Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

soluzione worm bagle

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

soluzione worm bagle

Messaggioda mitrandir » dom gen 13, 2008 4:18 pm

ho effetuato la scansione con kaspersky online.Ho provato a cestinare i file indicati da kaspersky ma essi si ripresentano puntualmente.Come operare?
Allego il risultato.
nfected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Installer\{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}\PQBoot.exe Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\down\46609.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\46843.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\49312.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\WINDOWS\system32\drivers\down\55375.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\58109.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\82625.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\87140.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\87171.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\88984.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\91234.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\94671.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\1625514588.exe Infected: Backdoor.Win32.Agent.dbo skipped
Scan process completed.
Ultima modifica di mitrandir il dom gen 13, 2008 7:18 pm, modificato 1 volta in totale.
Avatar utente
mitrandir
Senior Member
Senior Member
 
Messaggi: 187
Iscritto il: dom gen 13, 2008 12:10 pm
Località: Livorno

Re: soluzione worm bagle

Messaggioda crazy.cat » dom gen 13, 2008 4:59 pm

mitrandir ha scritto:Allego il risultato.

Quale?

Non basta cestinarli, vediamo il log e poi creiamo lo script adatto per rimuovere il virus.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

avviso per crazy.cat in merito rapporto kaspersky

Messaggioda mitrandir » dom gen 13, 2008 7:36 pm

grazie delle vostre solerti risposte.essendo un nuovo iscritto non sono molto pratico dei forum, quindi sicuramente commetterò degli errori.
Homodificato il messaggio precedente copiando il risultato di kaspersky.
grazie . Mitrandir.
Avatar utente
mitrandir
Senior Member
Senior Member
 
Messaggi: 187
Iscritto il: dom gen 13, 2008 12:10 pm
Località: Livorno


Messaggioda ste_95 » dom gen 13, 2008 7:40 pm

La scansione deve essere effettuata di tutto il computer.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

rapporto completo di kaspersky su tutto il computer

Messaggioda mitrandir » lun gen 14, 2008 8:47 pm

dopo ben dodici ore di scansione questo è il risultato su tutto il computer:

C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/100781.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/112703.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/112859.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/14664140.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/14713781.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/14747578.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/14900562.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/14937468.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/237546.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/269062.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/46843.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/48468.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/49562.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/49828.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/50828.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/50906.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/51359.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/52406.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/54640.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/56062.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/56500.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/57062.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/57531.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/58671.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/58703.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/61000.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/73921.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/80203.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/81109.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/82671.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/84203.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/84718.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/92640.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/95484.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/98343.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.hr skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hs skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/wintems.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip ZIP: infected - 38 skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/down/46843.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/down/55703.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/down/81046.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/down/89234.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/down/90234.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.hr skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/hldrrr.exe-ren-226 Infected: Trojan-Downloader.Win32.Bagle.hr skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hs skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/srosa.sys-ren-220 Infected: Trojan-Downloader.Win32.Bagle.hs skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/wintems.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/wintems.exe-ren-223 Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip ZIP: infected - 11 skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/down/116265.exe Infected: Trojan-Downloader.Win32.Bagle.gi skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/down/116531.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/down/357625.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/down/43343.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/down/55093.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/down/90140.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.hr skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hs skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/wintems.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip ZIP: infected - 9 skipped
C:\avenger\backup.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hs skipped
C:\avenger\backup.zip/avenger/wintems.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Adm\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Adm\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\cert8.db Object is locked skipped
C:\Documents and Settings\Adm\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Adm\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\history.dat Object is locked skipped
C:\Documents and Settings\Adm\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\key3.db Object is locked skipped
C:\Documents and Settings\Adm\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\parent.lock Object is locked skipped
C:\Documents and Settings\Adm\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Adm\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Cronologia\History.IE5\MSHist012008011420080115\index.dat Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_1[2].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_1[4].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_1[5].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_1[6].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_2[3].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_2[4].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_2[5].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_2[6].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_2[8].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_2[9].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_3[10].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_3[11].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_3[2].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_3[4].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_3[5].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_3[6].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_3[7].jpg Infected: Trojan-Downloader.Win32.Bagle.gi skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_3[8].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_3[9].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC\b64_1[2].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC\b64_1[3].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC\b64_1[4].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC\b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC\b64_3[4].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR\b64_1[2].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR\b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR\b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR\b64_3[4].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR\b64_3[5].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR\b64_3[6].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR\b64_3[7].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_1[2].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_1[3].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_1[5].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_1[6].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_1[8].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_2[3].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_2[4].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_2[5].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_2[6].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_3[10].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_3[11].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_3[4].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_3[5].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_3[6].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_3[7].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_3[8].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_3[9].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Adm\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Adm\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\8DM7K52F\mun1_26_11_070[1].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\8DM7K52F\mun1_26_11_070[2].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\8DM7K52F\n2_21_09_07_0[1].exe Infected: Trojan.Win32.Agent.bsg skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\8HMN01Y7\mun1_26_11_070[1].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\LRPYCSKK\mun1_26_11_070[1].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe Infected: Trojan-Downloader.Win32.Bagle.hr skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Installer\{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}\PQBoot.exe Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\down\14654750.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\14668437.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\14668718.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\14668750.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\14684515.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\14752953.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\47062.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\47078.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\65734.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\84000.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\85796.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\89968.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\99656.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\emule completi\Free Parental Control 2.05.exe Infected: Trojan-Downloader.Win32.Bagle.hr skipped
D:\emule completi\Free Parental Control 2.05.zip/Free Parental Control 2.05.exe Infected: Trojan-Downloader.Win32.Bagle.hr skipped
D:\emule completi\Free Parental Control 2.05.zip ZIP: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Vediamo se si riesce a sterminare questo worm.Grazie.
Avatar utente
mitrandir
Senior Member
Senior Member
 
Messaggi: 187
Iscritto il: dom gen 13, 2008 12:10 pm
Località: Livorno

Messaggioda ste_95 » lun gen 14, 2008 8:52 pm

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\hldrrr.ex_
C:\avenger\backup-12.01.2008-10.37.16,43.zip
C:\avenger\backup.zip
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\8HMN01Y7\mun1_26_11_070[1].exe
D:\emule completi\Free Parental Control 2.05.zip

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\down
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\8DM7K52F

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32


Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda mitrandir » lun gen 14, 2008 10:30 pm

grazie per gli script.
di seguito c'è il rapporto di avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vxbnybqj

*******************

Script file located at: \??\C:\Documents and Settings\jqutpkal.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\windows\system32\drivers\hldrrr.exe deleted successfully.


File C:\WINDOWS\system32\drivers\hldrrr.ex_ not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc0000034

File C:\avenger\backup-12.01.2008-10.37.16,43.zip deleted successfully.
File C:\avenger\backup.zip deleted successfully.
File C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\8HMN01Y7\mun1_26_11_070[1].exe deleted successfully.
File D:\emule completi\Free Parental Control 2.05.zip deleted successfully.


Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Folder C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN deleted successfully.
Folder C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC deleted successfully.
Folder C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR deleted successfully.
Folder C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV deleted successfully.
Folder C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\8DM7K52F deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
mitrandir
Senior Member
Senior Member
 
Messaggi: 187
Iscritto il: dom gen 13, 2008 12:10 pm
Località: Livorno

Messaggioda ste_95 » mar gen 15, 2008 7:03 am

Direi che è andato bene.

Hai provato a reinstallare un antivirus?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda mitrandir » mar gen 15, 2008 7:32 am

Purtroppo non si è risolto niente.A questo punto ti informo dell'anomalia creatasi dopo il primo rinvenimento del virus, anomalia che speravo scomparisse con l'eliminazione del virus.
quando avvio il SO mi appare l'opzione di scelta di quale sistema operativo avviare, come se ne avessi due, se scelgo il primo mi appare la scritta:
impossibile avviare windws poichè il file seguente manca o è danneggiato:
<directory principale windows>\system 32\hal.dll
istallare di nuovo una copia del file.
Io, come da istruzioni, ho disattivato il processo di configurazione di ripristino.
ma ricordo che tempo fa , dietro istruzioni di un amico, installai il cd di windows per recuperare file persi così da avere due sistemi operativi.
Dovetti rivolgermi ad un tecnico per risolvere il problema.
Non vorrei che mi si fosse ripristinato il computer in quel frangente.
Puoi aiutarmi?
Avatar utente
mitrandir
Senior Member
Senior Member
 
Messaggi: 187
Iscritto il: dom gen 13, 2008 12:10 pm
Località: Livorno

Messaggioda ste_95 » mar gen 15, 2008 7:34 am

Lo script con Avenger è stato eseguito?

Riesci a entrare in Windows?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda mitrandir » mar gen 15, 2008 7:36 am

Si, scegliendo la seconda opzione riesco ad entrare.
Avatar utente
mitrandir
Senior Member
Senior Member
 
Messaggi: 187
Iscritto il: dom gen 13, 2008 12:10 pm
Località: Livorno

Messaggioda ste_95 » mar gen 15, 2008 1:47 pm

ste_95 ha scritto:Lo script con Avenger è stato eseguito?


??
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda mitrandir » mer gen 16, 2008 12:36 pm

Si, lo script da voi inviatomi è stato eseguito con avenger .
Avatar utente
mitrandir
Senior Member
Senior Member
 
Messaggi: 187
Iscritto il: dom gen 13, 2008 12:10 pm
Località: Livorno

Messaggioda ste_95 » mer gen 16, 2008 2:25 pm

Puoi effettuare una nuova scansione con kaspersky online?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda mitrandir » mer gen 16, 2008 7:45 pm

Si in questo momento sto eseguendo la scansione il che vuol dire che ci risentiremo domani.
Sono andato anche nell'utilità di sistema ed in HKeyLM e in HKeyCU per vedere gli esecutivi all'avvio di windows.
Come secutivi sospetti ho trovato sondman.exe e cftmon.exe.Conosci questi file?
inoltre è molto sospetto loscherzo che mi fa all'avio del SO quando vuole che scelga tra due opzioni di XP e se scelgo la prima mi dice :
impossibile avviare Windows poichè il seguente file è danneggiatoo manca. il file è questo:<directori principale windows>\system32\hal.dll
istallare di nuovo il file.
Se scelgo la seconda opzione di XP il SO si apre ma col Worm Bagle.
Cho cosa ne pensate?
Avatar utente
mitrandir
Senior Member
Senior Member
 
Messaggi: 187
Iscritto il: dom gen 13, 2008 12:10 pm
Località: Livorno

Messaggioda ste_95 » mer gen 16, 2008 7:56 pm

Bisognerebbe scoprire a cosa porta la prima voce, comunque il file hal.dll è un file indispensabile del kernel.

Suondman.exe è il file principale del driver audio, mentre per ctfmon.exe trovi informazioni qui:

http://www.MegaLab.it/2770
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda mitrandir » gio gen 17, 2008 11:43 am

Ho terminato la scansione con Kaspersky.Ecco di seguito il rapporto:
Infected Object Name Virus Name Last Action
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/100781.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/112703.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/112859.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/14664140.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/14713781.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/14747578.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/14900562.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/14937468.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/237546.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/269062.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/46843.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/48468.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/49562.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/49828.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/50828.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/50906.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/51359.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/52406.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/54640.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/56062.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/56500.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/57062.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/57531.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/58671.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/58703.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/61000.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/73921.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/80203.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/81109.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/82671.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/84203.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/84718.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/92640.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/95484.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/down/98343.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.hr skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hs skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip/avenger/wintems.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-10.37.16,43.zip ZIP: infected - 38 skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/down/46843.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/down/55703.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/down/81046.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/down/89234.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/down/90234.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.hr skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/hldrrr.exe-ren-226 Infected: Trojan-Downloader.Win32.Bagle.hr skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hs skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/srosa.sys-ren-220 Infected: Trojan-Downloader.Win32.Bagle.hs skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/wintems.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip/avenger/wintems.exe-ren-223 Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-12.01.2008-19.52.20,21.zip ZIP: infected - 11 skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/down/116265.exe Infected: Trojan-Downloader.Win32.Bagle.gi skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/down/116531.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/down/357625.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/down/43343.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/down/55093.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/down/90140.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.hr skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hs skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip/avenger/wintems.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-13.01.2008-11.59.53,81.zip ZIP: infected - 9 skipped
C:\avenger\backup-14.01.2008-22.04.52,51.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hs skipped
C:\avenger\backup-14.01.2008-22.04.52,51.zip/avenger/wintems.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-14.01.2008-22.04.52,51.zip ZIP: infected - 2 skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_1[2].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_1[4].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_1[5].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_1[6].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_2[3].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_2[4].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_2[5].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_2[6].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_2[8].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_2[9].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_3[10].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_3[11].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_3[12].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_3[4].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_3[5].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_3[6].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_3[7].jpg Infected: Trojan-Downloader.Win32.Bagle.gi skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_3[8].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/49Q7K1AN/b64_3[9].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4EF5OOXC/b64_1[2].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4EF5OOXC/b64_1[3].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4EF5OOXC/b64_1[4].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4EF5OOXC/b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4EF5OOXC/b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4EF5OOXC/b64_2[3].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4EF5OOXC/b64_2[4].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4EF5OOXC/b64_2[5].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4EF5OOXC/b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4EF5OOXC/b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4EF5OOXC/b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4EF5OOXC/b64_3[4].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4H2VW9YR/b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4H2VW9YR/b64_1[2].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4H2VW9YR/b64_1[3].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4H2VW9YR/b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4H2VW9YR/b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4H2VW9YR/b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4H2VW9YR/b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4H2VW9YR/b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4H2VW9YR/b64_3[4].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4H2VW9YR/b64_3[5].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4H2VW9YR/b64_3[6].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4H2VW9YR/b64_3[7].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/4H2VW9YR/b64_3[8].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8DM7K52F/mun1_26_11_070[1].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8DM7K52F/mun1_26_11_070[2].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8DM7K52F/n2_21_09_07_0[1].exe Infected: Trojan.Win32.Agent.bsg skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_1[2].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_1[3].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_1[5].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_1[6].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_1[8].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_2[3].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_2[4].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_2[5].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_2[6].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_3[10].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_3[11].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_3[4].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_3[5].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_3[6].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_3[7].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_3[8].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/8LYVCHUV/b64_3[9].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/14654750.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/14668437.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/14668718.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/14668750.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/14684515.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/14741078.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/14749593.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/14752953.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/14771218.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/14780359.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/29489031.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/29509703.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/29516859.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/29535703.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/44261265.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/44317515.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/44320437.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/47062.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/47078.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/48173359.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/65734.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/84000.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/85796.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/89968.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/down/99656.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.hr skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/mun1_26_11_070[1].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hs skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/wintems.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/Free Parental Control 2.05.zip/Free Parental Control 2.05.exe Infected: Trojan-Downloader.Win32.Bagle.hr skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip/avenger/Free Parental Control 2.05.zip Infected: Trojan-Downloader.Win32.Bagle.hr skipped
C:\avenger\backup-15.01.2008-13.06.39,32.zip ZIP: infected - 107 skipped
C:\avenger\backup.zip/avenger/49Q7K1AN/b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup.zip/avenger/49Q7K1AN/b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup.zip/avenger/49Q7K1AN/b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/49Q7K1AN/b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/49Q7K1AN/b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/49Q7K1AN/b64_3[4].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/4EF5OOXC/b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup.zip/avenger/4EF5OOXC/b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/4EF5OOXC/b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/4EF5OOXC/b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/4H2VW9YR/b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup.zip/avenger/4H2VW9YR/b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup.zip/avenger/4H2VW9YR/b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup.zip/avenger/4H2VW9YR/b64_2[3].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup.zip/avenger/4H2VW9YR/b64_2[4].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup.zip/avenger/4H2VW9YR/b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/4H2VW9YR/b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/8LYVCHUV/b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\avenger\backup.zip/avenger/8LYVCHUV/b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup.zip/avenger/8LYVCHUV/b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/8LYVCHUV/b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/8LYVCHUV/b64_3[4].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/down/100781.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/down/120781.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/down/135875.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/down/147234.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/down/48140.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/down/48265.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/down/54750.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/down/57203.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/down/66953.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/down/80531.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/down/85359.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/down/85968.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/down/87468.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/down/88015.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.hr skipped
C:\avenger\backup.zip/avenger/hldrrr.exe-ren-221 Infected: Trojan-Downloader.Win32.Bagle.hr skipped
C:\avenger\backup.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hs skipped
C:\avenger\backup.zip/avenger/srosa.sys-ren-216 Infected: Trojan-Downloader.Win32.Bagle.hs skipped
C:\avenger\backup.zip/avenger/wintems.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip/avenger/wintems.exe-ren-218 Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup.zip ZIP: infected - 42 skipped
C:\Documents and Settings\Adm\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Adm\Dati applicazioni\Microsoft\Modelli\Normal.dot Object is locked skipped
C:\Documents and Settings\Adm\Dati applicazioni\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\Adm\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\cert8.db Object is locked skipped
C:\Documents and Settings\Adm\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Adm\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\history.dat Object is locked skipped
C:\Documents and Settings\Adm\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\key3.db Object is locked skipped
C:\Documents and Settings\Adm\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\parent.lock Object is locked skipped
C:\Documents and Settings\Adm\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Adm\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Dati applicazioni\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Dati applicazioni\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\6tn6nqmc.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temp\~DFE354.tmp Object is locked skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_3[4].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_3[5].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN\b64_3[6].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC\b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC\b64_3[4].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR\b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Adm\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Adm\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\C52J89QB\mun1_26_11_070[1].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\C52J89QB\mun1_26_11_070[2].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\C52J89QB\mun1_26_11_070[3].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\C52J89QB\mun1_26_11_070[4].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\C52J89QB\mun1_26_11_070[5].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\C52J89QB\mun1_26_11_070[6].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\C52J89QB\mun1_26_11_070[7].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\C52J89QB\mun1_26_11_070[8].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\C52J89QB\mun1_26_11_070[9].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\LRPYCSKK\mun1_26_11_070[1].exe Infected: Backdoor.Win32.Agent.dbo skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe Infected: Trojan-Downloader.Win32.Bagle.hr skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Installer\{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}\PQBoot.exe Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\down\100625.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\14635187.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\14684593.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\14703390.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\14742078.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\45500.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\45562.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\48031.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\54109.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\63562.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\63593.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\69531.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\80140.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\82468.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\83531.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\86312.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\91593.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\93468.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\94468.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\emule completi\audio 2\Alagna\Credo Roberto Alagna.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped
D:\emule completi\audio 2\Alagna\Credo Roberto Alagna.zip ZIP: infected - 1 skipped
D:\emule completi\Free Parental Control 2.05.exe Infected: Trojan-Downloader.Win32.Bagle.hr skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{E73F5012-941F-40E5-9A08-7975B70723CC}\RP211\A0698475.exe/WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
H:\System Volume Information\_restore{E73F5012-941F-40E5-9A08-7975B70723CC}\RP211\A0698475.exe WiseSFX: infected - 1 skipped
H:\System Volume Information\_restore{E73F5012-941F-40E5-9A08-7975B70723CC}\RP211\A0698475.exe WiseSFXDropper: infected - 1 skipped
H:\System Volume Information\_restore{E73F5012-941F-40E5-9A08-7975B70723CC}\RP216\A0713334.exe/WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
H:\System Volume Information\_restore{E73F5012-941F-40E5-9A08-7975B70723CC}\RP216\A0713334.exe WiseSFX: infected - 1 skipped
H:\System Volume Information\_restore{E73F5012-941F-40E5-9A08-7975B70723CC}\RP216\A0713334.exe WiseSFXDropper: infected - 1 skipped
Scan process completed.

Speriamo di toglierci dalle grinfie di questo Worm. Grazie.
Avatar utente
mitrandir
Senior Member
Senior Member
 
Messaggi: 187
Iscritto il: dom gen 13, 2008 12:10 pm
Località: Livorno

Messaggioda ste_95 » gio gen 17, 2008 11:50 am

Disattiva il ripristino configurazione di sistema.

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\hldrrr.ex_
C:\WINDOWS\system32\mdelk.exe
C:\avenger\backup-12.01.2008-10.37.16,43.zip
C:\avenger\backup-12.01.2008-19.52.20,21.zip
C:\avenger\backup-13.01.2008-11.59.53,81.zip
C:\avenger\backup-14.01.2008-22.04.52,51.zip
C:\avenger\backup-15.01.2008-13.06.39,32.zip
C:\avenger\backup.zip
D:\emule completi\audio 2\Alagna\Credo Roberto Alagna.zip
D:\emule completi\Free Parental Control 2.05.exe

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\down
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR
C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\C52J89QB
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\LRPYCSKK

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32


Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda mitrandir » gio gen 17, 2008 12:08 pm

Ecco di seguito il rapporto di avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ajjayxgq

*******************

Script file located at: \??\C:\Documents and Settings\oocsqlyu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\windows\system32\drivers\hldrrr.exe deleted successfully.


File C:\WINDOWS\system32\drivers\hldrrr.ex_ not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc0000034

File C:\WINDOWS\system32\mdelk.exe deleted successfully.
File C:\avenger\backup-12.01.2008-10.37.16,43.zip deleted successfully.
File C:\avenger\backup-12.01.2008-19.52.20,21.zip deleted successfully.
File C:\avenger\backup-13.01.2008-11.59.53,81.zip deleted successfully.
File C:\avenger\backup-14.01.2008-22.04.52,51.zip deleted successfully.
File C:\avenger\backup-15.01.2008-13.06.39,32.zip deleted successfully.
File C:\avenger\backup.zip deleted successfully.
File D:\emule completi\audio 2\Alagna\Credo Roberto Alagna.zip deleted successfully.
File D:\emule completi\Free Parental Control 2.05.exe deleted successfully.


Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Folder C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\49Q7K1AN deleted successfully.
Folder C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4EF5OOXC deleted successfully.
Folder C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\4H2VW9YR deleted successfully.
Folder C:\Documents and Settings\Adm\Impostazioni locali\Temporary Internet Files\Content.IE5\8LYVCHUV deleted successfully.
Folder C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\C52J89QB deleted successfully.
Folder C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\LRPYCSKK deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
mitrandir
Senior Member
Senior Member
 
Messaggi: 187
Iscritto il: dom gen 13, 2008 12:10 pm
Località: Livorno

Messaggioda ste_95 » gio gen 17, 2008 12:16 pm

Dovrebbe essere tutto a posto,prova a reinstallare un antivirus.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 23 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising