Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

scansione con GMER

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

scansione con GMER

Messaggioda danyela » sab dic 16, 2006 6:59 pm

Questo è il risultato della scansione con GMER nelle sezioni Rootkit ed Autostart, can you help me??? [:I]



Rootkit 2006-12-15 20:28:04
Windows 5.1.2600


---- Registry - GMER 1.0.11 ----

Reg \Registry\USER\S-1-5-21-57989841-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:R:\Qbphzragf naq Frggvatf\sf\Erprag\uggc--jcbc15.yvoreb.vg-ptv-ova-jroznvy.ptv-Ub_gebingb_ha_ohba_ynibeb.qbpVQ=VWWrIU0XbhSUJeJzqAJ_iPragRqlUYJJ9RJuouUYIXvk9r8Tq&Npg_Ivrj=1&E_Sbyqre=nJ5vo3t=&zftVQ=3737&Obql=2&svyranzr=Ub_gebingb_ha_ohba_ynibeb.qbp.yax 0x1C 0x01 0x00 0x00 ...

---- EOF - GMER 1.0.11 ----



Autostart 2006-12-15 20:29:53
Windows 5.1.2600


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = e:\windows\system32\userinit.exe,"e:\windows\compaqnetwork.exe",

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
btwdins /*Bluetooth Service*/@ = E:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = E:\WINDOWS\System32\wdfmgr.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SystemTraySysTray.Exe = SysTray.Exe
@PCTVRemoteE:\Programmi\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe /*file not found*/ = E:\Programmi\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe /*file not found*/
@MMTray"E:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe" = "E:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
@NeroFilterCheckE:\WINDOWS\system32\NeroCheck.exe = E:\WINDOWS\system32\NeroCheck.exe
@QuickTime Task"E:\Programmi\QuickTime\qttask.exe" -atboottime = "E:\Programmi\QuickTime\qttask.exe" -atboottime
@VolControlE:\WINDOWS\volumec.exe -i /*file not found*/ = E:\WINDOWS\volumec.exe -i /*file not found*/
@Adobe Photo Downloader"E:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" = "E:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
@ImMsnE:\WINDOWS\msncomm.exe /i /*file not found*/ = E:\WINDOWS\msncomm.exe /i /*file not found*/
@UnlockerAssistant"E:\Programmi\Unlocker\UnlockerAssistant.exe" = "E:\Programmi\Unlocker\UnlockerAssistant.exe"
@mmtask"E:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe" = "E:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe"
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Yahoo! Pager"E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet = "E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
@ctfmon.exeE:\WINDOWS\System32\ctfmon.exe = E:\WINDOWS\System32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/E:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL = E:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/(null) =
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/E:\WINDOWS\System32\BTNEIG~1.DLL = E:\WINDOWS\System32\BTNEIG~1.DLL
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/E:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll = E:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/E:\Programmi\Unlocker\UnlockerCOM.dll = E:\Programmi\Unlocker\UnlockerCOM.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = E:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = E:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = E:\Programmi\Unlocker\UnlockerCOM.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}E:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = E:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{F118B90E-6475-D392-96A1-C53F0BB257D4}E:\WINDOWS\dtipq1.dll /*file not found*/ = E:\WINDOWS\dtipq1.dll /*file not found*/

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = none /*file not found*/

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://it.yahoo.com = http://it.yahoo.com
@Start Pagehttp://it.yahoo.com = http://it.yahoo.com
@Local PageE:\WINDOWS\SYSTEM\blank.htm = E:\WINDOWS\SYSTEM\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.libero.it/ = http://www.libero.it/
@Local PageE:\WINDOWS\System32\blank.htm = E:\WINDOWS\System32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = E:\WINDOWS\System32\msvidctl.dll
its@CLSID = E:\WINDOWS\System32\itss.dll
lid@CLSID = E:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = E:\WINDOWS\System32\itss.dll
msnim@CLSID = "E:\PROGRA~1\MSNMES~1\msgrapp.dll"
ndwiat@CLSID = E:\WINDOWS\System32\wiascr.dll
tv@CLSID = E:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = E:\WINDOWS\System32\msdxm.ocx

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = E:\WINDOWS\System32\wiascr.dll

E:\WINDOWS\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Microsoft Office.lnk = Microsoft Office.lnk
BTTray.lnk = BTTray.lnk

---- EOF - GMER 1.0.11 ----
Avatar utente
danyela
Aficionado
Aficionado
 
Messaggi: 58
Iscritto il: mar dic 12, 2006 11:20 pm

Messaggioda crazy.cat » sab dic 16, 2006 7:45 pm

porta pazienza.
Amantide è impegnata sino a lunedi e ci vorrebbe Billokenobi per la lettura dei log.
Sono loro due che risolvono meglio questi problemi.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Amantide » dom dic 17, 2006 6:11 pm

Si continua qui.
[no]
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Bing [Bot] e 1 ospite

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising