Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

*** LINKOPTIMIZER/GROMOZON --- PREVENZIONE E RIMOZIONE ***

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Messaggioda solarlord » mer set 13, 2006 11:54 am

Ah, quasi dimenticavo... ecco l'ultimo log di HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 12.46.17, on 13/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton Internet Security\ISSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Nokia\Tools\NclTray.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe
C:\Programmi\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documenti\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {A5679719-B425-30AC-4EB7-9A27091C8633} - C:\WINDOWS\aernu1.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmi\File comuni\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PCSuiteperNokiaN-Gage QD Detect.lnk = ?
O4 - Global Startup: PCSuiteperNokiaN-Gage QD TS.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D60EE2E-6E0A-4C03-8D9F-A4F8C469DE99}: NameServer = 62.211.69.150 212.48.4.15
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmi\Norton Internet Security\ISSVC.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
Avatar utente
solarlord
Aficionado
Aficionado
 
Messaggi: 136
Iscritto il: mar set 12, 2006 11:59 am
Località: Berlino
Top

Messaggioda Amantide » mer set 13, 2006 12:46 pm

solarlord ha scritto:Lei sarebbe così gentile da indicarmi un'altra via ?

Se Lei sarà cosi cortese da smettere di darmi del Lei [sedia] lo farò volentieri [:-D]
Intanto scarica il programma Avenger, il link è indicato nella guida, ed incolla qui il percorso completo di quel valore nel registro, che non riesci ad eliminare. Cosi potrò preparare il testo da inserire nel programma per poter eliminare questi file.
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Messaggioda solarlord » mer set 13, 2006 2:47 pm

Dictum ipsum factum ! [:-D]

Dunque sono un po' confuso... [sbigot] seguendo anche le istruzioni qui contenute ( perlomeno la prima parte... ) il log di HijackThis si presenta così :

Logfile of HijackThis v1.99.1
Scan saved at 15.32.15, on 13/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton Internet Security\ISSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Nokia\Tools\NclTray.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe
C:\Programmi\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documenti\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmi\File comuni\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PCSuiteperNokiaN-Gage QD Detect.lnk = ?
O4 - Global Startup: PCSuiteperNokiaN-Gage QD TS.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D60EE2E-6E0A-4C03-8D9F-A4F8C469DE99}: NameServer = 62.211.69.150 212.48.4.15
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmi\Norton Internet Security\ISSVC.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

Per quanto riguarda l'Avenger aspetto un tuo commento... ( non mi sono arrischiato ulteriormente ) dallo scan del RootkiReveal risulta questo log :

HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6\ProductName 17/11/2004 20.39 26 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\DisplayName 17/11/2004 20.43 26 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\a347scsi\Config\jdgg40 17/11/2004 20.47 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf40 15/12/2005 13.53 0 bytes Hidden from Windows API.
C:\Documenti\Semantic Web\tesi : Interazione Uomo Macchina.pdf 07/11/2005 18.40 685.31 KB Hidden from Windows API.
Avatar utente
solarlord
Aficionado
Aficionado
 
Messaggi: 136
Iscritto il: mar set 12, 2006 11:59 am
Località: Berlino
Top
Top

Messaggioda BilloKenobi » mer set 13, 2006 3:15 pm

crazy.cat ha scritto:Dopo si passa all'articolo vero e proprio in collaborazione.


quando vuoi

@ solarlord

a leggere i vari log, sembra tutto ok. hai ancora i problemi tipici (pc lento, pop up a bizzeffe?)
Begun the Clone War has
Avatar utente
BilloKenobi
Senior Member
Senior Member
 
Messaggi: 453
Iscritto il: gio ago 10, 2006 11:06 am
Top

Messaggioda Amantide » mer set 13, 2006 3:46 pm

solarlord ha scritto:Miss Amantide purtroppo sembra che questo aernu1.dll sia più tenace del solito : se eseguo il comando sopraindicato mi dà errore ( impossibile trovare il file "del" verificare che il percorso e il nome del file siano corretti etc,etc. ).

Scusami, sei stato anche tu la vittima del ennessimo copia/incolla che ho fatto dai miei appunti scritti troppo di fretta.
Il percorso era Start--> Esegui dove prima si doveva scrivere cmd e solo dopo essere nei prompt di comandi eseguire del \\.\
Chiedo venia. [:I]
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Messaggioda solarlord » mer set 13, 2006 4:16 pm

@ Amantide

Don't worry ! Sembrerebbe tutto a posto ora... almeno spero...


@ BilloKenobi

il problema principale ( tralasciando rallentamenti e arresti automatici del sistema vari ) era insito nell'eMule : praticamente da quando è comparso questo maledetto virus i miei download si sono come bloccati ( tutto al contrario degli upload ) e puntualmente quando entrava in funzione il Norton per cancellarlo mi disconnetteva dall'ADSL... adesso aspetto che mi dia qualche segnale incoraggiante : nel frattempo, che cosa mi dici riguardo il log del RooKitRevealer ? E' il caso di usare l'Avenger o è meglio aspettare ulteriori sviluppi ?
Avatar utente
solarlord
Aficionado
Aficionado
 
Messaggi: 136
Iscritto il: mar set 12, 2006 11:59 am
Località: Berlino
Top

Messaggioda solarlord » mer set 13, 2006 4:40 pm

Già che ci sono ho fatto una scansione on-line ( http://www.ilsoftware.it/hijackthis.asp ) : c'era rimasto giusto un elemento sospetto che ho prontamente eliminato... ecco il log :

Logfile of HijackThis v1.99.1
Scan saved at 17.31.15, on 13/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton Internet Security\ISSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Nokia\Tools\NclTray.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Nokia\PC Suite for N-Gage QD\connmngmntbox.exe
C:\Programmi\Nokia\PC Suite for N-Gage QD\ectaskscheduler.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documenti\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmi\File comuni\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PCSuiteperNokiaN-Gage QD Detect.lnk = ?
O4 - Global Startup: PCSuiteperNokiaN-Gage QD TS.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmi\Norton Internet Security\ISSVC.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
Avatar utente
solarlord
Aficionado
Aficionado
 
Messaggi: 136
Iscritto il: mar set 12, 2006 11:59 am
Località: Berlino
Top

Messaggioda solarlord » mer set 13, 2006 10:33 pm

Allora ragazzi... tutto sembrerebbe procedere normalmente : perlomeno finora non ho notato nulla di strano e persino l'eMule "gira" normalmente... per fugare ogni dubbio dovrei seguire gli ultimi passaggi qui indicati http://www.suspectfile.com/forum/viewtopic.php?t=156 ( ovverosia cancellare con l'Avenger i file indicati dal log di RootkitRevelear e far partire il RegSrch ) oppure posso dirmi soddisfatto sin da ora ? Che cosa mi dite piuttosto di questa patch per eliminare la vulnerabilità a questo problema ? http://www.microsoft.com/technet/securi ... 6-001.mspx

Intanto non sò proprio come ringraziarvi !!! [applauso]
Avatar utente
solarlord
Aficionado
Aficionado
 
Messaggi: 136
Iscritto il: mar set 12, 2006 11:59 am
Località: Berlino
Top

Messaggioda crazy.cat » gio set 14, 2006 6:34 am

solarlord ha scritto:Che cosa mi dite piuttosto di questa patch per eliminare la vulnerabilità a questo problema ? http://www.microsoft.com/technet/securi ... 6-001.mspx

Da installare assolutamente.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda Amantide » gio set 14, 2006 9:56 am

solarlord nell' altro topic ha scritto: aspettando di aver notizie sull'Avenger

Come ti ha già risposto anche BilloKenobi, il tuo log è pulito, anche quello di RootkitRevealer. Le voci che vedi li sono i "rootkit buoni".
Per pulire il registro dai residui di LO, basta che apri il regedit (Start-->Esegui-->dove digiti regedit) e tramite Modifica--> trova cerca ed elimina tutti i valori, facendo la ricerca della parola linkoptimizer ed i nomi dei file che avevi eliminato. Prima di apportare le modifiche nel registro salva una copia di backup (File--> Esporta).
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Provate VIR IT della tgsoft , ha funzionato alla grande!!!

Messaggioda antonio.zap » gio set 14, 2006 11:16 am

Scusate l'intromissione, ma penso che una notizia del genere possa aiutare un po' tutti....
Io ed un collega abbiamo testato parecchi software antivirus in merito, e sembra che l'unico ad intercettare gli ultimi rootkit (anche linkoptimizer) sia VIRIT della tgsoft scaricabile in versione trial 30gg (ma completamente funzionante( dal sito http://www.tgsoft.it/)
E' uno dei pochi che lo rileva in memoria, richiede il riavvio immediato ed allla partenza esegue una scansione completa di C: individuando subito i malware ed i rootkit, di conseguenza sembra proprio che impedisca a quest'ultimi di reinstallarsi alla cancellazione.
Fate pero' l'aggiornamento all'ultima versione e' indispensabile.!!!

Spero di aver fatto cosa gradita.
Antonio
[applauso] [:-D] [applauso]
Non si puo' sapere tutto, Ma ci si puo' provare..... :)
Avatar utente
antonio.zap
Neo Iscritto
Neo Iscritto
 
Messaggi: 8
Iscritto il: lun ott 03, 2005 10:36 am
Località: Genova
Top

LO ce l'ho anch'io

Messaggioda ivantmax » gio set 14, 2006 11:18 am

La lista di autostart è questa:
GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-09-14 12:06:01
Windows 5.1.2600 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
WRNotifier@DLLName = WRLogonNTF.dll /*file not found*/
ws_3s32@DLLName = ws_3s32.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
acpWiFi /*Accesso periferica Wi-Fi Ex*/@ = C:\WINDOWS\downlo~1\9mzx5lz\lylcys.exe
ccEvtMgr /*Symantec Event Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
InCDsrv /*InCD File System Service*/@ = C:\Programmi\Ahead\InCD\InCDsrv.exe
LightScribeService /*LightScribeService Direct Disc Labeling Service*/@ = C:\Programmi\File comuni\LightScribe\LSSrvc.exe
mntdbb /*Mantenimento DataBase*/@ = C:\WINDOWS\Downlo~1\nxxa096\2vyncpa.exe
navapsvc /*Servizio Norton AntiVirus Auto-Protect*/@ = "C:\Programmi\Norton AntiVirus\navapsvc.exe"
O? /*Workstation NetLogon Service*/@ = C:\WINDOWS\system32\mfccs.exe /s /*file not found*/
SBService /*ScriptBlocking Service*/@ = C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
SymWSC /*SymWMI Service*/@ = C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
Windows web messenger /*Windows web messenger*/@ = "C:\WINDOWS\Msnweb.exe" /*file not found*/
YTt /*YTt*/@ = "\\?\C:\Programmi\File comuni\System\com9.exe"
ZESOFT /*ZESOFT*/@ = C:\WINDOWS\zeta.exe /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SiS KHookerC:\WINDOWS\System32\khooker.exe = C:\WINDOWS\System32\khooker.exe
@HcontrolC:\WINDOWS\ATK0100\Hcontrol.exe = C:\WINDOWS\ATK0100\Hcontrol.exe
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@Power_GearC:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1 /*file not found*/ = C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1 /*file not found*/
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@InCDC:\Programmi\Ahead\InCD\InCD.exe = C:\Programmi\Ahead\InCD\InCD.exe
@AdslTaskBarrundll32.exe stmctrl.dll,TaskBar = rundll32.exe stmctrl.dll,TaskBar
@CAP3ONC:\WINDOWS\System32\spool\drivers\w32x86\3\CAP3ONN.EXE = C:\WINDOWS\System32\spool\drivers\w32x86\3\CAP3ONN.EXE
@ccApp"C:\Programmi\File comuni\Symantec Shared\ccApp.exe" = "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
@ccRegVfy"C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe" = "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
@Symantec NetDriver MonitorC:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
@SSC_UserPromptC:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe = C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
@Adobe Photo Downloader"C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" /*file not found*/ = "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" /*file not found*/
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Symantec.Norton.Antivirus.IEContextMenu@{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmi\Norton AntiVirus\NavShExt.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Symantec.Norton.Antivirus.IEContextMenu@{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmi\Norton AntiVirus\NavShExt.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{7CC60107-6316-49FA-9AF7-47D3E41E4F69}C:\WINDOWS\system32\ws_3s32.dll = C:\WINDOWS\system32\ws_3s32.dll
@{BDF3E430-B101-42AD-A544-FADC6B084872}C:\Programmi\Norton AntiVirus\NavShExt.dll = C:\Programmi\Norton AntiVirus\NavShExt.dll

HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\ >>>
.mp3@Location = C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll
.mpeg@Location = C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll
.tiff@Location = C:\Programmi\Internet Explorer\PLUGINS\npqtplugin5.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.asus.com.tw = http://www.asus.com.tw
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\ivan marigliano\Menu Avvio\Programmi\Esecuzione automatica = ATnotes.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Finestra di stato di Canon LASER SHOT LBP-1120.LNK = Finestra di stato di Canon LASER SHOT LBP-1120.LNK
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk

---- EOF - GMER 1.0.10 ----



Mentre la lista di Rootkit è la seguente:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-09-14 12:12:02
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.10 ----

SSDT 8118B340 ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey

---- Devices - GMER 1.0.10 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSEIRP_MJ_READ [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSEIRP_MJ_READ [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSEIRP_MJ_READ [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F6BAB230] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT [F6BAB230] vsdatant.sys

---- EOF - GMER 1.0.10 ----


Gradirei sapere qual è lo scipt da inserire in "AVENGER".
Grazie per l'aiuto.
ivan
Avatar utente
ivantmax
Aficionado
Aficionado
 
Messaggi: 31
Iscritto il: ven giu 11, 2004 6:03 pm
Località: Campania
Top

dimenticavo Logfile of HijackThis

Messaggioda ivantmax » gio set 14, 2006 11:36 am

Logfile of HijackThis v1.98.2
Scan saved at 12.30.12, on 14/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\System32\CAP3RSK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\ivan marigliano\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
O2 - BHO: CIEPl Object - {7CC60107-6316-49FA-9AF7-47D3E41E4F69} - C:\WINDOWS\system32\ws_3s32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\System32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: ATnotes.lnk = C:\Programmi\ATnotes\ATnotes.exe
O4 - Global Startup: Finestra di stato di Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .mp3: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .tiff: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{843610A5-C961-4B7E-90F4-909B6DC1E3D9}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
ivan
Avatar utente
ivantmax
Aficionado
Aficionado
 
Messaggi: 31
Iscritto il: ven giu 11, 2004 6:03 pm
Località: Campania
Top

Messaggioda solarlord » gio set 14, 2006 12:10 pm

@ Amantide e BilloKenobi

Scusate se sono così assillante : il fatto è che temo l'effetto " cluster bomb " quindi ho il bisogno, quasi fisiologico, di sapere che sia tutto a posto... comunque, non arrischiandomi con il regedit ( e le relative autorizzazioni ) ho usato l'Easy Cleaner 2 senza che riscontrasse nulla di anormale : penso, alla fine, di potermi mettere il cuore in pace...
Avatar utente
solarlord
Aficionado
Aficionado
 
Messaggi: 136
Iscritto il: mar set 12, 2006 11:59 am
Località: Berlino
Top

Messaggioda solarlord » gio set 14, 2006 12:28 pm

Proprio per scrupolo vi allego il log dell'Easy Cleaner 2 dopo aver installato la Security Patch summenzionata :

Chiave principale Sottochiave Data ultima modifica Nome voce di valore Dati
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\45E1A0ACF0EC66340BC98AB716CD6533\SourceList\Net 12/11/2005 12.14.38 1 C:\DOCUME~1\ALLUSE~1\DATIAP~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~1.2_E\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\45E1A0ACF0EC66340BC98AB716CD6533\InstallProperties 12/11/2005 12.14.38 InstallSource C:\DOCUME~1\ALLUSE~1\DATIAP~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~1.2_E\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{CA0A1E54-CE0F-4366-B09C-A87B61DC5633} 12/11/2005 12.14.38 InstallSource C:\DOCUME~1\ALLUSE~1\DATIAP~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~1.2_E\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\C78D6251559ABAF4FB8196B74A753E25\SourceList\Net 23/12/2004 11.46.22 1 C:\DOCUME~1\ALLUSE~1\DATIAP~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~2.1_I\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C78D6251559ABAF4FB8196B74A753E25\InstallProperties 23/12/2004 11.46.22 InstallSource C:\DOCUME~1\ALLUSE~1\DATIAP~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~2.1_I\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{1526D87C-A955-4FAB-BF18-697BA457E352} 23/12/2004 11.46.22 InstallSource C:\DOCUME~1\ALLUSE~1\DATIAP~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~2.1_I\
HKEY_CURRENT_USER Software\Macromedia\FlashPlayerUpdate 17/05/2006 15.57.08 Path C:\DOCUME~1\FM\IMPOST~1\Temp\FlashPlayerUpdate.exe
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\Macromedia\FlashPlayerUpdate 17/05/2006 15.57.08 Path C:\DOCUME~1\FM\IMPOST~1\Temp\FlashPlayerUpdate.exe
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\B85B2D2FDF2B1D643891CD5E46709943\SourceList\Net 22/08/2005 17.56.42 1 C:\DOCUME~1\FM\IMPOST~1\Temp\Langpacks\ITA\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B85B2D2FDF2B1D643891CD5E46709943\InstallProperties 22/08/2005 17.56.42 InstallSource C:\DOCUME~1\FM\IMPOST~1\Temp\Langpacks\ITA\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{F2D2B58B-B2FD-46D1-8319-DCE564079934} 22/08/2005 17.56.42 InstallSource C:\DOCUME~1\FM\IMPOST~1\Temp\Langpacks\ITA\
HKEY_LOCAL_MACHINE Software\Hewlett-Packard\Install\{C2B755A8-8D78-4694-BF12-4AC0ADCD4CE2} 22/08/2005 18.00.51 Filename C:\DOCUME~1\FM\IMPOST~1\Temp\Langpacks\ITA\langpack.msi
HKEY_LOCAL_MACHINE Software\Hewlett-Packard\Install\{EC50BF57-3064-11D5-A54A-0090278A1BB8} 22/08/2005 18.00.51 Filename C:\DOCUME~1\FM\IMPOST~1\Temp\netfx.msi
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Preferences\LastTempFile 23/11/2004 11.28.19 C:\DOCUME~1\FM\IMPOST~1\Temp\RN11.htm
HKEY_CURRENT_USER Software\Microsoft\FrontPage 17/05/2006 10.36.39 WecErrorLog C:\DOCUME~1\FM\IMPOST~1\Temp\wecerr.txt
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\FrontPage 17/05/2006 10.36.39 WecErrorLog C:\DOCUME~1\FM\IMPOST~1\Temp\wecerr.txt
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{769FF617-E871-48AD-9955-8C5D177C039C}\2.0\HELPDIR 08/02/2005 18.06.13 C:\DOCUME~1\FM\IMPOST~1\Temp\Word8.0
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{769FF617-E871-48AD-9955-8C5D177C039C}\2.0\0\win32 08/02/2005 18.06.13 C:\DOCUME~1\FM\IMPOST~1\Temp\Word8.0\MSForms.exd
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\0A7DAB2DB01619640A458D9A1FF57F80\SourceList\Net 16/12/2005 17.49.10 1 C:\DOCUME~1\FM\IMPOST~1\Temp\_is18\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0A7DAB2DB01619640A458D9A1FF57F80\InstallProperties 16/12/2005 17.49.10 InstallSource C:\DOCUME~1\FM\IMPOST~1\Temp\_is18\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{D2BAD7A0-610B-4691-A054-D8A9F15FF708} 16/12/2005 17.49.27 InstallSource C:\DOCUME~1\FM\IMPOST~1\Temp\_is18\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{D2BAD7A0-610B-4691-A054-D8A9F15FF708} 16/12/2005 17.49.10 InstallSource C:\DOCUME~1\FM\IMPOST~1\Temp\_is18\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\D9FD751AF2649FB4C8E58345CBC90CF8\SourceList\Net 22/08/2005 18.01.53 1 C:\DOCUME~1\FM\IMPOST~1\Temp\_is319\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D9FD751AF2649FB4C8E58345CBC90CF8\InstallProperties 22/08/2005 18.01.53 InstallSource C:\DOCUME~1\FM\IMPOST~1\Temp\_is319\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{A157DF9D-462F-4BF9-8C5E-3854BC9CC08F} 22/08/2005 18.01.53 InstallSource C:\DOCUME~1\FM\IMPOST~1\Temp\_is319\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\20A2B47583D3D51429263FB537186749\SourceList\Net 20/12/2005 22.20.20 1 C:\DOCUME~1\FM\IMPOST~1\Temp\_is31\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\20A2B47583D3D51429263FB537186749\InstallProperties 20/12/2005 22.20.19 InstallSource C:\DOCUME~1\FM\IMPOST~1\Temp\_is31\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{574B2A02-3D38-415D-9262-F35B73817694} 20/12/2005 22.20.25 InstallSource C:\DOCUME~1\FM\IMPOST~1\Temp\_is31\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{574B2A02-3D38-415D-9262-F35B73817694} 20/12/2005 22.20.19 InstallSource C:\DOCUME~1\FM\IMPOST~1\Temp\_is31\
HKEY_LOCAL_MACHINE Software\Symantec\Norton AntiVirus 14/09/2006 10.32.47 AdvChkPath C:\DOCUME~2\NORTON~4\NORTON~1\AdvTools\SETUP.EXE
HKEY_LOCAL_MACHINE Software\Symantec\Norton AntiVirus 14/09/2006 10.32.47 AdvChkISSPath C:\DOCUME~2\NORTON~4\NORTON~1\AdvTools\SETUP.ISS
HKEY_CURRENT_USER Software\Alcohol Soft\Alcohol 120%\RecordWizard 06/12/2005 16.25.00 CD Image File Name C:\FIFA\MINI_FIFA06.MDS
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\Alcohol Soft\Alcohol 120%\RecordWizard 06/12/2005 16.25.00 CD Image File Name C:\FIFA\MINI_FIFA06.MDS
HKEY_LOCAL_MACHINE Software\Ahead\Shared 17/11/2004 18.27.40 OutputPath C:\Programmi\Ahead\MyMusic
HKEY_CURRENT_USER Software\Ahead\Nero - Burning Rom\Database 13/09/2006 0.08.24 LocalDbPath C:\Programmi\Ahead\nero\NeroDb
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\Ahead\Nero - Burning Rom\Database 13/09/2006 0.08.24 LocalDbPath C:\Programmi\Ahead\nero\NeroDb
HKEY_CURRENT_USER Software\Ahead\Nero - Burning Rom\Database 13/09/2006 0.08.24 UserDbPath C:\Programmi\Ahead\nero\UsrDb
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\Ahead\Nero - Burning Rom\Database 13/09/2006 0.08.24 UserDbPath C:\Programmi\Ahead\nero\UsrDb
HKEY_LOCAL_MACHINE Software\Classes\pplfile\DefaultIcon 21/06/2006 23.46.35 C:\Programmi\PPLive\PPLive.exe
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File22 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\active.html
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File7 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\clearspacer.gif
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File20 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\corrupt.html
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File23 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\embedded.html
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File8 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\google_logo.gif
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File13 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\no_thanks.gif
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File14 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\no_thanks_hover.gif
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File15 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\ok.gif
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File16 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\ok_hover.gif
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File19 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\pinto_2_bg.jpg
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File9 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\pinto_2_bg1.gif
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File21 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\postponed.html
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File10 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\real_logo.gif
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File24 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\reboot.html
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File25 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\type.css
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File17 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\update.gif
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File18 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\update_hover.gif
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File11 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\update_now.gif
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\UPGTool:2.0\File12 17/03/2006 20.48.21 C:\Programmi\Real\RealPlayer\DataCache\update_now_hover.gif
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\fpsechnd:6.0\File1 22/03/2006 12.05.10 C:\Programmi\Real\RealPlayer\fpsectbl
HKEY_CURRENT_USER Software\RealNetworks\RealPlayer\6.0\Preferences\CurrentSkin 22/03/2006 12.08.32 C:\Programmi\Real\RealPlayer\normal.vs|normal
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\RealNetworks\RealPlayer\6.0\Preferences\CurrentSkin 22/03/2006 12.08.32 C:\Programmi\Real\RealPlayer\normal.vs|normal
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\SkinsDirectory 17/11/2004 18.18.23 C:\Programmi\Real\RealPlayer\Skins
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\RealJukebox\Search Engines\tcdinfo 22/03/2006 12.05.05 libpath C:\Programmi\Real\RealPlayer\tcdinfo.dll
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{110778DC-10CE-46F6-8E71-F28D795DFD09}\1.0\0\win32 12/09/2006 0.31.36 C:\Programmi\SpywareGuard\dlprotect.dll
HKEY_CURRENT_USER Software\Gabest\VSFilter\DefTextPathes 28/10/2005 16.54.55 Path1 c:\subtitles
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\Gabest\VSFilter\DefTextPathes 28/10/2005 16.54.55 Path1 c:\subtitles
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{C5DCD168-F08A-70D2-367F-FD9F6C46CFCE}\InprocServer32 30/08/2006 10.52.04 C:\WINDOWS\aernu1.dll
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Active Setup Temp Folders 16/11/2004 10.26.11 Folder C:\WINDOWS\msdownld.tmp|?:\msdownld.tmp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Setup 14/09/2006 11.14.02 ServicePackCachePath c:\windows\ServicePackFiles\ServicePackCache
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{2a6af021-17a2-4014-8624-cf6015f82fad}\InprocServer32 28/08/2006 11.03.04 C:\WINDOWS\System32\ataa.dll
HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main 14/09/2006 10.48.28 Local Page C:\WINDOWS\System32\blank.htm
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Internet Explorer\Main 14/09/2006 10.48.28 Local Page C:\WINDOWS\System32\blank.htm
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe 16/11/2004 10.21.28 C:\WINDOWS\System32\cmmgr32.exe
HKEY_LOCAL_MACHINE Software\Creative Tech\Drivers\AudioDevice\DevCon\00000002 16/11/2004 10.16.02 0007 C:\WINDOWS\System32\ctwdm16.drv
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{A0717E52-8AC8-4dd9-8682-0B76775125E6}\LocalServer32 25/08/2005 16.16.33 C:\WINDOWS\System32\divxsm.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89AA74355325B1745921273510C3D037 17/11/2004 18.39.49 32418F9EE1126B64A90E8365B85CFCF6 C:\WINDOWS\System32\Drivers\sojubus.sys
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C843D695961CCD04BB38C7B367435716 17/11/2004 18.39.49 32418F9EE1126B64A90E8365B85CFCF6 C:\WINDOWS\System32\Drivers\sojuscsi.sys
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4FF4BC3C03560EE170C4C3164C7B5A3 17/11/2004 18.46.49 27A3DED38A1678B4895AFEB08C30A80A C:\WINDOWS\SYSTEM32\Drivers\stormbus.sys
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03FE00DDEDB339A8CB88E99BDBE57BCD 17/11/2004 18.46.49 27A3DED38A1678B4895AFEB08C30A80A C:\WINDOWS\SYSTEM32\Drivers\stormprt.sys
HKEY_LOCAL_MACHINE Software\Microsoft\Multimedia\MPlayer2\Groups\Video\DVR-MS 25/08/2005 0.09.45 RequiredFile C:\WINDOWS\System32\enable.dvd
HKEY_LOCAL_MACHINE Software\Classes\Software\RealNetworks\RealPlayer\6.0\Preferences\SystemCookiesPath 17/11/2004 18.18.41 C:\WINDOWS\System32\syscookies.txt
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{CC2C83A6-9BE4-11D0-98E7-00C04FC2CAF5}\InprocServer32 16/11/2004 10.26.16 SystemDB C:\WINDOWS\System32\system.mdw
HKEY_LOCAL_MACHINE Software\Microsoft\WBEM\PROVIDERS\Logging\NTEVT 14/09/2006 11.16.43 File C:\WINDOWS\system32\WBEM\Logs\\NTEVT.log
HKEY_LOCAL_MACHINE Software\Microsoft\WBEM\PROVIDERS\Logging\WBEMSNMP 14/09/2006 11.16.43 File C:\WINDOWS\system32\WBEM\Logs\\WBEMSNMP.log
HKEY_LOCAL_MACHINE Software\Microsoft\Windows Media Device Manager 25/08/2005 0.11.31 Log.Filename C:\WINDOWS\System32\Wmdm.log
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\InprocServer32 03/05/2006 13.08.20 C:\WINDOWS\system\ANIGIF.OCX
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\InprocServer32 03/05/2006 13.08.20 C:\WINDOWS\system\ANIGIF.OCX
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\InprocServer32 03/05/2006 13.08.20 C:\WINDOWS\system\ANIGIF.OCX
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\1.5\0\win32 03/05/2006 13.08.20 C:\WINDOWS\system\ANIGIF.OCX
HKEY_LOCAL_MACHINE Software\Symantec\FRE 12/11/2005 11.48.58 ImportSettings C:\WINDOWS\Temp\SetgMgrt.txt
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion 14/09/2006 11.16.01 SourcePath E:\I386
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\drivers.desc 06/04/2006 15.10.45 C:\PROGRA~1\ffdshow\ffdshow.ax ffdshow Video Codec
HKEY_LOCAL_MACHINE Software\EA SPORTS\FIFA 2002 30/11/2005 20.17.39 Install Dir G:\Fifa2002
HKEY_CURRENT_USER Software\SlySoft\CloneCD\Settings 01/10/2005 16.54.09 ImageFileName G:\street.fighter.ex.plus.alpha.by.l!fe_suckZ.ccd
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\SlySoft\CloneCD\Settings 01/10/2005 16.54.09 ImageFileName G:\street.fighter.ex.plus.alpha.by.l!fe_suckZ.ccd
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\DOCUME~1\FM\IMPOST~1\Temp\INS23.tmp INS23
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\DOCUME~1\FM\IMPOST~1\Temp\INS23.tmp INS23
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\DOCUME~1\FM\IMPOST~1\Temp\INS26.tmp INS26
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\DOCUME~1\FM\IMPOST~1\Temp\INS26.tmp INS26
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 c:\b4a2a94cea0aa8ace3fc0d430b\update\update.exe Installazione del Service Pack per Windows
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 c:\b4a2a94cea0aa8ace3fc0d430b\update\update.exe Installazione del Service Pack per Windows
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\DOCUME~1\FM\IMPOST~1\Temp\SET2.tmp InstallShield (R) Setup Launcher
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\DOCUME~1\FM\IMPOST~1\Temp\SET2.tmp InstallShield (R) Setup Launcher
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\DOCUME~1\FM\IMPOST~1\Temp\PQADXHABCA.exe Rootkit detection utility
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\DOCUME~1\FM\IMPOST~1\Temp\MYUE.exe Rootkit detection utility
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\DOCUME~1\FM\IMPOST~1\Temp\PQADXHABCA.exe Rootkit detection utility
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\DOCUME~1\FM\IMPOST~1\Temp\MYUE.exe Rootkit detection utility
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\DOCUME~1\FM\IMPOST~1\Temp\is-EG9LE.tmp\is-0CMBK.tmp Setup/Uninstall
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\DOCUME~1\FM\IMPOST~1\Temp\is-EG9LE.tmp\is-0CMBK.tmp Setup/Uninstall
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\Programmi\SpywareGuard\sgmain.exe SpywareGuard
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\Programmi\SpywareGuard\sgmain.exe SpywareGuard
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\Programmi\SpywareGuard\sgliveupdate.exe SpywareGuard LiveUpdate
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\Programmi\SpywareGuard\sgliveupdate.exe SpywareGuard LiveUpdate
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\DOCUME~1\FM\IMPOST~1\Temp\_iu14D2N.tmp Uninstaller
HKEY_USERS S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache 14/09/2006 11.12.20 C:\DOCUME~1\FM\IMPOST~1\Temp\_iu14D2N.tmp Uninstaller
Avatar utente
solarlord
Aficionado
Aficionado
 
Messaggi: 136
Iscritto il: mar set 12, 2006 11:59 am
Località: Berlino
Top

Messaggioda Amantide » gio set 14, 2006 12:33 pm

@ ivantmax
Con Hijackthis fixa questo:
O2 - BHO: CIEPl Object - {7CC60107-6316-49FA-9AF7-47D3E41E4F69} - C:\WINDOWS\system32\ws_3s32.dll, poi abilita la visualizzazione dei file nascosti ed elimina il file in rosso.
Poi apri il regedit e tramite Trova cerca i riferimenti al file ws_3s32.dll ed eliminali.
Vedi anche se nel computer è presente il file C:\Programmi\File comuni\System\com9.exe. Se lo trovi, usa Avenger per eliminarlo, inserendo questo testo
Codice: Seleziona tutto
Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:
C:\Programmi\File comuni\System\com9.exe

In alternativa usa AGVPFIX.
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Re: Provate VIR IT della tgsoft , ha funzionato alla grande!

Messaggioda crazy.cat » gio set 14, 2006 12:43 pm

antonio.zap ha scritto:Spero di aver fatto cosa gradita.

Si, moltissimo.
Avevo letto di qualcosa del genere, le altre case di antivirus, essendo questo un virus diffuso quasi solo in Italia, se ne erano abbastanza fregate.
Mentre quelli di Virit qualcosa di buono erano riusciti a fare.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda BilloKenobi » ven set 15, 2006 8:05 pm

aaaaaaaaaaaaaaaaaahhhh. orrore!!!!

[!!!] [!!!] [!!!] [!!!] [!!!] [!!!] [!!!] [!!!] [!!!] [!!!] [!!!] [!!!]

ho aggiornato firefox alla 1.5.0.7, e poi mi sono imbattuto con una delle pagine tricolori che ti mettono il LinkOptimizer (per la precisione, fotocopiatrici)

e firefox che fa

non mi avvisa

e scarica il file www.google.com!!!!!!!!!!!!!

avast però blocca tutto

questa cosa non mi piace. ho già scritto al forum di mozilla italia... che se no passo a Opera
Begun the Clone War has
Avatar utente
BilloKenobi
Senior Member
Senior Member
 
Messaggi: 453
Iscritto il: gio ago 10, 2006 11:06 am
Top

Messaggioda solarlord » sab set 16, 2006 11:48 am

Ma... come?! La nostra guida che cade in un tranello simile?! Come è possibile?! [sbigot]

Non sarà mica una delle famose leggi del contrappasso : chi di LO ferisce di LO perisce... [devil]

Scherzi a parte : ho letto diverse recensioni su Avast! e tutte molto buone... visto che tra un po' mi scade l'abbonamento al Norton Internet Security mi consigli di passare al primo ( il quale è oltretutto freeware ) o vi è qualche altro antivirus ( come vir.It il quale però è a pagamento ) in grado di contrastare delle infezioni così "complicate" ?
Avatar utente
solarlord
Aficionado
Aficionado
 
Messaggi: 136
Iscritto il: mar set 12, 2006 11:59 am
Località: Berlino
Top

Messaggioda crazy.cat » sab set 16, 2006 11:51 am

solarlord ha scritto:Scherzi a parte : ho letto diverse recensioni su Avast! e tutte molto buone... visto che tra un po' mi scade l'abbonamento al Norton Internet Security mi consigli di passare al primo ( il quale è oltretutto freeware ) o vi è qualche altro antivirus ( come vir.It il quale però è a pagamento ) in grado di contrastare delle infezioni così "complicate" ?

Avast assolutamente, virit è in grado di curare alcune cose particolari, ma è tutto fuorchè un antivirus affidabile al 100%.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top
PrecedenteProssimo
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 0 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising