altri problemi!
come devo fare per rimuovere anche i seguenti virus:
JS/Tweet
Worm/AutoRun.BB
JS/Obfuscated
Trojan Generic17.BTPZ
altri problemi!
come devo fare per rimuovere anche i seguenti virus:
JS/Tweet
Worm/AutoRun.BB
JS/Obfuscated
Trojan Generic17.BTPZ
scarica combofix sul desktop ed eseguilo
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.
carica il rapporto su un server, non incollarlo
l'unico virus ancora rimasto (segnalatomi da AVG free) dopo l'utilizzo (forse errato: non ho disattivato il mio antivirus) di Combofix è
Trojan Generic17.BTPZ
che faccio. Insisto con combofix (nell'utilizzo corretto dopo aver disattivato il mio antivirus)
Sto cercando di inviare il report
posso incollarlo su queste pagine?
ciao
carica il report qui
ti è arrivato?
ciao,
se non lo posti non posso vederlo....
ho riprovato
fammi sapere
ciao
ramtut devi postarmi il rapporto se vuoi che lo legga
non credi???
eccone di seguito il contenuto:
ComboFix 10-05-09.04 - Administrator 08/05/2010 9.54.56.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.204 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
c:\windows\system32\Cache
c:\windows\system32\mswmpdat.tlb
c:\windows\system32\win32extension.dll
c:\windows\system32\winview.ocx
D:\Autorun.inf
.
original MBR restored successfully !
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Files Creati Da 2010-04-08 al 2010-05-08 )))))))))))))))))))))))))))))))))))
.
2010-05-08 07:44 . 2010-05-08 07:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2010-05-05 14:21 . 2010-05-05 14:21 -------- d-----w- c:\programmi\File comuni\PersonSecurityUninstall
2010-05-05 14:20 . 2010-05-05 14:21 -------- d-----w- c:\programmi\PersonSecurity
2010-05-04 09:16 . 2010-05-04 09:16 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-04-14 06:30 . 2010-03-05 18:46 465408 -c----w- c:\windows\system32\dllcache\smtpsvc.dll
2010-04-13 06:25 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-05-08 07:44 . 2009-11-05 09:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-04-21 07:33 . 2009-03-12 17:27 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-04 16:25 . 2009-06-23 15:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVG Security Toolbar
2010-03-28 08:08 . 2001-08-31 14:00 420138 ----a-w- c:\windows\system32\perfh010.dat
2010-03-28 08:07 . 2001-08-31 14:00 73512 ----a-w- c:\windows\system32\perfc010.dat
2010-03-25 07:24 . 2008-07-09 08:59 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\AdobeUM
2010-03-13 10:03 . 2010-03-13 10:03 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 10:03 . 2008-11-15 07:48 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 09:59 . 2009-03-12 17:27 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 12:30 . 2008-04-13 19:13 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:30 . 2008-04-13 19:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:30 . 2008-04-13 19:13 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2008-04-13 19:13 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2008-04-13 12:17 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:05 . 2008-04-13 18:55 2193664 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2008-04-13 18:55 2070528 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-13 19:13 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-13 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 ----a-w- c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-13 177152]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_0 6\bin\jusched.exe" [2005-11-10 36975]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 88363]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Avvio veloce di Microsoft Office OneNote 2003.lnk - c:\programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-8-6 51776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 10:03 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7434:TCP"= 7434:TCP:Services
"7435:TCP"= 7435:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/03/2009 19.27.42 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/03/2009 19.27.43 242896]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [13/03/2010 12.03.14 308064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenuto della cartella 'Scheduled Tasks'
2010-05-07 c:\windows\Tasks\User_Feed_Synchronization-{1E8B2898-927D-452B-85B4-D2DE9AB3C3FD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.repubblica.it/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-AVG7_CC - c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-PersonSecurity - c:\programmi\PersonSecurity\psecurity.exe
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 10:05
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
************************************************** ************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(3104)
c:\windows\system32\WININET.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\windows\ALCXMNTR.EXE
c:\windows\AGRSMMSG.exe
c:\programmi\Java\jre1.5.0_06\bin\jucheck.exe
.
************************************************** ************************
.
Ora fine scansione: 2010-05-08 10:18:50 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-05-08 08:18
Pre-Run: 46.029.422.592 byte disponibili
Post-Run: 46.432.595.968 byte disponibili
- - End Of File - - E3739486540C0ACEAE4F433A269708D0
Permessi di invio
Rispondi quotando