Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

scansione con RemoveIT

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

scansione con RemoveIT

Messaggioda maurino71 » dom ago 30, 2009 9:54 pm

ciao a tutti,oggi ho provato a fare una scansione del mio pc con questo sw di cui ho sentito parlare molto bene.....beh,finita la scansione mi ha rilevato 7 file pericolosi

Infected file (Win32.Unknown.Random.X) c:\docume~1\willy\impost~1\temp\rtkbtmnt.exe
Infected file (Sys32.acer) C:\WINDOWS\system32\acer.exe
Infected file (Sys32.erupdatehidden) C:\WINDOWS\system32\erupdatehidden.exe
Infected file (Sys32.nsn*) C:\WINDOWS\system32\nsn*.dll
Infected file (Sys32.amove) C:\WINDOWS\amove.exe
Infected file (Sys32.apanel) C:\WINDOWS\apanel.exe
Infected file (Sys32.rpcapd) C:\Programmi\winpcap\rpcapd.exe


ora,ho provato a fare una ricerca in rete sui file in questione ma non ho trovato nulla.qualcuno mi potrebbe dire se sono effettivamente pericolosi oppure se sono solo dei falsi positivi????


ciaociao

[uhm] [uhm] [uhm]
Avatar utente
maurino71
Senior Member
Senior Member
 
Messaggi: 248
Iscritto il: dom nov 12, 2006 11:45 am
Località: lonato(bs)

Re: scansione con RemoveIT

Messaggioda Amantide » dom ago 30, 2009 10:32 pm

Carica questi file, uno alla volta, su www.virustotal.com e vedi di cosa si tratta.

Ci puoi dire dove hai sentito parlare bene di questo software? [uhm]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: scansione con RemoveIT

Messaggioda maurino71 » lun ago 31, 2009 11:51 am

ciao Amantide,grazie mille per la risposta.per quanto riguarda questo sw,ho letto la recensione in un paio di blog girovagando qua e la per la rete,non mi ricordo di preciso.quando ieri mi ha rilevato quei file infetti,la cosa mi era sembrata strana,in quanto un paio di giorni prima avevo fatto una scansione online con kaspersky e noon mi aveva trovato nulla.
ho controllato i vari file come mi hai suggerito e sono tutti apposto,l'unico che non ho trovato e' questo

C:\WINDOWS\system32\nsn*.dll

ciaociao

[uhm] [uhm] [uhm]
Avatar utente
maurino71
Senior Member
Senior Member
 
Messaggi: 248
Iscritto il: dom nov 12, 2006 11:45 am
Località: lonato(bs)


Re: scansione con RemoveIT

Messaggioda Amantide » lun ago 31, 2009 12:05 pm

Al posto tuo non mi creerei tanti problemi, anche perché, come hai detto tu stesso, Kaspersky non ha rilevato nulla. [^]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: scansione con RemoveIT

Messaggioda Matilda12 » lun ago 31, 2009 8:52 pm

Per quanto possa valere il mio giudizio, seguo RemoveIT da diverso tempo ormai e, ogni volta, non mi ha mai dato una favorevole impressione.
Se vuoi un tool standalone, orientati su Dr. Web CureIt ... non sarà il massimo, ma meglio di RemoveIT ... se ti serve, si trova anche un tool standalone di Kaspersky ...
[ciao]
Matilda12
Dove c'è molta luce l'ombra è più nera.
Avatar utente
Matilda12
Utente inattivo
 
Messaggi: 1319
Iscritto il: mer feb 07, 2007 11:15 pm
Località: Marche - Italia

Re: scansione con RemoveIT

Messaggioda maurino71 » mar set 01, 2009 6:15 pm

ciao a tutti,poco fa per mia curiosita' personale ho provato a fare una scansione con combofix,mi sembra che abbia trovato qualcosa.....potreste dargli un'occhatina????


ComboFix 09-08-31.04 - Willy 01/09/2009 19.04.34.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1012.582 [GMT 2:00]
Eseguito da: c:\documents and settings\Willy\Documenti\Comix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ogacheckcontrol.dll
c:\windows\system32\osmultiplexcore.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-08-01 al 2009-09-01 )))))))))))))))))))))))))))))))))))
.

2009-08-30 20:30 . 2009-08-30 20:30 -------- d-----w- c:\programmi\InCode Solutions
2009-08-26 07:42 . 2009-08-24 17:04 2707456 ----a-w- c:\documents and settings\Willy\Dati applicazioni\Mozilla\Firefox\Profiles\vkhuwlab.default\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll
2009-08-25 17:44 . 2009-08-25 17:44 -------- d-----w- c:\documents and settings\Willy\Impostazioni locali\Dati applicazioni\JockerSoft
2009-08-25 17:39 . 2009-08-25 17:39 -------- d-----w- c:\programmi\Elaborate Bytes
2009-08-25 17:20 . 2009-08-25 17:20 -------- d-----w- c:\programmi\JockerSoft
2009-08-24 08:34 . 2009-08-24 08:34 -------- d-----w- c:\windows\Sun
2009-08-23 20:37 . 2009-08-23 20:37 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-19 14:28 . 2009-08-19 14:28 -------- d-----w- c:\windows\system32\NtmsData
2009-08-18 19:52 . 2009-08-19 10:05 2048 ----a-w- c:\windows\system32\dtmssystem.dll
2009-08-15 14:01 . 2009-08-15 14:01 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-15 14:01 . 2009-08-15 14:01 -------- d-----w- c:\programmi\MSBuild
2009-08-15 14:01 . 2009-08-15 14:01 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-15 14:00 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-15 14:00 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-15 14:00 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-15 14:00 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-15 14:00 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-15 14:00 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-15 14:00 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-15 14:00 . 2009-08-15 14:01 -------- d-----w- C:\3a055dbf1ed45c6b41b2e8
2009-08-15 13:51 . 2008-04-13 21:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-14 19:34 . 2009-08-14 19:34 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2009-08-14 13:56 . 2009-08-14 13:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Enkord
2009-08-13 13:54 . 2009-08-13 13:54 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\Coyotes Tale
2009-08-13 13:52 . 2009-08-13 13:57 -------- d-----w- C:\games
2009-08-12 15:41 . 2009-08-12 15:41 -------- d-----w- C:\Hotspot Shield
2009-08-12 15:40 . 2009-08-12 15:41 -------- d-----w- c:\programmi\Hotspot Shield
2009-08-10 16:13 . 2009-08-10 16:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Trymedia
2009-08-09 17:05 . 2009-08-09 17:05 -------- d-----w- c:\documents and settings\Willy\Impostazioni locali\Dati applicazioni\RapidWare
2009-08-08 13:44 . 2009-08-15 14:28 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\.ABC
2009-08-08 13:42 . 2009-08-31 20:51 -------- d-----w- c:\programmi\ABC
2009-08-05 16:54 . 2009-08-29 17:36 152576 ----a-w- c:\documents and settings\Willy\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-04 18:59 . 2009-08-04 18:59 0 ----a-w- c:\windows\nsreg.dat
2009-08-04 18:59 . 2009-08-04 18:59 -------- d-----w- c:\documents and settings\Willy\Impostazioni locali\Dati applicazioni\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 17:07 . 2009-06-02 16:46 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\Free Download Manager
2009-09-01 16:44 . 2008-08-21 09:17 85070 ----a-w- c:\windows\system32\perfc010.dat
2009-09-01 16:44 . 2008-08-21 09:17 490898 ----a-w- c:\windows\system32\perfh010.dat
2009-08-31 20:59 . 2009-05-23 12:17 -------- d-----w- c:\programmi\PeerGuardian2
2009-08-30 21:00 . 2009-06-14 21:18 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\Spyware Terminator
2009-08-26 10:41 . 2009-06-14 21:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-08-25 13:16 . 2009-04-12 18:52 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\Thinstall
2009-08-24 14:39 . 2009-05-23 09:53 51152 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-24 11:54 . 2008-04-13 21:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-08-23 20:37 . 2009-06-14 21:18 -------- d-----w- c:\programmi\Spyware Terminator
2009-08-23 20:25 . 2008-04-13 21:00 202763 ----a-w- c:\windows\system32\uxtheme(2)(2).dll
2009-08-19 14:36 . 2009-04-05 15:02 60984 ----a-w- c:\documents and settings\Willy\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-19 10:39 . 2009-05-30 22:11 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-11 08:00 . 2009-04-12 18:51 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\U3
2009-08-05 16:55 . 2009-07-30 21:58 -------- d-----w- c:\programmi\Java
2009-08-05 08:59 . 2008-04-13 21:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 17:06 . 2009-08-01 17:06 -------- d-----w- c:\programmi\Network Stumbler
2009-07-30 22:01 . 2009-07-30 22:00 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\JonDo
2009-07-30 21:57 . 2009-07-30 21:57 152576 ----a-w- c:\documents and settings\Willy\Dati applicazioni\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-30 19:52 . 2009-04-13 00:24 1696 ----a-w- c:\documents and settings\Willy\Dati applicazioni\Thinstall\Allok AVI to DVD SVCD VCD Converter 3.9.0219\%ProgramFilesDir%\Allok AVI to DVD SVCD VCD Converter\savedata.dll
2009-07-27 21:33 . 2009-07-27 21:33 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\GPass-4
2009-07-27 21:07 . 2009-07-27 21:07 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\GPass
2009-07-25 03:23 . 2009-07-30 21:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 19:13 . 2009-07-22 19:13 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-17 19:01 . 2008-04-13 21:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 20:49 . 2009-07-12 20:49 -------- d-----w- c:\programmi\Makayama
2009-07-12 10:21 . 2008-04-13 21:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 16:01 . 2009-07-09 16:01 -------- d-----w- c:\documents and settings\Willy\Dati applicazioni\Auslogics
2009-07-09 15:39 . 2009-07-09 15:39 -------- d-----w- c:\programmi\Auslogics
2009-07-09 15:33 . 2009-07-09 15:33 -------- d-----w- c:\programmi\erunt
2009-07-08 16:22 . 2009-07-08 16:22 -------- d-----w- c:\programmi\Microsoft ActiveSync
2009-07-05 19:57 . 2009-07-05 19:57 -------- d-----w- c:\programmi\Bluetack
2009-07-05 16:51 . 2009-05-30 16:50 -------- d-----w- c:\programmi\Sandboxie
2009-07-02 02:34 . 2009-07-02 02:34 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-06-29 15:55 . 2007-08-13 16:54 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:55 . 2008-04-13 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:54 . 2008-04-13 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2008-04-13 21:00 735744 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2008-04-13 21:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2008-04-13 21:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2008-04-13 21:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2008-04-13 21:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2008-04-13 21:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 16:53 . 2009-06-24 16:51 564 ---ha-w- c:\windows\SbiePst.dat
2009-06-24 11:18 . 2008-04-13 21:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2008-04-13 21:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-13 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:43 . 2008-04-13 21:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-14 21:18 . 2009-06-14 21:18 6144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdel.exe
2009-06-14 21:18 . 2009-06-14 21:18 5632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys
2009-06-14 21:18 . 2009-06-14 21:18 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-10 14:13 . 2008-04-13 21:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2008-04-13 21:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2008-04-13 21:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-08 13:12 . 2009-06-08 13:12 69632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\Safari 4.30.17.0\SetupAdmin.exe
2009-06-03 19:09 . 2008-05-07 05:10 1296384 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-08-12 15:40 218160 ----a-w- c:\programmi\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\programmi\Eraser\Eraser.exe" [2007-12-22 916240]
"SandboxieControl"="c:\programmi\Sandboxie\SbieCtrl.exe" [2009-05-28 380416]
"Free Download Manager"="c:\programmi\Free Download Manager\fdm.exe" [2009-01-31 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel"="c:\programmi\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-08-13 2532576]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-06-14 2174464]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Batt.lnk - c:\documents and settings\Willy\Desktop\Batt.reg [2009-6-13 3609]
InterVideo WinCinema Manager.lnk - c:\programmi\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]
ninja.lnk - c:\programmi\Ninja\ninja.exe [2009-5-19 695296]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\PeerGuardian2\\pg2.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [14/06/2009 23.18.29 142592]
R2 HssSrv;Hotspot Shield Routing Service;c:\programmi\Hotspot Shield\HssWPR\hsssrv.exe [06/08/2009 20.58.38 331824]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [05/05/2008 18.01.02 254976]
R3 SbieDrv;SbieDrv;c:\programmi\Sandboxie\SbieDrv.sys [28/05/2009 15.32.24 108032]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [22/07/2009 21.13.20 28592]
S3 HssTrayService;Hotspot Shield Tray Service;c:\programmi\Hotspot Shield\bin\HssTrayService.exe [11/08/2009 1.19.16 57640]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [05/04/2009 17.03.02 96856]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 22.22.06 34064]
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-StartupDelayer0 - c:\programmi\JockerSoft\Startup Delayer\StartupDelayer.exe -file=c:\documents and settings\Willy\Documenti\stup2.xml
HKCU-Run-StartupDelayer1 - c:\programmi\JockerSoft\Startup Delayer\StartupDelayer.exe -file=c:\documents and settings\Willy\Documenti\stup3.xml
HKCU-Run-fsm - (no file)
HKLM-Run-M3000Mnt - M3000Rmv.dll


.
------- Scansione supplementare -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 9&m=aoa150
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 9&m=aoa150
uInternet Settings,ProxyServer = ftp=localhost:3128;http=localhost:3128;https=localhost:3128
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {09F404CE-8D9B-4AEA-A509-CE9ACB7CEF0C} = 208.67.222.222,208.67.220.220
TCP: {96196001-E86F-40B4-9D34-57F4B772EF9A} = 208.67.222.222,208.67.220.220
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Willy\Dati applicazioni\Mozilla\Firefox\Profiles\vkhuwlab.default\
FF - prefs.js: browser.startup.homepage - http://www.yahoo.it
FF - plugin: c:\programmi\Opera\program\plugins\npfdm.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 19:09
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1166905992-2747808145-1403386008-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Ora fine scansione: 2009-09-01 19.11.51
ComboFix-quarantined-files.txt 2009-09-01 17:11

Pre-Run: 101.886.697.472 byte disponibili
Post-Run: 101.863.809.024 byte disponibili

210 --- E O F --- 2009-08-24 12:01


grazie a tutti

ciaociao

[uhm] [uhm] [uhm]
Avatar utente
maurino71
Senior Member
Senior Member
 
Messaggi: 248
Iscritto il: dom nov 12, 2006 11:45 am
Località: lonato(bs)


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 9 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising