Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

ancora Bagle...almeno credo

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

ancora Bagle...almeno credo

Messaggioda dave80 » lun mar 05, 2007 12:22 am

Buona sera a tutti...oggi con sommo piacere ho notato che AVG ha crashato e mi sono riempito di spyware che ho cercato di eliminare con i consueti strumenti freeware...ovviamente mi sono reso presto conto che questo era diverso per cui mi sono documentato ed ho eseguito una scansione con GMER. vi allego il log rootkit e quello autostart.
Premetto che credo di aver levato qualcosina, infatti riesco a mnotare AVG ma alcune applicazioni tipo messenger, aggiornamenti automatici ed altre ancora non vanno.
Spero mi possiate indicare come generare uno script per AVENGER che mi risulta essere l'unico in grado di fare qualcosa.
Grazie mille. Davide

ROOTKIT
-------------------------------------------------------------------------------------------

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-03-04 23:09:36
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7C8985A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7C8985A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7C8985A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7C8985A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F7C8985A] avgtdi.sys

---- Processes - GMER 1.0.12 ----

Process C:\Programmi\SpyCatcher 2006\Protector.exe (*** hidden *** ) 296

---- Files - GMER 1.0.12 ----

File C:\Documents and Settings\All Users\Application Data\Tenebril\SpyCatcher\HiddenFiles.txt
File C:\Documents and Settings\All Users\Application Data\Tenebril\SpyCatcher\QuarantinedExecutables.txt
File C:\Documents and Settings\All Users\Application Data\Tenebril\SpyCatcher\QuarantinedLibraries.txt
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\01\11-{50FC3549-850E-4B52-F900-20A07ED6153C}-v1-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\11\11-{C5EDD985-14CA-44AB-B070-47C608850512}-v11-{C5EDD985-14CA-44AB-B070-47C608850512}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\11\11-{C5EDD985-14CA-44AB-B070-47C608850512}-v11-{C5EDD985-14CA-44AB-B070-47C608850512}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\11\11-{C5EDD985-14CA-44AB-B070-47C608850512}-v11-{C5EDD985-14CA-44AB-B070-47C608850512}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\13\13-{C5EDD985-14CA-44AB-B070-47C608850512}-v13-{C5EDD985-14CA-44AB-B070-47C608850512}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\14\14-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v14-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\14\14-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v14-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\37\37-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v37-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\42\42-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v42-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\47\47-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v47-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\51\51-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v51-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v51-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\51\51-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v51-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v51-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\52\52-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v52-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\57\57-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v57-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\59\59-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v59-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\59\59-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v59-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\60\60-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v60-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\65\65-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v65-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v65-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\72\72-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v72-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v72-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\73\73-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v73-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v73-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\75\75-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v75-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v75-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\76\76-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v76-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v76-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\77\77-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v77-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v77-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\betalog@hotmail.com\DFSR\Staging\CS{50FC3549-850E-4B52-F900-20A07ED6153C}\78\78-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v78-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v78-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\fpeppe77@yahoo.it\DFSR\Staging\CS{FF2B3BA3-DE56-F187-B96F-14CCD234D8B6}\01\22-{FF2B3BA3-DE56-F187-B96F-14CCD234D8B6}-v1-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\davide\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\davide_payback@hotmail.com\SharingMetadata\missrz@hotmail.com\DFSR\Staging\CS{1E4FC075-42DB-1D2A-63ED-76323EE663A8}\01\10-{1E4FC075-42DB-1D2A-63ED-76323EE663A8}-v1-{47A24F14-6E9D-4B8C-8240-55C853363EA7}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

---- Services - GMER 1.0.12 ----

Service C:\WINDOWS\system32\inetsrv\inetinfo.exe [AUTO] IISADMIN <-- ROOTKIT !!!

---- EOF - GMER 1.0.12 ----



AUTOSTART
-----------------------------------------------------------------------------------------------
GMER 1.0.12.12027 - http://www.gmer.net
Autostart scan 2007-03-04 23:10:20
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = interceptor.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
AVGEMS /*AVG E-mail Scanner*/@ = C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
Creative Service for CDROM Access /*Creative Service for CDROM Access*/@ = C:\WINDOWS\System32\CTsvcCDA.EXE
IISADMIN /*Amministrazione di IIS*/@ = C:\WINDOWS\system32\inetsrv\inetinfo.exe
LVPrcSrv /*Logitech Process Monitor*/@ = c:\programmi\file comuni\logishrd\lvmvfm\LVPrcSrv.exe
LVSrvLauncher /*LVSrvLauncher*/@ = C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
MSFtpsvc /*Pubblicazione FTP*/@ = %SystemRoot%\system32\inetsrv\inetinfo.exe
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\System32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SMTPSVC /*Protocollo SMTP (Simple Mail Transfer Protocol)*/@ = C:\WINDOWS\system32\inetsrv\inetinfo.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
W3SVC /*Pubblicazione sul Web*/@ = %SystemRoot%\system32\inetsrv\inetinfo.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@AudioDrvEmulator"C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programmi\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" = "C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programmi\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
@CTHelperCTHELPER.EXE = CTHELPER.EXE
@UpdRegC:\WINDOWS\UpdReg.EXE = C:\WINDOWS\UpdReg.EXE
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@SpyCatcher Reminder"C:\Programmi\SpyCatcher 2006\SpyCatcher.exe" reminder = "C:\Programmi\SpyCatcher 2006\SpyCatcher.exe" reminder
@AVG7_CCC:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Creative DetectorC:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R = C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{5a61f7a0-cde1-11cf-9113-00aa00425c62} /*IIS Shell Extension*/C:\WINDOWS\system32\inetsrv\w3ext.dll = C:\WINDOWS\system32\inetsrv\w3ext.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/(null) =
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/(null) =
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{506F4668-F13E-4AA1-BB04-B43203AB3CC0} /*{506F4668-F13E-4AA1-BB04-B43203AB3CC0}*/C:\Programmi\Microsoft Office\Visio11\VISSHE.DLL = C:\Programmi\Microsoft Office\Visio11\VISSHE.DLL
@{D66DC78C-4F61-447F-942B-3FB6980118CF} /*{D66DC78C-4F61-447F-942B-3FB6980118CF}*/C:\Programmi\Microsoft Office\Visio11\VISSHE.DLL = C:\Programmi\Microsoft Office\Visio11\VISSHE.DLL
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Programmi\iTunes\iTunesMiniPlayer.dll = C:\Programmi\iTunes\iTunesMiniPlayer.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG7\avgse.dll = C:\Programmi\Grisoft\AVG7\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG7\avgse.dll = C:\Programmi\Grisoft\AVG7\avgse.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG7\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG7\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{0A87E45F-537A-40B4-B812-E2544C21A09F}C:\Programmi\SpyCatcher 2006\SCActiveBlock.dll = C:\Programmi\SpyCatcher 2006\SCActiveBlock.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.alice.it/ = http://www.alice.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-help@CLSID = C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = SpyCatcher Protector.lnk

---- EOF - GMER 1.0.12 ----
Avatar utente
dave80
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: lun mar 05, 2007 12:15 am

Messaggioda crazy.cat » lun mar 05, 2007 9:18 am

Intanto il primo consiglio è di buttare via spycatcher programma inutile e forse con qualche schifezza all'interno.
Prendi un vero antispyware come a2 squared o superantispyware e fai un giro di pulizia.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Amantide » lun mar 05, 2007 3:25 pm

L'unica cosa sicura è che non si tratta di Bagle, per escludere completamente causa virus del crash di AVG ti consiglierei di fare la scansione con Kaspersky online e postare qui il report della scansione.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo


Grazie del consiglio

Messaggioda dave80 » mar mar 06, 2007 8:05 pm

Ho eseguito la scansione online con kaspersky ma nn mi sembra che poi rimuova i file...???sbaglio?
comunque vi passo il file di log generato dopo la scansione...mi sembra di aver capito che è bagle - emailworm come scritto in una delle ultime righe.
Il fatto che non avete trovato somiglianza con bagle non potrebbe essere perché avevo già effettuato una scansione con panda (sempre online) e mi aveva rimosso un virus non meglio identificato?
Grazie in anticipo per l'aiuto.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 05, 2007 11:03:45 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/03/2007
Kaspersky Anti-Virus database records: 260605
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\davide\IMPOST~1\Temp\

Scan Statistics:
Total number of scanned objects: 22632
Number of viruses found: 1
Number of infected objects: 1 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:13:36

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8F182AA8-BE91-48E8-BF8A-B45C3921F387}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000001-00000000-00000002-00001102-00000008-10211102}.CDF Object is locked skipped
C:\DOCUME~1\davide\IMPOST~1\Temp\fnm2B26.tmp Object is locked skipped
C:\DOCUME~1\davide\IMPOST~1\Temp\fnm46.tmp Object is locked skipped
C:\DOCUME~1\davide\IMPOST~1\Temp\fnm62.tmp Object is locked skipped
C:\DOCUME~1\davide\IMPOST~1\Temp\fnm63.tmp Object is locked skipped
C:\DOCUME~1\davide\IMPOST~1\Temp\~7F.exe Infected: Email-Worm.Win32.Bagle.ht skipped
C:\DOCUME~1\davide\IMPOST~1\Temp\~DFB673.tmp Object is locked skipped
C:\DOCUME~1\davide\IMPOST~1\Temp\~DFB678.tmp Object is locked skipped

Scan process completed.
Avatar utente
dave80
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: lun mar 05, 2007 12:15 am

Messaggioda crazy.cat » mar mar 06, 2007 8:08 pm

Prendi ccleaner e svuota temp e temporanei di internet
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Amantide » mar mar 06, 2007 8:14 pm

Si, questo è uno dei file che fanno parte di questa variante di Bagle.
Strano perché nel log di Gmer non si vede nessun indizio.

E vabbè, per sicurezza prova ad eseguire con Avenger questo script e vedi se eliminerà qualche voce:

Files to delete:
C:\Documents and Settings\davide\Dati applicazioni\hidires\m_hook.sys
C:\Documents and Settings\davide\Dati applicazioni\hidires\hidr.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\DOCUME~1\davide\IMPOST~1\Temp\~7F.exe

folders to delete:
C:\Documents and Settings\davide\Dati applicazioni\hidires
C:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr


Per ripristinare i servizi che non funzionano ti rimando a questa guida.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Forse ho risolto?!?!

Messaggioda dave80 » mar mar 06, 2007 10:03 pm

ok ho fatto girare lo script su avenger ma il risultato del log mi dice che non è riuscito ad individuare niente per cui non ha potuto effettuare nessuna operazione.
Nel frattempo ho fatto l'ennesima scansione con PANDA ( elo consiglio a tutti quelli col mio stesso problema ) ed in effetti il virus BAGLE è stato trovato e curato...ora sto continuando a monitorare i processi, a fare scansioni ed ho di nuovo fatto girare GMER che non rileva alcuna presenza minacciosa nè alla scansione di rootkit ne alla scansione di autostart.
SPERO di essermene liberato...in ogni caso volevo chiedervi un consiglio..io uso come antivirus AVG ma non ho un antispyware...
Potreste consigliarmi dei prodotti efficaci e freeware?
Grazie mille della collaborazione
Avatar utente
dave80
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: lun mar 05, 2007 12:15 am

Re: Forse ho risolto?!?!

Messaggioda Amantide » mar mar 06, 2007 10:30 pm

dave80 ha scritto:.in ogni caso volevo chiedervi un consiglio..io uso come antivirus AVG ma non ho un antispyware...
Potreste consigliarmi dei prodotti efficaci e freeware?

[search]
Si è parlato e straparlato nelle varie discussioni.
Per la protezione in tempo reale Spyware Terminator, per fare le pulizie AVG Anti-spyware, A-squared e Superantispyware, ed hai tralasciato anche il firewall... Comodo Firewall o Zone alarm.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

grazie :)

Messaggioda dave80 » mer mar 07, 2007 7:07 pm

Non ho usato ricerca, mea culpa!
Comunque grazie dei consigli!
P.s. il firewall di windows non basta??
Ciao
Avatar utente
dave80
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: lun mar 05, 2007 12:15 am

Re: grazie :)

Messaggioda Amantide » mer mar 07, 2007 7:43 pm

dave80 ha scritto:P.s. il firewall di windows non basta??
Ciao

Se bastava non ti avrei consigliato altro [;)]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

windows firewall

Messaggioda dave80 » ven mar 09, 2007 9:16 pm

Questa volta ho cercato notizie negli altri post ma non mi sembra di aver trovato quello che cercavo...
La domanda potrà sembrare stupida ma ho sentito dire che 2 firewall che girano sulla stessa macchina possono darsi fastidio quindi chiedevo se installando un FW software tra quelli da voi indicati dovrei disabilitare il firewall di windows...
[boh]

Grazie in anticipo [^]
Avatar utente
dave80
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: lun mar 05, 2007 12:15 am

Messaggioda Amantide » ven mar 09, 2007 9:20 pm

Oddio, tanto fastidio no, ma nemmeno alcun'utilità. Ti troveresti il sistema appesantito e dovrai configurare 2 firewall al posto di uno, tieni conto che quello di windows è abbastanza una ciofeca, non serve a niente avere 2 firewall abilitati, uno buono basta ed avanza.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising