Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

script avenger per rimuovere virus

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

script avenger per rimuovere virus

Messaggioda mari80 » ven mar 20, 2009 3:01 pm

Ciao a tutti! ho bisogno del vostro aiuto perché ho combinato un guaio nel mio pc! ho avviato un programma scaricato da emule senza prima aver fatto la scansione con avast e, improvvisamente si è riavviato il pc. nella nuova sessione avviata l'antivirus è disattivato,non mi fa installare nuovi antivirus, è scomparsa una cartella dal desktop,i suoni non si sentono più.l'unica cosa che son riuscita a fare tramite chiavetta usb, è stata una scansione con avast virus cleaner di cui vi allego il log:
20/03/2009, 14.12.29
Memory scanning started...
No virus body found in memory.
Memory scanning finished (2,2s).
----------
Files scanning started...
C:\i386\ntoskrnl.exe... file could not be scanned!
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe... file could not be scanned!
C:\WINDOWS\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe... file could not be scanned!
C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe... file could not be scanned!
C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe... file could not be scanned!
C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe... file could not be scanned!
C:\WINDOWS\$NtUninstallKB896256$\ntoskrnl.exe... file could not be scanned!
C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe... file could not be scanned!
C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe... file could not be scanned!
C:\WINDOWS\$NtUninstallKB956841_0$\ntoskrnl.exe... file could not be scanned!
C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe... file could not be scanned!
C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe... file could not be scanned!
No virus body found.
Files scanning finished (120796 files, 0 infected, 1378,8s).
Drives scanned: C: D:
----------

a questo punto,leggendo altri post,la cosa che dovrei fare per salvare il recuperabile,è provare con avenger, ma
non so quali script inserire nn essendo esperta.vi chiedo perciò se gentilmente mi potreste aiutare scrivendomi gli script da inserire.grazie mille anticipatamente
Avatar utente
mari80
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: ven mar 20, 2009 2:30 pm

Re: script avenger per rimuovere virus

Messaggioda Amantide » ven mar 20, 2009 3:57 pm

Scarica FindyKill (by Chiquitine29)ed installalo (è in francese però è di facile comprensione).
Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 2 e premi Invio. Attendi il termine della scansione e posta qui il log che trovi in C:\FindyKill.txt
Scarica anche ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: script avenger per rimuovere virus

Messaggioda mari80 » ven mar 20, 2009 4:17 pm

ok,sto scaricando entrambi e non appena ho i report te li mando.comunque non mi fa neppure collegare ad internet,sono collegata da un altro pc.a presto e grazie
Avatar utente
mari80
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: ven mar 20, 2009 2:30 pm


Re: script avenger per rimuovere virus

Messaggioda mari80 » ven mar 20, 2009 5:02 pm

ho effettuato la scansione con findykill e allego il log,ma con combofix nn mi fa effettuare nessuna operazione pur rinominandolo.mi esce la finestra "non è un'applicazione di win32 valida".come procedo?

############################## [ FindyKill V4.720 ]

# User : Acer (Administrators) # ACER-6618B8BBB0
# Update on 19/03/09 by Chiquitine29
# Start at: 16.26.54 | 20/03/2009

# Intel(R) Pentium(R) 4 CPU 3.20GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled

# C:\ # Disco rigido locale # 146,36 Go (72,84 Go free) [ACER] # NTFS
# D:\ # Disco rigido locale # 146,81 Go (146,81 Go free) [ACERDATA] # FAT32
# E:\ # Disco CD-ROM
# F:\ # Disco rimovibile # 1,91 Go (1,11 Go free) # FAT32
# G:\ # Disco rimovibile
# H:\ # Disco rimovibile
# I:\ # Disco rimovibile
# L:\ # Disco rimovibile

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Acer\Acer eMode Management\AspireService.exe
C:\Programmi\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Acer TV-FM\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Acer\Dati applicazioni\drivers\winupgro.exe
C:\Programmi\File comuni\Teleca Shared\CapabilityManager.exe
C:\Programmi\File comuni\Teleca Shared\Generic.exe
C:\Programmi\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected processes stopped ]

"C:\Documents and Settings\Acer\Dati applicazioni\drivers\winupgro.exe" (2060)

################## [ Infected Files / Folders C:\ ]


################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\system32 ]


################## [ C:\WINDOWS\system32\drivers ]

Deleted ! - "C:\WINDOWS\system32\drivers\downld"

################## [ C:\.. Application Data ... ]

Deleted ! - "C:\Documents and Settings\Acer\Dati applicazioni\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Acer\Dati applicazioni\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\Acer\Dati applicazioni\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\Acer\Dati applicazioni\drivers\downld"
Deleted ! - "C:\Documents and Settings\Acer\Dati applicazioni\drivers"

################## [ Registry / Infected keys ]

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\FirstRRRun
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\MsnMsgr
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\nideiect
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! - HKEY_USERS\S-1-5-21-2409790277-3203485202-3212880453-1006\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"

################## [ Cleaning Removable drives ]

# Deleting files :


################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Documents and Settings\Acer\Dati applicazioni\drivers\winupgro.exe
CRC32 .. : 98cd94c0
MD5 .... : e21ec999865e495217e56b8a043dd65f

Deleted ! : C:\Programmi\MSN Messenger\msnmsgr.exe
# Taille : 806912 # MD5 : E21EC999865E495217E56B8A043DD65F


################## [ PEH Corrupted ]

