Aiuto per rimozione BAGLE...e schifezze varie!!!
Inviato: mar gen 22, 2008 3:59 pmSalve
Ho un problema con i Bagle, ho fatto la scansione on line con KASPERSKY come letto in altri topic e ho il report disponibile, ho anche letto che bisogna avere AVENGER per risolvere il problema...da qui in poi non sò più cosa fare potete aiutarmi??? anche nel cercare questo benedetto AVENGER e nel suo funzionamento???![[cry+]](http://www.megalab.it/forum/images/smilies/cry.gif "Piangere a dirotto")
![[rotfl]](http://www.megalab.it/forum/images/smilies/rotfl.gif "Rotfl")
Copio il report della scansione con KASPERSKY:
Tuesday, January 22, 2008 3:22:35 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/01/2008
Kaspersky Anti-Virus database records: 525897
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 121434
Number of viruses found 7
Number of infected objects 46
Number of suspicious objects 0
Duration of the scan process 15:18:22
Infected Object Name Virus Name Last Action
C:\APPS\SMP\SMPSYS.EXE Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\APPS\Softex\OmniPass\btype0.dat Object is locked skipped
C:\APPS\Softex\OmniPass\btype256.dat Object is locked skipped
C:\APPS\Softex\OmniPass\btype3.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP65\A0013230.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP65\A0013231.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP66\A0013354.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP66\A0013355.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP67\A0013372.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP67\A0013373.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP67\A0013374.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013398.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013399.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013414.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013415.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013437.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013438.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013459.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013460.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013477.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013478.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013596.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013597.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP76\A0013672.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP76\A0013673.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP81\A0013703.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP81\A0013704.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP82\A0013838.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP82\A0013839.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP83\change.log Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9483FAF9-AB8F-4CA6-903B-9FBC6CDAE5DF}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\816da047370b1589f5734856a8ec7e79\backup\sp2qfe\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\dllcache\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\Documents and Settings\All Users\Dati applicazioni\Microsoft\eHome\EPG\5543506a07aa4d739d738e4ef3e0fcc6.sdf Object is locked skipped
D:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
D:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\MSDVRMM_2286090203_204865536_2701 Object is locked skipped
D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\MSDVRMM_2286090203_6422528_2993 Object is locked skipped
D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\SBE1.tmp Object is locked skipped
D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\SBE2.tmp Object is locked skipped
D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\{C0CE4F2A-D470-49DB-82D3-E892FECD77CE}.TmpSBE Object is locked skipped
D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\{E97FFEBE-DBE3-44D2-B06E-64AFBE85105A}.TmpSBE Object is locked skipped
D:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Temp\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Temp\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\pepi\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\pepi\Desktop\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
D:\Documents and Settings\pepi\Documenti\emule completi\save2pc 3.2.1 Pro updated-fixed 12-2007.zip/Setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
D:\Documents and Settings\pepi\Documenti\emule completi\save2pc 3.2.1 Pro updated-fixed 12-2007.zip ZIP: infected - 1 skipped
D:\Documents and Settings\pepi\Documenti\emule completi\save2pc pro_ _final_ [Key].zip/Setup.exe Infected: Trojan-Dropper.Win32.Mudrop.du skipped
D:\Documents and Settings\pepi\Documenti\emule completi\save2pc pro_ _final_ [Key].zip ZIP: infected - 1 skipped
D:\Documents and Settings\pepi\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Cronologia\History.IE5\MSHist012008012120080122\index.dat Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\ApplicationHistory\cli.exe.af01e8cc.ini.inuse Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\ApplicationHistory\hpqimzone.exe.fd734169.ini.inuse Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temp\hpodvd09.log Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temp\Perflib_Perfdata_374.dat Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temp\Perflib_Perfdata_3a4.dat Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temp\Perflib_Perfdata_9bc.dat Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temp\~DF516D.tmp Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\AEJRIGJ4\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\AEJRIGJ4\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\EZ9B3V95\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\EZ9B3V95\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\EZ9B3V95\b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\EZ9B3V95\b64_3[4].jpg Infected: Email-Worm.Win32.Bagle.of skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\P3Y3A4BY\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\P3Y3A4BY\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\YPD5T5H1\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
D:\Documents and Settings\pepi\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\pepi\ntuser.dat.LOG Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP36\A0002904.exe Infected: Backdoor.Win32.Agent.duj skipped
D:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP51\A0004386.exe Infected: Backdoor.Win32.Agent.duj skipped
D:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP63\A0011112.exe Infected: Backdoor.Win32.Agent.duj skipped
D:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP63\A0011113.exe Infected: Backdoor.Win32.Agent.duj skipped
D:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP65\A0013202.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
D:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP83\change.log
Ho un problema con i Bagle, ho fatto la scansione on line con KASPERSKY come letto in altri topic e ho il report disponibile, ho anche letto che bisogna avere AVENGER per risolvere il problema...da qui in poi non sò più cosa fare potete aiutarmi??? anche nel cercare questo benedetto AVENGER e nel suo funzionamento???
Copio il report della scansione con KASPERSKY:
Tuesday, January 22, 2008 3:22:35 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/01/2008
Kaspersky Anti-Virus database records: 525897
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 121434
Number of viruses found 7
Number of infected objects 46
Number of suspicious objects 0
Duration of the scan process 15:18:22
Infected Object Name Virus Name Last Action
C:\APPS\SMP\SMPSYS.EXE Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\APPS\Softex\OmniPass\btype0.dat Object is locked skipped
C:\APPS\Softex\OmniPass\btype256.dat Object is locked skipped
C:\APPS\Softex\OmniPass\btype3.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP65\A0013230.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP65\A0013231.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP66\A0013354.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP66\A0013355.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP67\A0013372.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP67\A0013373.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP67\A0013374.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013398.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013399.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013414.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013415.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013437.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013438.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013459.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013460.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013477.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013478.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013596.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP70\A0013597.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP76\A0013672.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP76\A0013673.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP81\A0013703.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP81\A0013704.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP82\A0013838.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP82\A0013839.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP83\change.log Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9483FAF9-AB8F-4CA6-903B-9FBC6CDAE5DF}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\816da047370b1589f5734856a8ec7e79\backup\sp2qfe\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\dllcache\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\Documents and Settings\All Users\Dati applicazioni\Microsoft\eHome\EPG\5543506a07aa4d739d738e4ef3e0fcc6.sdf Object is locked skipped
D:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
D:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\MSDVRMM_2286090203_204865536_2701 Object is locked skipped
D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\MSDVRMM_2286090203_6422528_2993 Object is locked skipped
D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\SBE1.tmp Object is locked skipped
D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\SBE2.tmp Object is locked skipped
D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\{C0CE4F2A-D470-49DB-82D3-E892FECD77CE}.TmpSBE Object is locked skipped
D:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\{E97FFEBE-DBE3-44D2-B06E-64AFBE85105A}.TmpSBE Object is locked skipped
D:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Temp\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Temp\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\pepi\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\pepi\Desktop\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
D:\Documents and Settings\pepi\Documenti\emule completi\save2pc 3.2.1 Pro updated-fixed 12-2007.zip/Setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
D:\Documents and Settings\pepi\Documenti\emule completi\save2pc 3.2.1 Pro updated-fixed 12-2007.zip ZIP: infected - 1 skipped
D:\Documents and Settings\pepi\Documenti\emule completi\save2pc pro_ _final_ [Key].zip/Setup.exe Infected: Trojan-Dropper.Win32.Mudrop.du skipped
D:\Documents and Settings\pepi\Documenti\emule completi\save2pc pro_ _final_ [Key].zip ZIP: infected - 1 skipped
D:\Documents and Settings\pepi\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Cronologia\History.IE5\MSHist012008012120080122\index.dat Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\ApplicationHistory\cli.exe.af01e8cc.ini.inuse Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\ApplicationHistory\hpqimzone.exe.fd734169.ini.inuse Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temp\hpodvd09.log Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temp\Perflib_Perfdata_374.dat Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temp\Perflib_Perfdata_3a4.dat Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temp\Perflib_Perfdata_9bc.dat Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temp\~DF516D.tmp Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\AEJRIGJ4\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\AEJRIGJ4\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\EZ9B3V95\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\EZ9B3V95\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\EZ9B3V95\b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\EZ9B3V95\b64_3[4].jpg Infected: Email-Worm.Win32.Bagle.of skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\P3Y3A4BY\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\P3Y3A4BY\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
D:\Documents and Settings\pepi\Impostazioni locali\Temporary Internet Files\Content.IE5\YPD5T5H1\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
D:\Documents and Settings\pepi\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\pepi\ntuser.dat.LOG Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP36\A0002904.exe Infected: Backdoor.Win32.Agent.duj skipped
D:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP51\A0004386.exe Infected: Backdoor.Win32.Agent.duj skipped
D:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP63\A0011112.exe Infected: Backdoor.Win32.Agent.duj skipped
D:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP63\A0011113.exe Infected: Backdoor.Win32.Agent.duj skipped
D:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP65\A0013202.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
D:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP83\change.log
![[acc2]](http://www.megalab.it/forum/images/smilies/Acc.gif "Oh cacchio!")
![[rotolo]](http://www.megalab.it/forum/images/smilies/rotolbriggin.gif "Rotolo dal ridere")
![[:)]](http://www.megalab.it/forum/images/smilies/smile.gif "Smile")
![[^]](http://www.megalab.it/forum/images/smilies/Oh-yea.gif "Approvazione")