B9B80B32B) - C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Programmi \ GAPlugProtocol-8876480.dll
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Notify: ljJDSihG - C: \ WINDOWS \ SYSTEM32 \ ljJDSihG.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (CCProxy) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Creative Service per CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: DSBrokerService - Sconosciuto proprietario - C: \ Program Files \ DellSupport \ brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C: \ Programmi \ Norton Internet Security \ ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C: \ Program Files \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Programmi \ Norton Internet Security \ Norton AntiVirus \ navapsvc.exe
O23 - Service: Intel NCS netservice (NETSVC) - Intel (R) Corporation - C: \ Program Files \ Intel \ PROSetWired \ NCS \ Sync \ NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C: \ Programmi \ Norton Internet Security \ Norton AntiVirus \ SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C: \ PROGRA ~ 1 \ COMUNE ~ 1 \ SYMANT ~ 1 \ SCRIPT ~ 1 \ SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ la CCPD-LC \ symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe

--
Fine del file - 15124 bytes
  #8  
Old 8. Aprile 2008, 09:48
Membro Gruppo
  
Default Malware Removal - Aiuto

Ho inviato il mio log di due volte e tenere scomparendo. così abbiamo fatto tutti i passi e il nostro computer è ancora problemi.
  #9  
Old 8. Aprile 2008, 09:55
Gruppo Donatori
  
Default Malware Removal - Aiuto

Hai seguito la mia piccola guida su come icona di java?
  #10  
Old 8. Aprile 2008, 10:07
Membro Gruppo
  
Default Malware Removal - Aiuto

Citazione:
Originalmente inviato da kanoakavirus View Post
Hai seguito la mia piccola guida su come icona di java?
Abbiamo avuto di lavorare da java sito web.
Reply
Pagina 1 di 3 1 23

Register

Segnalibri

Threads simili
Filo Thread Starter Forum Risposte Ultimo Post
Malware Removal Steps Completato. Entra Inclosed. koolfilter Virus, Spyware e sicurezza 3 17 Ago 2009 16:56
Logs Malware Removal - Bad Times Paul4763 Virus, Spyware e sicurezza 9 12 Ago 2009 18:06
Aiuto per la rimozione del malware joeshcosmo Virus, Spyware e sicurezza 3 22 gen 2009 11:48
Malware Removal Guide - Si prega di leggere prima di distacco evilfantasy Virus, Spyware e sicurezza 6 4 Mar 2008 11:35
In seguito le istruzioni di rimozione del malware, sono alcune delle domande. jcastell Virus, Spyware e sicurezza 17 19 Feb 2008 18:18
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Juice.
Contatto -- Privacy -- Mappa del sito -- Superiore

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd. Traduzione italiana SEO by vBSEO © 2009, alla scansione, Inc.