Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Virus Csrss ......

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Virus Csrss ......

Messaggioda bombolo..tp » ven giu 26, 2009 10:51 am

Ciao a tutti, non sono nuovo del forum.....mah...Tra i miei miliardi di username e password non ricordo più questo !!sick.
Comunque credo di avere un picolo problema con questo csrss, che dovrebbe essere un exe di systema, maho letto in giro che potrebbe essere anche un pericoloso worm. Ho provato a fare la scansione con hijackthis ma non partiva (Primo Sospetto); mi spuntava inoltre una strana pagina su mozilla relativa a protezioni di windows e indovinate volevano farmi scaricare un file : setup.exe ( MA setup ci che ????).Allora ho rinominato l'eseguibile di Hj e l'ho lanciato. Trovando alcune cose pericolose (a detta del sito hijackthis.de) Comunuqe fixxato le cose pericolose ho rifatto un nuovo log. Potreste dargli un'occhiata e dirmi qualcosa? Ciao Raga e grazie per l'aiuto in anticipo.!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.41.30, on 26/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\EzButton\EzButton.EXE
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Google\Quick Search Box\qsb.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
c:\programmi\avira\antivir personaledition classic\avcenter.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Documents and Settings\Davide\Desktop\HiJackThis\HijkThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tele2internet.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [EzButton] C:\Programmi\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Battery Checker] C:\Program Files\TOSHIBA\Battery Checker\BtryChkr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programmi\Google\Quick Search Box\qsb.exe" /autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?dfe1bed07eb94e8181d6b0bd0150ce1c
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?dfe1bed07eb94e8181d6b0bd0150ce1c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programmi\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programmi\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Programmi\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8253001312
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - http://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{536FB3AD-E235-4157-B0A7-DBBEDF632A33}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Servizio di Google Update (gupdate1c9b0678e03bee0) (gupdate1c9b0678e03bee0) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: PostgreSQL Server 8.3 (postgresql-8.3) - PostgreSQL Global Development Group - C:/Programmi/PostgreSQL/8.3/bin/pg_ctl.exe

--
End of file - 11828 bytes
Avatar utente
bombolo..tp
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: ven giu 26, 2009 10:41 am

Re: Virus Csrss ......

Messaggioda ste_95 » ven giu 26, 2009 11:25 am

Il log è pulito. Per sicurezza:

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Virus Csrss ......

Messaggioda bombolo..tp » ven giu 26, 2009 1:52 pm

Ho fatto la scansionne con combofix....

ComboFix 09-06-25.06 - Davide 26/06/2009 14.34.58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.302 [GMT 2:00]
Eseguito da: c:\documents and settings\Davide\Desktop\ComoFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\csrcs.exe
c:\windows\system32\drivers\MSIVXqkuupifplfumpegkylviwrxlgfaflchq.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXjbyxpsukpvlavhujtmvksyihsumavxmj.dll
c:\windows\system32\MSIVXncabkmlsowjddyloxfewgwdjtacarwia.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Creati Da 2009-05-26 al 2009-06-26 )))))))))))))))))))))))))))))))))))
.

2009-06-26 10:05 . 2001-08-17 19:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-06-26 10:05 . 2001-08-17 19:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-06-26 09:08 . 2009-06-26 09:08 -------- d-----w- c:\programmi\Trend Micro
2009-06-26 09:00 . 2009-06-26 09:01 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\GetRightToGo
2009-06-25 09:33 . 2009-06-25 22:55 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\BitTorrent
2009-06-25 09:32 . 2009-06-25 09:32 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\DNA
2009-06-25 09:32 . 2009-06-26 09:10 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\DNA
2009-06-25 09:32 . 2009-06-26 08:50 -------- d-----w- c:\programmi\DNA
2009-06-25 09:32 . 2009-06-25 09:32 -------- d-----w- c:\programmi\BitTorrent
2009-06-24 16:08 . 2009-06-24 16:08 -------- d-----w- c:\programmi\PostgreSQL
2009-06-24 15:31 . 2009-06-25 09:23 -------- d-----w- c:\programmi\PokerTracker 3
2009-06-24 15:16 . 2009-06-24 15:17 -------- d-----w- c:\programmi\SharkScope
2009-06-24 14:58 . 2009-06-24 14:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-06-24 14:41 . 2009-06-24 16:03 349 ----a-w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\postgresinstall.bat
2009-06-23 12:07 . 2003-11-04 13:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-06-23 12:07 . 2004-01-12 00:09 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2009-06-23 12:07 . 2004-05-14 14:53 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-06-23 12:07 . 2004-05-14 14:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-06-23 12:07 . 2004-05-14 14:53 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-06-23 12:07 . 2004-05-14 14:53 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-06-23 12:07 . 2004-05-14 14:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-06-23 12:07 . 2004-05-14 14:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-06-21 22:17 . 2009-06-21 22:17 -------- d-----w- c:\programmi\GiocoDigitale
2009-06-21 21:58 . 2009-06-21 21:58 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-21 21:58 . 2009-06-26 08:51 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\skypePM
2009-06-21 21:56 . 2009-06-26 12:09 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\Skype
2009-06-21 21:56 . 2009-06-21 21:56 -------- d-----w- c:\programmi\File comuni\Skype
2009-06-21 21:55 . 2009-06-21 21:56 -------- d-----r- c:\programmi\Skype
2009-06-21 21:55 . 2009-06-21 21:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-06-18 12:54 . 2009-06-18 13:06 -------- d-----w- c:\programmi\PartyGaming.Net
2009-06-16 10:50 . 2009-06-16 12:20 -------- d-----w- c:\programmi\Holdem Indicator
2009-06-14 17:49 . 2009-06-14 17:49 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\gtk-2.0
2009-06-14 17:49 . 2009-06-14 17:49 -------- d-----w- c:\documents and settings\Davide\.thumbnails
2009-06-14 17:47 . 2009-06-14 17:50 -------- d-----w- c:\documents and settings\Davide\.gimp-2.6
2009-06-14 17:47 . 2009-06-14 17:47 -------- d-----w- c:\documents and settings\Davide\.gegl-0.0
2009-06-11 18:49 . 2009-06-11 18:49 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-11 11:45 . 2009-06-11 11:45 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\Stardock
2009-06-11 07:27 . 2009-06-11 07:27 -------- d-----w- c:\windows\ie8updates
2009-06-10 18:54 . 2009-04-30 21:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 18:54 . 2009-04-30 21:13 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 18:54 . 2009-04-30 21:13 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-10 18:54 . 2009-04-30 21:13 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-09 16:37 . 2009-06-09 16:37 -------- d-----w- c:\programmi\R
2009-06-09 16:33 . 2009-06-24 15:16 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\Tinn-R
2009-06-09 16:32 . 2009-06-09 16:32 -------- d-----w- c:\programmi\Tinn-R
2009-06-07 13:36 . 2009-06-07 14:22 -------- d-----w- c:\programmi\Poker Indicator
2009-06-05 11:56 . 2009-06-05 11:56 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\Help
2009-06-04 21:46 . 2009-06-04 21:46 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\PokerStrategyElephant
2009-06-04 21:29 . 2009-06-04 21:46 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\PokerStrategy
2009-06-04 21:24 . 2009-06-04 21:24 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\ICMTrainer
2009-06-04 12:19 . 2009-06-04 12:19 -------- d-----w- c:\programmi\Visual Integrity
2009-06-04 12:10 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-04 12:10 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-04 12:10 . 2009-06-04 12:10 -------- d-----w- C:\CanoScan
2009-06-04 12:10 . 2001-12-25 14:13 487424 ----a-w- c:\windows\system32\D125UFW.DLL
2009-06-04 12:10 . 2001-11-01 14:58 503808 ----a-w- c:\windows\system32\D125WUD.DLL
2009-06-04 12:10 . 2001-11-01 14:58 118784 ----a-w- c:\windows\system32\D125WIMG.DLL
2009-06-04 12:10 . 2001-10-03 19:47 393264 ----a-w- c:\windows\system32\D125UR.DAT
2009-06-04 12:10 . 2001-09-27 13:31 729088 ----a-w- c:\windows\system32\D125UAG.DLL
2009-06-04 12:10 . 2001-04-11 00:10 327740 ----a-w- c:\windows\system32\UCS32P.DLL
2009-06-04 12:10 . 1998-06-16 23:14 45056 ----a-w- c:\windows\system32\CANOIT32.EXE
2009-06-04 12:10 . 1998-06-16 23:14 119808 ----a-w- c:\windows\system32\ITLIB32.DLL
2009-06-04 09:54 . 2009-06-04 10:33 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\ICMTrainerLight
2009-06-04 09:52 . 2009-06-04 21:41 -------- d-----w- c:\programmi\PokerStrategy
2009-06-03 18:30 . 2009-06-03 18:30 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\Drag_&_Air_S.n.c
2009-06-03 17:31 . 2009-06-12 16:21 -------- d-----w- c:\programmi\Burraconline
2009-05-28 22:08 . 2009-05-28 22:08 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\In_The_Money_LLC
2009-05-28 22:07 . 2009-05-29 08:39 -------- d-----w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\In The Money
2009-05-28 22:07 . 2009-05-28 22:07 -------- d-----w- c:\programmi\In The Money

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 12:30 . 2009-04-15 07:44 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\Free Download Manager
2009-06-25 23:21 . 2009-03-28 13:28 -------- d-----w- c:\programmi\PokerStars.IT
2009-06-25 14:56 . 2009-04-25 09:51 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\mIRC
2009-06-25 14:54 . 2009-04-25 09:51 -------- d-----w- c:\programmi\mIRC
2009-06-24 17:15 . 2009-04-05 13:41 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\U3
2009-06-24 17:01 . 2009-04-25 10:52 1 ----a-w- c:\documents and settings\Davide\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-24 16:40 . 2009-04-15 08:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-06-24 14:51 . 2009-06-24 14:45 2269 ----a-w- c:\documents and settings\All Users\Dati applicazioni\sortedcards.tmp
2009-06-24 14:46 . 2009-06-24 14:46 0 ----a-w- c:\documents and settings\All Users\Dati applicazioni\playercachelines.tmp
2009-06-16 16:29 . 2009-05-20 12:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-06-12 19:47 . 2009-04-15 08:53 -------- d-----w- c:\programmi\Microsoft Works
2009-06-11 10:09 . 2009-04-25 14:20 -------- d-----w- c:\programmi\BobsTrackBuilder
2009-06-11 10:07 . 2004-03-16 08:09 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-06-03 14:42 . 2004-03-16 06:29 75474 ----a-w- c:\windows\system32\perfc010.dat
2009-06-03 14:42 . 2004-03-16 06:29 451016 ----a-w- c:\windows\system32\perfh010.dat
2009-05-28 16:34 . 2009-03-28 12:07 45400 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-28 16:34 . 2009-03-28 12:07 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-28 16:34 . 2009-03-28 12:07 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-27 12:18 . 2009-05-27 12:18 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-05-23 14:41 . 2009-05-23 14:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\GiocoDigitale
2009-05-23 13:07 . 2009-03-28 15:27 -------- d-----w- c:\programmi\Google
2009-05-20 11:50 . 2009-05-20 11:50 -------- d-----w- c:\programmi\Windows Live
2009-05-20 11:50 . 2009-05-20 11:50 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-05-20 11:50 . 2009-03-28 14:51 -------- d-----w- c:\programmi\MSN Messenger
2009-05-16 11:47 . 2009-04-09 12:09 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-05-13 12:29 . 2009-04-16 10:38 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\vlc
2009-05-13 05:02 . 2004-03-16 06:29 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 11:59 . 2009-04-17 20:29 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-10 11:56 . 2009-05-08 22:17 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\DAEMON Tools Lite
2009-05-10 11:55 . 2009-05-10 11:55 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\DAEMON Tools
2009-05-10 11:55 . 2009-05-10 11:55 -------- d-----w- c:\documents and settings\Davide\Dati applicazioni\DAEMON Tools Pro
2009-05-10 11:54 . 2009-05-10 11:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-05-10 11:53 . 2009-05-10 11:53 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2009-05-10 11:53 . 2009-05-10 11:53 -------- d-----w- c:\programmi\DAEMON Tools Lite
2009-05-09 16:06 . 2009-05-09 16:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IsolatedStorage
2009-05-08 22:18 . 2009-05-08 22:18 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-07 15:32 . 2004-03-16 06:28 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 13:47 . 2009-05-03 09:02 -------- d-----w- c:\programmi\EPSON
2009-04-25 13:21 . 2009-03-28 14:32 73400 ----a-w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-19 19:47 . 2004-03-16 06:29 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 14:58 . 2009-04-24 13:56 103424 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-17 14:58 . 2009-04-24 13:56 954368 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-17 14:58 . 2009-04-24 13:56 344064 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-17 14:58 . 2009-04-24 13:56 1161626 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-17 14:58 . 2009-04-24 13:56 65536 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-17 14:58 . 2009-04-24 13:56 71652 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-17 14:58 . 2009-04-24 13:56 4579328 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\libs\cooliris18.dll
2009-04-17 14:58 . 2009-04-24 13:56 4534272 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-17 14:58 . 2009-04-24 13:56 131868 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-15 14:52 . 2004-03-16 06:39 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-12 23:45 . 2009-04-12 23:45 0 ----a-w- c:\windows\nsreg.dat
2009-04-09 12:48 . 2004-03-16 06:38 77543 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-03-28 15:37 . 2009-03-28 15:37 135 ----a-w- c:\documents and settings\Davide\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-03-28 15:13 . 2009-03-28 15:13 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-28 15:13 . 2009-03-28 15:13 152576 ----a-w- c:\documents and settings\Davide\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TOSCDSPD"="c:\programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536]
"MsnMsgr"="c:\programmi\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-28 39408]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2009-06-25 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-02-10 335872]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2003-06-18 151552]
"CeEPOWER"="c:\programmi\TOSHIBA\Power Management\CePMTray.exe" [2004-02-19 135168]
"CeEKEY"="c:\programmi\TOSHIBA\E-KEY\CeEKey.exe" [2004-02-19 638976]
"EzButton"="c:\programmi\EzButton\EzButton.EXE" [2004-01-12 712704]
"TPNF"="c:\programmi\TOSHIBA\TouchPad\TPTray.exe" [2004-02-19 53248]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-28 148888]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2009-03-28 266497]
"SpeedTouch USB Diagnostics"="c:\programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\qsb.exe" [2009-03-28 68592]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2003-11-19 88363]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [28/03/2009 14.07.35 22360]
R0 BatteryChecker;Battery Checker Driver;c:\windows\system32\drivers\BtryChkr.sys [16/03/2004 12.26.23 5392]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [28/03/2009 14.07.35 45400]
S2 gupdate1c9b0678e03bee0;Servizio di Google Update (gupdate1c9b0678e03bee0);c:\programmi\Google\Update\GoogleUpdate.exe [29/03/2009 14.11.55 133104]
S2 postgresql-8.3;PostgreSQL Server 8.3;C:/Programmi/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N "postgresql-8.3" -D "C:/Programmi/PostgreSQL/8.3/data" -w --> C:/Programmi/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N postgresql-8.3 [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-29 12:11]

2009-06-26 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-fsm - (no file)
HKLM-Run-Battery Checker - c:\program files\TOSHIBA\Battery Checker\BtryChkr.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
uInternet Connection Wizard,ShellNext = hxxp://www.tele2internet.it/
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?dfe1bed07eb94e8181d6b0bd0150ce1c
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?dfe1bed07eb94e8181d6b0bd0150ce1c
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Scarica con Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\documents and settings\Davide\Dati applicazioni\Mozilla\Firefox\Profiles\9a1ruev7.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\programmi\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\programmi\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\programmi\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 14:45
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.3]
"ImagePath"="C:/Programmi/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"C:/Programmi/PostgreSQL/8.3/data\" -w"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.3]
"ImagePath"="C:/Programmi/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"C:/Programmi/PostgreSQL/8.3/data\" -w"
.
Ora fine scansione: 2009-06-26 14.48.18
ComboFix-quarantined-files.txt 2009-06-26 12:47

Pre-Run: 13.941.383.168 byte disponibili
Post-Run: 14.484.078.592 byte disponibili

259 --- E O F --- 2009-06-16 17:38
Avatar utente
bombolo..tp
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: ven giu 26, 2009 10:41 am


Re: Virus Csrss ......

Messaggioda crazy.cat » ven giu 26, 2009 1:59 pm

bombolo..tp ha scritto:Ho fatto la scansionne con combofix...

sono stati rimossi parecchi problemi, come va il pc adesso?
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: Virus Csrss ......

Messaggioda bombolo..tp » ven giu 26, 2009 2:29 pm

Adesso tutto bene.....Speriamo che non ci sia più niente.....Ora però mi interrogo sulle cause!!!

A parte aver scaricato un sacco di spazzatura tipo crack ecc... ho utilizzato delle penne molto probabilmente infette. ( a quanto pare la formattazione di queste non è avvenuta perfettamente). Ma come si fa a formattarle e rimuove ogni eventuale virus??? [le penne usano il programma U3]

Comunque grazie del tempo speso..Ciao
Avatar utente
bombolo..tp
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: ven giu 26, 2009 10:41 am

Re: Virus Csrss ......

Messaggioda crazy.cat » ven giu 26, 2009 3:07 pm

Mi sembra che il software U3 sia anche disinstallabile da qualche menù al suo interno.
Comunque formattare usb http://www.MegaLab.it/3167/usb-disk-format-tool
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising