www.MegaLab.it

da **Saddy4** » mar gen 06, 2009 3:03 pm

provo a recuperare quello che credo sia alla base dell'infezione, ho due ipotesi e posso provare a recuperarle ma non posso garantire che fra le mie due ipotesi ci sia quella che mi ha infettato...e sopratutto spero di riuscire a recuperarle perché le avevo eliminate per tentare di ripulire il pc.

da **ambra8891** » mer gen 07, 2009 7:07 pm

non sto più nella pelle e vi scrivo anche se in realtà non ho ancora finito il "lavoro".
la soluzione che pare essersi dimostrata la più efficace è stata fare un boot da cd con kaspersky rescue cd, anche se ci son volute 14 ore per una scansione!
non sono riuscita ad aggiornare il programma come da guida, ma è partito lo stesso.

ora ho potuto notare che i siti sono tornati ok e tutti navigabili, sono riuscita a far partire malwarebytes e sto facendo una scansione (per ora ha trovato 1 file infetto)

questo è il report di kaspersky, spero possa essere utile:

Scansione: completato 07/01/09 12:29 (eventi: , oggetti: 437682, time: 22:51:02)
06/01/09 13:08 Attività interrotta
06/01/09 13:03 Operazione avviata
Scansione: completato 07/01/09 12:29 (eventi: , oggetti: 437682, time: 22:51:02)
07/01/09 12:29 Attività completata
06/01/09 20:19 Eliminati: Trojan.Win32.Agent.arvz /discs/C:/WINDOWS/Temp/TDSSab6d.tmp
06/01/09 20:19 Eliminati: Backdoor.Win32.TDSS.atb /discs/C:/WINDOWS/Temp/TDSSa42a.tmp
06/01/09 20:18 Eliminati: Backdoor.Win32.TDSS.asz /discs/C:/WINDOWS/Temp/TDSS9d83.tmp
06/01/09 20:18 Rilevato: Trojan.Win32.Agent.arvz /discs/C:/WINDOWS/Temp/TDSSab6d.tmp
06/01/09 20:18 Eliminati: Backdoor.Win32.TDSS.bkw /discs/C:/WINDOWS/Temp/TDSS90a2.tmp
06/01/09 20:18 Rilevato: Backdoor.Win32.TDSS.atb /discs/C:/WINDOWS/Temp/TDSSa42a.tmp
06/01/09 20:18 Eliminati: Backdoor.Win32.TDSS.blh /discs/C:/WINDOWS/Temp/TDSS9797.tmp
06/01/09 20:18 Rilevato: Backdoor.Win32.TDSS.asz /discs/C:/WINDOWS/Temp/TDSS9d83.tmp
06/01/09 20:18 Rilevato: Backdoor.Win32.TDSS.blh /discs/C:/WINDOWS/Temp/TDSS9797.tmp
06/01/09 20:18 Rilevato: Backdoor.Win32.TDSS.bkw /discs/C:/WINDOWS/Temp/TDSS90a2.tmp
06/01/09 19:08 Eliminati: Backdoor.Win32.TDSS.bkw /discs/C:/WINDOWS/system32/drivers/TDSSpaxt.sys
06/01/09 19:08 Rilevato: Backdoor.Win32.TDSS.bkw /discs/C:/WINDOWS/system32/drivers/TDSSpaxt.sys
06/01/09 18:46 Eliminati: Trojan.Win32.Pakes.jyv /discs/C:/WINDOWS/system32/NeroCheck.exe424750332
06/01/09 18:46 Rilevato: Trojan.Win32.Pakes.jyv /discs/C:/WINDOWS/system32/NeroCheck.exe424750332/PE_Patch.UPX/UPX
06/01/09 18:42 Eliminati: Trojan.Win32.Pakes.jyv /discs/C:/WINDOWS/system32/keyhook.exe2792056758
06/01/09 18:42 Rilevato: Trojan.Win32.Pakes.jyv /discs/C:/WINDOWS/system32/keyhook.exe2792056758/PE_Patch.UPX/UPX
06/01/09 18:40 Eliminati: Trojan.Win32.Pakes.jyv /discs/C:/WINDOWS/system32/sistray.EXE925112923
06/01/09 18:40 Rilevato: Trojan.Win32.Pakes.jyv /discs/C:/WINDOWS/system32/sistray.EXE925112923/PE_Patch.UPX/UPX
06/01/09 18:36 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/WINDOWS/system32/wintems.exe
06/01/09 18:36 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/WINDOWS/system32/wintems.exe
06/01/09 18:36 Eliminati: Backdoor.Win32.TDSS.atb /discs/C:/WINDOWS/system32/TDSSriqp.dll
06/01/09 18:36 Eliminati: Backdoor.Win32.TDSS.blh /discs/C:/WINDOWS/system32/TDSSofxh.dll
06/01/09 18:36 Eliminati: Backdoor.Win32.TDSS.asz /discs/C:/WINDOWS/system32/TDSSnrsr.dll
06/01/09 18:36 Rilevato: Backdoor.Win32.TDSS.atb /discs/C:/WINDOWS/system32/TDSSriqp.dll
06/01/09 18:36 Rilevato: Backdoor.Win32.TDSS.blh /discs/C:/WINDOWS/system32/TDSSofxh.dll
06/01/09 18:36 Rilevato: Backdoor.Win32.TDSS.asz /discs/C:/WINDOWS/system32/TDSSnrsr.dll
06/01/09 18:35 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/WINDOWS/system32/mdelk.exe
06/01/09 18:35 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/WINDOWS/system32/mdelk.exe
06/01/09 18:20 Eliminati: Trojan.Win32.Pakes.jyv /discs/C:/WINDOWS/SiSUSBrg.exe3711034300
06/01/09 18:20 Rilevato: Trojan.Win32.Pakes.jyv /discs/C:/WINDOWS/SiSUSBrg.exe3711034300/PE_Patch.UPX/UPX
06/01/09 16:49 Eliminati: not-a-virus:AdWare.Win32.Agent.hpk /discs/C:/Programmi/MessengerSkinner/uninst.exe
06/01/09 16:49 Rilevato: not-a-virus:AdWare.Win32.Agent.hpk /discs/C:/Programmi/MessengerSkinner/uninst.exe
06/01/09 16:19 Eliminati: Trojan.Win32.Pakes.jyv /discs/C:/Programmi/File comuni/Ulead Systems/Autodetector/monitor.exe1479355904
06/01/09 16:19 Rilevato: Trojan.Win32.Pakes.jyv /discs/C:/Programmi/File comuni/Ulead Systems/Autodetector/monitor.exe1479355904/PE_Patch.UPX/UPX
06/01/09 16:00 Eliminati: Trojan.Win32.Pakes.jyv /discs/C:/Programmi/Sony/SonicStage/SsAAD.exe286042420
06/01/09 16:00 Eliminati: Trojan.Win32.Pakes.jyv /discs/C:/Programmi/Sony/SonicStage/SsAAD.exe1218489874
06/01/09 16:00 Rilevato: Trojan.Win32.Pakes.jyv /discs/C:/Programmi/Sony/SonicStage/SsAAD.exe286042420/PE_Patch.UPX/UPX
06/01/09 16:00 Rilevato: Trojan.Win32.Pakes.jyv /discs/C:/Programmi/Sony/SonicStage/SsAAD.exe1218489874/PE_Patch.UPX/UPX
06/01/09 15:43 Eliminati: Trojan.Win32.Pakes.jyv /discs/C:/Programmi/Nero/InCD/InCD.exe1856974315
06/01/09 15:43 Rilevato: Trojan.Win32.Pakes.jyv /discs/C:/Programmi/Nero/InCD/InCD.exe1856974315/PE_Patch.UPX/UPX
06/01/09 14:50 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_3[2].jpg
06/01/09 14:50 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_3[2].jpg
06/01/09 14:50 Eliminati: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_2[3].jpg
06/01/09 14:50 Eliminati: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_2[2].jpg
06/01/09 14:50 Rilevato: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_2[3].jpg
06/01/09 14:50 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_3[1].jpg
06/01/09 14:50 Rilevato: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_2[2].jpg
06/01/09 14:50 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_3[1].jpg
06/01/09 14:50 Eliminati: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_2[1].jpg
06/01/09 14:49 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_1[4].jpg
06/01/09 14:49 Rilevato: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_2[1].jpg
06/01/09 14:49 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_1[2].jpg
06/01/09 14:49 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_1[3].jpg
06/01/09 14:49 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_1[4].jpg
06/01/09 14:49 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_1[1].jpg
06/01/09 14:49 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_1[3].jpg
06/01/09 14:49 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64[3].jpg
06/01/09 14:49 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_1[2].jpg
06/01/09 14:49 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64[2].jpg
06/01/09 14:49 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_1[1].jpg
06/01/09 14:49 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64[1].jpg
06/01/09 14:49 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64[3].jpg
06/01/09 14:49 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64[2].jpg
06/01/09 14:49 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64[1].jpg
06/01/09 14:48 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_3[4].jpg
06/01/09 14:48 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_3[3].jpg
06/01/09 14:48 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_3[4].jpg
06/01/09 14:48 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/IF1TKHPG/b64_3[3].jpg
