infezione bagle...occhiata please

senhal · 08-10-2007, 09:58

come da titolo, seguita procedura segnalata....

posto relativi log:

Sun Oct 07 14:27:00 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\FLO\DATI APPLICAZIONI\M\LIST.OCT --> Eliminado Bagle
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Sun Oct 07 14:28:23 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Sun Oct 07 14:51:19 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Sun Oct 07 18:50:40 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Sun Oct 07 18:51:07 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\RECYCLER\S-1-5-21-1547161642-706699826-1060284298-1003\Dc4\FLEC006.EXE --> Eliminado Bagle.dldr

Sun Oct 07 19:26:58 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Mon Oct 08 09:03:14 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%WinDir%\exefld"

Mon Oct 08 09:03:20 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Oct 08 09:20:36 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Mon Oct 08 09:26:01 2007
EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad H:\
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\errtllhc

*******************

Script file located at: \??\C:\Program Files\uavfmbtg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\srosa.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\srosa.sys
Status: 0xc0000034

File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034

File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

Could not open file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\hidr.exe for deletion
Deletion of file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\hidr.exe failed!

Could not process line:
C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\hidr.exe
Status: 0xc000003a

Could not open file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\rosa.sys for deletion
Deletion of file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\rosa.sys failed!

Could not process line:
C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\rosa.sys
Status: 0xc000003a

Could not open file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\m\data.oct for deletion
Deletion of file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\m\data.oct failed!

Could not process line:
C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\m\data.oct
Status: 0xc000003a

Could not open file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\m\flec006.exe for deletion
Deletion of file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\m\flec006.exe failed!

Could not process line:
C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\m\flec006.exe
Status: 0xc000003a

Could not open file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\m_hook.sys for deletion
Deletion of file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\m_hook.sys failed!

Could not process line:
C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\m_hook.sys
Status: 0xc000003a

Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034

Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Could not open folder C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires for deletion
Deletion of folder C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires failed!

Could not process line:
C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires
Status: 0xc000003a

Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\rosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\rosa failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\rosa
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
Status: 0xc0000034

Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr failed!
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

Logfile of HijackThis v1.99.1
Scan saved at 10.56.36, on 08/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\GSICON.EXE
D:\Programmi\ScanSoft\OmniPageSE\opware32.exe
D:\Programmi\Laplink\PCdefense\PCdefense.exe
C:\WINDOWS\Twain_32\NX VEGA 300\SnapTrap.exe
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\system32\cidaemon.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\flo\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.virgilio.it/adsl/01.adsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Tin.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] D:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [PCdefense ] D:\Programmi\Laplink\PCdefense\PCdefense.exe
O4 - HKLM\..\Run: [STICAP] C:\WINDOWS\Twain_32\NX VEGA 300\SnapTrap.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MOD] d:\programmi\muamgr.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] D:\Programmi\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: TipicIM.lnk = D:\Programmi\TipicIM\TipicIM.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Free Download Manager - file://D:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://D:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica sito web con Free Download Manager - file://D:\Programmi\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://D:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programmi\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programmi\ICQ6\ICQ.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://gw.virgilio.it/adsl/01.adsl
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.laplink.com/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB8B72DD-4668-489F-BDBC-075B454C8B48}: NameServer = 62.211.69.150 212.48.4.15
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: AntiLogger.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

grazie

xcdegasp · 08-10-2007, 10:11

segui le indicazione in prima pagina e continua qui:
http://www.hwupgrade.it/forum/showthread.php?t=1562611

08-10-2007, 09:58	#1
senhal Junior Member Iscritto dal: Jun 2007 Messaggi: 8	infezione bagle...occhiata please come da titolo, seguita procedura segnalata.... posto relativi log: Sun Oct 07 14:27:00 2007 EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\DOCUMENTS AND SETTINGS\FLO\DATI APPLICAZIONI\M\LIST.OCT --> Eliminado Bagle Eliminada Carpeta "%WinDir%\exefld" Restaurada Clave: "SafeBoot\Minimal y Network" Sun Oct 07 14:28:23 2007 EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Sun Oct 07 14:51:19 2007 EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad D:\ Sun Oct 07 18:50:40 2007 EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): Eliminada Carpeta "%WinDir%\exefld" Restaurada Clave: "SafeBoot\Minimal y Network" Sun Oct 07 18:51:07 2007 EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\RECYCLER\S-1-5-21-1547161642-706699826-1060284298-1003\Dc4\FLEC006.EXE --> Eliminado Bagle.dldr Sun Oct 07 19:26:58 2007 EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad D:\ Mon Oct 08 09:03:14 2007 EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): Eliminada Carpeta "%WinDir%\exefld" Mon Oct 08 09:03:20 2007 EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ Mon Oct 08 09:20:36 2007 EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad D:\ Mon Oct 08 09:26:01 2007 EliBagle v10.59 (c)2007 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad H:\ Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\errtllhc ***************** Script file located at: \??\C:\Program Files\uavfmbtg.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: File C:\WINDOWS\system32\drivers\hidr.exe not found! Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed! Could not process line: C:\WINDOWS\system32\drivers\hidr.exe Status: 0xc0000034 File C:\WINDOWS\system32\drivers\srosa.sys not found! Deletion of file C:\WINDOWS\system32\drivers\srosa.sys failed! Could not process line: C:\WINDOWS\system32\drivers\srosa.sys Status: 0xc0000034 File C:\WINDOWS\system32\wintems.exe not found! Deletion of file C:\WINDOWS\system32\wintems.exe failed! Could not process line: C:\WINDOWS\system32\wintems.exe Status: 0xc0000034 File C:\WINDOWS\system32\hldrrr.exe not found! Deletion of file C:\WINDOWS\system32\hldrrr.exe failed! Could not process line: C:\WINDOWS\system32\hldrrr.exe Status: 0xc0000034 File C:\WINDOWS\system32\trusted.exe not found! Deletion of file C:\WINDOWS\system32\trusted.exe failed! Could not process line: C:\WINDOWS\system32\trusted.exe Status: 0xc0000034 File C:\WINDOWS\system32\drivers\pci32.sys not found! Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed! Could not process line: C:\WINDOWS\system32\drivers\pci32.sys Status: 0xc0000034 Could not open file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\hidr.exe for deletion Deletion of file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\hidr.exe failed! Could not process line: C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\hidr.exe Status: 0xc000003a Could not open file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\rosa.sys for deletion Deletion of file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\rosa.sys failed! Could not process line: C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\rosa.sys Status: 0xc000003a Could not open file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\m\data.oct for deletion Deletion of file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\m\data.oct failed! Could not process line: C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\m\data.oct Status: 0xc000003a Could not open file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\m\flec006.exe for deletion Deletion of file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\m\flec006.exe failed! Could not process line: C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\m\flec006.exe Status: 0xc000003a Could not open file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\m_hook.sys for deletion Deletion of file C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\m_hook.sys failed! Could not process line: C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires\m_hook.sys Status: 0xc000003a Folder C:\WINDOWS\exefnd not found! Deletion of folder C:\WINDOWS\exefnd failed! Could not process line: C:\WINDOWS\exefnd Status: 0xc0000034 Folder C:\WINDOWS\exefld not found! Deletion of folder C:\WINDOWS\exefld failed! Could not process line: C:\WINDOWS\exefld Status: 0xc0000034 Could not open folder C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires for deletion Deletion of folder C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires failed! Could not process line: C::\Documents and Settings\C:\Documents and Settings\flo\Dati applicazioni\hidires Status: 0xc000003a Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\srosa Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\pci32 Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\rosa not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\rosa failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\rosa Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\m_hook Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK Status: 0xc0000034 Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run\|hldrrr Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run\|hldrrr failed! Status: 0xc0000034 Completed script processing. ***************** Finished! Terminate. Logfile of HijackThis v1.99.1 Scan saved at 10.56.36, on 08/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\GSICON.EXE D:\Programmi\ScanSoft\OmniPageSE\opware32.exe D:\Programmi\Laplink\PCdefense\PCdefense.exe C:\WINDOWS\Twain_32\NX VEGA 300\SnapTrap.exe C:\WINDOWS\system32\dslagent.exe C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Programmi\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\WINDOWS\system32\cidaemon.exe D:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\flo\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.virgilio.it/adsl/01.adsl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Tin.it R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Omnipage] D:\Programmi\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [PCdefense ] D:\Programmi\Laplink\PCdefense\PCdefense.exe O4 - HKLM\..\Run: [STICAP] C:\WINDOWS\Twain_32\NX VEGA 300\SnapTrap.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [MOD] d:\programmi\muamgr.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] D:\Programmi\PCPitstop\Optimize\PCPOptimize.exe -boot O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Programmi\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: TipicIM.lnk = D:\Programmi\TipicIM\TipicIM.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con Free Download Manager - file://D:\Programmi\Free Download Manager\dllink.htm O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://D:\Programmi\Free Download Manager\dlselected.htm O8 - Extra context menu item: Scarica sito web con Free Download Manager - file://D:\Programmi\Free Download Manager\dlpage.htm O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://D:\Programmi\Free Download Manager\dlall.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programmi\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programmi\ICQ6\ICQ.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://gw.virgilio.it/adsl/01.adsl O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.laplink.com/scan8/oscan8.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DB8B72DD-4668-489F-BDBC-075B454C8B48}: NameServer = 62.211.69.150 212.48.4.15 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: AntiLogger.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe grazie

08-10-2007, 10:11	#2
xcdegasp Senior Member Iscritto dal: Nov 2001 Città: Fidenza(pr) da Trento Messaggi: 27479	segui le indicazione in prima pagina e continua qui: http://www.hwupgrade.it/forum/showthread.php?t=1562611 __________________ "Visti da vicino siamo tutti strani..." ~\|~ What Defines a Community? ~\|~ Thread eMule Ufficiale ~\|~ Online Armor in Italiano ~\|~ Regole di Sezione ~\|► Guida a PrivateFirewall quinto potere ~\|~ Le illusioni della TV

Strumenti
Mostra una versione stampabile Invia questa pagina per email