www.MegaLab.it

[pontelagolungo]

Ciao a tutti,
penso di essere infetto da bagle, ho già effettuato la scansione con kaspersky, spero mi possiate dare una mano, grazie in anticipo!

PS: le periferice audio non funzionano più, ho provato a reistallare i driver ma niente... la cosa è collegata?

PPS: il percorso C:\Documents and Settings\ELI\Desktop\ago è sicuro, non consideratelo.

[ste_95]

Disabilita il ripristino configurazione di sistema.

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\09MZOXE7\b64_1[1].jpg
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\7DHDFVKE\b64_2[1].jpg
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\7DHDFVKE\b64_2[2].jpg
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\8PKR4V8F\b64_1[1].jpg
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\AZ0FUL4B\b64_31[1].jpg
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\AZ0FUL4B\b64_31[2].jpg
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\E8508YYN\b64_1[1].jpg
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\E8508YYN\b64_31[1].jpg
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\FMSBZ1SL\b64_1[1].jpg
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\FMSBZ1SL\b64_31[1].jpg
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\IDWTK3Q3\b64_1[1].jpg
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\K1UZ8DQV\b64_2[1].jpg
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\K1UZ8DQV\b64_2[2].jpg
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\QHT2FU18\b64_2[1].jpg
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\QHT2FU18\b64_2[2].jpg
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\SDQRO9M3\b64_2[1].jpg
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\VP85JXWZ\b64_31[1].jpg
C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\WPQ32Z0H\b64_1[1].jpg
C:\RECYCLER\S-1-5-21-2311906047-1440991263-3533785322-1006\Dc9.rar
C:\Programmi\Windows Media Player\wmpnscfg.exe

Folders to delete:
C:\WINDOWS\system32\drivers\down
C:\Muestras

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Riscarica gli installer dei programmi di sicurezza e prova a reinstallare un antivirus.

[pontelagolungo]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ojpcfkai

*******************

Script file located at: \??\C:\agfgthup.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.
File C:\windows\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\mdelk.exe deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\09MZOXE7\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\7DHDFVKE\b64_2[1].jpg deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\7DHDFVKE\b64_2[2].jpg deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\8PKR4V8F\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\AZ0FUL4B\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\AZ0FUL4B\b64_31[2].jpg deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\E8508YYN\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\E8508YYN\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\FMSBZ1SL\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\FMSBZ1SL\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\IDWTK3Q3\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\K1UZ8DQV\b64_2[1].jpg deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\K1UZ8DQV\b64_2[2].jpg deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\QHT2FU18\b64_2[1].jpg deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\QHT2FU18\b64_2[2].jpg deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\SDQRO9M3\b64_2[1].jpg deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\VP85JXWZ\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\ELI\Impostazioni locali\Temporary Internet Files\Content.IE5\WPQ32Z0H\b64_1[1].jpg deleted successfully.


File C:\RECYCLER\S-1-5-21-2311906047-1440991263-3533785322-1006\Dc9.rar not found!
Deletion of file C:\RECYCLER\S-1-5-21-2311906047-1440991263-3533785322-1006\Dc9.rar failed!

Could not process line:
C:\RECYCLER\S-1-5-21-2311906047-1440991263-3533785322-1006\Dc9.rar
Status: 0xc0000034

File C:\Programmi\Windows Media Player\wmpnscfg.exe deleted successfully.
Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Folder C:\Muestras deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Sembra che abbia funzionato, sono riuscito a rinstallare antivirus, antifirewall ecc. (seguendo l'articolo di crazy.cat sulla sicurezza). La periferica audio funziona nuovamente. Grazie ancora a Ste_95 che è stato velocissimo ed efficacissimo nel rispondermi, grazie a crazy.cat per l'articolo sulla sicurezza. Grazieee!!!

[ste_95]

Ripristina anche la modalità provvisoria utilizzando questo file.