06/01/09 14:48 Eliminati: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/FY2FGVGR/b64_2[3].jpg
06/01/09 14:48 Rilevato: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/FY2FGVGR/b64_2[3].jpg
06/01/09 14:48 Eliminati: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/FY2FGVGR/b64_2[2].jpg
06/01/09 14:48 Rilevato: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/FY2FGVGR/b64_2[2].jpg
06/01/09 14:48 Eliminati: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/FY2FGVGR/b64_2[1].jpg
06/01/09 14:48 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/FY2FGVGR/b64_1[4].jpg
06/01/09 14:48 Rilevato: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/FY2FGVGR/b64_2[1].jpg
06/01/09 14:48 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/FY2FGVGR/b64_1[3].jpg
06/01/09 14:48 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/FY2FGVGR/b64_1[1].jpg
06/01/09 14:48 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/FY2FGVGR/b64_1[4].jpg
06/01/09 14:48 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/FY2FGVGR/b64_1[2].jpg
06/01/09 14:48 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/FY2FGVGR/b64_1[3].jpg
06/01/09 14:48 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/FY2FGVGR/b64[1].jpg
06/01/09 14:48 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/FY2FGVGR/b64_1[2].jpg
06/01/09 14:48 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/FY2FGVGR/b64_1[1].jpg
06/01/09 14:48 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/FY2FGVGR/b64[1].jpg
06/01/09 14:47 Eliminati: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_2[3].jpg
06/01/09 14:47 Rilevato: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_2[3].jpg
06/01/09 14:47 Eliminati: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_2[2].jpg
06/01/09 14:47 Rilevato: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_2[2].jpg
06/01/09 14:47 Eliminati: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_2[1].jpg
06/01/09 14:47 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_1[5].jpg
06/01/09 14:47 Rilevato: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_2[1].jpg
06/01/09 14:47 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_1[4].jpg
06/01/09 14:47 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_1[3].jpg
06/01/09 14:47 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_1[5].jpg
06/01/09 14:47 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_1[2].jpg
06/01/09 14:46 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_1[4].jpg
06/01/09 14:46 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_1[1].jpg
06/01/09 14:46 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_1[3].jpg
06/01/09 14:46 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64[1].jpg
06/01/09 14:46 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_1[2].jpg
06/01/09 14:46 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_3[2].jpg
06/01/09 14:46 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_1[1].jpg
06/01/09 14:46 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64[1].jpg
06/01/09 14:46 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_3[3].jpg
06/01/09 14:46 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_3[1].jpg
06/01/09 14:46 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_3[3].jpg
06/01/09 14:46 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_3[2].jpg
06/01/09 14:46 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/40OE83A0/b64_3[1].jpg
06/01/09 14:45 Eliminati: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/1N3BUDNT/b64_2[3].jpg
06/01/09 14:45 Eliminati: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/1N3BUDNT/b64_2[1].jpg
06/01/09 14:45 Rilevato: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/1N3BUDNT/b64_2[3].jpg
06/01/09 14:45 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/1N3BUDNT/b64_3[3].jpg
06/01/09 14:45 Rilevato: Email-Worm.Win32.Bagle.majc /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/1N3BUDNT/b64_2[1].jpg
06/01/09 14:45 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/1N3BUDNT/b64_3[3].jpg
06/01/09 14:45 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/1N3BUDNT/b64_3[1].jpg
06/01/09 14:45 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/1N3BUDNT/b64_3[1].jpg
06/01/09 14:45 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/1N3BUDNT/b64_1[2].jpg
06/01/09 14:45 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/1N3BUDNT/b64_1[1].jpg
06/01/09 14:45 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/1N3BUDNT/b64[2].jpg
06/01/09 14:45 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/1N3BUDNT/b64_1[2].jpg
06/01/09 14:45 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/1N3BUDNT/b64[1].jpg
06/01/09 14:45 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/1N3BUDNT/b64_1[1].jpg
06/01/09 14:45 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/1N3BUDNT/b64[2].jpg
06/01/09 14:45 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temporary Internet Files/Content.IE5/1N3BUDNT/b64[1].jpg
06/01/09 14:34 Rilevato: Trojan.Win32.Patched.dy /discs/C:/Documents and Settings/Ambra/Impostazioni locali/Temp/TDSS97dc.tmp
06/01/09 14:06 Eliminati: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/9/418abd09-1ec04410/javajava/Java.class
06/01/09 14:06 Rilevato: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/9/418abd09-1ec04410/javajava/Java.class
06/01/09 14:06 Eliminati: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/9/1a91d949-7d556457/javajava/Java.class
06/01/09 14:06 Eliminati: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/7/38b16187-288be8b6/javajava/Java.class
06/01/09 14:06 Rilevato: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/9/1a91d949-7d556457/javajava/Java.class
06/01/09 14:06 Rilevato: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/7/38b16187-288be8b6/javajava/Java.class
06/01/09 14:05 Eliminati: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/6/74352706-1207510c/javajava/Java.class
06/01/09 14:05 Rilevato: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/6/74352706-1207510c/javajava/Java.class
06/01/09 14:05 Eliminati: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/6/4571ed06-40a42a4c/javajava/Java.class
06/01/09 14:05 Rilevato: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/6/4571ed06-40a42a4c/javajava/Java.class
06/01/09 14:05 Eliminati: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/6/2f8b7406-14b0fad0/javajava/Java.class
06/01/09 14:05 Rilevato: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/6/2f8b7406-14b0fad0/javajava/Java.class
06/01/09 14:05 Eliminati: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/58/77e451ba-6aaabb3a/javajava/Java.class
06/01/09 14:05 Rilevato: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/58/77e451ba-6aaabb3a/javajava/Java.class
06/01/09 14:05 Eliminati: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/58/3d9c25fa-4d367e7a/javajava/Java.class
06/01/09 14:05 Rilevato: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/58/3d9c25fa-4d367e7a/javajava/Java.class
06/01/09 14:05 Eliminati: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/57/1f0ecff9-65f0e12c/javajava/Java.class
06/01/09 14:05 Rilevato: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/57/1f0ecff9-65f0e12c/javajava/Java.class
06/01/09 14:05 Eliminati: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/54/65e79af6-25aa6eee/javajava/Java.class
06/01/09 14:05 Rilevato: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/54/65e79af6-25aa6eee/javajava/Java.class
06/01/09 14:05 Eliminati: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/54/2a9351b6-6ec9d10e/javajava/Java.class
06/01/09 14:05 Rilevato: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/54/2a9351b6-6ec9d10e/javajava/Java.class
06/01/09 14:05 Eliminati: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/52/5b7e1634-23f24acc/javajava/Java.class
06/01/09 14:05 Rilevato: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/52/5b7e1634-23f24acc/javajava/Java.class
06/01/09 14:04 Eliminati: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/46/7550aa2e-25d31874/javajava/Java.class
06/01/09 14:04 Rilevato: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/46/7550aa2e-25d31874/javajava/Java.class
06/01/09 14:04 Eliminati: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/43/19e6ceeb-6d9afb06/javajava/Java.class
06/01/09 14:04 Rilevato: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/43/19e6ceeb-6d9afb06/javajava/Java.class
06/01/09 14:04 Eliminati: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/42/1a224f2a-1de195fe.VIR/javajava/Java.class
06/01/09 14:04 Rilevato: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/42/1a224f2a-1de195fe.VIR/javajava/Java.class
06/01/09 14:03 Eliminati: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/5/df03d85-17d267c3/javajava/Java.class
06/01/09 14:03 Rilevato: Trojan-Downloader.Java.OpenConnection.aq /discs/C:/Documents and Settings/Ambra/Dati applicazioni/Sun/Java/Deployment/cache/6.0/5/df03d85-17d267c3/javajava/Java.class
06/01/09 13:59 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Dati applicazioni/m/flec006.exe
06/01/09 13:59 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/343687.exe
06/01/09 13:59 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Dati applicazioni/m/flec006.exe
06/01/09 13:59 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/343687.exe
06/01/09 13:59 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/310328.exe
06/01/09 13:59 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/310328.exe
06/01/09 13:59 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/29914093.exe
06/01/09 13:59 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/29914093.exe
06/01/09 13:59 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/29871578.exe
06/01/09 13:59 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/29871578.exe
06/01/09 13:59 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/232921.exe
06/01/09 13:59 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/196640.exe
06/01/09 13:59 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/232921.exe
06/01/09 13:59 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/191375.exe
06/01/09 13:59 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/196640.exe
06/01/09 13:59 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/15171515.exe
06/01/09 13:59 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/191375.exe
06/01/09 13:59 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/15171515.exe
06/01/09 13:59 Eliminati: Trojan-Downloader.Win32.Bagle.afm /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/srosa.sys
06/01/09 13:59 Rilevato: Trojan-Downloader.Win32.Bagle.afm /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/srosa.sys
06/01/09 13:59 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/452500.exe
06/01/09 13:59 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/452500.exe
06/01/09 13:59 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/449359.exe
06/01/09 13:59 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/449359.exe
06/01/09 13:59 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/149875.exe
06/01/09 13:59 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/149875.exe
06/01/09 13:59 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/14942000.exe
06/01/09 13:58 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/14942000.exe
06/01/09 13:58 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/131125.exe
06/01/09 13:58 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/Documents and Settings/Ambra/Dati applicazioni/drivers/downld/131125.exe
06/01/09 13:57 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/wintems.exe
06/01/09 13:57 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/wintems.exe
06/01/09 13:57 Eliminati: Trojan-Downloader.Win32.Bagle.afm /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/srosa.sys
06/01/09 13:57 Rilevato: Trojan-Downloader.Win32.Bagle.afm /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/srosa.sys
06/01/09 13:56 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/mdelk.exe
06/01/09 13:56 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/mdelk.exe
06/01/09 13:55 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/flec006.exe
06/01/09 13:55 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/flec006.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.majc /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/7925968.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.majc /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/7925968.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/7605953.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/7605953.exe
06/01/09 13:54 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/7430546.exe
06/01/09 13:54 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/7430546.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/7279312.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/7279312.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/7079656.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/7079656.exe
06/01/09 13:54 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/61680437.exe
06/01/09 13:54 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/61680437.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/61558671.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/61558671.exe
06/01/09 13:54 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/61393906.exe
06/01/09 13:54 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/61393906.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/61345359.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/61345359.exe
06/01/09 13:54 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/606734.exe
06/01/09 13:54 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/606734.exe
06/01/09 13:54 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/4682953.exe
06/01/09 13:54 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/4682953.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.majc /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/459937.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.majc /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/459937.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup.zip/avenger/wintems.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup.zip/avenger/wintems.exe
06/01/09 13:54 Eliminati: Trojan-Downloader.Win32.Bagle.afm /discs/C:/avenger/backup.zip/avenger/srosa.sys
06/01/09 13:54 Rilevato: Trojan-Downloader.Win32.Bagle.afm /discs/C:/avenger/backup.zip/avenger/srosa.sys
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/448062.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/448062.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/4431093.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/4431093.exe
06/01/09 13:54 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/4369203.exe
06/01/09 13:54 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/4369203.exe
