Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

trojan DNSChanger.gen e Fake Alert-AB.dr

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

trojan DNSChanger.gen e Fake Alert-AB.dr

Messaggioda micky4 » dom ott 19, 2008 4:57 pm

Ho windows vista home premium edition e Mcafee internet security. Mentre stavo installando un programma Mcaffe ha rilevato questi trojan e li ha tolti (dice lui). Ma ora quando accendo il pc e clicco su una icona mi scompare la barra e tutte le icone. mi rimane solo la side-bar. Devo allegare il file di log a questo post perché possiate aiutarmi. Ma come si crea questo log? [XX(] Sono nuovo e poco pratico. Aiutatemi
Avatar utente
micky4
Neo Iscritto
Neo Iscritto
 
Messaggi: 18
Iscritto il: dom ott 19, 2008 2:20 pm

Re: trojan DNSChanger.gen e Fake Alert-AB.dr

Messaggioda Amantide » dom ott 19, 2008 5:23 pm

Ciao e benvenuto.

Sinceramente sono secoli che non uso McAfee e non ricordo proprio come si fa ad esportare e salvare il log [uhm]
Prova a spulciare un po' nella cronologia.

Oltre ai nomi di trojan, ricordi anche a che file si riferissero?
Intanto fai la scansione con Hijackthis ed allega qui il il suo log.

EDIT:

L'icona e la barra spariscano se clicchi su un icona specifica oppure su una qualsiasi?
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: trojan DNSChanger.gen e Fake Alert-AB.dr

Messaggioda micky4 » dom ott 19, 2008 8:52 pm

Le icone e la barra spariscono quando cerco di entrare nel pannello di controllo e in altre cartelle che hanno il collegamento sul desktop. A volte cliccando anche sui programmi. Comunque ho scoperto che si tratta di due file che si ritrovano nel lista di gestione dei componenti aggiuntivi. Tocgliendoli tutto è ritornato normale ma poi uno si è ricreato il awTKEXOI.dll che si trova in c:\windows\system32. Con il programma che mi hai dato ho individuato altri file sospetti che ho tolto. Ti mando i 2 file di log di hijhachthis di prima e dopo l' eliminazione dei file sospetti. Il file incriminato l' ho dovuto toglire personalmente perche il programma non riusciva a eliminarlo. Ho usato unlocker. Per quanto rigurdata le maggiori informazioni su Mcaffe devo essere generico perche ora la finestra principale dell' antivirus non ha più comandi E' TOTALMENTE BIANCA! Faceva riferimento a un fileMediaCodec 1.6322.0.exe che si trovava nella cartella Temp di local mentre c' erano nella Temporary internet Files\Content IE5 c' erano BXMO7GC6\file[1].exe e anche SH2U6A80\SA2009[1].exe- Avevpo preso qualche appunto. Ora non sò se si creeranno di nuovo. Grazie mille per l' aiuto che mi stai dando. [rolleyes]


Orrore E' ricomparso di nuovo. Ora si chiama iifExwWq.dll [sadbye] [XX(]
Avatar utente
micky4
Neo Iscritto
Neo Iscritto
 
Messaggi: 18
Iscritto il: dom ott 19, 2008 2:20 pm


Re: trojan DNSChanger.gen e Fake Alert-AB.dr

Messaggioda Amantide » dom ott 19, 2008 9:35 pm

Ok, più o meno ho capito di cosa si tratta.
Scarica il ComboFix da quied esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.

P.S. Allega i log seguendo questa guida.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: trojan DNSChanger.gen e Fake Alert-AB.dr

Messaggioda micky4 » lun ott 20, 2008 10:35 am

Ecco ho fatto come mi hai detto. Dopo la scansione windows mi dice che la RunDll non trova più in system32 la ddcCrsss.dll. Ti allego il file richiest più altri 2 file che son riuscito a estrarre daTotal Unistall, un programma che monitorizza le modifiche al computer durante l'installazione dei programmi per poi riportare il computer allo stato precedente dopo aver disinstallato il programma. Io lo avevo usato anche con questo programma pieno di trojan. Ancora grazie per il tuo aiuto. [rolleyes]
File richiesto

ComboFix 08-10-19.04 - Francesco 2008-10-20 10.24.38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.726 [GMT 2:00]
Eseguito da: C:\DOWNLOADS\pincopallino.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Francesco\AppData\Roaming\inst.exe
C:\Windows\etgq.exe
C:\Windows\system32\cBSIbYSL.dll
C:\Windows\system32\ddcCrsss.dll
C:\Windows\System32\dNpsttwa.ini
C:\WINDOWS\System32\dNpsttwa.ini2
C:\Windows\System32\IOXEKTwa.ini
C:\WINDOWS\System32\IOXEKTwa.ini2
C:\Windows\system32\PXxIlUvw.ini
C:\WINDOWS\System32\PXxIlUvw.ini2
C:\WINDOWS\System32\qWwxEfii.ini
C:\WINDOWS\System32\qWwxEfii.ini2

----- BITS: Sites possivelmente infetados -----

hxxp://www.lovelypornovideo.net
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF
-------\Service_VMware NAT Service


((((((((((((((((((((((((( Files Creati Da 2008-09-20 al 2008-10-20 )))))))))))))))))))))))))))))))))))
.

2008-10-19 16:05 . 2008-10-19 16:06 120,291,258 --a------ C:\WINDOWS\MEMORY.DMP
2008-10-19 14:01 . 2008-10-19 14:02 131,072 --a------ C:\WINDOWS\SPInstall.etl
2008-10-18 20:05 . 2008-06-20 03:14 105,016 --a------ C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2008-10-18 20:05 . 2008-06-20 03:14 97,800 --a------ C:\WINDOWS\System32\infocardapi.dll
2008-10-18 20:04 . 2008-06-20 03:14 781,344 --a------ C:\WINDOWS\System32\PresentationNative_v0300.dll
2008-10-18 20:04 . 2008-06-20 03:14 622,080 --a------ C:\WINDOWS\System32\icardagt.exe
2008-10-18 20:04 . 2008-06-20 03:14 326,160 --a------ C:\WINDOWS\System32\PresentationHost.exe
2008-10-18 20:04 . 2008-06-20 03:14 43,544 --a------ C:\WINDOWS\System32\PresentationHostProxy.dll
2008-10-18 20:04 . 2008-06-20 03:14 37,384 --a------ C:\WINDOWS\System32\infocardcpl.cpl
2008-10-18 20:04 . 2008-06-20 03:14 11,264 --a------ C:\WINDOWS\System32\icardres.dll
2008-10-18 19:56 . 2008-07-27 20:03 282,112 --a------ C:\WINDOWS\System32\mscoree.dll
2008-10-18 19:56 . 2008-07-27 20:03 158,720 --a------ C:\WINDOWS\System32\mscorier.dll
2008-10-18 19:56 . 2008-07-27 20:03 96,760 --a------ C:\WINDOWS\System32\dfshim.dll
2008-10-18 19:56 . 2008-07-27 20:03 83,968 --a------ C:\WINDOWS\System32\mscories.dll
2008-10-18 19:56 . 2008-07-27 20:03 41,984 --a------ C:\WINDOWS\System32\netfxperf.dll
2008-10-18 00:11 . 2008-10-19 19:35 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-10-17 23:54 . 2008-10-17 23:54 <DIR> d-------- C:\Users\Francesco\AppData\Roaming\Nero
2008-10-17 23:04 . 2008-10-17 23:04 4,767 --a------ C:\WINDOWS\Irremote.ini
2008-10-17 22:24 . 2008-10-17 23:02 <DIR> d-------- C:\Program Files\Nero
2008-10-17 22:22 . 2008-10-17 23:36 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-10-17 22:21 . 2008-10-17 22:21 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-10-15 21:16 . 2008-08-05 11:49 428,544 --a------ C:\WINDOWS\System32\EncDec.dll
2008-10-15 21:16 . 2008-08-05 11:49 293,376 --a------ C:\WINDOWS\System32\psisdecd.dll
2008-10-15 21:16 . 2008-08-05 11:48 217,088 --a------ C:\WINDOWS\System32\psisrndr.ax
2008-10-15 21:16 . 2008-08-05 11:48 177,664 --a------ C:\WINDOWS\System32\mpg2splt.ax
2008-10-15 21:16 . 2008-08-05 11:48 80,896 --a------ C:\WINDOWS\System32\MSNP.ax
2008-10-15 17:23 . 2008-10-15 17:23 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-10-15 17:23 . 2008-10-15 17:23 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2008-10-15 14:00 . 2008-09-18 04:16 2,032,640 --a------ C:\WINDOWS\System32\win32k.sys
2008-10-15 13:55 . 2008-08-27 03:06 288,768 --a------ C:\WINDOWS\System32\drivers\srv.sys
2008-10-15 13:51 . 2008-09-18 07:09 3,601,464 --a------ C:\WINDOWS\System32\ntkrnlpa.exe
2008-10-15 13:51 . 2008-09-18 07:09 3,549,240 --a------ C:\WINDOWS\System32\ntoskrnl.exe
2008-10-14 19:39 . 2008-10-14 19:39 <DIR> d-------- C:\Program Files\Paragon Software
2008-10-14 18:51 . 2008-10-14 18:52 <DIR> d-------- C:\Program Files\Windows Mobile 6 SDK
2008-10-14 18:33 . 2008-10-14 18:33 <DIR> d-------- C:\Users\Francesco\AppData\Roaming\CellularEmulator
2008-10-13 22:19 . 2008-10-13 22:19 <DIR> d-------- C:\Program Files\GNU Emu48CE for PocketPC
2008-10-12 18:23 . 2008-10-17 22:45 <DIR> d-------- C:\Users\All Users\Nero
2008-10-12 18:23 . 2008-10-17 22:45 <DIR> d-------- C:\ProgramData\Nero
2008-10-12 18:03 . 2008-10-12 23:29 <DIR> d-------- C:\Program Files\Common Files\LightScribe(0)
2008-10-10 14:46 . 2008-10-10 14:46 <DIR> d-------- C:\Program Files\VITO
2008-10-03 14:45 . 2008-10-08 23:31 <DIR> d-------- C:\Program Files\SKTools
2008-09-29 15:50 . 2008-09-29 15:50 <DIR> d-------- C:\Program Files\SiSoftware
2008-09-29 15:45 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\System32\D3DX9_37.dll
2008-09-29 15:44 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\System32\d3dx9_31.dll
2008-09-29 15:19 . 2008-09-29 22:30 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-09-28 12:00 . 2008-10-20 09:48 <DIR> d-------- C:\USD1.34.9_BlackManos_Pack_13.51
2008-09-28 00:17 . 2008-09-28 00:17 <DIR> d-------- C:\Users\All Users\SonicStage
2008-09-28 00:17 . 2008-09-28 00:17 <DIR> d-------- C:\ProgramData\SonicStage
2008-09-27 23:50 . 2008-09-27 23:50 <DIR> d-------- C:\Program Files\Sony
2008-09-27 23:48 . 2008-09-28 00:17 <DIR> d-------- C:\Users\Francesco\AppData\Roaming\Sony Corporation
2008-09-27 23:20 . 2008-09-29 22:22 <DIR> d-------- C:\Users\Francesco\AppData\Roaming\Roxio
2008-09-27 23:06 . 2008-09-27 23:07 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-09-27 23:00 . 2008-09-27 23:00 <DIR> d-------- C:\Program Files\DivX
2008-09-27 22:29 . 2008-10-19 10:19 <DIR> d-------- C:\Users\All Users\Roxio
2008-09-27 22:29 . 2008-10-19 10:19 <DIR> d-------- C:\ProgramData\Roxio
2008-09-27 22:23 . 2008-09-27 22:23 <DIR> d-------- C:\Users\All Users\Sonic
2008-09-27 22:23 . 2008-09-27 22:23 <DIR> d-------- C:\ProgramData\Sonic
2008-09-27 22:23 . 2008-09-28 00:52 <DIR> d-------- C:\Program Files\Roxio
2008-09-27 18:38 . 2008-09-27 23:51 <DIR> d-------- C:\Users\All Users\Sony Corporation
2008-09-27 18:38 . 2008-09-27 23:51 <DIR> d-------- C:\ProgramData\Sony Corporation
2008-09-27 14:55 . 2008-10-12 23:27 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-09-27 14:55 . 2008-10-12 23:27 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-09-27 14:53 . 2008-10-12 23:27 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-20 19:35 . 2008-09-20 19:35 <DIR> d-------- C:\Program Files\NavNGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-20 08:04 --------- d-----w C:\ProgramData\VMware
2008-10-19 20:55 --------- d-----w C:\ProgramData\SiteAdvisor
2008-10-19 20:51 --------- d-----w C:\Program Files\McAfee
2008-10-19 20:07 --------- d-----w C:\ProgramData\McAfee
2008-10-19 16:52 --------- d-----w C:\Users\Francesco\AppData\Roaming\VMware
2008-10-18 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-18 17:16 --------- d-----w C:\Program Files\MediaMonkey
2008-10-17 10:53 --------- d-----w C:\Program Files\Rar Repair Tool
2008-10-16 15:10 --------- d-----w C:\Program Files\Dimensions
2008-10-16 14:58 --------- d-----w C:\Users\Francesco\AppData\Roaming\SoftMaker
