Qualcuno ha istruzioni rimozione malware windows 7?

Pubblicità
W

wampisss

Utente Attivo
Messaggi
16
Reazioni
0
Punteggio
25
pc rallentAto,pagine di spam,programmi antivirus che si autoinstallano richiedendo in continuazione di essere attivati,isomma ci siamo capiti.
 
scarica HiJackThis da qui
scarica la versione Version 2.0.4 quella sulla desta
clicca sulla voce Executable
salvalo sul desktop

crea una nuova cartella con il nome HijackThis in C:\Programmi
vai sul desktop e taglia e incolla HijackThis e posizionalo nella cartella HijackThis che hai creato in C:\Programmi

chiudi tutti i programmi aperti compreso il browser
Esegui HijackThis tasto destro - Esegui come Amministratore per aprirlo

clicca sul pulsante Do a system scan and save a logfile
alla fine della scansione ti apparirà un log in formato documento di testo salvalo o copialo e incollalo qui
 
ecco a lei il log..

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:57:02, on 11/05/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows NT\Accessories\svchost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\windows\system32\taskeng.exe
C:\Users\Utente\AppData\Local\Temp\Pf0.exe
C:\Users\Utente\AppData\Local\Temp\Pfz.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\windows\system32\taskmgr.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\Bandoo\BndCore.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\windows\Pvypua.exe
C:\windows\system32\mshta.exe
C:\Users\Utente\Downloads\HijackThis (1).exe
C:\windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Messenger, Hotmail, MSN, Windows Live: benvenuti su MSN.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Messenger, Hotmail, MSN, Windows Live: benvenuti su MSN.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fornito da MSN and Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100928163007.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\ToolBar\searchqudtx.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WIA6EB~1\Datamngr\IEBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\ToolBar\searchqudtx.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [APLangApp] "C:\Program Files\AnyPC Client\APLangApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WIA6EB~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe" /c
 
seconda parte

O4 - HKCU\..\Run: [CE8SIIFGSU] C:\Users\Utente\AppData\Local\Temp\Pfv.exe
O4 - HKCU\..\Run: [NtWqIVLZEWZU] C:\Users\Utente\AppData\Local\Temp\Pfx.exe
O4 - HKCU\..\Run: [Lfujikomejesu] rundll32.exe "C:\Users\Utente\AppData\Local\wsomsvds.dll",Startup
O4 - HKCU\..\Run: [asecpp70.exe] C:\Users\Utente\AppData\Roaming\5E5E45359ABC1B126B7DECDF1EA0B552\asecpp70.exe
O4 - HKCU\..\Run: [5GUTNY6MFK] C:\Users\Utente\AppData\Local\Temp\Pfz.exe
O4 - HKCU\..\Run: [R8388QA8U8] C:\Users\Utente\AppData\Local\Temp\Pf0.exe
O4 - HKLM\..\Policies\Explorer\Run: [vplfciv] C:\Users\Utente\AppData\Local\Temp\zgnz4k2.exe
O4 - HKLM\..\Policies\Explorer\Run: [mslivemsn] C:\Program Files\Windows NT\Accessories\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [Manager] "C:\Users\Utente\AppData\Local\Temp\9gnj3er5i.exe"
O4 - HKLM\..\Policies\Explorer\Run: [Input Manager] "C:\windows\Temp\conima.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [R8388QA8U8] C:\windows\TEMP\Pfw.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [R8388QA8U8] C:\windows\TEMP\Pfw.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'Default user')
O4 - Startup: Antimalware Doctor.lnk = C:\Users\Utente\AppData\Roaming\5E5E45359ABC1B126B7DECDF1EA0B552\asecpp70.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~1\wia6eb~1\datamngr\datamngr.dll c:\progra~1\wia6eb~1\datamngr\iebho.dll c:\progra~1\bandoo\bndhook.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Input Manager - Unknown owner - C:\windows\temp\Input.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Servizio Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\windows\system32\mfevtps.exe
O23 - Service: MouseDriver - Unknown owner - C:\Users\Utente\AppData\Local\Temp\MouseDriver.bat
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
O23 - Service: Plug Manager - Unknown owner - C:\windows\temp\Plug.bat
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 15240 bytes
 
ciao
allora armati di pazienza hai il pc molto infetto

segui tutto attentamente cio che ti scrivo


apri HijackThis

clicca sul pulsante Do a system scan only
per eseguirlo correttamente HijackThis tasto destro su Esegui come Amministratore
metti la spunta una per volta a fianco queste voci

una volta spuntate le voci:
chiudi tutti i programmi aperti compreso il Browser
e clicca su Fix checked
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100928163007.dl l

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\ToolBar\searchqudtx.dll

O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WIA6EB~1\Datamngr\IEBHO.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\s wg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\ToolBar\searchqudtx.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [APLangApp] "C:\Program Files\AnyPC Client\APLangApp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Utente\AppData\Local\Google\Update\Googl eUpdate.exe" /c

O4 - HKCU\..\Run: [CE8SIIFGSU] C:\Users\Utente\AppData\Local\Temp\Pfv.exe

O4 - HKCU\..\Run: [NtWqIVLZEWZU] C:\Users\Utente\AppData\Local\Temp\Pfx.exe

O4 - HKCU\..\Run: [Lfujikomejesu] rundll32.exe "C:\Users\Utente\AppData\Local\wsomsvds.dll",Start up

O4 - HKCU\..\Run: [asecpp70.exe] C:\Users\Utente\AppData\Roaming\5E5E45359ABC1B126B 7DECDF1EA0B552\asecpp70.exe

O4 - HKCU\..\Run: [5GUTNY6MFK] C:\Users\Utente\AppData\Local\Temp\Pfz.exe

O4 - HKCU\..\Run: [R8388QA8U8] C:\Users\Utente\AppData\Local\Temp\Pf0.exe

O4 - HKLM\..\Policies\Explorer\Run: [vplfciv] C:\Users\Utente\AppData\Local\Temp\zgnz4k2.exe

O4 - HKLM\..\Policies\Explorer\Run: [mslivemsn] C:\Program Files\Windows NT\Accessories\svchost.exe

O4 - HKLM\..\Policies\Explorer\Run: [Manager] "C:\Users\Utente\AppData\Local\Temp\9gnj3er5i. exe"

O4 - HKLM\..\Policies\Explorer\Run: [Input Manager] "C:\windows\Temp\conima.exe"

O4 - HKUS\S-1-5-18\..\Run: [R8388QA8U8] C:\windows\TEMP\Pfw.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil10l_Ac tiveX.exe -update activex (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [R8388QA8U8] C:\windows\TEMP\Pfw.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil10l_Ac tiveX.exe -update activex (User 'Default user')

O4 - Startup: Antimalware Doctor.lnk = C:\Users\Utente\AppData\Roaming\5E5E45359ABC1B126B 7DECDF1EA0B552\asecpp70.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab

O20 - AppInit_DLLs: c:\progra~1\wia6eb~1\datamngr\datamngr.dll c:\progra~1\wia6eb~1\datamngr\iebho.dll c:\progra~1\bandoo\bndhook.dll

O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\PROGRA~1\Bandoo\Bandoo.exe

O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Input Manager - Unknown owner - C:\windows\temp\Input.exe (file missing)

O23 - Service: McAfee Servizio Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield - Unknown owner - C:Program FilesCommon FilesMcAfeeSystemCore\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeSystemCore\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\windows\system32\mfevtps.exe

O23 - Service: MouseDriver - Unknown owner - C:\Users\Utente\AppData\Local\Temp\MouseDriver.bat

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: Plug Manager - Unknown owner - C:\windows\temp\Plug.bat
chiudi HijackThis

poi vai in pannello di controllo - programmi e funzionalità
e disinstalla
tutte le toolbar che trovi
msn
bing
google
Searchqu Toolbar

disinstalla
Avast
e tutto quello che trovi di McAfee

appena finito tutto cio fammi sapere
che devi eseguire altre operazioni:ok:
 
ecco fatto..

ho eseguito come descritto e ringrazio anticipatamente perhé il pc sembra abbastanza migliorato ma nel pannello dal controllo in programmi e funzionalità non riesce a disinstallare mc affee poichè mi apre un quadro bianco sullo schermo come clicco su disinstalla,e antimalware doctor uguale non riesce a disinstallare..ho disinstallato le toolbar e quelli rimangono.antimalware continua ad aprire finestrelle ogni tanto,piuttosto pallose!non ho antivirus volevo ricordare,se lei riesce a consigliarmi qualcosa da installare accetto volentirei,gratuito se possibile!
 
ok
non ti preoccupare e normale
quelli sono tutti antivirus fake

ora

Scarica ed installa MalwareBytes:
clicca qui per il download :Download Malwarebytes Anti-Malware
Installalo, avvialo ed aggiornalo (è importante).Prima di fare la scansione AGGIORNALO.
sulla scheda Scansione Esegui la scansione completa del sistema selezionando tutte le unità
ed elimina tutti gli elementi infetti identificati.
clicca su Mostra i risultati per visualizzare nel dettaglio gli elementi infetti trovati.
poi clicca su Rimuovi gli elementi selezionati se chiede di riavviare il pc riavvia ,altrimenti riavvia tu manualmente
chiudi il programma.Posta il log
 
ti aggiorno..

sta scansionando da circa mezz ora per ora ha trovato 17 elementi infetti,non appena finisce il log lo posso prendere anche dopo che riavvio nella sezione log dell antimalware?
 
si lascia terminare la scansione
a scansione finita ti esce in automatico e lo salvi sul desktop

l' importante e che esegui le istruzioni a fine scansione

scansione completata del sistema
ed elimina tutti gli elementi infetti identificati.
clicca su Mostra i risultati per visualizzare nel dettaglio gli elementi infetti trovati.
poi clicca su Rimuovi gli elementi selezionati se chiede di riavviare il pc riavvia ,altrimenti riavvia tu manualmente

cmq si se non dovesse uscire il log lo puoi recuperare tranquillamente
nella sezione log dell antimalware
 
questo è il log precedente alla rimozione degli elementi

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Versione database: 6556

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

11/05/2011 21:25:35
mbam-log-2011-05-11 (21-25-27).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|)
Elementi esaminati: 275991
Tempo trascorso: 1 ore, 24 minuti, 5 secondi

Processi infetti in memoria: 4
Moduli di memoria infetti: 1
Chiavi di registro infette: 12
Valori di registro infetti: 6
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 56

Processi infetti in memoria:
c:\Users\Utente\AppData\Local\Temp\Pf0.exe (Trojan.Agent) -> 2504 -> No action taken.
c:\Windows\Pvypuq.exe (Trojan.Agent) -> 2512 -> No action taken.
c:\Users\Utente\AppData\Roaming\5e5e45359abc1b126b7decdf1ea0b552\asecpp70.exe (Trojan.FakeAlert) -> 2920 -> No action taken.
c:\Windows\Temp\Pfx.exe (Trojan.Agent) -> 6068 -> No action taken.

Moduli di memoria infetti:
c:\Users\Utente\AppData\Local\wsomsvds.dll (Trojan.Hiloti) -> No action taken.

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker (PUP.Casino) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\5GUTNY6MFK (Trojan.FakeAlert.SA) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\Software\R8388QA8U8 (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INPUT MANAGER (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUSEDRIVER (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PLUG MANAGER (Trojan.Agent) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lfujikomejesu (Trojan.Hiloti) -> Value: Lfujikomejesu -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\R8388QA8U8 (Trojan.Agent) -> Value: R8388QA8U8 -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asecpp70.exe (Trojan.FakeAlert) -> Value: asecpp70.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Input Manager\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriver\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Plug Manager\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
c:\Users\Utente\AppData\Local\wsomsvds.dll (Trojan.Hiloti) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pf0.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypuq.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Roaming\5e5e45359abc1b126b7decdf1ea0b552\asecpp70.exe (Trojan.FakeAlert) -> No action taken.
c:\Windows\Temp\Pfx.exe (Trojan.Agent) -> No action taken.
c:\Poker\titan poker\_titanpsetup_10d0db.exe (PUP.Casino) -> No action taken.
c:\program files\windows nt\accessories\svchost.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\emxrsocawn.exe (Trojan.Hiloti) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\o3j0ur0b.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pf1.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pf2.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pf3.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pf4.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pf5.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pfw.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pfx.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pfz.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\maxneswcro.exe (Trojan.Hiloti) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\ptua6e_tmp.exe (PUP.Casino) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\zgnz4k2.exe (Backdoor.Bot) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\hptqyakqr.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\hsfjx2vhd.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Roaming\5e5e45359abc1b126b7decdf1ea0b552\upd_debug.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Utente\downloads\titanpsetup_10d0db.exe (PUP.Casino) -> No action taken.
c:\Windows\Pvypua.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypub.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypuc.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypud.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypue.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypuf.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypug.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypuh.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypui.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypuj.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypuk.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypul.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypum.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypun.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypuo.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypup.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\2m8xum0t.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\cjqm7hu8.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\conima.exe (Spyware.Passwords) -> No action taken.
c:\Windows\Temp\Managee.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\gqocl33l.exe (Spyware.Passwords) -> No action taken.
c:\Windows\Temp\j6yc6z9g.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\Pfw.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\Desktop\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
c:\Users\Utente\AppData\Roaming\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> No action taken.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> No action taken.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> No action taken.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> No action taken.
c:\Windows\Temp\input manager.bat (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\mousedriver.bat (Trojan.Agent) -> No action taken.
c:\Windows\Temp\Plug.bat (Trojan.Agent) -> No action taken.
 
questo dopo,mi ha scritto che alcuni elementi non si sono potut eliminare!

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Versione database: 6556

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

11/05/2011 21:25:35
mbam-log-2011-05-11 (21-25-27).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|)
Elementi esaminati: 275991
Tempo trascorso: 1 ore, 24 minuti, 5 secondi

Processi infetti in memoria: 4
Moduli di memoria infetti: 1
Chiavi di registro infette: 12
Valori di registro infetti: 6
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 56

Processi infetti in memoria:
c:\Users\Utente\AppData\Local\Temp\Pf0.exe (Trojan.Agent) -> 2504 -> No action taken.
c:\Windows\Pvypuq.exe (Trojan.Agent) -> 2512 -> No action taken.
c:\Users\Utente\AppData\Roaming\5e5e45359abc1b126b7decdf1ea0b552\asecpp70.exe (Trojan.FakeAlert) -> 2920 -> No action taken.
c:\Windows\Temp\Pfx.exe (Trojan.Agent) -> 6068 -> No action taken.

Moduli di memoria infetti:
c:\Users\Utente\AppData\Local\wsomsvds.dll (Trojan.Hiloti) -> No action taken.

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker (PUP.Casino) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\5GUTNY6MFK (Trojan.FakeAlert.SA) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\Software\R8388QA8U8 (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INPUT MANAGER (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUSEDRIVER (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PLUG MANAGER (Trojan.Agent) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lfujikomejesu (Trojan.Hiloti) -> Value: Lfujikomejesu -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\R8388QA8U8 (Trojan.Agent) -> Value: R8388QA8U8 -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asecpp70.exe (Trojan.FakeAlert) -> Value: asecpp70.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Input Manager\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriver\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Plug Manager\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
c:\Users\Utente\AppData\Local\wsomsvds.dll (Trojan.Hiloti) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pf0.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypuq.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Roaming\5e5e45359abc1b126b7decdf1ea0b552\asecpp70.exe (Trojan.FakeAlert) -> No action taken.
c:\Windows\Temp\Pfx.exe (Trojan.Agent) -> No action taken.
c:\Poker\titan poker\_titanpsetup_10d0db.exe (PUP.Casino) -> No action taken.
c:\program files\windows nt\accessories\svchost.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\emxrsocawn.exe (Trojan.Hiloti) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\o3j0ur0b.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pf1.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pf2.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pf3.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pf4.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pf5.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pfw.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pfx.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\Pfz.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\maxneswcro.exe (Trojan.Hiloti) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\ptua6e_tmp.exe (PUP.Casino) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\zgnz4k2.exe (Backdoor.Bot) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\hptqyakqr.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\hsfjx2vhd.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Roaming\5e5e45359abc1b126b7decdf1ea0b552\upd_debug.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Utente\downloads\titanpsetup_10d0db.exe (PUP.Casino) -> No action taken.
c:\Windows\Pvypua.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypub.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypuc.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypud.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypue.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypuf.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypug.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypuh.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypui.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypuj.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypuk.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypul.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypum.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypun.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypuo.exe (Trojan.Agent) -> No action taken.
c:\Windows\Pvypup.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\2m8xum0t.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\cjqm7hu8.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\conima.exe (Spyware.Passwords) -> No action taken.
c:\Windows\Temp\Managee.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\gqocl33l.exe (Spyware.Passwords) -> No action taken.
c:\Windows\Temp\j6yc6z9g.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\Pfw.exe (Trojan.Agent) -> No action taken.
c:\Users\Utente\Desktop\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
c:\Users\Utente\AppData\Roaming\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> No action taken.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> No action taken.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> No action taken.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> No action taken.
c:\Windows\Temp\input manager.bat (Trojan.Agent) -> No action taken.
c:\Users\Utente\AppData\Local\Temp\mousedriver.bat (Trojan.Agent) -> No action taken.
c:\Windows\Temp\Plug.bat (Trojan.Agent) -> No action taken.
 
scusa è questo quello dopo l eliminazione ho sbagliato..

in memoria: 4
Moduli di memoria infetti: 1
Chiavi di registro infette: 12
Valori di registro infetti: 6
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 56

Processi infetti in memoria:
c:\Users\Utente\AppData\Local\Temp\Pf0.exe (Trojan.Agent) -> 2504 -> Unloaded process successfully.
c:\Windows\Pvypuq.exe (Trojan.Agent) -> 2512 -> Unloaded process successfully.
c:\Users\Utente\AppData\Roaming\5e5e45359abc1b126b7decdf1ea0b552\asecpp70.exe (Trojan.FakeAlert) -> 2920 -> Unloaded process successfully.
c:\Windows\Temp\Pfx.exe (Trojan.Agent) -> 6068 -> Unloaded process successfully.

Moduli di memoria infetti:
c:\Users\Utente\AppData\Local\wsomsvds.dll (Trojan.Hiloti) -> Delete on reboot.

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker (PUP.Casino) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\5GUTNY6MFK (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\R8388QA8U8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INPUT MANAGER (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUSEDRIVER (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PLUG MANAGER (Trojan.Agent) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lfujikomejesu (Trojan.Hiloti) -> Value: Lfujikomejesu -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\R8388QA8U8 (Trojan.Agent) -> Value: R8388QA8U8 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asecpp70.exe (Trojan.FakeAlert) -> Value: asecpp70.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Input Manager\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriver\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Plug Manager\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
c:\Users\Utente\AppData\Local\wsomsvds.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Users\Utente\AppData\Local\Temp\Pf0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Pvypuq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Roaming\5e5e45359abc1b126b7decdf1ea0b552\asecpp70.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\Windows\Temp\Pfx.exe (Trojan.Agent) -> Delete on reboot.
c:\Poker\titan poker\_titanpsetup_10d0db.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\program files\windows nt\accessories\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Local\Temp\emxrsocawn.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Local\Temp\o3j0ur0b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Local\Temp\Pf1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Local\Temp\Pf2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Local\Temp\Pf3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Local\Temp\Pf4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Local\Temp\Pf5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Local\Temp\Pfw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Local\Temp\Pfx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Local\Temp\Pfz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Local\Temp\maxneswcro.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Local\Temp\ptua6e_tmp.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Local\Temp\zgnz4k2.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Local\Temp\hptqyakqr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Local\Temp\hsfjx2vhd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Roaming\5e5e45359abc1b126b7decdf1ea0b552\upd_debug.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Utente\downloads\titanpsetup_10d0db.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Windows\Pvypua.exe (Trojan.Agent) -> Delete on reboot.
c:\Windows\Pvypub.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Pvypuc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Pvypud.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Pvypue.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Pvypuf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Pvypug.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Pvypuh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Pvypui.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Pvypuj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Pvypuk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Pvypul.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Pvypum.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Pvypun.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Pvypuo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Pvypup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\2m8xum0t.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\cjqm7hu8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\conima.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\Temp\Managee.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\gqocl33l.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\Temp\j6yc6z9g.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\Pfw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Utente\Desktop\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Roaming\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\Windows\Temp\input manager.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Utente\AppData\Local\Temp\mousedriver.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\Plug.bat (Trojan.Agent) -> Quarantined and deleted successfully.
 
Pubblicità

Ci sono discussioni simili a riguardo, dai un'occhiata!

U
  • Chiuso
RISOLTO Truffa pishing e come risolvere
Risposte
7
Visualizzazioni
183
User_
U
T
Attivazione Windows 10
Risposte
12
Visualizzazioni
381
Liupen
Liupen
J
Windows 11 Lentissimo
Risposte
9
Visualizzazioni
306
gpsambe
gpsambe
il sognatore Jones
PROBLEMA Problemi durante la rimozione di dispositivi di archiviazione di massa [Windows 11]
Risposte
6
Visualizzazioni
455
il sognatore Jones
il sognatore Jones
Kagliostro
Installare CCleaner 7 su PC (Win 11 Pro 64bit) - Non riesco - Mi sfugge qualcosa ????
2
Risposte
22
Visualizzazioni
2K
Kagliostro
Kagliostro
Pubblicità

Discussioni Simili

Indietro
Top