06/01/09 13:54 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/421812.exe
06/01/09 13:54 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/421812.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/389453.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/389453.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/299687.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/299687.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/262375.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/262375.exe
06/01/09 13:54 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/259953.exe
06/01/09 13:54 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/259953.exe
06/01/09 13:54 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/219875.exe
06/01/09 13:54 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/219875.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/205546.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/205546.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/168375.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/168375.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/15357375.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/15357375.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/15098828.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup.zip/avenger/mdelk.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/15098828.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup.zip/avenger/mdelk.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup.zip/avenger/flec006.exe
06/01/09 13:54 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup.zip/avenger/flec006.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup.zip/avenger/backup/avenger/flec006.exe
06/01/09 13:54 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/1034218.exe
06/01/09 13:52 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup.zip/avenger/backup/avenger/flec006.exe
06/01/09 13:52 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/wintems.exe
06/01/09 13:52 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/wintems.exe
06/01/09 13:52 Eliminati: Trojan-Downloader.Win32.Bagle.afm /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/srosa.sys
06/01/09 13:52 Rilevato: Trojan-Downloader.Win32.Bagle.afm /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/srosa.sys
06/01/09 13:52 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/mdelk.exe
06/01/09 13:52 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/mdelk.exe
06/01/09 13:52 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/flec006.exe
06/01/09 13:52 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/flec006.exe
06/01/09 13:52 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/flec006.exe
06/01/09 13:52 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/flec006.exe
06/01/09 13:52 Eliminati: Email-Worm.Win32.Bagle.majc /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/7925968.exe
06/01/09 13:52 Rilevato: Email-Worm.Win32.Bagle.majc /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/7925968.exe
06/01/09 13:52 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/7605953.exe
06/01/09 13:52 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/7605953.exe
06/01/09 13:52 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/7430546.exe
06/01/09 13:52 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/7430546.exe
06/01/09 13:52 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/7279312.exe
06/01/09 13:52 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/7279312.exe
06/01/09 13:52 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/7079656.exe
06/01/09 13:52 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/7079656.exe
06/01/09 13:51 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/61680437.exe
06/01/09 13:51 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/61680437.exe
06/01/09 13:51 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/61558671.exe
06/01/09 13:51 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/61558671.exe
06/01/09 13:51 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/61393906.exe
06/01/09 13:51 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/61393906.exe
06/01/09 13:51 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/61345359.exe
06/01/09 13:51 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/61345359.exe
06/01/09 13:51 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/606734.exe
06/01/09 13:51 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/606734.exe
06/01/09 13:51 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/4682953.exe
06/01/09 13:51 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/4682953.exe
06/01/09 13:51 Eliminati: Email-Worm.Win32.Bagle.majc /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/459937.exe
06/01/09 13:51 Rilevato: Email-Worm.Win32.Bagle.majc /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/459937.exe
06/01/09 13:51 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/448062.exe
06/01/09 13:51 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/448062.exe
06/01/09 13:51 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/4431093.exe
06/01/09 13:51 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/4431093.exe
06/01/09 13:51 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/4369203.exe
06/01/09 13:51 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/4369203.exe
06/01/09 13:51 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/421812.exe
06/01/09 13:51 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/421812.exe
06/01/09 13:51 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/389453.exe
06/01/09 13:51 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/389453.exe
06/01/09 13:51 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/299687.exe
06/01/09 13:51 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/299687.exe
06/01/09 13:51 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/262375.exe
06/01/09 13:51 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/262375.exe
06/01/09 13:51 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/259953.exe
06/01/09 13:51 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/259953.exe
06/01/09 13:51 Eliminati: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/219875.exe
06/01/09 13:51 Rilevato: Trojan-PSW.Win32.Agent.lfr /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/219875.exe
06/01/09 13:51 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/205546.exe
06/01/09 13:51 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/205546.exe
06/01/09 13:51 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/168375.exe
06/01/09 13:51 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/168375.exe
06/01/09 13:51 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/15357375.exe
06/01/09 13:51 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/15357375.exe
06/01/09 13:51 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/15098828.exe
06/01/09 13:51 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/15098828.exe
06/01/09 13:51 Eliminati: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/1034218.exe
06/01/09 13:50 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-15.55.30,09.zip/avenger/drivers/downld/1034218.exe
06/01/09 13:50 Rilevato: Email-Worm.Win32.Bagle.of /discs/C:/avenger/backup-04.01.09-17.00.24,51.zip/avenger/backup/avenger/drivers/downld/1034218.exe
06/01/09 13:38 Operazione avviata