2008-10-16 14:57 --------- d-----w C:\Program Files\PD3A Development
2008-10-15 21:26 --------- d-----w C:\Users\Francesco\AppData\Roaming\Microsoft Office Mobile
2008-10-15 18:57 --------- d-----w C:\Program Files\Windows Mail
2008-10-14 16:39 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-10-10 12:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-10 08:28 --------- d-----w C:\Program Files\Easy GIF Animator
2008-10-08 17:57 --------- d-----w C:\Program Files\eMule
2008-09-29 20:25 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-09-27 22:51 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-09-27 14:41 --------- d-----w C:\ProgramData\ABBYY
2008-09-27 14:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-23 12:36 --------- d-----w C:\Users\Francesco\AppData\Roaming\Vso
2008-09-22 12:31 --------- d-----w C:\Program Files\Hewlett-Packard
2008-09-20 15:12 --------- d-----w C:\Program Files\Xilisoft
2008-09-16 12:08 --------- d-----w C:\Program Files\IVT Corporation
2008-09-14 13:57 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-09-14 13:56 --------- d-----w C:\Program Files\MSECACHE
2008-09-12 08:48 --------- d-----w C:\Program Files\FDN
2008-09-12 07:41 --------- d-----w C:\Program Files\TomTom HOME 2
2008-09-10 19:07 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-10 11:41 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 17:26 --------- d-----w C:\Program Files\Allok Video Joiner
2008-09-07 15:24 --------- d-----w C:\Users\Francesco\AppData\Roaming\Hewlett-Packard
2008-09-06 12:09 --------- d-----w C:\Program Files\ParaGraph
2008-09-03 21:55 2,231,606 ----a-w C:\Users\All Users\Games.exe
2008-09-03 21:55 2,231,606 ----a-w C:\ProgramData\Games.exe
2008-09-03 21:54 2,989,660 ----a-w C:\Users\All Users\DVD.exe
2008-09-03 21:54 2,989,660 ----a-w C:\ProgramData\DVD.exe
2008-09-03 21:54 2,864,396 ----a-w C:\Users\All Users\MPV.exe
2008-09-03 21:54 2,864,396 ----a-w C:\ProgramData\MPV.exe
2008-09-03 21:53 3,063,561 ----a-w C:\Users\All Users\MobileTV.exe
2008-09-03 21:53 3,063,561 ----a-w C:\ProgramData\MobileTV.exe
2008-09-03 21:53 2,331,174 ----a-w C:\Users\All Users\Karaoke.exe
2008-09-03 21:53 2,331,174 ----a-w C:\ProgramData\Karaoke.exe
2008-09-03 21:53 --------- d-----w C:\ProgramData\ITA
2008-09-03 21:51 --------- d-----w C:\Program Files\HP
2008-09-03 20:39 --------- d-----w C:\Program Files\ZipGenius 6
2008-09-03 20:39 --------- d-----w C:\Program Files\Cutter 4
2008-09-03 14:44 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-08-30 15:11 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-08-29 10:56 --------- d-----w C:\Users\Francesco\AppData\Roaming\Babylon
2008-08-29 10:55 --------- d-----w C:\ProgramData\Babylon
2008-08-27 11:38 --------- d-----w C:\Program Files\LeaderGL_FlexEditor
2008-08-26 16:22 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-08-26 16:17 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-08-26 14:56 --------- d-----w C:\Program Files\Avanquest update
2008-08-25 11:50 --------- d-----w C:\Program Files\MSDN
2008-08-25 11:11 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-08-25 11:11 --------- d-----w C:\Program Files\Business Objects
2008-08-25 11:07 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-25 11:05 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-08-25 11:02 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-08-25 11:02 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-25 10:52 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-08-25 10:51 --------- d-----w C:\ProgramData\PreEmptive Solutions
2008-08-25 10:46 --------- d-----w C:\Program Files\MSBuild
2008-08-25 10:46 --------- d-----w C:\Program Files\HTML Help Workshop
2008-08-25 10:42 --------- d-----w C:\Program Files\Microsoft SDKs
2008-08-25 10:42 --------- d-----w C:\Program Files\CE Remote Tools
2008-08-25 10:40 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-08-25 10:40 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-08-23 22:36 --------- d-----w C:\Users\Francesco\AppData\Roaming\Download Manager
2008-08-22 12:13 --------- d-----w C:\Program Files\Microsoft
2008-08-22 03:38 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-08-22 03:38 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-08-22 03:38 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-08-22 03:38 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-08-21 07:02 --------- d-----w C:\Program Files\CCleaner
2008-08-20 18:53 --------- d-----w C:\Program Files\Garmin
2008-08-20 17:59 --------- d-----w C:\Program Files\Garmin GPS Plugin
2008-08-20 17:53 --------- d-----w C:\Users\Francesco\AppData\Roaming\GARMIN
2008-08-02 11:41 28,219 ----a-w C:\Users\Francesco\AppData\Roaming\nvModes.dat
2008-04-28 13:53 174 --sha-w C:\Program Files\desktop.ini
2008-03-25 14:21 0 ----a-w C:\Users\Francesco\AppData\Roaming\wklnhst.dat
2007-11-06 11:32 92,064 ----a-w C:\Users\Francesco\mqdmmdm.sys
2007-11-06 11:32 9,232 ----a-w C:\Users\Francesco\mqdmmdfl.sys
2007-11-06 11:32 79,328 ----a-w C:\Users\Francesco\mqdmserd.sys
2007-11-06 11:32 66,656 ----a-w C:\Users\Francesco\mqdmbus.sys
2007-11-06 11:32 6,208 ----a-w C:\Users\Francesco\mqdmcmnt.sys
2007-11-06 11:32 5,936 ----a-w C:\Users\Francesco\mqdmwhnt.sys
2007-11-06 11:32 4,048 ----a-w C:\Users\Francesco\mqdmcr.sys
2007-11-06 11:32 25,600 ----a-w C:\Users\Francesco\usbsermptxp.sys
2007-11-06 11:32 22,768 ----a-w C:\Users\Francesco\usbsermpt.sys
2007-10-26 20:01 94,208 ----a-w C:\Users\Francesco\AppData\Roaming\ezplay.sys
2007-10-26 20:01 47,360 ----a-w C:\Users\Francesco\AppData\Roaming\pcouffin.sys
2008-07-15 12:05 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-15 12:05 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-15 12:05 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-12-26 20:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
2007-11-30 14:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007113020071201\index.dat
.
Codice: Seleziona tutto
<pre>
----a-w         3,985,078 2008-03-21 11:04:10  C:\Program Files\eMule\incoming\emule pro ultra 3 download\eMule0.48a-Installer .exe
</pre>



((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
2008-08-05 02:13 1610264 --a------ C:\Program Files\myBabylon\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-08-05 1610264]

[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2008-07-23 468264]
"MSServer"="C:\Windows\system32\ddcCrsss.dll" [N/A]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"CnxDslTaskBar"="C:\Program Files\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" [2003-10-29 462848]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= CSvidcap.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe"
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D6E4ED48-D370-4761-A3DE-4D8B0F5F1144}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{55D3D4B8-8A51-4126-99E4-962636A7D2FD}C:\\program files\\mcafee\\mbk\\mcafeedatabackup.exe"= UDP:C:\program files\mcafee\mbk\mcafeedatabackup.exe:McAfee Data Backup
"UDP Query User{337D9464-E256-46F6-B699-20404928CEA3}C:\\program files\\mcafee\\mbk\\mcafeedatabackup.exe"= TCP:C:\program files\mcafee\mbk\mcafeedatabackup.exe:McAfee Data Backup
"{D8D942B2-7C9D-4031-A8AF-8D30B569FEAE}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{AB2C9783-C647-4959-8D4D-2ADBF639F1C5}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{4CCE390A-8165-46BD-9A2E-D190F695927D}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{77519FA1-1FCF-4D1C-8648-B598070C8F81}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{A5DD8567-B1A1-409C-B558-D3BE5102487E}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{3AE832BF-D8D9-450B-AA72-058A454FFC85}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{52866681-39E9-4E72-BDDA-DB67841ADD31}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{063D0AF1-336A-4814-A63C-37C5D012FA9E}"= UDP:9420:Red Swoosh
"{C9BD1A2C-9498-4E42-BEF4-24922E334A9C}"= TCP:5000:Red Swoosh
"{D511265A-9F77-48C3-A054-DF4B5ADC2E3D}"= UDP:9420:Red Swoosh
"{F5B82FCD-42B5-48E4-93EF-6E0D33554418}"= TCP:5000:Red Swoosh
"{DE8A5B6C-E4F9-4E40-9C94-989BED64D979}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{1677BAE1-C77A-4D49-AD33-66F42F25D057}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{399F930C-C8EF-4026-A927-43245AAA145B}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{9614DC0E-3BC1-4EA6-A2D9-C5F16706A9A5}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{A9B354E2-0E21-4EC4-8A23-5A15A9C6D0F4}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{5BC0DA75-7C04-4736-9FB3-C5CB90587018}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{E0C532FE-13F7-4FD3-A3B6-CFB633D41061}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{23342D2D-FD40-4431-B71A-23C86E105B12}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{C05603AA-B7E6-4EAE-BB2A-5511301FB8FA}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{123C827E-60EB-45BC-A910-D6358182D463}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{65A3480B-3406-4961-B212-7193D0AF372E}"= UDP:C:\Program Files\eMule\emule.exe:eMuleMorphXT
"{1A20FF13-0ACF-4C36-B0A6-63804DD3927A}"= TCP:C:\Program Files\eMule\emule.exe:eMuleMorphXT
"{A00AAF33-95FE-4221-A355-350146A85ECF}"= UDP:C:\Program Files\Lphant\eLePhantClient.exe:Lphant
"{0B527D2E-064D-4986-9856-869A8306A145}"= TCP:C:\Program Files\Lphant\eLePhantClient.exe:Lphant
"{AD75C521-E908-4596-ADA2-4EACFEB89EEE}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{842A8CE9-F5A2-42A3-BFE8-271610F9FCC2}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{3D6EC9EC-9F21-4C7E-88EF-61A1D5AD73D7}"= UDP:C:\Program Files\Lphant\eLePhantClient.exe:Lphant
"{7263BF09-BB4F-49D8-A931-E3EF7AA3A95A}"= TCP:C:\Program Files\Lphant\eLePhantClient.exe:Lphant

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 c2scsi;c2scsi;C:\Windows\system32\DRIVERS\c2scsi.sys [2006-08-09 248568]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
S3 CH341SER;CH341SER;C:\Windows\system32\Drivers\CH341SER.SYS [2007-09-24 37488]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\Windows\system32\DRIVERS\CnxEtP.sys [2003-09-12 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\Windows\system32\DRIVERS\CnxEtU.sys [2003-09-12 646784]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\Windows\system32\DRIVERS\CnxTgN.sys [2003-10-29 108675]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 qcusbmdm6k;MD-1 Proprietary USB Driver;C:\Windows\system32\DRIVERS\qcusbmdm6k.sys [2006-09-21 64640]
S3 qcusbnmea;MD-1 NMEA Port;C:\Windows\system32\DRIVERS\qcusbnmea.sys [2006-09-21 64640]
S3 qcusbser6k;MD-1 Diagnostic Port;C:\Windows\system32\DRIVERS\qcusbser6k.sys [2006-09-21 64640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2008-06-14 C:\Windows\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-10-19 C:\Windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
- C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 03:30]

2008-10-19 C:\Windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
- C:\Users\Francesco\Desktop\DOWNLOAD ACER [2008-10-05 17:36]

2008-10-19 C:\Windows\Tasks\User_Feed_Synchronization-{EC41EB85-BC6D-4C3C-91D5-384977B2A2EC}.job
- C:\Windows\system32\msfeedssync.exe [2008-08-22 12:05]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{3D216277-99F5-4E39-B606-688998118EE2} - C:\Windows\system32\wvUlIxXP.dll
BHO-{FBC94C72-6CDB-47C1-940B-353ADBC05131} - C:\Windows\system32\iifExwWq.dll
ShellExecuteHooks-{758F6D53-DCC7-4CCF-9080-4B6F9389F641} - C:\Windows\system32\ddcCrsss.dll


.
------- Supplementare di scansione -------
.
FireFox -: Profile - C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\de6zxaye.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.it/firefox?client=fir ... t:official
FF -: plugin - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava11.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava12.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava131_13.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npoji600.dll
FF -: plugin - C:\Program Files\Virtual Earth 3D\npVE3D.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 10:40:31
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\Users\FRANCE~1\AppData\Local\Temp\ehmsas.txt 2 bytes
C:\Users\FRANCE~1\AppData\Local\Temp\CabD586.tmp 27617 bytes

Scansione completata con successo
Files nascosti: 2

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

PROCESSO: C:\Windows\Explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
C:\WINDOWS\System32\audiodg.exe
C:\WINDOWS\System32\wlanext.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\Total Uninstall 4\Tu.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\drivers\XAudio.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2008-10-20 11:00:34 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-10-20 08:59:26

Pre-Run: 12.921.188.352 byte disponibili
Post-Run: 14,369,542,144 byte disponibili

427 --- E O F --- 2008-10-15 19:18:34


Modifiche apportate dal programma installato

Applicazione monitorata
account manager
Data monitoraggio
18/10/2008 21.42.59
Nome istantanea di pre-installazione
18/10/2008 21.29.55
Nome istantanea di post-installazione
18/10/2008 21.42.17
Nome profilo di confronto
Predefinito

MODIFICHE RILEVATE
FILE DI SISTEMA
Cartelle create : 2
Cartelle eliminate : 0
File creati : 5
File eliminati : 0
File modificati : 0
Dimensione : 6,83 KB
REGISTRO
Chiavi create : 3
Chiavi eliminate : 0
Valori creati : 8
Valori eliminati : 1
Valori modificati : 19
Dimensione : 666 B
Nome file di registro
C:\Users\Francesco\AppData\Local\Martau\Total Uninstall 4\MonitoredApps\account manager.tun

DETTAGLI FILE DI SISTEMA [Visualizzazione: Tutti i dettagli] (Tutto)
--------------------------------------------------------------------
(+)(CARTELLA) C:\DOWNLOADS\AM.v1.0.Nightly.Build-632_www.softarchive.net\Accounts
(+)(FILE) 0.xml = 18/10/2008 21.34, 5225 byte, A
(+)(CARTELLA) C:\DOWNLOADS\AM.v1.0.Nightly.Build-632_www.softarchive.net\Settings
(+)(FILE) application.xml = 18/10/2008 21.31, 788 byte, A
(+)(FILE) download.xml = 18/10/2008 21.30, 404 byte, A
(+)(FILE) ui.xml = 18/10/2008 21.31, 213 byte, A
(+)(FILE) upload.xml = 18/10/2008 21.30, 365 byte, A

DETTAGLI REGISTRO [Visualizzazione: Tutti i dettagli] (Tutto)
-------------------------------------------------------------
(CHIAVE) HKEY_CURRENT_USER\Control Panel\Colors
(*)(VALORE) Background
REG_SZ, "0 0 0" ==> REG_SZ, "0 0 255"
(CHIAVE) HKEY_CURRENT_USER\Control Panel\Desktop
(+)(VALORE) OriginalWallpaper = REG_SZ, "C:\Windows\system32\phc7nmj0et3t.bmp"
(*)(VALORE) ScreenSaveActive
REG_SZ, "0" ==> REG_SZ, "1"
(+)(VALORE) SCRNSAVE.EXE = REG_SZ, "C:\Windows\system32\blphc7nmj0et3t.scr"
(*)(VALORE) WallPaper
REG_SZ, "C:\Users\Public\Pictures\Sample Pictures\Sfondi\AG-PhotoCollection-57 (2).jpg" ==> REG_SZ, "C:\Windows\system32\phc7nmj0et3t.bmp"
(*)(VALORE) WallpaperStyle
REG_SZ, "2" ==> REG_SZ, "0"
(CHIAVE) HKEY_CURRENT_USER\Software\Classes\Local Settings\RegMuiCache
(+)(VALORE) 2001,C:\Windows\system32\rastls.dll = REG_SZ, "Smart card o altro certificato"
(+)(VALORE) 2002,C:\Windows\system32\rastls.dll = REG_SZ, "PEAP (Protected EAP)"
(+)(CHIAVE) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
(+)(VALORE) NoDispScrSavPage = REG_DWORD, 1
(+)(CHIAVE) HKEY_CURRENT_USER\Software\Sysinternals
(+)(CHIAVE) HKEY_CURRENT_USER\Software\Sysinternals\Bluescreen Screen Saver
(+)(VALORE) EulaAccepted = REG_DWORD, 1
(CHIAVE) HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\L$_RasDefaultCredentials#0\CupdTime
(*)(VALORE) (predefinito)
REG_NONE, ...&S1.. ==> REG_NONE, O<g.X1..
(CHIAVE) HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\L$_RasDefaultCredentials#0\CurrVal
(*)(VALORE) (predefinito)
REG_NONE, .....+..$=..5.]...y........._..h..E6..I:..|......I'.'.....H|..._.=...H...k.*......w...I:...\.../k...........m........(....y8..o....-..d.a..ctu..(.P2c.`&T.......~.O....u%.....h....i.`..Q)..u.t @[9.W.....O.?F.-+E.W.weS.'....l..L{..[A...=.>.QF.'8........._1.>..z%l....n.. ==> REG_NONE, .....+..$=..5.]...y..............o(.]$.....1.!..Nu.H..1.G>.y<........i.}..e.....B.N.,......vp.....m.5...u....l...Q8.g..(.v....A..6..(.....L...".v...j....&........N`dL.....}..M1.h..{pw........9...7.$...4.C.DG.zU..VZQ.#w..UR.....@.8.|s...D.....9.]..!:s.u...........0...L
(CHIAVE) HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\L$_RasDefaultCredentials#0\OldVal
(*)(VALORE) (predefinito)
REG_NONE, .....+..$=..5.]...y..........N......Z..5*..|.....G.......Y#..R.......Qe<*h.h..N0..>>.......v....EY."....0FD.q#.."..a&..$.q..6.q.jTW.H...DSo..a...s..y.CC..b..;.?..!.....P..[1r.....N;.....>.(a..|:...@i........S:s.b]..".YH..f..+."..p.B]........90..*..?..C.K ..x..h.....3. ==> REG_NONE, .....+..$=..5.]...y.........j:.....5.M...4#..Q9...Dy.....14lyF....M.j.3.,..h."....]....B.yxli.Jm0Q\(3.J$M.cM6.D.V(...XH..._......S.I4../......j.~.(..`..,@/j..W..,.hw........W...A.J.\.H.d.. %.I..M....M^.I.ai..7.&E.I..h2B.O..1..YC..=..GX..z ..=.~71...O..Q.LmO.C.5.*;0..$
(CHIAVE) HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\L$_RasDefaultCredentials#0\OupdTime
(*)(VALORE) (predefinito)
REG_NONE, (JjIG1.. ==> REG_NONE, ...&S1..
(CHIAVE) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5DE84A76A6B0A07499C58B1F49E2A89B\Usage
(*)(VALORE) Diskeeper
REG_DWORD, 961680185 ==> REG_DWORD, 961680187
(CHIAVE) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
(+)(VALORE) lphc7nmj0et3t = REG_SZ, "C:\Windows\system32\lphc7nmj0et3t.exe"
(CHIAVE) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{6312D885-ED84-4D7C-A824-853C267E5CFC}
(*)(VALORE) DateLastConnected
REG_BINARY, ..........8...'. ==> REG_BINARY, ................
(CHIAVE) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPQM\Enum
(-)(VALORE) 0 = REG_SZ, "SW\{ddf4358e-bb2c-11d0-a42f-00a0c9223196}\{97EBAACB-95BD-11D0-A3EA-00A0C9223196}"
(*)(VALORE) Count
REG_DWORD, 1 ==> REG_DWORD, 0
(*)(VALORE) NextInstance
REG_DWORD, 1 ==> REG_DWORD, 0
(CHIAVE) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDIS\IfTypes\23
(*)(VALORE) IfUsedNetLuidIndices
REG_BINARY, . ==> REG_BINARY, .
(CHIAVE) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
(+)(VALORE) AllocatedLuids = REG_BINARY, ....
(CHIAVE) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage
(*)(VALORE) Bind
REG_MULTI_SZ, "\Device\{B293538A-43D2-4B62-95CA-15207919DDFA} \Device\{FB5684AE-8C55-4772-8C35-648064F13536} \Device\{9A7F1D23-4205-4613-BEAE-62B483B2C14E} \Device\{F679F186-6100-4A26-8A00-8A84E04D896E} \Device\{F7326E10-8465-4E06-AAAC-2B52CC8087F1} \Device\{38835BDA-D880-4E23-BDAD-8A160B639694} " ==> REG_MULTI_SZ, "\Device\{D125FEAB-6C78-47EB-96B1-4F4525C2323C} \Device\{B293538A-43D2-4B62-95CA-15207919DDFA} \Device\{FB5684AE-8C55-4772-8C35-648064F13536} \Device\{9A7F1D23-4205-4613-BEAE-62B483B2C14E} \Device\{F679F186-6100-4A26-8A00-8A84E04D896E} \Device\{F7326E10-8465-4E06-AAAC-2B52CC8087F1} \Device\{38835BDA-D880-4E23-BDAD-8A160B639694} "
(CHIAVE) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D125FEAB-6C78-47EB-96B1-4F4525C2323C}
(*)(VALORE) DhcpInterfaceOptions
REG_BINARY, ................>1.Hy...............>1.H................>1.H+...............>1.H,...............>1.H................>1.H ==> REG_BINARY, ................|9.Hy...............|9.H................|9.H+...............|9.H,...............|9.H................|9.H
(*)(VALORE) DhcpIPAddress
REG_SZ, "0.0.0.0" ==> REG_SZ, "93.149.101.12"
(*)(VALORE) DhcpSubnetMask
REG_SZ, "0.0.0.0" ==> REG_SZ, "255.255.255.255"
(*)(VALORE) NameServer
REG_SZ, "" ==> REG_SZ, "193.12.150.2 212.247.152.2"
(CHIAVE) HKEY_LOCAL_MACHINE\SYSTEM\RNG
(*)(VALORE) Seed
REG_BINARY, SeedFile.=...=.1U.(Qf.....Q!J.!o.............82.8&Nj............5....0...|.Y ==> REG_BINARY, SeedFile0....RQ.....R..>.......#mg.TT..R@...p-\q......Z...e............+3...


File di disinstallazione del programma

"account manager" - Registro di disinstallazione
--------------------------------------------------------------------------------

(OK)Errori: 0 Avvertimenti: 0 Operazioni riuscite: 27
(OK)Eliminazione valore di registro: HKEY_CURRENT_USER\Software\Classes\Local Settings\RegMuiCache@2002,C:\Windows\system32\rastls.dll
(OK)Eliminazione valore di registro: HKEY_CURRENT_USER\Software\Classes\Local Settings\RegMuiCache@2001,C:\Windows\system32\rastls.dll
(OK)Eliminazione valore di registro: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters@AllocatedLuids
(OK)Eliminazione chiave di registro: HKEY_CURRENT_USER\Software\Sysinternals
(OK)Eliminazione valore di registro: HKEY_CURRENT_USER\Software\Sysinternals\PsKill@EulaAccepted
(OK)Eliminazione chiave di registro: HKEY_CURRENT_USER\Software\Sysinternals\PsKill
(OK)Eliminazione chiave di registro: HKEY_CURRENT_USER\Software\Sysinternals
(OK)Ripristino valore di registro: HKEY_CURRENT_USER\Control Panel\Desktop@WallpaperStyle
(OK)Ripristino valore di registro: HKEY_CURRENT_USER\Control Panel\Desktop@WallPaper
(OK)Ripristino valore di registro: HKEY_CURRENT_USER\Control Panel\Desktop@ScreenSaveActive
(OK)Ripristino valore di registro: HKEY_CURRENT_USER\Control Panel\Colors@Background
(OK)Ripristino valore di registro: HKEY_LOCAL_MACHINE\SYSTEM\RNG@Seed
(OK)Ripristino valore di registro: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D125FEAB-6C78-47EB-96B1-4F4525C2323C}@NameServer
(OK)Ripristino valore di registro: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D125FEAB-6C78-47EB-96B1-4F4525C2323C}@DhcpSubnetMask
(OK)Ripristino valore di registro: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D125FEAB-6C78-47EB-96B1-4F4525C2323C}@DhcpIPAddress
(OK)Ripristino valore di registro: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D125FEAB-6C78-47EB-96B1-4F4525C2323C}@DhcpInterfaceOptions
(OK)Ripristino valore di registro: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage@Bind
(OK)Ripristino valore di registro: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDIS\IfTypes\23@IfUsedNetLuidIndices
(OK)Ripristino valore di registro: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPQM\Enum@NextInstance
(OK)Ripristino valore di registro: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPQM\Enum@Count
(OK)Ripristino valore di registro: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{6312D885-ED84-4D7C-A824-853C267E5CFC}@DateLastConnected
(OK)Ripristino valore di registro: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5DE84A76A6B0A07499C58B1F49E2A89B\Usage@Diskeeper
(OK)Ripristino valore di registro: HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\L$_RasDefaultCredentials#0\OupdTime@(predefinito)
(OK)Ripristino valore di registro: HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\L$_RasDefaultCredentials#0\OldVal@(predefinito)
(OK)Ripristino valore di registro: HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\L$_RasDefaultCredentials#0\CurrVal@(predefinito)
(OK)Ripristino valore di registro: HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\L$_RasDefaultCredentials#0\CupdTime@(predefinito)
(OK)Creazione valore di registro: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPQM\Enum@0




Spero di esserti stato di aiuto a risolvere il mio problema [;)]
Avatar utente
micky4
Neo Iscritto
Neo Iscritto
 
Messaggi: 18
Iscritto il: dom ott 19, 2008 2:20 pm

Re: trojan DNSChanger.gen e Fake Alert-AB.dr

Messaggioda Amantide » lun ott 20, 2008 11:51 am

A proposito di questi file?..
Codice: Seleziona tutto
2008-09-03 21:55 2,231,606 ----a-w C:\Users\All Users\Games.exe
2008-09-03 21:55 2,231,606 ----a-w C:\ProgramData\Games.exe
2008-09-03 21:54 2,989,660 ----a-w C:\Users\All Users\DVD.exe
2008-09-03 21:54 2,989,660 ----a-w C:\ProgramData\DVD.exe
2008-09-03 21:54 2,864,396 ----a-w C:\Users\All Users\MPV.exe
2008-09-03 21:54 2,864,396 ----a-w C:\ProgramData\MPV.exe
2008-09-03 21:53 3,063,561 ----a-w C:\Users\All Users\MobileTV.exe
2008-09-03 21:53 3,063,561 ----a-w C:\ProgramData\MobileTV.exe
2008-09-03 21:53 2,331,174 ----a-w C:\Users\All Users\Karaoke.exe
2008-09-03 21:53 2,331,174 ----a-w C:\ProgramData\Karaoke.exe

... sai di cosa si tratta?

Scarica OtMoveIt3, avvialo selezionando Esegui come Amministratore dal menu di tasto destro ed assicurati che la voce Unregister Dll's and Ocx's sia spuntata.
Nello spazio bianco sotto alla voce Paste Instructions for items to be Moved incolla seguente script e clicca su MoveIt!:

Codice: Seleziona tutto
:files
C:\Windows\system32\ddcCrsss.dll
C:\Windows\system32\wvUlIxXP.dll
C:\Windows\system32\iifExwWq.dll
C:\Windows\system32\phc7nmj0et3t.bmp
C:\Windows\system32\blphc7nmj0et3t.scr
C:\Windows\system32\phc7nmj0et3t.bmp
C:\Windows\system32\lphc7nmj0et3t.exe

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{758F6D53-DCC7-4CCF-9080-4B6F9389F641}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D216277-99F5-4E39-B606-688998118EE2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBC94C72-6CDB-47C1-940B-353ADBC05131}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lphc7nmj0et3t"=-

:processes
MSServer
lphc7nmj0et3t

:commands
[purity]
[emptytemp]


Il log dell'operazione verrà salvato nella cartella C:\_OtMoveIt\MovedFiles sotto la forma del file [nome_e_data].LOG
Copia il suo contenuto ed inseriscilo qui.

Fai anche la scansione con Malwarebytes' Anti-Malware ed allega qui il report della scansione.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: trojan DNSChanger.gen e Fake Alert-AB.dr

Messaggioda micky4 » lun ott 20, 2008 1:31 pm

Dopo che ho usato Combofix sembra tutto tornato alla normalità. in Internet explorer non si presentano più estensioni aggiuntive del trojan. I file di cui mi hai chiesto sono dei videotutorials che fanno parte dei programmi preinstallati da Hp. Ti allego il file di OTMOVE. Per l'altro, lo allego appena ha terminato l' esecuzione. Per adesso ha segnalato 6 elementi...

========== FILES ==========
File/Folder C:\Windows\system32\ddcCrsss.dll not found.
File/Folder C:\Windows\system32\wvUlIxXP.dll not found.
File/Folder C:\Windows\system32\iifExwWq.dll not found.
File/Folder C:\Windows\system32\phc7nmj0et3t.bmp not found.
File/Folder C:\Windows\system32\blphc7nmj0et3t.scr not found.
File/Folder C:\Windows\system32\phc7nmj0et3t.bmp not found.
File/Folder C:\Windows\system32\lphc7nmj0et3t.exe not found.
File/Folder :reg not found.
File/Folder [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] not found.
File/Folder MSServer"= not found.
File/Folder [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] not found.
File/Folder {758F6D53-DCC7-4CCF-9080-4B6F9389F641}"= not found.
File/Folder [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D216277-99F5-4E39-B606-688998118EE2}] not found.
File/Folder [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBC94C72-6CDB-47C1-940B-353ADBC05131}] not found.
File/Folder [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] not found.
File/Folder lphc7nmj0et3t"= not found.
File/Folder :processes not found.
File/Folder MSServer not found.
File/Folder lphc7nmj0et3t not found.
File/Folder :commands not found.
File/Folder [purity] not found.
File/Folder [emptytemp] not found.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10202008_140706


Come puoi vedere è tutto negativo [^]
Avatar utente
micky4
Neo Iscritto
Neo Iscritto
 
Messaggi: 18
Iscritto il: dom ott 19, 2008 2:20 pm

Re: trojan DNSChanger.gen e Fake Alert-AB.dr

Messaggioda Amantide » lun ott 20, 2008 2:14 pm

micky4 ha scritto:Come puoi vedere è tutto negativo [^]

Meglio così [^] Vuol dire che ComboFix ha fatto un buon lavoro.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: trojan DNSChanger.gen e Fake Alert-AB.dr

Messaggioda micky4 » lun ott 20, 2008 7:49 pm

Ecco qui il log di Malwarebytes. Sembra che ci fosse ancora qualcosa.

Malwarebytes' Anti-Malware 1.29
Versione del database: 1297
Windows 6.0.6001 Service Pack 1

20/10/2008 15.57.43
mbam-log-2008-10-20 (15-57-43).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 158732
Tempo trascorso: 1 hour(s), 37 minute(s), 54 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 4

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Trojan.HumourCanine) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Program Files\Conduit\Community Alerts\Alert.dll (Trojan.HumourCanine) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\etgq.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\System32\cBSIbYSL.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\System32\ddcCrsss.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.


Forse adesso si può stare tranquilli? [rolleyes]
Avatar utente
micky4
Neo Iscritto
Neo Iscritto
 
Messaggi: 18
Iscritto il: dom ott 19, 2008 2:20 pm

Re: trojan DNSChanger.gen e Fake Alert-AB.dr

Messaggioda Amantide » lun ott 20, 2008 8:59 pm

Quello che ha trovato e rimosso Malwarebytes erano i file già rimossi da Combofix e qualche voce poco rilevante.

Direi che ora il pc è pulito. [^]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: trojan DNSChanger.gen e Fake Alert-AB.dr

Messaggioda micky4 » lun ott 20, 2008 9:36 pm

Grazie Amantide. Non so proprio come ringraziarti. Ora devo risolvere il problema dell' antivirus che ha l' interfaccia che non funziona più. Dovrò disinstallarlo e reinstallarlo ma stò pensando di metterne un' altro perché questo mi scade tra poco ed è pesante per il mio sistema e ha dimostrato di essere vulnerabile. Ho trovato in rete questo rapporto di confronto tra antivirus che forse ti interesserà, è della AV Comparatives. E' datato agosto 2008. Sono propenso per Norton 2009, ora è cambiato, è leggero ed ha bisogno di poche risorse. Solo 2 processi per circa 8Mb di ram su processori da 300Mhz con 256Mb di ram. Un vero miracolo per la Symantec. Tu che ne pensi ?
[brindisi]
Avatar utente
micky4
Neo Iscritto
Neo Iscritto
 
Messaggi: 18
Iscritto il: dom ott 19, 2008 2:20 pm

Re: trojan DNSChanger.gen e Fake Alert-AB.dr

Messaggioda Amantide » lun ott 20, 2008 9:44 pm

Il nuovo Norton è sicuramente più leggero e più efficace delle versioni precedenti, però continuo a preferire Antivir, anche nella sua versione free [^]

Dai un'occhiata anche qui viewtopic.php?f=33&t=33901
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: trojan DNSChanger.gen e Fake Alert-AB.dr

Messaggioda micky4 » mar ott 21, 2008 1:12 pm

Grazie delle informazioni. Avevo allegato il rapporto ma non lo trovo più devo avere sbagliato qualcosa, lo rimetto. Qui Avira antivir è primo in classifica. La cosa ti farà piacere. [sh]
Avatar utente
micky4
Neo Iscritto
Neo Iscritto
 
Messaggi: 18
Iscritto il: dom ott 19, 2008 2:20 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Google [Bot] e 0 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising