Pagina 1 di 1

maledetto virus bagle, chiedo script per avenger!

MessaggioInviato: sab gen 26, 2008 8:50 am
da lucaam86
Salve a tutti, da qualche giorno mi sono accorto di avere il pc pieno di virus bagle che mi impediscono di installare qualsiasi antivirus e anche di entrare in modalità provvisoria.
Ho fatto la scansione on line con KASPERSKY che adesso vi posto affinchè qualcuno di Voi molto gentilmente possa darmi lo script da dare ad Avenger per cercare di eliminare il virus!!!

La scansione con Kaspersky è la seguente:

Friday, January 25, 2008 11:15:36 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/01/2008
Kaspersky Anti-Virus database records: 532201


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Folders
C:\

Scan Statistics
Total number of scanned objects 221793
Number of viruses found 10
Number of infected objects 109
Number of suspicious objects 0
Duration of the scan process 09:33:06

Infected Object Name Virus Name Last Action
C:\Avenger\backup.zip/avenger/wintems.exe-ren-244 Infected: Email-Worm.Win32.Bagle.of skipped

C:\Avenger\backup.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\m\data.oct Infected: Trojan-Downloader.Win32.Bagle.ip skipped

C:\Documents and Settings\User\Dati applicazioni\MySpace\IM\Logs\MySpaceIM-20080125-122306.log Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\call256.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\callmember256.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chat4096.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chat512.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chatmember256.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chatmsg1024.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chatmsg4096.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chatmsg512.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chatsync\2b\2bef387335ea1c0a.dat Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chatsync\92\92a28caafee8a21d.dat Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\dyncontent\bundle.dat Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\index2.dat Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\profile4096.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\transfer1024.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\transfer256.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\transfer512.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\user1024.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\user16384.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\user4096.dbb Object is locked skipped

C:\Documents and Settings\User\Desktop\HuntingUnl4-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\Documents and Settings\User\Desktop\installer-61501-15-F-Secure-BlackLight-Italian.exe Infected: Backdoor.Win32.Agent.duj skipped

C:\Documents and Settings\User\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Cronologia\History.IE5\MSHist012008012520080126\index.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxapiedinudixx@hotmail.it\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxapiedinudixx@hotmail.it\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxapiedinudixx@hotmail.it\SharingMetadata\Working\database_72D0_77F5_D077_BDC3\dfsr.db Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxapiedinudixx@hotmail.it\SharingMetadata\Working\database_72D0_77F5_D077_BDC3\fsr.log Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxapiedinudixx@hotmail.it\SharingMetadata\Working\database_72D0_77F5_D077_BDC3\fsrtmp.log Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxapiedinudixx@hotmail.it\SharingMetadata\Working\database_72D0_77F5_D077_BDC3\tmp.edb Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\xxapiedinudixx@hotmail.it\real\members.stg Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\xxapiedinudixx@hotmail.it\shadow\members.stg Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\69ZJCDR4\installer-61501-15-F-Secure-BlackLight-Italian[1].exe Infected: Backdoor.Win32.Agent.duj skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\~DF8A7.tmp Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\~DF8AC.tmp Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\~DF91E5.tmp Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\~DFBDE9.tmp Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\~DFC099.tmp Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\0JI3I4G2\UserStatusChange[2].html Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\User\ntuser.dat Object is locked skipped

C:\Documents and Settings\User\ntuser.dat.LOG Object is locked skipped

C:\Muestras\FLEC006.EXE.Muestra EliBagle v10.91 Infected: Email-Worm.Win32.Bagle.of skipped

C:\Programmi\eMule\Incoming\ShopFactory Professional 6.46.zip/ShopFactory Professional 6.46.exe Infected: Trojan-Downloader.Win32.Bagle.ht skipped

C:\Programmi\eMule\Incoming\ShopFactory Professional 6.46.zip ZIP: infected - 1 skipped

C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.ht skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\down\104203.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\109015.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\109859.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\111000.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\120875.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped

C:\WINDOWS\system32\drivers\down\124062.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\128750.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\130453.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\137750.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\139500.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\141390.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14616171.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14626984.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14633562.exe Infected: Trojan-Downloader.Win32.Bagle.gi skipped

C:\WINDOWS\system32\drivers\down\146343.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14639875.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14645609.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14647937.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14654281.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14655265.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14673656.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14676812.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14677453.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14678484.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\WINDOWS\system32\drivers\down\14686328.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14692921.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\14705500.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14719765.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14721562.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14788718.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14800390.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\14801625.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\14847359.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14977218.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14987421.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\15005671.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\15021468.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\151593.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\15191906.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\15202968.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\15207578.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\15216453.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\157812.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\163890.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\167796.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\18447843.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29148750.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29162562.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29180968.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29190796.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29228015.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\29237656.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29262078.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29267140.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\29271343.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29284453.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29309015.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29324234.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29333203.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29394984.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29412562.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\29420468.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29420859.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29664046.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29681875.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29827953.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29839687.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\29926984.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29936343.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\29942812.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\30972390.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\33206531.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\33233156.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped

C:\WINDOWS\system32\drivers\down\43702125.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\43707734.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\43718671.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\43871500.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\43873500.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\43877875.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\43886062.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\43896687.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\43903015.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\43910281.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\43915390.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\44354375.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\44379640.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\44403750.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\44414906.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\44437765.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\44548812.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\47786953.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\47796312.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\58450781.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\58457906.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\58488671.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\77796.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\85968.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\oleacc32.dll Infected: not-a-virus:AdWare.Win32.Stud.a skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.




GRAZIE INIFITE A TUTTI...

MessaggioInviato: sab gen 26, 2008 9:14 am
da crazy.cat
Questo è lo script, dopo il riavvio del pc prova a reinstallare l'antivirus
Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\hldrrr.ex_
C:\WINDOWS\system32\mdelk.exe
C:\Avenger\backup.zip
C:\Documents and Settings\User\Dati applicazioni\m\data.oct
C:\Documents and Settings\User\Desktop\HuntingUnl4-dm.exe
C:\Documents and Settings\User\Desktop\installer-61501-15-F-Secure-BlackLight-Italian.exe
C:\Documents and Settings\User\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\69ZJCDR4\installer-61501-15-F-Secure-BlackLight-Italian[1].exe
C:\Programmi\eMule\Incoming\ShopFactory Professional 6.46.zip
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\oleacc32.dll

folders to delete:
C:\WINDOWS\system32\drivers\down
C:\Muestras

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32


Con questo sistemi la modalità provvisoria
http://www.MegaLab.it/3250

script eseguito ma..

MessaggioInviato: sab gen 26, 2008 9:29 am
da lucaam86
Innanzitutto grazie mille per la risposta cosi tempestiva. Ho messo lo script che mi hai consigliato in avenger e al riavvio mi ha dato questo file *.txt:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dkgltymc

*******************

Script file located at: \??\C:\windows\system32\lkmrctce.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\windows\system32\drivers\hldrrr.exe deleted successfully.


File C:\WINDOWS\system32\drivers\hldrrr.ex_ not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc0000034

File C:\WINDOWS\system32\mdelk.exe deleted successfully.
File C:\Avenger\backup.zip deleted successfully.
File C:\Documents and Settings\User\Dati applicazioni\m\data.oct deleted successfully.


File C:\Documents and Settings\User\Desktop\HuntingUnl4-dm.exe not found!
Deletion of file C:\Documents and Settings\User\Desktop\HuntingUnl4-dm.exe failed!

Could not process line:
C:\Documents and Settings\User\Desktop\HuntingUnl4-dm.exe
Status: 0xc0000034



File C:\Documents and Settings\User\Desktop\installer-61501-15-F-Secure-BlackLight-Italian.exe not found!
Deletion of file C:\Documents and Settings\User\Desktop\installer-61501-15-F-Secure-BlackLight-Italian.exe failed!

Could not process line:
C:\Documents and Settings\User\Desktop\installer-61501-15-F-Secure-BlackLight-Italian.exe
Status: 0xc0000034



Could not open file C:\Documents and Settings\User\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\69ZJCDR4\installer-61501-15-F-Secure-BlackLight-Italian[1].exe for deletion
Deletion of file C:\Documents and Settings\User\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\69ZJCDR4\installer-61501-15-F-Secure-BlackLight-Italian[1].exe failed!

Could not process line:
C:\Documents and Settings\User\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\69ZJCDR4\installer-61501-15-F-Secure-BlackLight-Italian[1].exe
Status: 0xc000003a



File C:\Programmi\eMule\Incoming\ShopFactory Professional 6.46.zip not found!
Deletion of file C:\Programmi\eMule\Incoming\ShopFactory Professional 6.46.zip failed!

Could not process line:
C:\Programmi\eMule\Incoming\ShopFactory Professional 6.46.zip
Status: 0xc0000034



File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe not found!
Deletion of file C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe failed!

Could not process line:
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Status: 0xc0000034



File C:\WINDOWS\system32\oleacc32.dll not found!
Deletion of file C:\WINDOWS\system32\oleacc32.dll failed!

Could not process line:
C:\WINDOWS\system32\oleacc32.dll
Status: 0xc0000034

Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Folder C:\Muestras deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


Vedo che su alcuni voci dice "failed" perché secondo te????

MessaggioInviato: sab gen 26, 2008 10:13 am
da ste_95
Non tutti i file devono per forza essere presenti, nelle ultimi varianti alcuni non sono più presenti.

Prova a reinstallare un antivirus.

Ripristina la modalità provvisoria utilizzando questo file.

RISOLTO!!

MessaggioInviato: sab gen 26, 2008 10:53 am
da lucaam86
Grazie a questo forum ho risolto il problema con il virus Bagle. Utilizzando avenger con lo script fornito dal redattore di questo forum ho eliminato BAGLE dal mio pc e vi assicuro che sembrava una cosa irrisolvibile e stavo per formattare.
Invece con avenger e con lo script per avenger fornitomi qui sul forum ho risolto. Poi ho REinstallato Avast e tutto funziona alla perfezione!
Grazia a a chi mi ha fornito aiuto
Luca