Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » antivirus gold... ecco mio LOG HIJACK

antivirus gold... ecco mio LOG HIJACK Opzioni
Topic Precedente · Topic Sucessivo
festaiolo
Inviato: Thursday, July 14, 2005 2:46:13 AM
Rank: AiutAmico

Iscritto dal : 7/14/2005
Posts: 69
mi si è installato quel maledetto antivirus gold...

Ecco il registro avast:

29/05/2005 19.51.37 SYSTEM 1380 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
30/05/2005 0.33.53 SYSTEM 1392 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
06/06/2005 3.16.23 SYSTEM 1376 Sign of "JS:ByteVerify-Dummy [Trj]" has been found in "http://209.190.137.29/user/ds/c.jar\Dummy.class" file.
06/06/2005 3.23.04 SYSTEM 1376 Sign of "JS:ByteVerify-Dummy [Trj]" has been found in "http://209.190.137.29/user/ds/c.jar\Dummy.class" file.
06/06/2005 21.44.59 SYSTEM 1380 Sign of "Win32:Mytob-CH [Wrm]" has been found in "http://phx2c.cp.virgilio.it/file/Attachment/email-doc.zip?sid=CD1AB1CDB12281B154EBDB3C40FA692685183682anduserid=diego.riccardi1:40virgilio.itandsrcfolder=INBOXanduid=786andauth=2N1VJTCH0LIV4PG3andpartid=2" file.
06/06/2005 21.45.46 SYSTEM 1380 Sign of "Win32:Mytob-CH [Wrm]" has been found in "http://phx2c.cp.virgilio.it/file/Attachment/email-doc.zip?sid=CD1AB1CDB12281B154EBDB3C40FA692685183682anduserid=diego.riccardi1:40virgilio.itandsrcfolder=INBOXanduid=786andauth=2N1VJTCH0LIV4PG3andpartid=2" file.
06/06/2005 21.46.20 SYSTEM 1380 Sign of "Win32:Mytob-CH [Wrm]" has been found in "http://phx2c.cp.virgilio.it/file/Attachment/email-doc.zip?sid=CD1AB1CDB12281B154EBDB3C40FA692685183682anduserid=diego.riccardi1:40virgilio.itandsrcfolder=INBOXanduid=786&auth=2N1VJTCH0LIV4PG3&partid=2" file.
06/06/2005 22.08.18 SYSTEM 1380 Sign of "Win32:Mytob-CH [Wrm]" has been found in "http://phx2c.cp.virgilio.it/file/Attachment/email-doc.zip?sid=CD1AB1CDB12281B154EBDB3C40FA692685183682&userid=diego.riccardi1:40virgilio.it&srcfolder=INBOX&uid=786&auth=2N1VJTCH0LIV4PG3&partid=2" file.
06/06/2005 22.12.53 SYSTEM 1380 Sign of "Win32:Mytob-CH [Wrm]" has been found in "http://phx2c.cp.virgilio.it/file/Attachment/email-doc.zip?sid=DFFD2D08BF24A109C82EA06A4B0D1E66E7BDAA6E&userid=diego.riccardi1:40virgilio.it&srcfolder=INBOX&uid=786&auth=VRUSKSUGEIAWQ3I1&partid=2" file.
07/06/2005 1.39.29 SYSTEM 1380 Sign of "Win32:Trojan-gen. {Other}" has been found in "http://www.20x2p.com/09a72576/enter.cab\inst2.dll" file.
07/06/2005 1.39.41 SYSTEM 1380 Sign of "Win32:Trojan-gen. {Other}" has been found in "http://www.20x2p.com/09a72576/enter.cab\inst2.dll" file.
07/06/2005 2.43.53 SYSTEM 1380 Sign of "Win32:Mytob-CH [Wrm]" has been found in "http://phx2c.cp.virgilio.it/file/Attachment/email-doc.zip?sid=F03BD1AC1286BE222706D20044E8571EF978E220&userid=diego.riccardi1:40virgilio.it&srcfolder=INBOX&uid=786&auth=V4LEIWJ1W0TPYZDK&partid=2" file.
07/06/2005 4.19.26 SYSTEM 1380 Sign of "Win32:Mhtplo-27 [Trj]" has been found in "http://hitscount.net/fa/FtOa8eXhC5s4lQ/x.htm" file.
07/06/2005 17.16.05 SYSTEM 1380 Sign of "Win32:Mytob-CH [Wrm]" has been found in "http://phx2c.cp.virgilio.it/file/Attachment/information.zip?sid=87B1EE103AD2A97DD3A2640E0CEF145683419856&userid=diego.riccardi1:40virgilio.it&srcfolder=INBOX&uid=791&auth=YPVCJVIK5MMU2C35&partid=2" file.
07/06/2005 17.18.01 SYSTEM 1380 Sign of "Win32:Mytob-CH [Wrm]" has been found in "http://phx2c.cp.virgilio.it/file/Attachment/information.zip?sid=87B1EE103AD2A97DD3A2640E0CEF145683419856&userid=diego.riccardi1:40virgilio.it&srcfolder=INBOX&uid=791&auth=YPVCJVIK5MMU2C35&partid=2" file.
08/06/2005 15.37.39 SYSTEM 1372 Sign of "Win32:Mytob-CH [Wrm]" has been found in "http://phx2c.cp.virgilio.it/file/Attachment/information.zip?sid=6A1B079C4072AD655B05DBCDE9A009D690D3F61E&userid=diego.riccardi1:40virgilio.it&srcfolder=INBOX&uid=791&auth=PMDIDN3NINH4P14P&partid=2" file.
09/06/2005 4.55.42 SYSTEM 1380 Sign of "Win32:Mytob-CH [Wrm]" has been found in "http://phx2c.cp.virgilio.it/file/Attachment/information.zip?sid=E14174D91BFE714251F8C48DFB68A9487D10DAEA&userid=diego.riccardi1:40virgilio.it&srcfolder=INBOX&uid=791&auth=E3LB3QWX4CEWOM1I&partid=2" file.
09/06/2005 19.30.59 SYSTEM 1384 Sign of "Win32:Mytob-CH [Wrm]" has been found in "http://phx2c.cp.virgilio.it/file/Attachment/email-info.zip?sid=9845F9EE8EA5059927144D776FE931D7EDD0A91E&userid=diego.riccardi1:40virgilio.it&srcfolder=INBOX&uid=799&auth=M3DP31QL4BAFORNH&partid=2" file.
09/06/2005 19.31.22 SYSTEM 1384 Sign of "Win32:Mytob-CH [Wrm]" has been found in "http://phx2c.cp.virgilio.it/file/Attachment/email-doc.zip?sid=9845F9EE8EA5059927144D776FE931D7EDD0A91E&userid=diego.riccardi1:40virgilio.it&srcfolder=INBOX&uid=798&auth=CWAWM5MKWRXUH5D2&partid=2" file.
13/06/2005 3.32.26 SYSTEM 1392 Sign of "Win32:Trojan-gen. {Other}" has been found in "http://morwillsearch.com/mwsearch.cab\mwsearch.dll" file.
13/06/2005 3.32.26 SYSTEM 1392 Sign of "Win32:Mhtplo-27 [Trj]" has been found in "http://hitscount.net/fa/q4EmhZ0ehy-sHQ/x.htm" file.
13/06/2005 3.32.38 SYSTEM 1392 Sign of "Win32:Trojan-gen. {Other}" has been found in "http://morwillsearch.com/mwsearch.cab\mwsearch.dll" file.
13/06/2005 4.05.11 SYSTEM 1392 Sign of "Win32:Trojan-gen. {Other}" has been found in "http://www.20x2p.com/b49814f8/enter.cab\inst2.dll" file.
13/06/2005 15.58.36 SYSTEM 1396 Sign of "Win32:Mytob-DC [Wrm]" has been found in "http://phx2c.cp.virgilio.it/file/Attachment/info-text.zip?sid=C7774B4337BCAE0145192A4DF89ED4B0A5BB4336&userid=diego.riccardi1:40virgilio.it&srcfolder=INBOX&uid=810&auth=HSMFCPGZ5YTTU1RA&partid=2" file.
15/06/2005 3.13.23 SYSTEM 1392 Sign of "VBS:Malware [Script]" has been found in "http://195.225.177.27/default.php?id=83556&c=1DU1O1oP1jA87Lq09rT07x9t1IJDc9I5" file.
19/06/2005 4.00.46 SYSTEM 1384 Sign of "VBS:Malware [Script]" has been found in "http://195.225.177.27/default.php?id=49977&c=QhS171Mz1Xc91Dkz4HTL6f4xuIyp14k5" file.
20/06/2005 2.15.39 SYSTEM 1376 Sign of "Win32:Mhtplo-26 [Trj]" has been found in "http://toolbarpartner.com/adverts/test3/index.html" file.
20/06/2005 2.15.45 SYSTEM 1376 Sign of "Win32:Mhtplo-26 [Trj]" has been found in "http://toolbarpartner.com/adverts/alextor/load.js" file.
22/06/2005 4.04.31 SYSTEM 1384 Sign of "Win32:Adware-gen. [Adw]" has been found in "http://static.windupdates.com/cab/WebsiteAccess/ie/Bridge-c139.cab\MediaAccX.dll" file.
23/06/2005 5.33.24 SYSTEM 1380 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
23/06/2005 12.36.04 SYSTEM 1380 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
24/06/2005 0.56.10 SYSTEM 1400 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
24/06/2005 14.49.17 SYSTEM 1384 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
24/06/2005 15.48.13 SYSTEM 1384 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
24/06/2005 22.10.17 SYSTEM 1384 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
25/06/2005 0.22.08 SYSTEM 1384 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
25/06/2005 3.53.00 SYSTEM 1384 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
26/06/2005 4.15.15 SYSTEM 1384 Sign of "JS:ByteVerify-Dummy [Trj]" has been found in "http://209.190.137.29/user/ds/c.jar\Dummy.class" file.
26/06/2005 4.32.11 SYSTEM 1384 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\670ZTQF6\search[1].exe" file.
26/06/2005 4.32.22 SYSTEM 1384 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\1.qtdfmp" file.
26/06/2005 4.32.30 SYSTEM 1384 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\670ZTQF6\winlogon[1].exe" file.
26/06/2005 4.32.39 SYSTEM 1384 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\2.qtdfmp" file.
26/06/2005 4.34.58 SYSTEM 1384 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\670ZTQF6\tibsit[1].exe" file.
26/06/2005 4.35.09 SYSTEM 1384 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\5.qtdfmp" file.
26/06/2005 4.37.26 SYSTEM 1384 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\670ZTQF6\proxy[1].exe" file.
26/06/2005 4.37.34 SYSTEM 1384 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\7.qtdfmp" file.
26/06/2005 4.37.37 SYSTEM 1384 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\670ZTQF6\tool1[1].exe" file.
26/06/2005 4.37.39 SYSTEM 1384 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt1.game" file.
26/06/2005 4.42.47 SYSTEM 1384 Sign of "VBS:Malware [Script]" has been found in "http://195.225.177.27/default.php?id=49977&c=kxA1a1yH1RO97Ju45LTJ3F7V7IupS633" file.
26/06/2005 4.42.49 SYSTEM 1384 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\670ZTQF6\tool2[1].exe" file.
26/06/2005 4.48.52 SYSTEM 1384 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt2.game" file.
26/06/2005 5.24.23 utente 1384 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\670ZTQF6\search[1].exe" file.
26/06/2005 5.24.33 utente 1384 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\1.qtdfmp" file.
26/06/2005 5.24.39 utente 1384 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\670ZTQF6\winlogon[1].exe" file.
26/06/2005 5.24.41 utente 1384 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\2.qtdfmp" file.
26/06/2005 5.24.44 utente 1384 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\670ZTQF6\tibsit[1].exe" file.
26/06/2005 5.24.48 utente 1384 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\5.qtdfmp" file.
26/06/2005 5.24.51 utente 1384 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\670ZTQF6\proxy[1].exe" file.
26/06/2005 5.24.58 utente 1384 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\7.qtdfmp" file.
26/06/2005 5.25.01 utente 1384 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\670ZTQF6\tool1[1].exe" file.
26/06/2005 5.25.05 utente 1384 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt1.game" file.
26/06/2005 5.33.33 utente 1384 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\4DKDAB4P\tool1[1].exe" file.
26/06/2005 5.33.42 utente 1384 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt1.game" file.
26/06/2005 5.33.45 utente 1384 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\AQMPXPGA\tool2[1].exe" file.
26/06/2005 5.33.46 utente 1384 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt2.game" file.
26/06/2005 5.35.20 utente 1384 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\OLE74LYN\tool2[1].exe" file.
26/06/2005 5.35.23 utente 1384 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt2.game" file.
26/06/2005 6.14.04 utente 1380 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\EVUVM9MN\search[1].exe" file.
26/06/2005 6.14.16 utente 1380 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\1.qtdfmp" file.
26/06/2005 6.14.19 utente 1380 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\EVUVM9MN\winlogon[1].exe" file.
26/06/2005 6.14.25 utente 1380 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\2.qtdfmp" file.
26/06/2005 6.14.27 utente 1380 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\EVUVM9MN\tibsit[1].exe" file.
26/06/2005 6.14.30 utente 1380 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\5.qtdfmp" file.
26/06/2005 6.14.32 utente 1380 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\EVUVM9MN\proxy[1].exe" file.
26/06/2005 6.14.34 utente 1380 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\EVUVM9MN\tool1[1].exe" file.
26/06/2005 6.14.38 utente 1380 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\7.qtdfmp" file.
26/06/2005 6.14.40 utente 1380 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt1.game" file.
26/06/2005 6.14.51 utente 1380 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\EVUVM9MN\tool1[1].exe" file.
26/06/2005 6.14.52 utente 1380 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\EVUVM9MN\tool2[1].exe" file.
26/06/2005 6.14.53 utente 1380 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\EVUVM9MN\tool2[2].exe" file.
26/06/2005 6.14.54 utente 1380 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt2.game" file.
26/06/2005 6.14.56 utente 1380 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt2.game" file.
26/06/2005 6.22.43 utente 1384 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\AQMPXPGA\search[1].exe" file.
26/06/2005 6.22.55 utente 1384 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\1.qtdfmp" file.
26/06/2005 6.22.58 utente 1384 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\AQMPXPGA\winlogon[1].exe" file.
26/06/2005 6.23.08 utente 1384 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\2.qtdfmp" file.
26/06/2005 6.23.10 utente 1384 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\AQMPXPGA\tibsit[1].exe" file.
26/06/2005 6.23.11 utente 1384 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\5.qtdfmp" file.
26/06/2005 6.23.12 utente 1384 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\AQMPXPGA\proxy[1].exe" file.
26/06/2005 6.23.13 utente 1384 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\7.qtdfmp" file.
26/06/2005 6.23.16 utente 1384 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\AQMPXPGA\tool1[1].exe" file.
26/06/2005 6.23.17 utente 1384 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt1.game" file.
26/06/2005 6.23.18 utente 1384 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\AQMPXPGA\tool2[1].exe" file.
26/06/2005 6.23.19 utente 1384 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt2.game" file.
26/06/2005 8.05.23 utente 1372 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\HW19RLDZ\search[1].exe" file.
26/06/2005 8.05.30 utente 1372 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\1.qtdfmp" file.
26/06/2005 8.06.13 utente 1372 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
26/06/2005 8.06.13 utente 1372 An error has occured while attempting to update. Please check the logs.
26/06/2005 8.10.49 utente 1372 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZTLHX1I\winlogon[1].exe" file.
26/06/2005 8.11.14 utente 1372 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\2.qtdfmp" file.
26/06/2005 8.12.39 utente 1372 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZTLHX1I\tibsit[1].exe" file.
26/06/2005 8.12.43 utente 1372 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\5.qtdfmp" file.
26/06/2005 8.12.46 utente 1372 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZTLHX1I\proxy[1].exe" file.
26/06/2005 8.12.48 utente 1372 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\7.qtdfmp" file.
26/06/2005 11.38.45 utente 1388 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\OLE74LYN\search[1].exe" file.
26/06/2005 11.38.54 utente 1388 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\1.qtdfmp" file.
26/06/2005 11.38.57 utente 1388 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\OLE74LYN\winlogon[1].exe" file.
26/06/2005 11.38.59 utente 1388 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\2.qtdfmp" file.
26/06/2005 11.39.01 utente 1388 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\OLE74LYN\tibsit[1].exe" file.
26/06/2005 11.39.03 utente 1388 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\5.qtdfmp" file.
26/06/2005 11.39.05 utente 1388 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\OLE74LYN\proxy[1].exe" file.
26/06/2005 11.39.06 utente 1388 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\7.qtdfmp" file.
26/06/2005 11.39.09 utente 1388 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\OLE74LYN\tool1[1].exe" file.
26/06/2005 11.39.11 utente 1388 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt1.game" file.
26/06/2005 11.39.13 utente 1388 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\OLE74LYN\tool2[1].exe" file.
26/06/2005 11.39.15 utente 1388 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt2.game" file.
26/06/2005 11.42.48 utente 1388 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\OLE74LYN\tool1[1].exe" file.
26/06/2005 11.42.51 utente 1388 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt1.game" file.
26/06/2005 11.42.53 utente 1388 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\OLE74LYN\tool2[1].exe" file.
26/06/2005 11.42.55 utente 1388 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt2.game" file.
26/06/2005 14.23.32 utente 1412 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\G903CJ0R\search[1].exe" file.
26/06/2005 14.23.36 utente 1412 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\1.qtdfmp" file.
26/06/2005 14.23.38 utente 1412 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\670ZTQF6\winlogon[1].exe" file.
26/06/2005 14.23.40 utente 1412 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\2.qtdfmp" file.
26/06/2005 14.23.42 utente 1412 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\670ZTQF6\tibsit[1].exe" file.
26/06/2005 14.23.45 utente 1412 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\5.qtdfmp" file.
26/06/2005 14.23.46 utente 1412 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\670ZTQF6\proxy[1].exe" file.
26/06/2005 14.23.48 utente 1412 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\7.qtdfmp" file.
26/06/2005 14.23.51 utente 1412 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\670ZTQF6\tool1[1].exe" file.
26/06/2005 14.23.52 utente 1412 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt1.game" file.
26/06/2005 14.23.54 utente 1412 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\670ZTQF6\tool2[1].exe" file.
26/06/2005 14.23.57 utente 1412 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt2.game" file.
26/06/2005 14.30.39 utente 1412 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\ENELCJGN\tool1[1].exe" file.
26/06/2005 14.30.47 utente 1412 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt1.game" file.
26/06/2005 14.30.49 utente 1412 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\ENELCJGN\tool2[1].exe" file.
26/06/2005 14.30.51 utente 1412 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt2.game" file.
26/06/2005 17.05.23 utente 1392 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\QBO9A94X\search[1].exe" file.
26/06/2005 17.05.30 utente 1392 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\1.qtdfmp" file.
26/06/2005 17.05.33 utente 1392 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\QBO9A94X\winlogon[1].exe" file.
26/06/2005 17.05.38 utente 1392 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\2.qtdfmp" file.
26/06/2005 17.06.30 utente 1392 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\QBO9A94X\tibsit[1].exe" file.
26/06/2005 17.06.32 utente 1392 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\5.qtdfmp" file.
26/06/2005 17.06.34 utente 1392 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\QBO9A94X\proxy[1].exe" file.
26/06/2005 17.06.38 utente 1392 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\7.qtdfmp" file.
26/06/2005 18.49.02 utente 1388 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZTLHX1I\search[1].exe" file.
26/06/2005 18.49.07 utente 1388 Sign of "Win32:Trojano-1448 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\1.qtdfmp" file.
26/06/2005 18.49.10 utente 1388 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\WT6BO9U3\winlogon[1].exe" file.
26/06/2005 18.49.12 utente 1388 Sign of "Win32:HoaxAlarm [Adw]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\2.qtdfmp" file.
26/06/2005 18.49.14 utente 1388 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\WT6BO9U3\tibsit[1].exe" file.
26/06/2005 18.49.15 utente 1388 Sign of "Win32:Dialer-377 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\5.qtdfmp" file.
26/06/2005 18.49.17 utente 1388 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\WT6BO9U3\proxy[1].exe" file.
26/06/2005 18.49.18 utente 1388 Sign of "Win32:Trojano-1487 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\7.qtdfmp" file.
26/06/2005 18.49.21 utente 1388 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\WT6BO9U3\tool1[1].exe" file.
26/06/2005 18.49.22 utente 1388 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt1.game" file.
26/06/2005 18.49.23 utente 1388 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\WT6BO9U3\tool2[1].exe" file.
26/06/2005 18.49.25 utente 1388 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt2.game" file.
26/06/2005 18.53.02 utente 1388 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\S5INOHE3\tool1[1].exe" file.
26/06/2005 18.53.04 utente 1388 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt1.game" file.
26/06/2005 18.53.06 utente 1388 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\A5O76P25\tool2[1].exe" file.
26/06/2005 18.53.07 utente 1388 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt2.game" file.
26/06/2005 19.29.09 utente 1388 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\OD2JOHEN\tool1[1].exe" file.
26/06/2005 19.29.18 utente 1388 Sign of "Win32:Trojano-1287 [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt1.game" file.
26/06/2005 19.29.22 utente 1388 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\OD2JOHEN\tool2[1].exe" file.
26/06/2005 19.29.23 utente 1388 Sign of "Win32:LowZones-AC [Trj]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\vxt2.game" file.
27/06/2005 4.30.17 SYSTEM 1380 Sign of "VBS:Malware [Script]" has been found in "http://195.225.177.27/default.php?id=93256&c=0sD101TY1ud98sPQ3yTq9U4CzIt7H1L2" file.
27/06/2005 4.32.11 SYSTEM 1380 Sign of "VBS:Malware [Script]" has been found in "http://195.225.177.27/default.php?id=49977&c=svk1c1YF1zj98Vjd3TTv9J5vKIO8j2k5" file.
28/06/2005 2.20.35 SYSTEM 1432 Sign of "Win32:Dialer-393 [Trj]" has been found in "http://www.storage-tasp.com/gs/gsa0967.exe" file.
29/06/2005 2.35.50 utente 1436 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\downlo~1\km9vrl4\1e53tgyo.exe" file.
30/06/2005 4.06.46 SYSTEM 1444 Sign of "Win32:Mhtplo-26 [Trj]" has been found in "http://toolbarpartner.com/adverts/test3/index.html" file.
30/06/2005 4.06.50 SYSTEM 1444 Sign of "Win32:Mhtplo-26 [Trj]" has been found in "http://toolbarpartner.com/adverts/alextor/load.js" file.
30/06/2005 4.16.00 SYSTEM 1444 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
30/06/2005 4.16.09 SYSTEM 1444 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
30/06/2005 17.37.13 SYSTEM 1436 Sign of "Win32:HoaxAlarm-C [Adw]" has been found in "C:\WINDOWS\system32\hookdump.exe" file.
30/06/2005 17.38.26 SYSTEM 1436 Sign of "Win32:HoaxAlarm-C [Adw]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temp\eceb.exe" file.
30/06/2005 17.38.35 SYSTEM 1436 Sign of "Win32:HoaxAlarm-C [Adw]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\0X49QRK5\dd[1].exe" file.
30/06/2005 17.43.51 SYSTEM 1436 Sign of "Win32:HoaxAlarm-C [Adw]" has been found in "C:\System Volume Information\_restore{7DC355D0-1B4A-4E10-B2FB-717F94EB7E29}\RP17\A0016948.exe" file.
30/06/2005 22.38.06 utente 1452 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
30/06/2005 22.38.51 utente 1452 Sign of "Win32:HoaxAlarm-C [Adw]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\WT6BO9U3\dd[1].exe" file.
30/06/2005 22.39.53 utente 1452 Sign of "Win32:HoaxAlarm-C [Adw]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\kgkm.exe" file.
30/06/2005 22.39.55 utente 1452 Sign of "Win32:HoaxAlarm-C [Adw]" has been found in "C:\DOCUME~1\utente\IMPOST~1\Temp\kgkm.exe" file.
30/06/2005 22.41.50 utente 1452 Sign of "Win32:HoaxAlarm-C [Adw]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\WT6BO9U3\dd[1].exe" file.
02/07/2005 0.12.36 utente 1444 Sign of "Win32:Trojano-1581 [Trj]" has been found in "C:\WINDOWS\system32\vxh8jkdq6.exe" file.
02/07/2005 0.12.52 utente 1444 Sign of "Win32:Trojano-1574 [Trj]" has been found in "C:\lo-1147451552.exe" file.
02/07/2005 16.30.12 utente 1456 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
02/07/2005 16.30.54 utente 1456 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K6291400.so" file.
02/07/2005 17.14.58 utente 1456 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K6291400.so" file.
02/07/2005 22.13.14 utente 1448 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
02/07/2005 22.13.57 utente 1448 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K6291400.so" file.
03/07/2005 15.19.16 utente 1436 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
03/07/2005 15.19.58 utente 1436 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K6291400.so" file.
03/07/2005 19.33.49 utente 1448 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
03/07/2005 19.34.32 utente 1448 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K6291400.so" file.
04/07/2005 5.47.30 SYSTEM 1448 Sign of "JS:ByteVerify-Dummy [Trj]" has been found in "http://209.190.137.29/user/ds/c.jar\Dummy.class" file.
04/07/2005 8.15.24 utente 1460 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
04/07/2005 8.16.07 utente 1460 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K6291400.so" file.
04/07/2005 8.44.07 utente 1460 Sign of "VBS:Malware [Html]" has been found in "http://www.mt-download.com/mtrslib2.js" file.
04/07/2005 8.59.31 utente 1460 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
04/07/2005 9.00.11 utente 1460 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K6291400.so" file.
04/07/2005 9.43.39 utente 1460 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
04/07/2005 9.44.18 utente 1460 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K6291400.so" file.
04/07/2005 10.27.43 utente 1460 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
04/07/2005 10.28.25 utente 1460 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K6291400.so" file.
04/07/2005 13.45.23 SYSTEM 1472 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
04/07/2005 13.47.48 SYSTEM 1472 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
04/07/2005 15.17.19 utente 1440 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
04/07/2005 15.18.02 utente 1440 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K6291400.so" file.
04/07/2005 18.50.36 SYSTEM 1452 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
04/07/2005 19.59.06 utente 1460 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
04/07/2005 23.03.52 SYSTEM 1444 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
05/07/2005 1.31.06 SYSTEM 1452 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
05/07/2005 3.32.42 SYSTEM 1452 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
05/07/2005 5.45.20 SYSTEM 1452 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
05/07/2005 11.11.08 utente 1464 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
05/07/2005 11.11.32 utente 1464 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K6291400.so" file.
05/07/2005 13.25.49 utente 1440 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
05/07/2005 13.26.13 utente 1440 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K6291400.so" file.
05/07/2005 15.58.23 utente 1448 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K6291400.so" file.
05/07/2005 19.08.01 utente 1448 Sign of "Win32:Trojano-1581 [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temp\6.qtdfmp" file.
06/07/2005 4.49.06 SYSTEM 1444 Sign of "Win32:Mhtplo-26 [Trj]" has been found in "http://toolbarpartner.com/adverts/Operator/index.html" file.
06/07/2005 4.52.59 SYSTEM 1444 Sign of "Win32:Mhtplo-26 [Trj]" has been found in "http://toolbarpartner.com/adverts/Operator/index.html" file.
06/07/2005 15.19.24 utente 1456 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
06/07/2005 15.19.49 utente 1456 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K6291400.so" file.
06/07/2005 18.33.44 utente 1456 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K7061900.so" file.
06/07/2005 18.59.06 utente 1456 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
06/07/2005 19.40.18 utente 1456 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
06/07/2005 20.33.18 utente 1456 Sign of "JS:Exploit-Bytverify-4" has been found in "http://209.225.34.37/c/archive.jar\BlackBox.class" file.
06/07/2005 20.45.19 utente 1456 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
06/07/2005 23.25.42 SYSTEM 1448 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
07/07/2005 0.47.34 SYSTEM 1448 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
07/07/2005 1.35.29 SYSTEM 1448 Sign of "JS:ClassLoader-7" has been found in "http://195.95.218.83/users/sale/web/winxp/classload.jar\GetAccess.class" file.
07/07/2005 1.35.33 SYSTEM 1448 Sign of "JS:ClassLoader-7" has been found in "http://195.95.218.83/users/sale/web/winxp/GetAccess.class" file.
07/07/2005 4.50.27 SYSTEM 1456 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
07/07/2005 5.14.48 SYSTEM 1456 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
07/07/2005 5.55.59 SYSTEM 1456 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
07/07/2005 6.37.09 SYSTEM 1456 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
07/07/2005 9.32.42 SYSTEM 1436 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
07/07/2005 9.39.09 SYSTEM 1436 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
07/07/2005 13.48.35 SYSTEM 1444 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
07/07/2005 15.49.44 utente 1444 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
07/07/2005 18.10.08 utente 1448 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
07/07/2005 18.10.34 utente 1448 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
07/07/2005 18.24.40 utente 1448 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
07/07/2005 18.31.39 utente 1448 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
08/07/2005 0.22.40 SYSTEM 1448 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
08/07/2005 1.08.33 SYSTEM 1452 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
08/07/2005 1.16.26 SYSTEM 1452 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
08/07/2005 1.17.09 SYSTEM 1452 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
08/07/2005 1.48.12 SYSTEM 1452 Sign of "VBS:Malware [Script]" has been found in "http://82.179.166.2/default.php?id=18463&c=SrM111Ed2To07JqX8vT00j06YI12k913" file.
08/07/2005 2.59.27 SYSTEM 1452 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
08/07/2005 5.28.15 SYSTEM 1452 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
08/07/2005 13.47.48 utente 1448 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
08/07/2005 13.48.14 utente 1448 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
08/07/2005 14.09.18 utente 1448 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
08/07/2005 15.14.49 SYSTEM 1448 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
08/07/2005 18.29.38 SYSTEM 1444 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
08/07/2005 18.55.21 SYSTEM 1444 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
08/07/2005 18.56.04 SYSTEM 1444 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
08/07/2005 18.59.44 SYSTEM 1444 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
08/07/2005 19.17.46 SYSTEM 1444 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
08/07/2005 19.39.05 SYSTEM 1444 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
08/07/2005 19.39.53 SYSTEM 1444 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
08/07/2005 20.01.32 SYSTEM 1444 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
08/07/2005 23.57.37 SYSTEM 1448 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
09/07/2005 2.35.40 SYSTEM 1448 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
09/07/2005 5.35.51 SYSTEM 1448 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
09/07/2005 5.44.56 SYSTEM 1448 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
09/07/2005 6.02.09 SYSTEM 1452 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
09/07/2005 6.27.01 SYSTEM 1452 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
09/07/2005 6.27.47 SYSTEM 1452 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
09/07/2005 6.49.27 SYSTEM 1452 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
09/07/2005 7.02.19 SYSTEM 1452 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
11/07/2005 17.57.54 SYSTEM 1456 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K7111600.so" file.
11/07/2005 18.14.50 SYSTEM 1456 Sign of "Win32:Trojano-1660 [Trj]" has been found in "C:\WINDOWS\SYSTEM32\OLEADM.DLL\[UPX]" file.
11/07/2005 18.24.38 SYSTEM 1456 Sign of "Win32:Trojano-1704 [Trj]" has been found in "C:\WINDOWS\system32\msole32.exe" file.
12/07/2005 0.12.41 utente 1432 Sign of "Win32:Trojano-1704 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\M7081700.so\[FSG]" file.
12/07/2005 0.13.05 utente 1432 Sign of "Win32:Dialer-395 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\DI6201900.so" file.
12/07/2005 0.13.31 utente 1432 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K7111600.so" file.
12/07/2005 0.14.15 utente 1432 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
12/07/2005 0.14.37 utente 1432 Sign of "Win32:Trojano-1660 [Trj]" has been found in "C:\WINDOWS\system32\intel32.exe" file.
12/07/2005 0.21.59 utente 1432 Sign of "Win32:Puper-J [Trj]" has been found in "C:\System Volume Information\_restore{7DC355D0-1B4A-4E10-B2FB-717F94EB7E29}\RP17\A0016858.exe" file.
12/07/2005 0.22.11 utente 1432 Sign of "Win32:Puper-J [Trj]" has been found in "C:\System Volume Information\_restore{7DC355D0-1B4A-4E10-B2FB-717F94EB7E29}\RP17\A0016878.exe" file.
12/07/2005 0.22.15 utente 1432 Sign of "Win32:Puper-J [Trj]" has been found in "C:\System Volume Information\_restore{7DC355D0-1B4A-4E10-B2FB-717F94EB7E29}\RP17\A0016896.exe" file.
12/07/2005 0.22.32 utente 1432 Sign of "Win32:Trojano-1660 [Trj]" has been found in "C:\System Volume Information\_restore{7DC355D0-1B4A-4E10-B2FB-717F94EB7E29}\RP22\A0019481.dll\[UPX]" file.
12/07/2005 0.22.37 utente 1432 Sign of "Win32:Trojano-1660 [Trj]" has been found in "C:\System Volume Information\_restore{7DC355D0-1B4A-4E10-B2FB-717F94EB7E29}\RP23\A0019505.exe" file.
12/07/2005 4.24.34 utente 1432 Sign of "Win32:Mhtplo-26 [Trj]" has been found in "http://toolbarpartner.com/adverts/alextor/load.js" file.
12/07/2005 19.54.14 SYSTEM 1428 Sign of "Win32:Trojano-1704 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\M7081700.so\[FSG]" file.
12/07/2005 19.54.38 SYSTEM 1428 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K7111600.so" file.
12/07/2005 19.55.40 SYSTEM 1428 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
12/07/2005 20.17.40 SYSTEM 1428 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
12/07/2005 20.39.01 SYSTEM 1428 Sign of "Win32:Trojano-1704 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\M7081700.so\[FSG]" file.
12/07/2005 20.39.22 SYSTEM 1428 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K7111600.so" file.
12/07/2005 20.40.24 SYSTEM 1428 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
12/07/2005 20.40.25 SYSTEM 1428 Sign of "Win32:Puper-E [Trj]" has been found in "C:\WINDOWS\system32\shnlog.exe\[FSG]" file.
13/07/2005 6.12.09 SYSTEM 1424 Sign of "JS:ByteVerify-Dummy [Trj]" has been found in "http://209.190.137.29/user/ds/c.jar\Dummy.class" file.
13/07/2005 20.48.32 SYSTEM 1444 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
14/07/2005 0.23.51 SYSTEM 1420 Sign of "JS:Exploit-Bytverify-2" has been found in "http://www.norad.fr/c/archive.jar\A.class" file.
14/07/2005 0.25.32 SYSTEM 1420 Sign of "Win32:Trojano-1621 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\P7131900.so" file.
14/07/2005 0.25.46 SYSTEM 1420 Sign of "Win32:Trojano-1670 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\HP7131900.so\[FSG]" file.
14/07/2005 0.51.57 SYSTEM 1420 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K7111600.so" file.
14/07/2005 0.53.36 SYSTEM 1420 Sign of "Win32:Puper-P [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temp\temp.fr38AB" file.
14/07/2005 0.53.40 SYSTEM 1420 Sign of "Win32:Puper-P [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temp\temp.frC58F" file.
14/07/2005 0.53.42 SYSTEM 1420 Sign of "Win32:Puper-P [Trj]" has been found in "C:\Documents and Settings\utente\Impostazioni locali\Temp\temp.frED93" file.
14/07/2005 0.59.04 SYSTEM 1420 Sign of "Win32:Puper-P [Trj]" has been found in "C:\System Volume Information\_restore{7DC355D0-1B4A-4E10-B2FB-717F94EB7E29}\RP22\A0019366.exe" file.
14/07/2005 1.00.11 SYSTEM 1420 Sign of "Win32:Puper-P [Trj]" has been found in "C:\System Volume Information\_restore{7DC355D0-1B4A-4E10-B2FB-717F94EB7E29}\RP22\A0019401.exe" file.
14/07/2005 1.00.15 SYSTEM 1420 Sign of "Win32:Puper-P [Trj]" has been found in "C:\System Volume Information\_restore{7DC355D0-1B4A-4E10-B2FB-717F94EB7E29}\RP24\A0019568.exe" file.
14/07/2005 1.00.19 SYSTEM 1420 Sign of "Win32:Puper-P [Trj]" has been found in "C:\System Volume Information\_restore{7DC355D0-1B4A-4E10-B2FB-717F94EB7E29}\RP24\A0019717.exe" file.
14/07/2005 1.00.21 SYSTEM 1420 Sign of "Win32:Puper-P [Trj]" has been found in "C:\System Volume Information\_restore{7DC355D0-1B4A-4E10-B2FB-717F94EB7E29}\RP24\A0019759.exe" file.
14/07/2005 1.00.23 SYSTEM 1420 Sign of "Win32:Puper-P [Trj]" has been found in "C:\System Volume Information\_restore{7DC355D0-1B4A-4E10-B2FB-717F94EB7E29}\RP24\snapshot\MFEX-1.DAT" file.
14/07/2005 1.14.24 SYSTEM 1420 Sign of "Win32:Trojano-1621 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\P7131900.so" file.
14/07/2005 1.14.52 SYSTEM 1420 Sign of "Win32:Trojano-1670 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\HP7131900.so\[FSG]" file.
14/07/2005 1.36.38 SYSTEM 1420 Sign of "Win32:Trojano-1619 [Trj]" has been found in "C:\WINDOWS\system32\LogFiles\K7111600.so" file.
14/07/2005 2.04.06 utente 1432 Sign of "Win32:Puper-P [Trj]" has been found in "C:\WINDOWS\popuper.exe\[FSG]" file.

LOG HIJACK

Logfile of HijackThis v1.99.1
Scan saved at 2.32.00, on 14/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Alcatel One Touch PC Suite 2\DesktopTool\DesktopTool.exe
C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
C:\Programmi\HHVcdV7Sys\VC7SecS.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\HHVcdV7Sys\VC7Play.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\Virtual CD v7\System\VC7Tray.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\utente\Documenti\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Desktop Tool] "C:\Programmi\Alcatel One Touch PC Suite 2\DesktopTool\DesktopTool.exe"
O4 - HKLM\..\Run: [Inferno] D:\Setup\setup.exe
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VC7Player] C:\Programmi\HHVcdV7Sys\VC7Play.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [PSGuard] C:\Programmi\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat1.kataweb.it:4080/chat/data/html/misc/msichat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C5C39B8-6985-4880-86EA-0C2EBC51CDEE}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Programmi\HHVcdV7Sys\VC7SecS.exe
Torna in alto
 
Sponsor
Inviato: Thursday, July 14, 2005 2:46:13 AM

 
Torna in alto
 
alfonso
Inviato: Thursday, July 14, 2005 11:47:53 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
O4 - HKLM\..\Run: [Inferno] D:\Setup\setup.exe
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
-
O4 - HKLM\..\Run: [PSGuard] C:\Programmi\PSGuard\PSGuard.exe
-
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
9xadiras.exe
2kadiras.exe
==================================

ELIMINA LE CARTELLE IN ROSSO
D:\<font color=red><b>Setup</font id=red></b>
C:\Programmi\<font color=red><b>PSGuard</font id=red></b>


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA


al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.

Per concludere collegati a questo indirizzo e fai una scansione antivirus on line
http://security.symantec.com/default.asp?productid=symhome&langid=it&venid=sym
se vengono riscontrati virus ti consiglio di formattare e reinstallare tutto.
Collaboratore Aiutamici
Torna in alto
 
festaiolo
Inviato: Sunday, July 17, 2005 2:50:41 AM
Rank: AiutAmico

Iscritto dal : 7/14/2005
Posts: 69
ciao
scusami, riguardo il procedimento che mi hai consigliato, nn mi ha trovato i seguenti files e le cartelle da eliminare:

9xadiras.exe
D:\Setup
C:\Programmi\PSGuard

Mi rimane il desktop-screen infettato con l'antivirus gold e quel dannato punto esclamativo lampeggiante sulla barra delle applicazioni.
La scansione antivirus on line di symantec mi ha segnalato i files infetti:

C:\WINDOWS\uninstIU.exe è infettato con Trojan.Desktophijack.B
C:\WINDOWS\system32\wininet.dll è infettato con W32.Desktophijack
C:\WINDOWS\system32\LogFiles\DI7021900.so è infettato con Dialer.Generic
C:\Programmi\GameSpy Arcade\Aphex.exe è infettato con Adware.GameSpyArcade

Ma quel dialer nn è che inficia la mia connessione adsl?
Devo formattare e reinstallare tutto davvero? Non c'è rimedio? azzzzzz
Comunque GRAZIE MILLE
CIAO
Torna in alto
 
festaiolo
Inviato: Sunday, July 17, 2005 2:50:55 AM
Rank: AiutAmico

Iscritto dal : 7/14/2005
Posts: 69
ciao
scusami, riguardo il procedimento che mi hai consigliato, nn mi ha trovato i seguenti files e le cartelle da eliminare:

9xadiras.exe
D:\Setup
C:\Programmi\PSGuard

Mi rimane il desktop-screen infettato con l'antivirus gold e quel dannato punto esclamativo lampeggiante sulla barra delle applicazioni.
La scansione antivirus on line di symantec mi ha segnalato i files infetti:

C:\WINDOWS\uninstIU.exe è infettato con Trojan.Desktophijack.B
C:\WINDOWS\system32\wininet.dll è infettato con W32.Desktophijack
C:\WINDOWS\system32\LogFiles\DI7021900.so è infettato con Dialer.Generic
C:\Programmi\GameSpy Arcade\Aphex.exe è infettato con Adware.GameSpyArcade

Ma quel dialer nn è che inficia la mia connessione adsl?
Devo formattare e reinstallare tutto davvero? Non c'è rimedio? azzzzzz
Comunque GRAZIE MILLE
CIAO
Torna in alto
 
festaiolo
Inviato: Sunday, July 17, 2005 2:52:00 AM
Rank: AiutAmico

Iscritto dal : 7/14/2005
Posts: 69
ciao
scusami, riguardo il procedimento che mi hai consigliato, nn mi ha trovato i seguenti files e le cartelle da eliminare:

9xadiras.exe
D:\Setup
C:\Programmi\PSGuard

Mi rimane il desktop-screen infettato con l'antivirus gold e quel dannato punto esclamativo lampeggiante sulla barra delle applicazioni.
La scansione antivirus on line di symantec mi ha segnalato i files infetti:

C:\WINDOWS\uninstIU.exe è infettato con Trojan.Desktophijack.B
C:\WINDOWS\system32\wininet.dll è infettato con W32.Desktophijack
C:\WINDOWS\system32\LogFiles\DI7021900.so è infettato con Dialer.Generic
C:\Programmi\GameSpy Arcade\Aphex.exe è infettato con Adware.GameSpyArcade

Ma quel dialer nn è che inficia la mia connessione adsl?
Devo formattare e reinstallare tutto davvero? Non c'è rimedio? azzzzzz
Comunque GRAZIE MILLE
CIAO
Torna in alto
 
festaiolo
Inviato: Sunday, July 17, 2005 2:55:26 AM
Rank: AiutAmico

Iscritto dal : 7/14/2005
Posts: 69
NO SCUSATE PER LA REITERAZIONE DELLE RISPOSTE MA NN LHO FATTO APPOSTA, MI SEGNALAVA UN ERRORE E PROVAVO A REINVIARLO, MA IN REALTA' LE PUBBLICAVA.
SCUSATE
CIAO
Torna in alto
 
alfonso
Inviato: Sunday, July 17, 2005 10:24:09 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Se il computer é infetto da virus e l'antivirus non risolve il problema, non c'é altro da fare che formattare il disco e reinstallare tutto, in pratica se ti bevi della candeggina non lo risolvi con un digestivo, devi andare all'ospedale per una lavanda gastrica. Con i virus non si scherza, non si tratta di un gioco, é necessario proteggere il computer con Antivirus e Firewall completi, le versioni gratuite non offrono la massima protezione.
Collaboratore Aiutamici
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » antivirus gold... ecco mio LOG HIJACK


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.