l'unica cosa che non va bene è il ripristino dei servizi:
- windows defender mi dà l'errore 1053: il servizio non ha risposto alla richiesta di avvio o controllo nel tempo determinato
- avvisi mi dà errore 1079 (account diverso da quello per altri servizi...)

devo dire che comunque ora sono molto più sollevata..

spero di dare presto una risposta definitiva..

da **ambra8891** » mer gen 07, 2009 9:00 pm

Ho finito anche la scansione con malwarebytes e questi sono i file che sono stati eliminati

Malwarebytes' Anti-Malware 1.31
Versione del database: 1456
Windows 5.1.2600 Service Pack 2

07/01/09 8.55.54
mbam-log-2009-01-07 (20-55-31).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 115507
Tempo trascorso: 1 hour(s), 3 minute(s), 26 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 6
Valori di registro infetti: 1
Elementi dato del registro infetti: 0
Cartelle infette: 4
File infetti: 29

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sk9ou0s (Worm.Bagel) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sk9ou0s (Worm.Bagel) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Worm.Bagel) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Programmi\MessengerSkinner (Rogue.MessengerSkinner) -> No action taken.
C:\Programmi\MessengerSkinner\download (Rogue.MessengerSkinner) -> No action taken.
C:\Programmi\MessengerSkinner\resources (Rogue.MessengerSkinner) -> No action taken.
C:\Documents and Settings\Ambra\Dati applicazioni\m (Trojan.Agent) -> No action taken.

File infetti:
C:\Documents and Settings\Ambra\Dati applicazioni\drivers\srosa2.sys (Worm.Bagel) -> No action taken.
C:\Programmi\MessengerSkinner\download\defaultPack.cab (Rogue.MessengerSkinner) -> No action taken.
C:\Programmi\MessengerSkinner\resources\appconfig.xml (Rogue.MessengerSkinner) -> No action taken.
C:\Programmi\MessengerSkinner\resources\btn.rgn (Rogue.MessengerSkinner) -> No action taken.
C:\Programmi\MessengerSkinner\resources\btnBnr.rgn (Rogue.MessengerSkinner) -> No action taken.
C:\Programmi\MessengerSkinner\resources\btnIn.rgn (Rogue.MessengerSkinner) -> No action taken.
C:\Programmi\MessengerSkinner\resources\btnInNormal.bmp (Rogue.MessengerSkinner) -> No action taken.
C:\Programmi\MessengerSkinner\resources\btnInOver.bmp (Rogue.MessengerSkinner) -> No action taken.
C:\Programmi\MessengerSkinner\resources\btnNormal.bmp (Rogue.MessengerSkinner) -> No action taken.
C:\Programmi\MessengerSkinner\resources\btnNormal.gif (Rogue.MessengerSkinner) -> No action taken.
C:\Programmi\MessengerSkinner\resources\btnNormalBnr.bmp (Rogue.MessengerSkinner) -> No action taken.
C:\Programmi\MessengerSkinner\resources\btnNormalBnr.gif (Rogue.MessengerSkinner) -> No action taken.
C:\Programmi\MessengerSkinner\resources\btnOver.bmp (Rogue.MessengerSkinner) -> No action taken.
C:\Programmi\MessengerSkinner\resources\btnOver.gif (Rogue.MessengerSkinner) -> No action taken.
C:\Programmi\MessengerSkinner\resources\btnOverBnr.bmp (Rogue.MessengerSkinner) -> No action taken.
C:\Programmi\MessengerSkinner\resources\btnOverBnr.gif (Rogue.MessengerSkinner) -> No action taken.
C:\Programmi\MessengerSkinner\resources\languages_v2.xml (Rogue.MessengerSkinner) -> No action taken.
C:\Documents and Settings\Ambra\Dati applicazioni\m\data.oct (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ambra\Dati applicazioni\m\list.oct (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ambra\Dati applicazioni\m\srvlist.oct (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> No action taken.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> No action taken.
C:\sys26721.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Ambra\Dati applicazioni\m\flec006.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\TDSS874b.tmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Ambra\Impostazioni locali\Temp\TDSS975f.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\TDSScfum.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSfxwp.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> No action taken.

persistono però i problemi col ripristino dei servizi

da **Amantide** » mer gen 07, 2009 9:12 pm

Hai rimosso tutto ciò che ti ha trovato Malwarebytes?
Prova anche a fare la scansione con Combofix e posta qui il suo report.

da **ambra8891** » mer gen 07, 2009 9:44 pm

ecco appunto... la mia gioia sta già svanendo.. non so se è colpa di qualche stralcio di virus rimasto o del mio pc vecchietto che si è sovraccaricato in questi giorni, ma si impalla su combofix (e anche la cartella C) , rimane la clessidra...
domani riprovo...

comunque i file trovati con malwarebytes li ho eliminati (anche se nel log compare: no action taken)

non so se può essere utile, ma nella cartella windows ho tantissime cartelle con nomi simili a questo: $NtUninstallKB896358$
si tratta per caso ancora del virus? e alcune non me le fa cancellare.

da **Amantide** » mer gen 07, 2009 9:58 pm

ambra8891 ha scritto:non so se può essere utile, ma nella cartella windows ho tantissime cartelle con nomi simili a questo: $NtUninstallKB896358$
si tratta per caso ancora del virus? e alcune non me le fa cancellare.

Se le elimini, dopo non potrai più disinstallare i vari aggiornamenti di Windows.

Per quanto riguarda Combofix... vai su Start>> Esegui e disinstallalo digitando combofix /u

Riavvia il pc, riscarica il Combofix salvandolo sul pc con il nome di fantasia e prova a lanciarlo.

da **ambra8891** » gio gen 08, 2009 6:02 pm

mi dice che il percorso o il file non è valido... e non riesco neanche a cancellarlo normalmente.. rimane sempre la clessidra...

ho provato a installare avira, ma mi dà il solito problema: impossibile creare il file avarkt.dll..
non parte neanche la modalità provvisoria..
... penso di aver rimosso solo la punta di un grosso iceberg..

da **Amantide** » gio gen 08, 2009 6:17 pm

Ok, prova a reinstallarlo un' altra volta con il comando combofix /u e dopo scarica e lancia questo file rinominato.

da **ambra8891** » gio gen 08, 2009 9:15 pm

sarò noiosa, lo so, ma per l'ennesima volta dico che combofix non parte, nemmeno col file rinominato che mi hai dato tu amantide...

da **Amantide** » gio gen 08, 2009 9:27 pm

Figurati

Non è facile capirsi avendo come l'unico strumento di comunicazione le pagine di un forum.

Pare che crazy.cat sia riuscito ad avere la copia dell'ultima variante di Bagle, vediamo se riuscirà ad esaminarla per domani per avere qualche spunto in più. [^]

da **ambra8891** » gio gen 08, 2009 9:45 pm

magari.. speriamo. io sono veramente stremata.

comunque, ho appena scaricato nuovamente elibagla cambiando nome..
ho cliccato e si è aperta una finestrella con scritto che stava esaminando 121 ficheros...

subito dopo è compara una cartella "muestras" più la richiesta di inviare loro il file contenuto.
ho aperto e il file è winupgro.exe .. proprio il virus che mi sta dando dei problemi... (e che succhia da solo l'84% della cpu!)
ma ovviamente se cancello quel file nella cartella non serve a niente..

da **crazy.cat** » ven gen 09, 2009 1:40 pm

ambra8891 ha scritto:magari.. speriamo. io sono veramente stremata.

Ma avevi usato findykill?
Scarica FindyKill ed installalo (è in francese però è di facile comprensione).
Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 2 e premi Invio. Attendi il termine della scansione ed il riavvio e posta qui il log che trovi in C:\FindyKill.txt

X lo studio completo di bagle vediamo di finire nel weekend, comunque la bestiaccia è cambiato abbastanza da quello che ho potuto vedere sino ad ora.

da **ambra8891** » ven gen 09, 2009 8:20 pm

ho fatto come hai detto ma non succede niente...

da **kaneda73** » sab gen 10, 2009 10:54 pm

ciao chiedo aiuto a voi che siete cosi gentili perche sono disperato io ho vista e credo di avere bagle anche se il safeboot funziona e avast parte ma non mi parte il centro si sicurezza e la rete funziona ma l'icona nella trybar appare con la croce come se non funzionasse, se provo a far partire servizi poi tutto si blocca e devo resettare il pc per sbloccarlo comunque ho letto il forum e ho fatto il log con Fyndykill che posto se qualcuno vuole aiutarmi grazie in anticipo.
Volevo aggiungere che la scansione è stata eseguita in safe mode e che durante la scansione mi ha dato il messaggio che molte cartelle avevano il percorso troppo lungo non so se è normale!!?
ho provato anche con combifix ma mi si blocca allo stage 54 dicendo che windows\win32 non è una aplicazione valida.

----------------- FindyKill V4.711 ------------------

* User: kaneda - KANEDA
* Executed from : C:\Program Files\FindyKill
* Update on 05/01/09 by Chiquitine29
* Start at 22:37:22 the 10/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Searching *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Users\kaneda\AppData\Local\Temp\jkos-kaneda\binaries\ScanningProcess.exe
C:\Users\kaneda\AppData\Local\Temp\jkos-kaneda\binaries\ScanningProcess.exe
C:\Users\kaneda\AppData\Local\Temp\jkos-kaneda\binaries\ScanningProcess.exe
C:\Users\kaneda\AppData\Local\Temp\jkos-kaneda\binaries\ScanningProcess.exe

--------------- [ Infected files / folders ] ----------------

»»»» Presence Files in C:

Found ! [10/01/2009 21.47] - C:\InfoSat.txt

»»»» Presence Files in C:\Windows

»»»» Presence Files in C:\Windows\Prefetch

»»»» Presence Files in C:\Windows\system32

»»»» Presence Files in C:\Windows\system32\drivers

»»»» Presence Files in C:\Users\kaneda\AppData\Roaming

»»»» Presence Files in C:\Users\kaneda\AppData\Local\Temp

»»»» Presence Files in C:\Users\kaneda\Local Settings\Temporary Internet Files\Content.IE5

Found ! [09/09/2008 20.29] - C:\Documents and Settings\kaneda\AppData\Local\Adobe\Flash CS4\en\Configuration\filelist.txt
Found ! [10/01/2009 21.57] - C:\Documents and Settings\kaneda\Documents\File ricevuti\MsnMsgr.txt
Found ! [09/09/2008 20.29] - C:\Program Files\Adobe\Adobe Flash CS4\en\First Run\filelist.txt
Found ! [09/09/2008 20.29] - C:\Users\kaneda\AppData\Local\Adobe\Flash CS4\en\Configuration\filelist.txt
Found ! [10/01/2009 21.57] - C:\Users\kaneda\Documents\File ricevuti\MsnMsgr.txt

--------------- [ Registry / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
uTorrent="C:\Program Files\uTorrent\uTorrent.exe"
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
PC Suite Tray="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
<NO NAME>=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
Cpu Level Up help=C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registry / Infected keys ] ----------------

--------------- [ States / Services ] ----------------

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 3

Wlansvc - Type of startup = 3

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2

--------------- [ Searching in removable drives ] ----------------

+- Informations :

C: - Unit… fissa
D: - Unit… fissa
F: - Unit… fissa

+- Contents of autorun : C:\autorun.inf

[autorun]
ICON=Drive.ico

+- Contents of autorun : D:\autorun.inf

[autorun]
ICON=Drive.ico

+- Presence of files :

Found ! [19/11/2008 19.26][--ah-----] - C:\autorun.inf
Found ! [19/11/2008 19.28][--ah-----] - D:\autorun.inf

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

------------------- ! End of report ! --------------------

da **crazy.cat** » dom gen 11, 2009 9:18 am

Prova a rifare la scansione con findykill dalla modalità normale scegliendo il 2 per rimuovere i problemi.
Bagle in questo log non si vede ma si vedono altri due problemi.

kaneda73 ha scritto:Found ! [19/11/2008 19.26][--ah-----] - C:\autorun.inf
Found ! [19/11/2008 19.28][--ah-----] - D:\autorun.inf

questo tool riesci ad installarlo e fare la scansione?
http://www.MegaLab.it/2894/

da **kaneda73** » dom gen 11, 2009 4:16 pm

ciao se provo a far partire fyndkill in nella versione normale di vista ad un certo punto si chiude da solo e non da il log ora provo il tull di karpesky e ti faccio sapere.

da **drago1986** » dom gen 11, 2009 4:51 pm

Ciao a tutti, sono nuovo del forum.
Sono riuscito grazie a voi a risolvere molti problemi, ma questa volta qualcuno deve aiutarmi.

AIUTOOO!!!!!!!! [XX(]

Ho Windows Vista e ho riscontrato anche io il bagle

Antivirus disattivato, firewall disattivato, wireless disattivato, windows defender disattivato.

come lo rimuovo????

Findykill non mi parte.

aiutatemi passo per passo perché non sono molto pratico.

VI RINGRAZIO IN ANTICIPO

da **crazy.cat** » dom gen 11, 2009 5:37 pm

X Drago1986 e Kaneda73

Scaricate questo file http://www.wikifortio.com/822836/FindyKill_2.zip, lo estraete in una cartella qualsiasi e poi lanciate il file crazykill.cmd, scegliete E, poi provate 1 e vediamo se arriva a fine la scansione, postate eventualmente il file c:\findykill.txt se finisce il controllo.
Se si avvia poi provate il 2 e vediamo se rimuove il problema.

Ieri avevo provato findykill su vista con l'ultima versione di bagle ed era l'unico tool che funzionasse.

A che punto si blocca da voi?

Avete usato un file come questi?
Immagine

da **ambra8891** » dom gen 11, 2009 6:16 pm

crazy.cat, seguendo le indicazioni che hai dato ai due utenti precedenti, sono riuscita a far partire findykill e mi ha cancellato tutta questa montagna di roba...

----------------- FindyKill V4.711 ------------------

* User : Ambra - USER-42980E3DB2
* executed from : C:\Programmi\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 18:09:51 the 11/01/09
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Nero\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PermissionResearch\prmrsr.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\netsh.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

Deleted ! - "C:\Muestras"
Deleted ! - C:\InfoSat.txt

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\1034218.EXE-197B49C3.pf
Deleted ! - C:\WINDOWS\prefetch\15098828.EXE-2369DB19.pf
Deleted ! - C:\WINDOWS\prefetch\15357375.EXE-3005C0A4.pf
Deleted ! - C:\WINDOWS\prefetch\15486718.EXE-02873A48.pf
Deleted ! - C:\WINDOWS\prefetch\205546.EXE-11F56822.pf
Deleted ! - C:\WINDOWS\prefetch\259953.EXE-0D3612A2.pf
Deleted ! - C:\WINDOWS\prefetch\262375.EXE-170C2660.pf
Deleted ! - C:\WINDOWS\prefetch\389453.EXE-03E83ECA.pf
Deleted ! - C:\WINDOWS\prefetch\4369203.EXE-20A4C393.pf
Deleted ! - C:\WINDOWS\prefetch\4431093.EXE-0B7A3878.pf
Deleted ! - C:\WINDOWS\prefetch\448062.EXE-05ECB6A8.pf
Deleted ! - C:\WINDOWS\prefetch\4682953.EXE-2777A245.pf
Deleted ! - C:\WINDOWS\prefetch\4765453.EXE-06533CB8.pf
Deleted ! - C:\WINDOWS\prefetch\606734.EXE-0ED7FB72.pf
Deleted ! - C:\WINDOWS\prefetch\61345359.EXE-16126C45.pf
Deleted ! - C:\WINDOWS\prefetch\61393906.EXE-19993FF6.pf
Deleted ! - C:\WINDOWS\prefetch\61558671.EXE-1EB3469A.pf
Deleted ! - C:\WINDOWS\prefetch\61680437.EXE-2B440E0C.pf
Deleted ! - C:\WINDOWS\prefetch\61741265.EXE-257E1BA9.pf
Deleted ! - C:\WINDOWS\prefetch\659625.EXE-0030A781.pf
Deleted ! - C:\WINDOWS\prefetch\672812.EXE-1D4840B2.pf
Deleted ! - C:\WINDOWS\prefetch\7079656.EXE-09C2F218.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-33E4F4A3.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers

»»»» Supression files in C:\Documents and Settings\Ambra\Dati applicazioni

Deleted ! - "C:\Documents and Settings\Ambra\Dati applicazioni\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Ambra\Dati applicazioni\m\list.oct"
Deleted ! - "C:\Documents and Settings\Ambra\Dati applicazioni\m\data.oct"
Deleted ! - "C:\Documents and Settings\Ambra\Dati applicazioni\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\!!!.Crack.Kaspersky.Security.Suite.Personal.Multilanguage.!!!.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\10 Minute Lessons 1.1.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\3D Dragon World 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\A-one DVD Ripper Platinum 5.51.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Active DJ Studio 4.2.0.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Advanced Encryption Plug-In Pro for Windows Explorer 4.0.5.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Advanced PDF Tools 2.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Advanced WindowsCare Professional 2.6.0.943.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\AGENDA MSD 7.30.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\All DVD Ripper 1.7.4.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\ALNO AG Kitchen Planner 0.96a.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Auto Anything 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Benetl 2.4.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\BlueSmart 3.23.0914.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\CCMC Space Weather Model Widget 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\CD EasyBurning 0.2 Beta.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Chevrolet Corvette C3 1.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Code Visualizer 3.4.1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Complete Mail Server 1.7.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Copier 2.3.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\CZ-Pdf2Txt for Acrobat Reader 2.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Daniusoft Video to Audio Converter 1.3.35.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\DESKTOP COVER 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Desktop Graffitist 1.0.0.6.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\DevPlanner 2.3.42.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Directory Tree Scanner 5.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\DMA Finder 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\DVD-TO-MPEG 3.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\EasyCharts 4.0.2.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Elwin 1.1.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Entrance 1.2.129.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Europe Maps 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Filter Driver Load Order 1.0.005.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Firelinks.net 0.1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Free Net Booster Lite 3.2.0.4.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Funny Worms 1.04.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\FusionCharts 3.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Game Speeder 1.0.129.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Gold Dictionaries Spanish PPC 3.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Google Translator Interface 2007 build 030000.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\GoScorpio Link Pop 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Graphic Pinger and Telnet Client 3.1.86.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Halley’s Comet Animated Screensaver 3.11.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\HalloweenJackoLantern ScreenMate 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\hitta.se 1.1.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\IE History 1.31c.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Image Resize 1.1 Build 005.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Imagine! 2.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Inflamable Age 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\IQ test trainings 1.1.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\ISE.-.FUL.[French].[found.via.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\iTunes Album Browser 2.1.50.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\JFileRecovery 0.94.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\John Gould Hummingbirds 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Keylime Cove Countdown 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Keyword Creator 1.1.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Legacy Family Tree 6.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Living American USA Flag 1.01.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\LockAnEXE 1.22.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\m2
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Mail Express Enterprise 2.0.2.5.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\MakeCDROM 4.33.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Math 4 Everyone 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Midicat 1.8.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\MP3 CD Converter Pro 5.03.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\MST Workshop 5.1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\MtiQS 0.9.20.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\My Reward Board 1.62.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\MyAppleLogo! 1.1.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Naevius MySpace Converter 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\NeT Firewall Easy Go 1.5.3.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\NetSecrets [e-mail] 2.4.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\New York Times 1.9.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\NOD32.Antivirus.v2.51.20.PL.part1.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Nod32.AntiVirus.v2.52.17+Crack.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\O&O DiskImage Express 3.0.730.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Opell Video to iPod Converter 2.1.15.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\OrangeBox 1.0.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Panda.Antivirus.2007+firewall.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\pazWord 1.0.1099.28464.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Personal Reminder 2.0.32.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\PhotoWebber 2.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\PodSweat 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Portable i.Disk 1.93.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Portable Task Coach 0.71.3.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Portable TrayBar 2.52 Beta.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\POSitive Point of Sale 5.0.731.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Project ReportCard 2.5.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Quick Schema Viewer.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Remobo 0.13.0 Beta.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Rrr Directory Icon 1.2.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Sendkeys Replacement for Visual Basic 2.2.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\ShowOrRun 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Silver in Stall 1.5.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\SketchUp 5.0.260.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\SMART-BURN Media Check 3.1.16.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Snap 'n Burn 2.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\SpamEater Pro 4.1.0 Build 198.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Splosh 1.95.4.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\SPMonitor 1.1.34.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Startup Guard XP 1..2.51.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Symantec.WinFax.10.Pro.full.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\SymbioTest Probe 3.1.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Tab Slide Show 1.3.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Tao.Tao-Les.histoires.de.Pandi-Panda(Vol6.da.fr-Ã©pisode.1.Ã .4).dvd.rip.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\TemplatePoster 1.50.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Temporary Inbox IE Toolbar 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Text to HTML Converter 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\The IP 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Thottbot search 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Time Tracker Widget 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Total Speech 1.01.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Total Validator 5.3.3.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\trackIT
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Ultra Atom Time Synchronizer 1.0.2007.201.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Understand for Delphi 1.4 Build 375.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\VAKCER Project Tracker Personal Edition 2.5.197.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Vocoder 1.01.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Web-O-Rama Standard 7.92.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\WinBITS 1.0 RC.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\WinBZip2 1.0.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\WinTrace 1.2.3198.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\xmlBlueprint XML Editor 6.2.1111.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\ZITZ 1.0.zip
Deleted ! - C:\Documents and Settings\Ambra\Dati applicazioni\m\shared\Zone Plate Creator 1.1.zip
Deleted ! - "C:\Documents and Settings\Ambra\Dati applicazioni\m\shared"
Deleted ! - "C:\Documents and Settings\Ambra\Dati applicazioni\m"
Deleted ! - "C:\Documents and Settings\Ambra\Dati applicazioni\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\Ambra\Dati applicazioni\drivers\downld"
Deleted ! - "C:\Documents and Settings\Ambra\Dati applicazioni\drivers"

»»»» Supression files in C:\DOCUME~1\Ambra\IMPOST~1\Temp

»»»» Supression files in C:\Documents and Settings\Ambra\Local Settings\Temporary Internet Files\Content.IE5

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
Deleted ! - HKEY_USERS\S-1-5-21-1935655697-1035525444-725345543-1004\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-1935655697-1035525444-725345543-1004\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-1935655697-1035525444-725345543-1004\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Unit… fissa

D: - Unit… fissa

+- deleting files :

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Other Infections ] ----------------

Références de comparaison Bagle MD5 :

4ab5d3ca612c7fcdd392151aec822b28 C:\WINDOWS\system32\mdelk.exe
4ab5d3ca612c7fcdd392151aec822b28 C:\WINDOWS\system32\wintems.exe

Suspect ! - a65df3bf680cdf6162eda49bb58bc38b C:\Programmi\Messenger\msmsgs.exe

--------------- [ Searching Cracks / Keygen ] ----------------

---------------- ! End of report ! ------------------

nonostante ciò, ho ancora problemi col ripristino di alcuni servizi (come avvisi e defender...)
e sicuramente troverò qualcos'altro che non va..

da **crazy.cat** » dom gen 11, 2009 6:19 pm

Cancella anche questo file e non riavviare il pc per il momento

ambra8891 ha scritto:C:\Programmi\Messenger\msmsgs.exe

Fai una scansione con questo programma http://www.MegaLab.it/2894/kaspersky-virus-removal-tool e intanto riscaricati i tuoi programmi di sicurezza per poterli reinstallare.

Ma findykill non ti funzionava?

www.MegaLab.it

rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Re: rimuovere bagle

Chi c’è in linea