C:\Documents and Settings\Acer\Desktop\varie\software\antivirus e sicurezza\ZoneAlarm.exe
C:\Documents and Settings\Acer\Impostazioni locali\Temp\NAV15.0.0.58\NAV\External\CommonFi\PIF_96E2\PIFSvc.exe
C:\Documents and Settings\Acer\Impostazioni locali\Temp\NAV15.0.0.58\NAV\External\NORTON\APP\NavShcom.exe
C:\Documents and Settings\Acer\Impostazioni locali\Temp\NAV15.0.0.58\NAV\External\NORTON\APP\Navw32.exe
C:\Documents and Settings\Acer\Impostazioni locali\Temp\NAV15.0.0.58\NAV\External\NORTON\APP\Navwnt.exe
C:\Documents and Settings\Acer\Impostazioni locali\Temp\NAV15.0.0.58\NAV\External\NORTON\APP\nisoptui.exe
C:\Documents and Settings\Acer\Impostazioni locali\Temp\NAV15.0.0.58\NAV\External\NORTON\APP\osCheck.exe
C:\Documents and Settings\Acer\Impostazioni locali\Temp\NAV15.0.0.58\Support\ccCommon\ccCommon\ccApp.exe
C:\Documents and Settings\Acer\Impostazioni locali\Temp\NAV15.0.0.58\Support\ccCommon\ccCommon\ccEvtMgr.exe
C:\Documents and Settings\Acer\Impostazioni locali\Temp\NAV15.0.0.58\Support\ccCommon\ccCommon\ccSetMgr.exe
C:\Documents and Settings\Acer\Impostazioni locali\Temp\NAV15.0.0.58\Support\ccCommon\ccCommon\ccSvcHst.exe
C:\Documents and Settings\Acer\Impostazioni locali\Temp\NAV15.0.0.58\Support\LUpdate\WLUEX\AUPDATE.EXE
C:\Documents and Settings\Acer\Impostazioni locali\Temp\NAV15.0.0.58\Support\LUpdate\WLUEX\LUALL.EXE
C:\Documents and Settings\Acer\Impostazioni locali\Temp\NAV15.0.0.58\Support\LUpdate\WLUEX\LUCheck.exe
C:\Documents and Settings\Acer\Impostazioni locali\Temp\NAV15.0.0.58\Support\LUpdate\WLUEX\LuConfig.EXE
C:\Documents and Settings\Acer\Impostazioni locali\Temp\NAV15.0.0.58\Support\LUpdate\WLUEX\NotifyHA.exe
C:\Documents and Settings\Acer\Impostazioni locali\Temp\NAV15.0.0.58\Support\Remover\Remover.exe
C:\Documents and Settings\Acer\Impostazioni locali\Temp\NAV15.0.0.58\Support\uiNPC\uiNPC\NPC\isUAC.exe
C:\Program Files\TryBeforeBuy\SharewareTetrisXP!\Register.exe
C:\Programmi\Alwil Software\Avast4\ashAvast.exe
C:\Programmi\Alwil Software\Avast4\ashChest.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Alwil Software\Avast4\ashLogV.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashPopWz.exe
C:\Programmi\Alwil Software\Avast4\ashQuick.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Alwil Software\Avast4\ashSimp2.exe
C:\Programmi\Alwil Software\Avast4\ashSimpl.exe
C:\Programmi\Alwil Software\Avast4\ashSkPcc.exe
C:\Programmi\Alwil Software\Avast4\ashSkPck.exe
C:\Programmi\Alwil Software\Avast4\ashUpd.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\aswRegSvr.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\copyx64.exe
C:\Programmi\Alwil Software\Avast4\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avcenter.exe
C:\Programmi\AntiVir PersonalEdition Classic\avcmd.exe
C:\Programmi\AntiVir PersonalEdition Classic\avconfig.exe
C:\Programmi\AntiVir PersonalEdition Classic\avesvc.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avmailc.exe
C:\Programmi\AntiVir PersonalEdition Classic\avnotify.exe
C:\Programmi\AntiVir PersonalEdition Classic\avscan.exe
C:\Programmi\AntiVir PersonalEdition Classic\guardgui.exe
C:\Programmi\AntiVir PersonalEdition Classic\licmgr.exe
C:\Programmi\AntiVir PersonalEdition Classic\preupd.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\update.exe
C:\Programmi\File comuni\NewTech Infosystems\LiveUpdate\LiveUpdate.exe
C:\Programmi\Jasc Software Inc\Paint Shop Pro 8\register.exe
C:\Programmi\Jasc Software Inc\Paint Shop Pro 9\register.exe
C:\WINDOWS\$hf_mig$\KB867282\update\update.exe
C:\WINDOWS\$hf_mig$\KB873333\update\update.exe
C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
C:\WINDOWS\$hf_mig$\KB883939\update\update.exe
C:\WINDOWS\$hf_mig$\KB885250\update\update.exe
C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
C:\WINDOWS\$hf_mig$\KB888113\update\update.exe
C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
C:\WINDOWS\$hf_mig$\KB890047\update\update.exe
C:\WINDOWS\$hf_mig$\KB890175\update\update.exe
C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
C:\WINDOWS\$hf_mig$\KB890923\update\update.exe
C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
C:\WINDOWS\$hf_mig$\KB893086\update\update.exe
C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
C:\WINDOWS\$hf_mig$\KB896422\update\update.exe
C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
C:\WINDOWS\$hf_mig$\KB896424\update\update.exe
C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
C:\WINDOWS\$hf_mig$\KB896727\update\update.exe
C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
C:\WINDOWS\$hf_mig$\KB899588\update\update.exe
C:\WINDOWS\$hf_mig$\KB899589\update\update.exe
C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
C:\WINDOWS\$hf_mig$\KB901190\update\update.exe
C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
C:\WINDOWS\$hf_mig$\KB904706\update\update.exe
C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
C:\WINDOWS\$hf_mig$\KB905915\update\update.exe
C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
C:\WINDOWS\$hf_mig$\KB911567\update\update.exe
C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
C:\WINDOWS\$hf_mig$\KB912919\update\update.exe
C:\WINDOWS\$hf_mig$\KB913446\update\update.exe
C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
C:\WINDOWS\$hf_mig$\KB917422\update\update.exe
C:\WINDOWS\$hf_mig$\KB917953\update\update.exe
C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
C:\WINDOWS\$hf_mig$\KB920214\update\update.exe
C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
C:\WINDOWS\$hf_mig$\KB921398\update\update.exe
C:\WINDOWS\$hf_mig$\KB922582\update\update.exe
C:\WINDOWS\$hf_mig$\KB922616\update\update.exe
C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
C:\WINDOWS\$hf_mig$\KB924191\update\update.exe
C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
C:\WINDOWS\$hf_mig$\KB925486\update\update.exe
C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB938464\update\update.exe
C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
C:\WINDOWS\$hf_mig$\KB946648\update\update.exe
C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
C:\WINDOWS\$hf_mig$\KB953838\update\update.exe
C:\WINDOWS\$hf_mig$\KB953839\update\update.exe
C:\WINDOWS\$hf_mig$\KB954211\update\update.exe
C:\WINDOWS\$hf_mig$\KB954459\update\update.exe
C:\WINDOWS\$hf_mig$\KB954600\update\update.exe
C:\WINDOWS\$hf_mig$\KB955069\update\update.exe
C:\WINDOWS\$hf_mig$\KB955839\update\update.exe
C:\WINDOWS\$hf_mig$\KB956391\update\update.exe
C:\WINDOWS\$hf_mig$\KB956802\update\update.exe
C:\WINDOWS\$hf_mig$\KB956803\update\update.exe
C:\WINDOWS\$hf_mig$\KB956841\update\update.exe
C:\WINDOWS\$hf_mig$\KB957095\update\update.exe
C:\WINDOWS\$hf_mig$\KB957097\update\update.exe
C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB958644\update\update.exe
C:\WINDOWS\$hf_mig$\KB958687\update\update.exe
C:\WINDOWS\$hf_mig$\KB958690\update\update.exe
C:\WINDOWS\$hf_mig$\KB960225\update\update.exe
C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB960715\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\0cadd804d72dcda3e7e8a6bb9f8a85a4\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\0d07e0cdbff4709645248c151176b53e\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\3de0c26c72d2b7698916a50ad7e8ebe3\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\4b06f068070d1d232a46523ef409a2b1\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\68502b41c070654062f3542cea08de77\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\6cdcc41c09e52fe4f90d12333903527b\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\7175532f3a4c1a04d91dd08d371d9c2f\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\7786b1f59f09a74654c49611283ea0bc\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\9b9cc050ca09fd43926fc2c462ca6d53\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\9e41cf3f12eae1b0cf84b89dd2fa08cd\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\ca86f91b965b9d2ea4258137e8cca517\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\d438b03f1b70834ffcc716e86837bb59\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\dde2fb446a3ee9d6238fe7d9f9e9f462\update\update.exe
C:\WINDOWS\system32\dllcache\register.exe
F:\Nuova cartella\ComboFix.exe

################## [ ! End of Report # FindyKill V4.720 ! ]
Avatar utente
mari80
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: ven mar 20, 2009 2:30 pm

Re: script avenger per rimuovere virus

Messaggioda Amantide » ven mar 20, 2009 5:10 pm

Nel log di Findykill si vede che Bagle è stato rimosso, per caso ghai provato ad avviare Combofix prima di eseguire Findykill?

Proviamo a disinstallarlo e rieseguirlo daccapo.
Vai su Start>> Esegui>> digita combofix /u e premi Invio.

Ora riscarica Combofix e prova a riavviarlo.

P.S. Comunque a questo punto dovresti poter reinstallare anche l'antivirus, e questa volta ti consiglierei di provare con Antivir [^]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: script avenger per rimuovere virus

Messaggioda mari80 » ven mar 20, 2009 5:31 pm

ho seguito alla lettera le tue istruzioni:prima findykill e poi combofix.comunque ho scritto in esegui combofix/u e mi dice impossibile trovare il file.ho provato nuovamente ad avviarlo e mi dice sempre "non è un'applicazione win32 valida".una cosa positiva è avvenuta però:i suoni son tornati! cos'altro dovrei fare?perché provo ad aprire l'antivirus e mi dice sempre "non è un'applicazione win32 valida".non dovrei,a questo punto utilizzare avenger?
Avatar utente
mari80
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: ven mar 20, 2009 2:30 pm

Re: script avenger per rimuovere virus

Messaggioda Amantide » ven mar 20, 2009 5:54 pm

mari80 ha scritto:cos'altro dovrei fare?perché provo ad aprire l'antivirus e mi dice sempre "non è un'applicazione win32 valida".

Come ti avevo scritto prima, l'antivirus dev'essere reinstallato. Reinstallalo ed esegui la scansione completa per rimuovere gli eventuali residui.

mari80 ha scritto:non dovrei,a questo punto utilizzare avenger?

No. Questo era il vecchio metodo di rimozione, ora sostituito da Findykill.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: script avenger per rimuovere virus

Messaggioda mari80 » ven mar 20, 2009 6:05 pm

il problema sembra risolto! ho installato avira e si è avviato automaticamente lo scan. MILLE GRAZIE PER LA DISPONIILITà E LA PROFESSIONALITà!!!
Avatar utente
mari80
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: ven mar 20, 2009 2:30 pm

Re: script avenger per rimuovere virus

Messaggioda luan88 » ven mar 20, 2009 7:34 pm

ho letto il post e ho scaricato entrambi i programmi ... se vi inserisco i file .txt potete aiutarmi?! ho lo stesso problema e vorrei risolverlo al piu' presto!


############################## [ FindyKill V4.720 ]

# User : Gino (Administrators) # GINO-DB9E6BDD11
# Update on 19/03/09 by Chiquitine29
# Start at: 19.05.39 | 20/03/2009

# AMD Sempron(tm) Processor 2600+
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 74,52 Go (67,41 Go free) # NTFS
# D:\ # Disco CD-ROM

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\documents and settings\gino\impostazioni locali\dati applicazioni\atfbm.exe
C:\Documents and Settings\Gino\Dati applicazioni\drivers\winupgro.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Documents and Settings\Gino\Dati applicazioni\m\flec006.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected processes stopped ]

"C:\Documents and Settings\Gino\Dati applicazioni\drivers\winupgro.exe" (704)
"C:\Documents and Settings\Gino\Dati applicazioni\m\flec006.exe" (4016)
"C:\WINDOWS\system32\wintems.exe" (2804)

################## [ Infected Files / Folders C:\ ]


################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\system32 ]

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

Deleted ! - "C:\WINDOWS\system32\drivers\down"

################## [ C:\.. Application Data ... ]

Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m\list.oct"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m\data.oct"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m\srvlist.oct"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m\shared"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\m"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\drivers\downld"
Deleted ! - "C:\Documents and Settings\Gino\Dati applicazioni\drivers"

################## [ Registry / Infected keys ]

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-1757981266-261903793-1417001333-1003\Software\MuleAppData
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! - HKEY_USERS\S-1-5-21-1757981266-261903793-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! - HKEY_USERS\S-1-5-21-1757981266-261903793-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Deleted ! - HKEY_USERS\S-1-5-21-1757981266-261903793-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

################## [ Cleaning Removable drives ]

# Deleting files :


################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Documents and Settings\Gino\Dati applicazioni\drivers\winupgro.exe
CRC32 .. : d8f3958d
MD5 .... : 23df44d298f1a9fd16fa87cfeefcc65f

Deleted ! : [15cd9751] C:\Programmi\eMule\Incoming\PC Sport 2008 7.0.0.12(4).zip

Deleted ! : C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
# Taille : 806912 # MD5 : 23DF44D298F1A9FD16FA87CFEEFCC65F


################## [ PEH Corrupted ]

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
C:\WINDOWS\system32\dllcache\sysinfo.exe

################## [ ! End of Report # FindyKill V4.720 ! ]



ComboFix 09-03-19.02 - Gino 2009-03-20 19.18.15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.255.88 [GMT 1:00]
Eseguito da: c:\documents and settings\Gino\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gino\Impostazioni locali\Dati applicazioni\atfbm.dat
c:\documents and settings\Gino\Impostazioni locali\Dati applicazioni\atfbm.exe
c:\documents and settings\Gino\Impostazioni locali\Dati applicazioni\atfbm_nav.dat
c:\documents and settings\Gino\Impostazioni locali\Dati applicazioni\atfbm_navps.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\aplib.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-02-20 al 2009-03-20 )))))))))))))))))))))))))))))))))))
.

2009-03-20 19:03 . 2009-03-20 19:10 <DIR> d-------- c:\programmi\FindyKill
2009-03-20 18:25 . 2009-03-20 18:25 <DIR> d-------- c:\programmi\Trend Micro
2009-03-20 18:05 . 2009-03-20 18:05 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\AVGTOOLBAR
2009-03-20 16:45 . 2009-03-20 16:45 <DIR> d---s---- c:\documents and settings\utente\UserData
2009-03-19 16:37 . 2009-03-19 16:37 <DIR> d-------- c:\programmi\Pirelli
2009-03-19 16:37 . 2004-04-20 16:24 52,864 --a------ c:\windows\system32\drivers\CnxTrUsb.sys
2009-03-19 16:37 . 2004-04-20 16:24 25,984 --a------ c:\windows\system32\drivers\CnxTrLan.sys
2009-03-19 16:36 . 2009-03-19 16:41 <DIR> d-------- c:\programmi\Alice ti aiuta
2009-03-19 16:30 . 2009-03-19 16:30 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\Motive
2009-03-13 17:25 . 2001-08-30 23:08 99,328 --a------ c:\windows\system32\srusd.dll
2009-03-13 17:25 . 2001-08-30 23:08 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll
2009-03-13 17:25 . 2001-08-30 23:07 71,680 --a------ c:\windows\system32\fnfilter.dll
2009-03-13 17:25 . 2001-08-30 23:07 71,680 --a--c--- c:\windows\system32\dllcache\fnfilter.dll
2009-03-13 17:25 . 2001-08-30 22:28 6,912 --a------ c:\windows\system32\drivers\serscan.sys
2009-03-13 17:25 . 2001-08-30 22:28 6,912 --a--c--- c:\windows\system32\dllcache\serscan.sys
2009-03-13 17:22 . 2001-08-17 22:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-03-13 17:22 . 2001-08-17 22:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-03-13 17:21 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-13 17:21 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-03-13 17:21 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-03-13 17:21 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-20 17:13 . 2004-08-30 21:00 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\WindowsShell.Manifest
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-02-20 17:11 . 2009-02-20 17:11 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-02-20 17:11 . 2009-02-20 17:11 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-02-20 17:04 . 2004-08-30 21:00 1,086,058 -ra------ c:\windows\SET33.tmp
2009-02-20 17:04 . 2004-08-30 21:00 1,014,202 -ra------ c:\windows\SET30.tmp
2009-02-20 17:04 . 2004-08-30 21:00 14,043 -ra------ c:\windows\SET3F.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 17:36 --------- d-----w c:\programmi\BitComet
2009-03-20 17:09 --------- d-----w c:\programmi\Euro Gunz Client 8.5.6
2009-03-20 17:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-03-19 15:36 --------- d-----w c:\programmi\Motive
2009-03-19 10:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-02-20 16:31 --------- d-----w c:\programmi\eMule
2009-02-20 16:26 --------- d-----w c:\programmi\GV Principessa Casino
2009-02-20 15:50 --------- d-----w c:\documents and settings\Gino\Dati applicazioni\CasinoOnNet
2009-02-20 08:45 --------- d-----w c:\programmi\Alwil Software
2009-02-19 11:23 --------- d-----w c:\programmi\Google
2009-02-18 14:36 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-02-13 20:07 --------- d-----w c:\documents and settings\Gino\Dati applicazioni\AVGTOOLBAR
2009-02-08 11:34 --------- d-----w c:\programmi\Crea i tuoi calendari!
2009-02-08 11:30 8 --sha-w c:\programmi\.drv120405.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.data211204.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.data211004.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.data110704.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.dat000002.dat
2009-02-08 11:30 8 --sha-w c:\programmi\.dat000001.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.drv190904.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.drv120205.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.data001.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.data000.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.app190905.dat
2009-02-08 11:30 8 --sha-w c:\documents and settings\Gino\Dati applicazioni\.addit001.dat
2009-02-08 11:22 --------- d-----w c:\programmi\Eazel-IT
2009-02-08 11:16 --------- d-----w c:\programmi\Conduit
2009-02-08 10:09 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-02 16:09 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-02-01 14:39 --------- d-----w c:\documents and settings\Gino\Dati applicazioni\Motive
2009-02-01 11:52 --------- d-----w c:\programmi\Messenger Plus! Live
2009-01-31 14:41 155,995 ----a-w c:\windows\java\Packages\2CTV5R3X.ZIP
2009-01-31 14:41 --------- d-----w c:\programmi\Common Files
2009-01-31 14:40 --------- d-----w c:\programmi\Telecom Italia
2009-01-28 15:32 --------- d-----w c:\programmi\Windows Live SkyDrive
2009-01-28 15:32 --------- d-----w c:\programmi\Windows Live
2009-01-28 15:32 --------- d-----w c:\programmi\Microsoft
2009-01-28 15:27 --------- d-----w c:\programmi\File comuni\Windows Live
2009-01-28 13:55 --------- d-----w c:\programmi\D-Link
2009-01-28 12:01 --------- d-----w c:\programmi\SereneScreen
2009-01-28 11:58 --------- d-----w c:\programmi\File comuni\Adobe
2009-01-28 11:54 --------- d-----w c:\programmi\Microsoft.NET
2009-01-28 11:54 --------- d-----w c:\programmi\Microsoft Works
2009-01-28 11:48 --------- d-----w c:\programmi\File comuni\Ahead
2009-01-28 11:48 --------- d-----w c:\documents and settings\Gino\Dati applicazioni\Ahead
2009-01-28 11:47 --------- d-----w c:\programmi\Nero
2009-01-28 11:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2009-01-28 11:22 --------- d-----w c:\programmi\File comuni\InstallShield
2009-01-28 11:22 --------- d-----w c:\programmi\AMD
2009-01-28 10:38 --------- d-----w c:\programmi\microsoft frontpage
2009-01-28 10:36 --------- d-----w c:\programmi\Servizi in linea
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdc465a-cf20-4b82-9a26-47c9dc52fa32}"= "c:\programmi\Eazel-IT\tbEaze.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{ecdc465a-cf20-4b82-9a26-47c9dc52fa32}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-30 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"CnxTrApp"="c:\programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll" [2004-04-20 247296]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-30 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-03-19 212992]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\permchk32]
2005-02-08 13:43 12800 c:\windows\system32\permchk32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\BitComet\\BitComet.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17564:TCP"= 17564:TCP:BitComet 17564 TCP
"17564:UDP"= 17564:UDP:BitComet 17564 UDP
"4452:TCP"= 4452:TCP:messenger

R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [2009-01-28 29696]
S2 permchk32;MSWC Permission Checker;rundll32.exe c:\windows\system32\permchk32.dll,ocib --> rundll32.exe c:\windows\system32\permchk32.dll,ocib [?]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - IP6FW
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-20 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-08 11:36]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - c:\programmi\PHPNukeIT\tbPHP0.dll
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-atfbm - c:\documents and settings\gino\impostazioni locali\dati applicazioni\atfbm.exe


.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {1F4D7DBD-4AB9-4C13-AE96-C5CAA2826563} = 85.37.17.49 85.38.28.91
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 19:19:35
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\permchk32.dll
.
Ora fine scansione: 2009-03-20 19.21.09
ComboFix-quarantined-files.txt 2009-03-20 18:20:55

Pre-Run: 72.696.131.584 byte disponibili
Post-Run: 73,791,578,112 byte disponibili

175



aspetto una risposta....grazie 1000 anticipatamente!!! [:)]
Avatar utente
luan88
Neo Iscritto
Neo Iscritto
 
Messaggi: 10
Iscritto il: ven mar 20, 2009 6:58 pm

Re: script avenger per rimuovere virus

Messaggioda ste_95 » ven mar 20, 2009 7:54 pm

luan88 ha scritto:ho letto il post e ho scaricato entrambi i programmi ... se vi inserisco i file .txt potete aiutarmi?! ho lo stesso problema e vorrei risolverlo al piu' presto!

Basta un topic
post415731.html#p415731 [;)]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 19 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising