Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

rimuovere Bagle

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

rimuovere Bagle

Messaggioda Teo_cool » gio apr 02, 2009 6:25 pm

salve...mi sono beccato questo "simpatico" virus!! vi prego aiutatemi ditemi cosa devo fare!! ciao
Avatar utente
Teo_cool
Aficionado
Aficionado
 
Messaggi: 32
Iscritto il: mar nov 04, 2008 7:02 pm

Re: rimuovere Bagle

Messaggioda ste_95 » gio apr 02, 2009 6:38 pm

«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: rimuovere Bagle

Messaggioda Teo_cool » ven apr 03, 2009 1:09 pm

purtroppo con FindyKill non go risolto...avenger non parte....cosa altro posso usare??
Avatar utente
Teo_cool
Aficionado
Aficionado
 
Messaggi: 32
Iscritto il: mar nov 04, 2008 7:02 pm


Re: rimuovere Bagle

Messaggioda ste_95 » ven apr 03, 2009 1:11 pm

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: rimuovere Bagle

Messaggioda Teo_cool » ven apr 03, 2009 1:55 pm

ComboFix 09-04-01.01 - hp 2009-04-03 14.48.31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2046.1407 [GMT 2:00]
Eseguito da: c:\documents and settings\hp\Desktop\hhh.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\PeerGuardian2\pg2.exe
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\w32apiw.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-03-03 al 2009-04-03 )))))))))))))))))))))))))))))))))))
.

2009-04-03 14:40 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-04-02 20:17 . 2009-04-02 20:32 <DIR> d-------- C:\FindyKill
2009-04-02 20:10 . 2009-04-02 20:10 <DIR> d-------- c:\programmi\Spyware Doctor
2009-04-02 20:10 . 2009-04-02 20:10 <DIR> d-------- c:\documents and settings\hp\Dati applicazioni\PC Tools
2009-04-02 20:10 . 2008-06-10 21:22 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-04-02 20:10 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-04-02 20:08 . 2009-04-02 20:08 <DIR> d-------- c:\programmi\Google
2009-04-02 20:08 . 2009-04-03 14:05 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-04-02 19:39 . 2009-04-02 19:39 <DIR> d-------- c:\windows\Sun
2009-04-02 18:38 . 2009-04-03 14:35 <DIR> d-------- c:\programmi\NetScream
2009-03-31 15:27 . 2009-04-03 14:49 <DIR> d-------- c:\programmi\PeerGuardian2
2009-03-31 14:39 . 2009-03-31 14:39 <DIR> d-------- c:\documents and settings\hp\Dati applicazioni\PCToolsFirewallPlus
2009-03-31 14:37 . 2009-04-01 14:49 <DIR> d-------- c:\programmi\File comuni\PC Tools
2009-03-30 20:19 . 2009-03-30 20:19 108,336 --a------ c:\windows\system32\mswinsck.ocx
2009-03-30 17:02 . 2009-03-30 17:02 <DIR> d-------- c:\documents and settings\hp\Dati applicazioni\nCleaner
2009-03-30 17:01 . 2009-03-30 17:01 <DIR> d--hs---- c:\documents and settings\hp\IECompatCache
2009-03-30 16:14 . 2009-03-30 16:14 <DIR> d-------- c:\documents and settings\hp\Dati applicazioni\OpenOffice.org
2009-03-30 14:31 . 2009-03-30 19:52 <DIR> d-------- c:\programmi\GridinSoft Trojan Killer
2009-03-29 16:45 . 2009-03-29 16:45 <DIR> d-------- c:\programmi\KONAMI
2009-03-29 16:19 . 2009-04-02 14:22 <DIR> d-------- c:\documents and settings\hp\Dati applicazioni\Hamachi
2009-03-29 16:18 . 2009-03-29 16:19 <DIR> d-------- c:\programmi\Hamachi
2009-03-29 16:18 . 2009-03-29 16:18 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2009-03-27 16:25 . 2009-03-27 16:25 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2009-03-27 16:25 . 2009-03-27 16:25 <DIR> d-------- c:\documents and settings\hp\Dati applicazioni\SUPERAntiSpyware.com
2009-03-25 21:07 . 2009-03-25 21:07 <DIR> d--hs---- c:\documents and settings\hp\PrivacIE
2009-03-25 20:12 . 2009-03-25 20:12 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-25 20:10 . 2009-03-25 20:10 <DIR> d--hs---- c:\documents and settings\hp\IETldCache
2009-03-25 19:21 . 2009-03-25 19:21 <DIR> d--hs---- C:\$RECYCLE.BIN
2009-03-25 18:57 . 2007-03-24 01:59 171,136 -rahs---- C:\grldr
2009-03-25 18:41 . 2009-03-25 18:41 1,905 --a------ c:\windows\diagwrn.xml
2009-03-25 18:41 . 2009-03-25 18:41 1,905 --a------ c:\windows\diagerr.xml
2009-03-25 18:38 . 2009-03-25 18:58 <DIR> d--hs---- C:\Boot
2009-03-25 18:38 . 2008-04-21 09:49 333,203 -rahs---- C:\bootmgr
2009-03-25 18:36 . 2009-03-25 18:41 <DIR> d-------- c:\programmi\NeoSmart Technologies
2009-03-25 18:31 . 2009-03-25 18:31 <DIR> d-------- c:\windows\ie8updates
2009-03-25 18:30 . 2009-03-25 18:30 <DIR> d--h-c--- c:\windows\ie8
2009-03-25 15:33 . 2009-03-25 15:33 <DIR> d--h----- c:\windows\PIF
2009-03-25 15:32 . 2009-03-25 15:32 <DIR> d-------- c:\documents and settings\hp\Dati applicazioni\Windows Search
2009-03-25 15:31 . 2009-03-25 15:31 <DIR> d-------- c:\programmi\Microsoft Silverlight
2009-03-25 15:31 . 2009-03-25 15:31 <DIR> d-------- c:\documents and settings\hp\Dati applicazioni\Windows Desktop Search
2009-03-25 15:30 . 2009-03-25 15:30 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-03-25 15:30 . 2009-03-25 15:30 <DIR> d-------- c:\programmi\Windows Desktop Search
2009-03-25 15:30 . 2009-03-25 15:30 <DIR> d-------- c:\documents and settings\hp\Dati applicazioni\Avira
2009-03-24 23:05 . 2009-03-24 23:05 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-03-24 22:27 . 2009-03-24 23:04 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-24 22:27 . 2009-03-24 22:27 <DIR> d-------- C:\f8cb4815bad606f258
2009-03-24 21:54 . 2009-03-24 21:54 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-03-24 21:34 . 2009-03-24 21:34 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\KONAMI
2009-03-24 21:07 . 2009-03-24 21:07 <DIR> d-------- c:\programmi\Microsoft CAPICOM 2.1.0.2
2009-03-24 21:03 . 2009-03-10 23:18 970,112 --a------ c:\windows\system32\wgatray.exe.bak
2009-03-24 21:03 . 2009-03-10 23:18 265,088 --a------ c:\windows\system32\wgalogon.dll.bak
2009-03-24 21:01 . 2009-04-02 20:34 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-03-24 20:36 . 2009-03-24 20:36 <DIR> d-------- c:\programmi\ATHR
2009-03-24 20:36 . 2008-09-24 12:24 1,326,528 --a------ c:\windows\system32\drivers\athw.sys
2009-03-24 19:29 . 2009-03-24 19:29 <DIR> d-------- c:\documents and settings\hp\Dati applicazioni\Media Player Classic
2009-03-24 19:29 . 2009-04-01 17:53 69 --a------ c:\windows\NeroDigital.ini
2009-03-24 17:03 . 2009-03-24 17:03 <DIR> d-------- c:\programmi\MSXML 4.0
2009-03-24 16:40 . 2009-03-24 16:40 <DIR> d-------- c:\programmi\Ubisoft
2009-03-24 16:32 . 2008-04-13 20:16 83,106 --a--c--- c:\windows\system32\dllcache\apps.chm
2009-03-24 16:31 . 2009-03-24 16:33 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-24 16:31 . 2008-04-13 20:13 4,255 --------- c:\windows\system32\drivers\adv01nt5.dll
2009-03-24 16:31 . 2008-04-13 20:13 3,967 --------- c:\windows\system32\drivers\adv02nt5.dll
2009-03-24 16:29 . 2006-12-28 13:01 19,569 --a------ c:\windows\002895_.tmp
2009-03-24 16:18 . 2009-01-21 16:49 118,656 --a------ c:\windows\system32\drivers\Rtnicxp.sys
2009-03-24 16:18 . 2009-01-16 23:45 73,728 --a------ c:\windows\system32\RtNicProp32.dll
2009-03-24 16:17 . 2006-07-01 23:56 43,520 --a------ c:\windows\system32\drivers\AmdK8.sys
2009-03-24 16:11 . 2009-03-30 15:23 <DIR> d-------- c:\programmi\Driver Magician
2009-03-24 16:11 . 2004-09-28 12:13 526,184 --a------ c:\windows\system32\XceedCry.dll
2009-03-24 16:11 . 2005-01-12 12:19 456,536 --a------ c:\windows\system32\XCEEDZIP.DLL
2009-03-24 16:11 . 2004-03-09 01:00 224,016 --a------ c:\windows\system32\Tabctl32.ocx
2009-03-24 16:11 . 2004-03-09 01:00 152,848 --a------ c:\windows\system32\Comdlg32.ocx
2009-03-24 16:11 . 2004-03-09 01:00 132,880 --a------ c:\windows\system32\Msinet.ocx
2009-03-24 16:11 . 2004-08-11 16:55 110,602 --a------ c:\windows\system32\xcdsfx32.bin
2009-03-24 16:01 . 2009-03-24 16:01 <DIR> d-------- c:\programmi\Avira
2009-03-24 16:01 . 2009-03-24 16:01 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-03-24 15:03 . 2009-03-30 17:03 <DIR> d--hs---- c:\documents and settings\hp\UserData
2009-03-24 15:03 . 2008-10-16 15:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-24 15:03 . 2008-10-16 15:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-24 15:03 . 2008-10-16 15:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-23 19:31 . 2007-04-09 14:23 28,040 --a------ c:\windows\system32\mdimon.dll
2009-03-23 19:31 . 2009-03-23 19:31 424 --a------ c:\windows\ODBC.INI
2009-03-23 19:30 . 2009-03-23 19:31 <DIR> d-------- c:\windows\SHELLNEW
2009-03-23 19:30 . 2009-03-23 19:30 <DIR> d-------- c:\programmi\Microsoft.NET
2009-03-23 19:17 . 2009-04-03 14:20 <DIR> d-------- c:\documents and settings\hp\Tracing
2009-03-23 19:16 . 2009-03-23 19:16 <DIR> d-------- c:\programmi\Windows Live SkyDrive
2009-03-23 19:16 . 2009-03-23 19:16 <DIR> d-------- c:\programmi\Windows Live
2009-03-23 19:16 . 2009-03-25 15:31 <DIR> d-------- c:\programmi\Microsoft
2009-03-23 19:13 . 2009-03-23 19:13 <DIR> d-------- c:\programmi\XP TCPIP Repair
2009-03-23 19:13 . 2009-03-23 19:13 <DIR> d-------- c:\programmi\File comuni\Windows Live
2009-03-23 19:13 . 2005-04-15 19:58 1,351,392 --a------ c:\windows\system32\COMCTL32.OCX
2009-03-23 19:12 . 2009-04-02 19:41 <DIR> d-------- c:\programmi\XoftSpySE
2009-03-23 19:11 . 2009-03-30 17:05 <DIR> d-------- c:\programmi\Wise Registry Cleaner
2009-03-23 19:10 . 2004-08-19 15:39 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-23 19:09 . 2009-03-30 17:01 <DIR> d-------- c:\windows\system32\LogFiles
2009-03-23 19:09 . 2009-03-23 19:09 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-03-23 19:09 . 2009-03-23 19:09 <DIR> d-------- c:\programmi\Windows Media Connect 2
2009-03-23 19:05 . 2009-03-23 19:08 <DIR> d-------- c:\programmi\Unlocker
2009-03-23 19:05 . 2009-03-23 19:05 <DIR> d-------- c:\documents and settings\hp\Dati applicazioni\Desktopicon
2009-03-23 19:04 . 2009-03-23 19:04 <DIR> d-------- c:\programmi\Trojan Killer
2009-03-23 19:04 . 2009-04-03 14:05 <DIR> d-------- c:\programmi\Spyware Terminator
2009-03-23 19:04 . 2009-03-23 19:04 <DIR> d-------- c:\programmi\eRightSoft
2009-03-23 19:04 . 2009-04-03 14:05 <DIR> d-------- c:\documents and settings\hp\Dati applicazioni\Spyware Terminator
2009-03-23 19:04 . 2009-04-03 14:05 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-03-23 19:03 . 2009-03-27 16:25 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2009-03-23 19:03 . 2009-03-23 19:03 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-03-23 19:02 . 2009-03-25 21:07 <DIR> d-------- c:\windows\system32\Adobe
2009-03-23 19:02 . 2009-03-23 19:03 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2009-03-23 19:02 . 2009-03-30 17:18 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-03-23 19:01 . 2009-03-23 19:01 <DIR> d-------- c:\programmi\VS Revo Group
2009-03-23 19:01 . 2009-03-30 14:33 <DIR> d-------- c:\programmi\Doctor Alex Antispyware
2009-03-23 19:01 . 2009-03-23 19:01 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Nokia
2009-03-23 19:00 . 2009-03-23 19:00 <DIR> d-------- c:\programmi\OpenOffice.org 3
2009-03-23 19:00 . 2009-03-23 19:00 <DIR> d-------- c:\programmi\JRE
2009-03-23 18:59 . 2009-03-23 18:59 <DIR> d-------- c:\programmi\File comuni\Java
2009-03-23 18:59 . 2009-03-23 18:59 <DIR> d-------- c:\documents and settings\hp\Dati applicazioni\PC Suite
2009-03-23 18:59 . 2009-03-23 18:59 <DIR> d-------- c:\documents and settings\hp\Dati applicazioni\Nokia
2009-03-23 18:59 . 2009-03-23 18:59 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2009-03-23 18:58 . 2009-03-23 18:58 <DIR> d-------- c:\programmi\PC Connectivity Solution
2009-03-23 18:58 . 2009-03-23 19:01 <DIR> d-------- c:\programmi\Nokia
2009-03-23 18:58 . 2009-03-23 18:58 <DIR> d-------- c:\programmi\File comuni\PCSuite
2009-03-23 18:58 . 2009-03-23 19:01 <DIR> d-------- c:\programmi\File comuni\Nokia
2009-03-23 18:58 . 2009-03-24 16:17 <DIR> d-------- c:\programmi\DIFX
2009-03-23 18:58 . 2008-02-01 16:17 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2009-03-23 18:58 . 2008-08-26 10:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2009-03-23 18:57 . 2009-03-23 18:57 <DIR> d-------- c:\programmi\NKProds

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 18:36 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-24 17:35 5,056,000 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-03-24 17:10 17,567,744 ----a-w c:\windows\RTHDCPL.EXE
2009-03-24 14:18 --------- d-----w c:\programmi\Realtek
2009-03-23 17:04 142,592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-03-23 16:15 155,995 ----a-w c:\windows\java\Packages\PVJNNTV7.ZIP
2009-03-23 16:14 --------- d-----w c:\programmi\File comuni\InstallShield
2009-03-17 11:58 540,672 ----a-w c:\windows\RtlExUpd.dll
2009-03-10 12:32 2,168,320 ----a-w c:\windows\MicCal.exe
2009-03-08 03:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 45,568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:31 34,816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-03-02 09:14 57,344 ----a-w c:\windows\ALCMTR.EXE
2009-02-24 23:26 2,255,360 ----a-w c:\windows\system32\x264vfw.dll
2009-02-16 22:17 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 14:04 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-01-21 13:54 1,206,816 ----a-w c:\windows\RtlUpd.exe
2009-01-07 17:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe
2009-01-07 17:20 265,720 ----a-w c:\windows\system32\msdbg2.dll
2009-01-07 17:20 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-07 17:20 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-07 17:20 23,552 ----a-w c:\windows\system32\normaliz.dll
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-02 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2009-04-02 266497]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe" [2009-04-02 1166216]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-24 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 13:05 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido di HP Image Zone.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^hp^Menu Avvio^Programmi^Esecuzione automatica^Registration Tom Clancy's Rainbow Six Vegas.LNK]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\'Ashampoo AntiSpyWare 2 Guard']
--a------ 2009-01-14 13:54 2347352 c:\programmi\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2009-02-27 18:10 35696 c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 16:49 49152 c:\programmi\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-03-11 14:52 342312 c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-03-24 15:51 3885408 c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2009-02-18 15:44 13680640 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2009-02-18 15:44 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 17:18 413696 c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-25 21:10 148888 c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2009-02-18 15:44 1657376 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"wscsvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"helpsvc"=2 (0x2)
"ERSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"c:\\Programmi\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"e:\\Programmi\\eMule Applejuice\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-03-23 142592]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\programmi\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2009-03-23 749400]
S2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-03-24 164097]
S2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\programmi\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-03-24 258305]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-03-23 38496]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2005-10-05 468768]
S4 AVEService;Servizio assistenza di Avira AntiVir Premium MailGuard;c:\programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-03-24 41217]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - SP_RSSRV

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf10eb0e-1b9e-11de-b0c3-000e2e657882}]
\Shell\AutoRun\command - I:\ClickMe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-04-03 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-02 20:08]

2009-04-02 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\programmi\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 18:36]

2009-03-30 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 18:04]

2009-04-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 18:04]

2009-04-02 c:\windows\Tasks\User_Feed_Synchronization-{A254676D-3F56-482B-AC85-E921211A1C83}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 05:31]

2009-03-23 c:\windows\Tasks\XoftSpySE.job
- c:\programmi\XoftSpySE\XoftSpy.exe [2007-01-03 20:48]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-PeerGuardian - c:\programmi\PeerGuardian2\pg2.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: avsda.dll
TCP: {A2C5E1AC-AB7F-469D-AB08-333B0975818F} = 85.37.17.43 85.38.28.96
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\hp\Dati applicazioni\Mozilla\Firefox\Profiles\6sij1dso.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 14:49:25
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(848)
c:\windows\system32\avsda.dll
.
Ora fine scansione: 2009-04-03 14.52.14
ComboFix-quarantined-files.txt 2009-04-03 12:51:57

Pre-Run: 178.292.105.216 byte disponibili
Post-Run: 178,376,597,504 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT /USEPMTIMER

344 --- E O F --- 2009-03-25 13:09:29

[grazie]
Avatar utente
Teo_cool
Aficionado
Aficionado
 
Messaggi: 32
Iscritto il: mar nov 04, 2008 7:02 pm

Re: rimuovere Bagle

Messaggioda Amantide » ven apr 03, 2009 4:26 pm

Sicuro di non avere risolto con Findykill? Nel log di Combofix non si vedono le tracce di Bagle, quindi o questo è stato rimosso da Findykill oppure non si trattava di Bagle. [uhm]
Puoi postare il log di Findykill creato dopo la prima scansione?

P.S. Combofix ha preso un abbaglio con PeerGuardian, caso mai lo reinstalli [^]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: rimuovere Bagle

Messaggioda stevens » ven apr 03, 2009 4:30 pm

io vedo questo C:\pv.exe nel log di combofix

http://www.threatexpert.com/files/pv.exe.html
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: rimuovere Bagle

Messaggioda Amantide » ven apr 03, 2009 4:36 pm

stevens ha scritto:io vedo questo C:\pv.exe nel log di combofix

http://www.threatexpert.com/files/pv.exe.html


Vista la presenza anche di questa cartella C:\grldr preferisco credere a questa definizione di file pv.exe [std]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: rimuovere Bagle

Messaggioda stevens » ven apr 03, 2009 4:42 pm

un controllino su virus total non farebbe male ; )
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: rimuovere Bagle

Messaggioda Teo_cool » ven apr 03, 2009 5:12 pm

allora posto il log di findykill

############################## [ FindyKill V4.721 ]

# User : hp (Administrators) # HP-5D1B8D4C8FEF
# Update on 29/03/09 by Chiquitine29
# Start at: 20.22.23 | 02/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ (!) Disabled | Updated ]

# C:\ # Disco rigido locale # 197,28 Go (166,19 Go free) # NTFS
# D:\ # Disco rigido locale # 60,46 Go (58,48 Go free) # NTFS
# E:\ # Disco rigido locale # 120 Go (78,69 Go free) # NTFS
# F:\ # Disco rigido locale # 88,02 Go (51,76 Go free) # NTFS
# G:\ # Disco CD-ROM
# H:\ # Disco CD-ROM
# I:\ # Disco rimovibile
# J:\ # Disco rimovibile
# K:\ # Disco rimovibile
# L:\ # Disco rimovibile

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rasphone.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected Files / Folders C:\ ]

Deleted ! - C:\Avenger\flec006.exe
Deleted ! - C:\Avenger\winupgro.exe
Deleted ! - "C:\Avenger"

################## [ C:\WINDOWS & C:\WINDOWS\prefetch ]


################## [ C:\WINDOWS\System32 ]


################## [ C:\WINDOWS\System32\drivers ]


################## [ C:\.. Application Data ... ]

Deleted ! - "C:\Documents and Settings\hp\Dati applicazioni\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\hp\Dati applicazioni\drivers\downld"
Deleted ! - "C:\Documents and Settings\hp\Dati applicazioni\drivers"

################## [ C:\Documents and Settings\hp\.....\Temp Files... ]


################## [ Registry / Infected keys ]

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

################## [ Cleaning Removable drives ]

# Deleting Files :


################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Avenger\winupgro.exe
CRC32 .. : 8f591219
MD5 .... : 4c2a7c1c0df69560e5e929fa15c6d00e

# -> Nothing found.

################## [ PEH Corrupted ]

C:\Documents and Settings\hp\Desktop\Applicazioni\Componenti Programmi\SUPERAntiSpyware.exe
C:\Documents and Settings\hp\Desktop\Applicazioni\Sicurezza\HijackThis.exe
C:\Documents and Settings\hp\Impostazioni locali\Temp\a2temp\a2cmd.exe
C:\Documents and Settings\hp\Impostazioni locali\Temp\jkos-hp\binaries\ScanningProcess.exe
C:\Programmi\a-squared Free\a2cmd.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\a-squared Free\a2upd.exe
C:\Programmi\Avira\AntiVir PersonalEdition Premium\avcenter.exe
C:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programmi\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe
C:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Spyware Terminator\update\SpywareTerminatorShield.Exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
C:\WINDOWS\$hf_mig$\KB921883\update\update.exe
C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB946648\update\update.exe
C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
C:\WINDOWS\$hf_mig$\KB954459\update\update.exe
C:\WINDOWS\$hf_mig$\KB955069\update\update.exe
C:\WINDOWS\$hf_mig$\KB955839\update\update.exe
C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB956802\update\update.exe
C:\WINDOWS\$hf_mig$\KB956803\update\update.exe
C:\WINDOWS\$hf_mig$\KB956841\update\update.exe
C:\WINDOWS\$hf_mig$\KB957097\update\update.exe
C:\WINDOWS\$hf_mig$\KB958215\update\update.exe
C:\WINDOWS\$hf_mig$\KB958644\update\update.exe
C:\WINDOWS\$hf_mig$\KB958687\update\update.exe
C:\WINDOWS\$hf_mig$\KB958690\update\update.exe
C:\WINDOWS\$hf_mig$\KB960225\update\update.exe
C:\WINDOWS\$hf_mig$\KB960714\update\update.exe
C:\WINDOWS\$hf_mig$\KB960715\update\update.exe
C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB967715\update\update.exe
C:\WINDOWS\$hf_mig$\KB968220-IE8\update\update.exe
C:\WINDOWS\$NtServicePackUninstall$\sysinfo.exe
C:\WINDOWS\ServicePackFiles\i386\sysinfo.exe
C:\WINDOWS\SoftwareDistribution\Download\a43a40dec52d2202c514fab10b5b4eb2\sysinfo.exe
D:\Componenti Programmi\SUPERAntiSpyware.exe

################## [ ! End of Report # FindyKill V4.721 ! ]

sono sicuro che sia un Bagle perché antivirus e programmi di sicurezza non funzionano più! [;)]
Avatar utente
Teo_cool
Aficionado
Aficionado
 
Messaggi: 32
Iscritto il: mar nov 04, 2008 7:02 pm

Re: rimuovere Bagle

Messaggioda stevens » ven apr 03, 2009 5:42 pm

findkill ha rimosso qualcosa del bagle

prova ad usare anche questo....se ti riesce vai in provvisoria, altrimenti lancialo da modalita' normale

scarica questo programmino... il download lo trovi in fondo alla pagina http://www.zonavirus.com/datos/descarga ... ibagla.asp

lancia il programma e spunta '' ELIMINAR FICHEROS AUTOMATICAMENTE''

clicca su EXPLORAR per avviare la scansione


quando avra' finito troverai il log in C:\InfoSat.txt. - copiali in blocco note e postalo nel forum
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: rimuovere Bagle

Messaggioda Amantide » ven apr 03, 2009 6:22 pm

Teo_cool ha scritto:avenger non parte.

Ma se Avenger non partiva, come hanno fatto a finire nella sua cartella di backup questi file? [uhm]
Teo_cool ha scritto:################# [ Infected Files / Folders C:\ ] Deleted ! - C:\Avenger\flec006.exe Deleted ! - C:\Avenger\winupgro.exe Deleted ! - "C:\Avenger"


Per quanto riguarda l'antivirus ed antimalware, questi devono essere reinstallati dopo l'infezione di Bagle.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: rimuovere Bagle

Messaggioda Teo_cool » ven apr 03, 2009 6:27 pm

ecco il log di elibagla!

(3-4-2009 17:20:12)
EliBagle v12.42 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Abril del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):

(3-4-2009 17:20:21)
EliBagle v12.42 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Abril del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 7571
Nº Total de Ficheros: 58766
Nº de Ficheros Analizados: 14283
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

(3-4-2009 17:26:11)
EliBagle v12.42 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Abril del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):

(3-4-2009 17:26:27)
EliBagle v12.42 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Abril del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 7571
Nº Total de Ficheros: 58771
Nº de Ficheros Analizados: 14283
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

(3-4-2009 17:26:46)
EliBagle v12.42 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Abril del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 7571
Nº Total de Ficheros: 58771
Nº de Ficheros Analizados: 14283
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Avatar utente
Teo_cool
Aficionado
Aficionado
 
Messaggi: 32
Iscritto il: mar nov 04, 2008 7:02 pm

Re: rimuovere Bagle

Messaggioda stevens » ven apr 03, 2009 6:44 pm

probabilmente Avenger non parte perche' finkilll lo ha fatto fuori : )

Deleted ! - C:\Avenger\flec006.exe
Deleted ! - C:\Avenger\winupgro.exe
Deleted ! - "C:\Avenger"
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: rimuovere Bagle

Messaggioda Teo_cool » ven apr 03, 2009 6:46 pm

Amantide ha scritto:Per quanto riguarda l'antivirus ed antimalware, questi devono essere reinstallati dopo l'infezione di Bagle.

ho provato a reinstallare alcuni programmi ma se li avvio mi dice che "non è un applicazione valida di win 32". ciò vuol dire che il bagle c'è ancora! [V]
Avatar utente
Teo_cool
Aficionado
Aficionado
 
Messaggi: 32
Iscritto il: mar nov 04, 2008 7:02 pm

Re: rimuovere Bagle

Messaggioda stevens » ven apr 03, 2009 6:55 pm

prova a disattivare il ripristino ee esegui nuovamente findkill, scegli solo l'opzione 2

http://dc108.4shared.com/download/75022 ... 1-de3379fb
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: rimuovere Bagle

Messaggioda Teo_cool » ven apr 03, 2009 6:56 pm

sono riuscito a far andare Avenger!
ecco il log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\hidr.exe"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\hidr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\srosa.sys"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\srosa.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\srosa2.sys"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\srosa2.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\pci32.sys"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\pci32.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\winfilse.exe"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\winfilse.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%appdata%\drivers\winupgro.exe"
Disablement of driver "%appdata%\drivers\winupgro.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%appdata%\drivers\srosa.sys"
Disablement of driver "%appdata%\drivers\srosa.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%appdata%\drivers\srosa2.sys"
Disablement of driver "%appdata%\drivers\srosa2.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\hidr.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hidr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\winfilse.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\winfilse.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\srosa.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\srosa.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\srosa2.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\srosa2.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\wintems.exe" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\hldrrr.exe" not found!
Deletion of file "C:\WINDOWS\system32\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\trusted.exe" not found!
Deletion of file "C:\WINDOWS\system32\trusted.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\pci32.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\pci32.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\Documents and Settings\hp\Dati applicazioni\hidires\hidr.exe"
Deletion of file "C:\Documents and Settings\hp\Dati applicazioni\hidires\hidr.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\hp\Dati applicazioni\hidires\rosa.sys"
Deletion of file "C:\Documents and Settings\hp\Dati applicazioni\hidires\rosa.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\hp\Dati applicazioni\m\list.oct"
Deletion of file "C:\Documents and Settings\hp\Dati applicazioni\m\list.oct" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\hp\Dati applicazioni\m\data.oct"
Deletion of file "C:\Documents and Settings\hp\Dati applicazioni\m\data.oct" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\hp\Dati applicazioni\m\flec006.exe"
Deletion of file "C:\Documents and Settings\hp\Dati applicazioni\m\flec006.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\hp\Dati applicazioni\m\svrlist.oct"
Deletion of file "C:\Documents and Settings\hp\Dati applicazioni\m\svrlist.oct" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\system32\re_file.exe"
Deletion of file "C:\system32\re_file.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\elist.xpt" not found!
Deletion of file "C:\elist.xpt" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\Documents and Settings\hp\Dati applicazioni\hidires\m_hook.sys"
Deletion of file "C:\Documents and Settings\hp\Dati applicazioni\hidires\m_hook.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\WINDOWS\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\hldrrr.ex_" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hldrrr.ex_" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\pci32.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\pci32.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\edlm.exe" not found!
Deletion of file "C:\WINDOWS\system32\edlm.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\edlm2.exe" not found!
Deletion of file "C:\WINDOWS\system32\edlm2.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Windows\system32\ldR64.dll" not found!
Deletion of file "C:\Windows\system32\ldR64.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\german.exe" not found!
Deletion of file "C:\WINDOWS\system32\german.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\srosa.sys.XXX" not found!
Deletion of file "C:\WINDOWS\system32\drivers\srosa.sys.XXX" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe.XXX" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe.XXX" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\wintems.exe.XXX" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe.XXX" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\wintems.exe" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\ban_list.txt" not found!
Deletion of file "C:\WINDOWS\system32\ban_list.txt" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\Documents and Settings\hp\Dati applicazioni\drivers\winupgro.exe"
Deletion of file "C:\Documents and Settings\hp\Dati applicazioni\drivers\winupgro.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\hp\Dati applicazioni\drivers\srosa.sys"
Deletion of file "C:\Documents and Settings\hp\Dati applicazioni\drivers\srosa.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\hp\Dati applicazioni\drivers\srosa2.sys"
Deletion of file "C:\Documents and Settings\hp\Dati applicazioni\drivers\srosa2.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: folder "C:\WINDOWS\exefqd" not found!
Deletion of folder "C:\WINDOWS\exefqd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\exefnd" not found!
Deletion of folder "C:\WINDOWS\exefnd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\exefld" not found!
Deletion of folder "C:\WINDOWS\exefld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\Documents and Settings\hp\Dati applicazioni\hidires" not found!
Deletion of folder "C:\Documents and Settings\hp\Dati applicazioni\hidires" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\Documents and Settings\hp\Dati applicazioni\hidn" not found!
Deletion of folder "C:\Documents and Settings\hp\Dati applicazioni\hidn" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open folder "C:\Documents and Settings\hp\Dati applicazioni\m\shared"
Deletion of folder "C:\Documents and Settings\hp\Dati applicazioni\m\shared" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: folder "C:\Documents and Settings\hp\Dati applicazioni\m" not found!
Deletion of folder "C:\Documents and Settings\hp\Dati applicazioni\m" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\System32\drivers\down" not found!
Deletion of folder "C:\WINDOWS\System32\drivers\down" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\system32\drivers\downld" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\downld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\WINDOWS\temp" deleted successfully.
Folder "C:\Documents and Settings\hp\Impostazioni locali\Temporary Internet Files\Content.IE5" deleted successfully.
Folder "C:\Documents and Settings\hp\Impostazioni locali\Temporary Internet Files" deleted successfully.
Folder "C:\Documents and Settings\hp\Impostazioni locali\Temp" deleted successfully.

Error: could not open folder "C:\Documents and Settings\hp\Dati applicazioni\m\shared"
Deletion of folder "C:\Documents and Settings\hp\Dati applicazioni\m\shared" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: folder "C:\Documents and Settings\hp\Dati applicazioni\m" not found!
Deletion of folder "C:\Documents and Settings\hp\Dati applicazioni\m" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open folder "C:\Documents and Settings\hp\Dati applicazioni\drivers\downld"
Deletion of folder "C:\Documents and Settings\hp\Dati applicazioni\drivers\downld" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: folder "C:\Documents and Settings\hp\Dati applicazioni\drivers" not found!
Deletion of folder "C:\Documents and Settings\hp\Dati applicazioni\drivers" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Services\srosa" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Services\srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet002\Services\srosa" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet002\Services\srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Services\srosa" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Services\srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa2" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa2" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA2" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA2" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\pci32" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\pci32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\rosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\rosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\m_hook" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\m_hook" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA2" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA2" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA2" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA2" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\sK9Ou0s" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\sK9Ou0s" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet002\Services\sK9Ou0s" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet002\Services\sK9Ou0s" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Services\sK9Ou0s" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Services\sK9Ou0s" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet004\Services\sK9Ou0s" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet004\Services\sK9Ou0s" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64" not found!
Deletion of registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe" not found!
Deletion of registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe" not found!
Deletion of registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe" not found!
Deletion of registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe" not found!
Deletion of registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe" not found!
Deletion of registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe" not found!
Deletion of registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drvsyskit"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drvsyskit" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|german.exe"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|german.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drv_st_key"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drv_st_key" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.
Avatar utente
Teo_cool
Aficionado
Aficionado
 
Messaggi: 32
Iscritto il: mar nov 04, 2008 7:02 pm

Re: rimuovere Bagle

Messaggioda Teo_cool » ven apr 03, 2009 7:06 pm

eccovi di nuovo il log di findykill:

----------------- FindyKill V4.707 ------------------

* User : hp - HP-5D1B8D4C8FEF
* executed from : C:\Programmi\FindyKill
* Update on 06/12/08 par Chiquitine29
* Start at 20:02:11 the 03/04/2009
* Windows XP - Internet Explorer 8.0.6001.18702


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\OGAVerify.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:

Deleted ! - C:\InfoSat.txt

»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch


»»»» Supression files in C:\WINDOWS\system32


»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\hp\Dati applicazioni


»»»» Supression files in C:\DOCUME~1\hp\IMPOST~1\Temp


»»»» Supression files in C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registry / Infected keys ] ----------------


--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Unit… fissa

D: - Unit… fissa

E: - Unit… fissa

F: - Unit… fissa


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\hp\Documenti\Windows.Genuine.Advantage.Validation.v1.9.9.1.CRACKED
C:\Documents and Settings\hp\Documenti\Windows.Genuine.Advantage.Validation.v1.9.9.1.CRACKED\installer.bat
C:\Documents and Settings\hp\Documenti\Windows.Genuine.Advantage.Validation.v1.9.9.1.CRACKED\Leggimi.url
C:\Documents and Settings\hp\Documenti\Windows.Genuine.Advantage.Validation.v1.9.9.1.CRACKED\LegitCheckControl.dll
C:\Documents and Settings\hp\Documenti\Windows.Genuine.Advantage.Validation.v1.9.9.1.CRACKED\pic.jpg
C:\Documents and Settings\hp\Documenti\Windows.Genuine.Advantage.Validation.v1.9.9.1.CRACKED\WgaLogon.dll
C:\Documents and Settings\hp\Documenti\Windows.Genuine.Advantage.Validation.v1.9.9.1.CRACKED\WgaTray.exe


---------------- ! End of report ! ------------------
Avatar utente
Teo_cool
Aficionado
Aficionado
 
Messaggi: 32
Iscritto il: mar nov 04, 2008 7:02 pm

Re: rimuovere Bagle

Messaggioda stevens » ven apr 03, 2009 7:15 pm

vedi se ti riesce scaricare questo programma

http://downloads1.kaspersky-labs.com/devbuilds/AVPTool/
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: rimuovere Bagle

Messaggioda Amantide » ven apr 03, 2009 7:17 pm

Non c'era più bisogno di reseguire nè Elibagla, nè Avenger, nè la seconda volta Findykill, perché questo ha fatto il suo lavoro già la prima volta e di Bagle non ci sono più le tracce.

Prova a riavviare il pc, rimuovere la vecchia installazione di antivirus e poi prova a reinstallarlo.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising