| Precedente :: Successivo |
| Autore |
Messaggio |
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
 Inviato: 19 Lug 2008 15:46 Oggetto: (harmful) BDS/IRC.Chazz.42 back-door |
 |
|
stavo facendo una scansione con avira in "local hard disks"e non aveno niente di acceso quando il guard mi blocca (harmful) BDS/IRC.Chazz.42 back-door piu' altri 2 del solito genere..gli ho negato l'accesso..ma è possibile questo? ho guardato in internet ma mi da solo backdoor tutto attaccato e in piu' ne avevo altri 2 in quarantena che non sapevo di averli..ho messo "delete" cmq ho disattivato il ripristino di sistema..ho riavviato il pc..ho ripristinato il tutto..ho rifatto la scansione e non avrei piu' niente..ma è tutto normale? (a parte me) 
grazie dell'aiuto.ciao |
|
| Top |
|
 |
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 19 Lug 2008 17:40 Oggetto: |
|
|
Ciao...
Certo che normale non è, e in questo periodo mi pare che riscontri infezioni spesso? (se si tratta dello stesso PC)
Se ritieni, fai queste scansioni:
Combofix;
Virit;
Hijackthis; |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 19 Lug 2008 21:00 Oggetto: |
|
|
help..quando apro virit mi da in memoria questi
[hidden service]
catchme-\??\c:\docume-1\propri-1\impost-1\temp\catchme.sys
quel che mi preoccupa sono i 2 teschi messi davanti e ste 2 cose e prima di iniziare ho usato atf-cleaner..oltre a bloccarmi a metà l'update quando inizio la scansione questi un ci sono
ecco anche combo fix
ComboFix 08-07-18.5 - Proprietario 2008-07-19 20.40.46.10 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.525 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
((((((((((((((((((((((((( Files Creati Da 2008-06-19 al 2008-07-19 )))))))))))))))))))))))))))))))))))
.
2008-07-19 15:09 . 2008-07-19 15:09 268 --ah----- C:\sqmdata00.sqm
2008-07-19 15:09 . 2008-07-19 15:09 244 --ah----- C:\sqmnoopt00.sqm
2008-07-18 19:56 . 2008-07-19 12:56 <DIR> d-------- C:\Programmi\Google
2008-07-18 19:56 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-18 19:49 . 2008-07-18 19:49 <DIR> d-------- C:\Programmi\File comuni\Java
2008-07-17 20:17 . 2008-07-17 20:20 <DIR> d-------- C:\fixwareout
2008-07-17 20:00 . 2008-07-18 13:25 <DIR> d-------- C:\Programmi\Navilog1
2008-07-15 17:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-15 17:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-15 17:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-15 10:25 . 2008-01-19 14:27 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-14 21:46 . 2008-07-14 21:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Phone Browser
2008-07-14 21:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-07-14 21:45 . 2008-07-14 21:45 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2008-07-14 21:31 . 2008-07-14 21:34 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-07-14 21:31 . 2008-07-14 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-07-12 20:33 . 2008-07-12 20:33 384 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-12 19:58 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-12 19:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-12 19:58 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-12 19:58 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-12 19:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-12 19:58 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-07 20:35 . 2008-07-07 20:35 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-07-07 20:19 . 2008-07-07 20:24 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-07-07 20:19 . 2005-04-15 20:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-07-07 20:19 . 2005-08-25 19:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-07-07 19:48 . 2008-07-07 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-06-27 20:40 . 2008-07-12 19:25 <DIR> d-------- C:\VEXPLITE
2008-06-20 19:39 . 2008-06-20 19:39 247,296 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 17:56 --------- d-----w C:\Programmi\Java
2008-07-15 07:14 --------- d-----w C:\Programmi\Windows Live
2008-07-14 19:39 --------- d-----w C:\Programmi\MSN Messenger
2008-07-12 19:39 --------- d-----w C:\Programmi\backups
2008-07-04 19:28 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-27 18:27 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 11:38 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\Nokia
2008-06-06 11:37 --------- d-----w C:\Programmi\Nokia
2008-06-06 11:37 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\PC Suite
2008-06-06 11:36 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-06-06 11:36 --------- d-----w C:\Programmi\File comuni\Nokia
2008-05-30 17:29 --------- d-----w C:\Programmi\Siemens
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-10 19:44 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-09-13 20:10 9,679,815 ----a-w C:\Programmi\vlc-0.8.6c-win32.exe
2008-03-01 15:49 20,512 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-18 20:07 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 13:36 266497]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2004-11-25 00:27 32768]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ATI CATALYST System Tray.lnk]
[HKLM\~\startupfolder\^ntuser.dat]
path=\ntuser.dat
[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 21:43 331776 C:\Programmi\AGEIA Technologies\TrayIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2004-11-25 00:27 32768 C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-24 21:10 344064 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2005-03-31 09:30 1106944 C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2003-05-28 19:11 94208 C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
--a------ 2006-11-03 11:01 319488 C:\WINDOWS\PixArt\Pac207\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-03-22 09:39 167936 C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-04-20 09:57 847872 C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 19:19 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-03-21 04:23 46592 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GbpSv"=2 (0x2)
"NMIndexingService"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-07-04 21:28]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-07-12 18:51]
R3 PAC207;CIF USB Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-10 13:51]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 WLAN FVNETusb(R);WLAN FVNETusb(R) Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2002-08-06 16:38]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-19 20:42:04
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-07-19 20:44:02
ComboFix-quarantined-files.txt 2008-07-19 18:43:30
Pre-Run: 20,361,908,224 byte disponibili
Post-Run: 20,350,001,152 byte disponibili
145 --- E O F --- 2008-07-18 11:27:46 |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 19 Lug 2008 23:30 Oggetto: |
|
|
Scarica Stealth MBR rootkit detector;
Avvia il PC in modalità provvisoria;
Da Start - Esegui - digita C:\mbr.exe -f e clicca su OK
Salva il log prodotto per il controllo*
Esempio di MBR correttamente ripristinato:
Stealth MBR rootkit detector 0.2.2 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
MBR rootkit infection detected !
MBR INT 0x13 hook detected !
malicious code @ sector 0x12a14c00 size 0x1ca !
copy of MBR has been found in sector 62 !
original MBR restored successfully ! |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 20 Lug 2008 13:28 Oggetto: |
|
|
ciao sante..ho fatto come hai detto ma in esegui mi dice che questo C:\mbr.exe -f non esiste..ho provato anche ha togliere lo spazio tra exe e il meno ma la risposta è la solita  che faccio? grazie nel perdere il tuo tempo con chi è in difficolta' |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 20 Lug 2008 14:08 Oggetto: |
|
|
| Allora lo hai memorizzato probabilmente in un altra partizione esempio "D:\" oppure "E:\" non so.....altrimenti memorizzalo in C:\...e dovrebbe funzionare. |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 20 Lug 2008 14:19 Oggetto: |
|
|
questo devo memorizzare in c? mbr.exe -f e come faccio..cmq ho provato con la ricerca in tutti i dischi ma un lo trova..come faccio a memorizzarlo? grazie
poi vedo una scritta in portoghese in combofix che dice che non ho la macchina..boh.. |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 20 Lug 2008 14:53 Oggetto: |
|
|
| baciami ha scritto: | | questo devo memorizzare in c? mbr.exe -f e come faccio..cmq ho provato con la ricerca in tutti i dischi ma un lo trova..come faccio a memorizzarlo? grazie |
il file è mbr.exe e la "-f" è un opzione, quindi prova a scaricarlo un altra volta...
| baciami ha scritto: |
poi vedo una scritta in portoghese in combofix che dice che non ho la macchina..boh.. |
Certo...se non hai la macchina non puoi fare queste operazioni....
Scherzi a parte, la scritta dice che in quella macchina, cioè il tuo computer, non è installata la consolle di ripristino di Windows; adesso non ho il link sotto mano per scaricarla, per adesso non togliere combofix, ci servirà dopo per questo...  |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 20 Lug 2008 15:21 Oggetto: |
|
|
deh..un lo trovavo xchè scaricato sul desktop ora è al su posto in c
ho fatto tutto in mod provvisoria e ora sono in normale e ho riattivato il ripristino..il log
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 20 Lug 2008 18:28 Oggetto: |
|
|
Bene, ora fai la scansione con Systemscan e posta il log generato come
indicato quì |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 20 Lug 2008 19:31 Oggetto: |
|
|
ecco il log..scusa il ritardo ma ero al lavoro
http://www.freefilehosting.net/download/3k0mc |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 21 Lug 2008 00:22 Oggetto: |
|
|
Nessun problema per il ritardo....
il log non presenta nulla di sospetto....
Se vuoi, per chiudere in bellezza, collegati a Kaspersky online scanner e procedi con la scansione estesa del PC... |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 21 Lug 2008 14:13 Oggetto: |
|
|
ciao sante..volevo dirti se posso eliminare suspectfile e mbr.exe..ti ricordo anche quel programma che mi hai promesso x poter caricare ecco la scansione di kaspersky
Monday, July 21, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, July 21, 2008 10:54:02
Records in database: 980119
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
E:\
F:\
Scan statistics
Files scanned 28820
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 00:31:38
File name Threat name Threats count
C:\WINDOWS\system32\IEDFix.C.exe Infected: Hoax.Win32.Renos.vaoz 1
The selected area was scanned. |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 21 Lug 2008 20:36 Oggetto: |
|
|
| ho trovato il file infetto in sistem32..che fo..lo elimino manualmente? |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 21 Lug 2008 20:51 Oggetto: |
|
|
Si eliminalo manualmente; e puoi eliminare anche quelli che hai citato;
Quì trovi le istruzioni per installare la Console di ripristino di emergenza.
L'ultima modifica di Sante62 il 21 Lug 2008 20:53, modificato 1 volta |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 21 Lug 2008 21:48 Oggetto: |
|
|
ho scaricato il programma..l ho messo in combofix e questo è il log
ComboFix 08-07-20.A0 - Proprietario 2008-07-21 21.23.44.13 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.446 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-06-21 al 2008-07-21 )))))))))))))))))))))))))))))))))))
.
2008-07-21 19:25 . 2008-07-21 20:08 <DIR> d-------- C:\Programmi\a-squared Free
2008-07-20 12:30 . 2008-07-20 12:30 66,048 --a------ C:\mbr.exe
2008-07-18 19:56 . 2008-07-19 12:56 <DIR> d-------- C:\Programmi\Google
2008-07-18 19:56 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-18 19:49 . 2008-07-18 19:49 <DIR> d-------- C:\Programmi\File comuni\Java
2008-07-15 17:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-15 17:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-15 17:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-15 10:25 . 2008-01-19 14:27 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-14 21:46 . 2008-07-14 21:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Phone Browser
2008-07-14 21:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-07-14 21:45 . 2008-07-14 21:45 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2008-07-14 21:31 . 2008-07-14 21:34 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-07-14 21:31 . 2008-07-14 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-07-12 20:33 . 2008-07-12 20:33 384 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-12 19:58 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-12 19:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-12 19:58 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-12 19:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-12 19:58 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-07 20:35 . 2008-07-07 20:35 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-07-07 20:19 . 2008-07-07 20:24 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-07-07 20:19 . 2005-04-15 20:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-07-07 20:19 . 2005-08-25 19:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-07-07 19:48 . 2008-07-07 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-06-27 20:40 . 2008-07-19 22:15 <DIR> d-------- C:\VEXPLITE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 17:56 --------- d-----w C:\Programmi\Java
2008-07-15 07:14 --------- d-----w C:\Programmi\Windows Live
2008-07-14 19:39 --------- d-----w C:\Programmi\MSN Messenger
2008-07-12 19:39 --------- d-----w C:\Programmi\backups
2008-07-12 16:51 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-27 18:27 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 11:38 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\Nokia
2008-06-06 11:37 --------- d-----w C:\Programmi\Nokia
2008-06-06 11:37 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\PC Suite
2008-06-06 11:36 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-06-06 11:36 --------- d-----w C:\Programmi\File comuni\Nokia
2008-05-30 17:29 --------- d-----w C:\Programmi\Siemens
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-10 19:44 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-09-13 20:10 9,679,815 ----a-w C:\Programmi\vlc-0.8.6c-win32.exe
2008-03-01 15:49 20,512 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-18 20:07 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 13:36 266497]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2004-11-25 00:27 32768]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ATI CATALYST System Tray.lnk]
[HKLM\~\startupfolder\^ntuser.dat]
path=\ntuser.dat
[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 21:43 331776 C:\Programmi\AGEIA Technologies\TrayIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2004-11-25 00:27 32768 C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-24 21:10 344064 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2005-03-31 09:30 1106944 C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2003-05-28 19:11 94208 C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
--a------ 2006-11-03 11:01 319488 C:\WINDOWS\PixArt\Pac207\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-03-22 09:39 167936 C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-04-20 09:57 847872 C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 19:19 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-03-21 04:23 46592 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GbpSv"=2 (0x2)
"NMIndexingService"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-07-12 18:51]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-07-19 20:59]
R3 PAC207;CIF USB Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-10 13:51]
R3 WLAN FVNETusb(R);WLAN FVNETusb(R) Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2002-08-06 16:38]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
*Newly Created Service* - A2FREE
*Newly Created Service* - CATCHME
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 21:24:34
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-07-21 21:26:30
ComboFix-quarantined-files.txt 2008-07-21 19:25:52
ComboFix2.txt 2008-07-21 19:14:47
Pre-Run: 20,276,486,144 byte disponibili
Post-Run: 20,263,157,760 byte disponibili
147 --- E O F --- 2008-07-18 11:27:46
hei..non mi da quella scritta rossa..poi in fondo vedo vista ma io ho scaricato la home..boh.. |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 21 Lug 2008 22:08 Oggetto: |
|
|
sono andato sul sito e forse ho scaricato quella giusta..ma mi sembra che un sia cambiato nulla
ComboFix 08-07-20.A0 - Proprietario 2008-07-21 21.59.55.14 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.506 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Proprietario\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((( Files Creati Da 2008-06-21 al 2008-07-21 )))))))))))))))))))))))))))))))))))
.
2008-07-21 19:25 . 2008-07-21 20:08 <DIR> d-------- C:\Programmi\a-squared Free
2008-07-18 19:56 . 2008-07-19 12:56 <DIR> d-------- C:\Programmi\Google
2008-07-18 19:56 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-18 19:49 . 2008-07-18 19:49 <DIR> d-------- C:\Programmi\File comuni\Java
2008-07-15 17:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-15 17:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-15 17:09 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-15 10:25 . 2008-01-19 14:27 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-14 21:46 . 2008-07-14 21:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Phone Browser
2008-07-14 21:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-07-14 21:45 . 2008-07-14 21:45 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2008-07-14 21:31 . 2008-07-14 21:34 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-07-14 21:31 . 2008-07-14 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-07-12 20:33 . 2008-07-12 20:33 384 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-12 19:58 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-12 19:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-12 19:58 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-12 19:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-12 19:58 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-07 20:35 . 2008-07-07 20:35 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-07-07 20:19 . 2008-07-07 20:24 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-07-07 20:19 . 2005-04-15 20:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-07-07 20:19 . 2005-08-25 19:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-07-07 19:48 . 2008-07-07 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-06-27 20:40 . 2008-07-19 22:15 <DIR> d-------- C:\VEXPLITE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 17:56 --------- d-----w C:\Programmi\Java
2008-07-15 07:14 --------- d-----w C:\Programmi\Windows Live
2008-07-14 19:39 --------- d-----w C:\Programmi\MSN Messenger
2008-07-12 19:39 --------- d-----w C:\Programmi\backups
2008-07-12 16:51 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-27 18:27 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 11:38 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\Nokia
2008-06-06 11:37 --------- d-----w C:\Programmi\Nokia
2008-06-06 11:37 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\PC Suite
2008-06-06 11:36 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-06-06 11:36 --------- d-----w C:\Programmi\File comuni\Nokia
2008-05-30 17:29 --------- d-----w C:\Programmi\Siemens
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-10 19:44 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-09-13 20:10 9,679,815 ----a-w C:\Programmi\vlc-0.8.6c-win32.exe
2008-03-01 15:49 20,512 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-18 20:07 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 13:36 266497]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2004-11-25 00:27 32768]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ATI CATALYST System Tray.lnk]
[HKLM\~\startupfolder\^ntuser.dat]
path=\ntuser.dat
[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 21:43 331776 C:\Programmi\AGEIA Technologies\TrayIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2004-11-25 00:27 32768 C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-24 21:10 344064 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2005-03-31 09:30 1106944 C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2003-05-28 19:11 94208 C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
--a------ 2006-11-03 11:01 319488 C:\WINDOWS\PixArt\Pac207\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-03-22 09:39 167936 C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-04-20 09:57 847872 C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 19:19 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-03-21 04:23 46592 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GbpSv"=2 (0x2)
"NMIndexingService"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-07-12 18:51]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-07-19 20:59]
R3 PAC207;CIF USB Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-10 13:51]
R3 WLAN FVNETusb(R);WLAN FVNETusb(R) Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2002-08-06 16:38]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 22:01:07
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-07-21 22:03:10
ComboFix-quarantined-files.txt 2008-07-21 20:02:46
Pre-Run: 20,317,810,688 byte disponibili
Post-Run: 20,288,266,240 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
152 --- E O F --- 2008-07-18 11:27:46 |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 21 Lug 2008 22:47 Oggetto: |
|
|
In che senso non è cambiato nulla?
Mi sembra sia andata a buon fine, la scritta rossa non c'è più...  |
|
| Top |
|
|
baciami
Semidio
Registrato: 02/09/07 15:40
Messaggi: 287
Residenza: toscana
|
| Inviato: 22 Lug 2008 12:55 Oggetto: |
 |
|
forse xchè x sbaglio ho eliminato windowsupdate da strumenti...opzioni internet..visualizza oggetti ? oppure xchè ho scaricato la nuova versione di msn messenger dove mi ha scaricato anche Wlinstaller? posso ora eliminare il programma che mi hai dato?..scusa se rompo  |
|
| Top |
|
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
