Non valido per Win32

[Dreamer83]

Ragazzi scusate, ieri sera all'improvviso mi si è riavviato il pc e da allora è molto lento, come se avesse dei continui processi in corso anche se sono sotto il 100% dell'utilizzo (verificato sia da Task Manager che da Process Lasso).
Inoltre poi mi sono accorto che alcuni programmi non mi partono più, alcuni non si aprono proprio ed altri (come Spybot o Antivir) vengono fermati dalla finestra "[...] .exe non è un'applicazione Win32 valida".
Ho pensato ad un virus o simile ed ho fatto uno scan con Ad-Aware, poi ho provato Spybot e l'antivirus ma non vanno, così come CCleaner. Ho riavviato ed ho notato che Antivir pur essendo regolarmente installato non mi parte più all'avvio. Ho provato a fare lo ScanDisk più di una volta ma credo l'abbia completato solo una perchè le altre 2 volte ho trovato il pc spento. Ho deframmentato e fatto la pulitura del disco ma niente!
Allora ho scaricato Avast, l'ho installato ed avviato ma mi da lo stesso errore (non valido per Win32), ora sto provando a fare uno scan con SpywareFighter ma dubito servirà a qualcosa.
Ho anche disinstallato e rinstallato Antivir ma sempre la stessa storia. Non so più come uscirmene senza formattare, mi sapete dare qualche dritta in merito?

Grazie

PS: I file sono tutti li, non si è cancellato nulla ed ho problemi anche con la disinstallazione di alcuni programmi. Può essere un virus?

[SkunkWorks 68]

Può essere un virus?

Certo che sì,purtroppo:il "Bagle".
Hai scaricato qualche file di dubbia provenienza e l'hai eseguito?
Ciao

[Dreamer83]

In realtà cercavo un antivirus per il cellulare e in un forum me ne hanno segnalato uno, il nome era tipo Qunet, l'ho cercato su Google e mi si è spento il pc. Può essere stato quello? Come posso risolvere?
E pensare che sono sempre molto attento a quello che scarico ed installo, faccio periodicamente controlli e pulizia e se è stato quello mi hanno fregato nella maniera peggiore.

[SkunkWorks 68]

Comicia a provare con questo:http://www.zonavirus.com/datos/descargas/95/elibagla.asp
I sintomi che descrivi sono quelli tipici da infezione causata dal virus.
Sapresti postare anche un log di Hijackthis?
Il Bagle è una "carogna"
Ciao

[Dreamer83]

Per ora sto provando a fare uno scan on-line con il Karspersky e dopo provo con BeagleRemover visto che ho già provato con FxBeagle ma senza risolvere (non ha trovato nulla).

[Dreamer83]

Credo di averlo intercettato con Kaspersky Online, è Email-Worm.Win32.Bagle.of ma non è possibile eliminarlo in quanto (ho scoperto solo ora) che questa versione on-line dell'antivirus ti dice solo se ne hai, ma non ti risolve il problema!
Come mi muovo?

Grazie

[Dylan666]

http://www.sophos.it/support/disinfection/baglea.html

PS: sposto nella sezione Security

[Luke57]

Credo di averlo intercettato con Kaspersky Online, è Email-Worm.Win32.Bagle.of ma non è possibile eliminarlo in quanto (ho scoperto solo ora) che questa versione on-line dell'antivirus ti dice solo se ne hai, ma non ti risolve il problema!
Come mi muovo?

Grazie

Ciao, muoviti così. Se hai fatto lo scan on line su tutto il computer (my computer), copia e incolla l'intero report di kaspersky in una prossima risposta.

[Dreamer83]

Ecco il rapporto, ha trovato 2 virus e 20 oggetti infetti. Che posso fare?
Grazie ancora!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, March 04, 2008 11:57:21 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/03/2008
Kaspersky Anti-Virus database records: 595346
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
G:\

Scan Statistics:
Total number of scanned objects: 73453
Number of viruses found: 4
Number of infected objects: 20
Number of suspicious objects: 0
Duration of the scan process: 07:06:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\MANLIO\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\MANLIO\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MANLIO\Impostazioni locali\Cronologia\History.IE5\MSHist012008030420080305\index.dat Object is locked skipped
C:\Documents and Settings\MANLIO\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\MANLIO\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\MANLIO\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\MANLIO\Impostazioni locali\Temporary Internet Files\Content.IE5\BN01A8XT\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\MANLIO\Impostazioni locali\Temporary Internet Files\Content.IE5\BN01A8XT\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\MANLIO\Impostazioni locali\Temporary Internet Files\Content.IE5\EWAB60MO\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\MANLIO\Impostazioni locali\Temporary Internet Files\Content.IE5\EWAB60MO\b64_1[2].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\MANLIO\Impostazioni locali\Temporary Internet Files\Content.IE5\EWAB60MO\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\MANLIO\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MANLIO\Impostazioni locali\Temporary Internet Files\Content.IE5\MEE5I4GT\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\MANLIO\Impostazioni locali\Temporary Internet Files\Content.IE5\MEE5I4GT\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\MANLIO\Impostazioni locali\Temporary Internet Files\Content.IE5\MEE5I4GT\b64_31[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\MANLIO\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\MANLIO\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Apoint\Apoint.exe Infected: Trojan-Downloader.Win32.Bagle.jh skipped
C:\Programmi\eMule\Incoming\[Cellulare].SimWorks.AntiVirus.v1.01.zip/[Cellulare].SimWorks.AntiVirus.v1.01.exe Infected: Trojan-Downloader.Win32.Bagle.jh skipped
C:\Programmi\eMule\Incoming\[Cellulare].SimWorks.AntiVirus.v1.01.zip ZIP: infected - 1 skipped
C:\Programmi\HP\Digital Imaging\HPIdeas\common\content.dll Object is locked skipped
C:\Programmi\SPYWAREfighter\spf.dat Object is locked skipped
C:\Programmi\SPYWAREfighter\spf.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1B84D90A-254A-4098-9F31-162DEE065260}\RP279\A0057438.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped
C:\System Volume Information\_restore{1B84D90A-254A-4098-9F31-162DEE065260}\RP279\A0057443.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped
C:\System Volume Information\_restore{1B84D90A-254A-4098-9F31-162DEE065260}\RP284\A0058758.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{1B84D90A-254A-4098-9F31-162DEE065260}\RP284\A0058759.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{1B84D90A-254A-4098-9F31-162DEE065260}\RP285\A0058906.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{1B84D90A-254A-4098-9F31-162DEE065260}\RP285\A0058907.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{1B84D90A-254A-4098-9F31-162DEE065260}\RP285\A0059046.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{1B84D90A-254A-4098-9F31-162DEE065260}\RP285\A0059047.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{1B84D90A-254A-4098-9F31-162DEE065260}\RP285\change.log Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

[Luke57]

Ciao, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio
Avvia il file avenger.exe
Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte seguenti:

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\System32\mdelk.exe
C:\Programmi\Apoint\Apoint.exe
C:\Programmi\eMule\Incoming\[Cellulare].SimWorks.AntiVirus.v1.01.zip

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\down
C:\Documents and Settings\MANLIO\Impostazioni locali\Temporary Internet Files\Content.IE5


registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Clicca sul pulsante Execute


Il pc dovrebbe riavviarsi da solo, se così non fosse riavvialo manualmente.
Allega poi il log generato da avenger, lo trovi in C:\avenger.txt è un file di testo.

P.S. Se avenger non dovesse funzionare, scaricalo da qui:
http://www.wikifortio.com/630243/AntiBagle.zip

Disattiva anche il ripristino configurazione di sistema (click tasto dx su risorse del computer>proprietà>ripristino configurazione di sistema, mettila spunta a "disattiva........">OK). Al riavvio ce la reinserisci con la medesima procedura.

[Dreamer83]

Ecco il log di The Avenger (il primo non me lo faceva partire, ho utilizzato il secondo).
Ora che faccio?

Grazie ancora della disponibilità!


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pmdxdxvi

*******************

Script file located at: \??\C:\yhfvjvdc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\System32\mdelk.exe deleted successfully.
File C:\Programmi\Apoint\Apoint.exe deleted successfully.
File C:\Programmi\eMule\Incoming\[Cellulare].SimWorks.AntiVirus.v1.01.zip deleted successfully.


Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Folder C:\Documents and Settings\MANLIO\Impostazioni locali\Temporary Internet Files\Content.IE5 deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

[Luke57]

Ciao, prova a riutilizzare i programmi di sicurezza e,se non funzionano, a reinstallarli.

[Dreamer83]

Perfetto, ho risolto! Poi ho fatto un successivo scan con Antivir, Avast e BeagleRemover che hanno pulito il resto.
Grazie mille per avermi aiutato!
Ma in pratica che cosa ha fatto Avenger? E i comandi che ho inserito cos'erano?

Alla prossima...

[carlox]

Anch'io ho lo stesso problema dopo avere scaricato il crack di Office2007, fasullo !!!!
A differenza dell'amico Dreamer83, il mio pc non ha rallentato ma sembra avere sempre le stesse prestazioni di prima. Solo che quando carico Antivir, CCCleaner o qualsiasi antivirus, mi da sempre la stessa schermata: il programma non è valido per win32.

Sto facendo una scansione con KasperskyOnline... potreste darmi una mano (non sono un grande esperto... )...

Grazie tante

[Luke57]

Ciao, posta il report di kaspersky, dopo lo scan fatto con l'opzione "my computer".

[carlox]

sta scansionando da 4 ore... temo che ce ne vorranno altrettante... intanto grazie e...a dopo

[Luke57]

Ciao, purtroppo è una scansione lunghissima....

[carlox]

Eccoci, in effetti è durata un pò... Ho trovato qualcosa come 16 virus, ecco il report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 09, 2008 11:37:06 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/03/2008
Kaspersky Anti-Virus database records: 614012
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 75782
Number of viruses found: 16
Number of infected objects: 118
Number of suspicious objects: 0
Duration of the scan process: 13:22:02

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\nino\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\nino\Dati applicazioni\Mozilla\Firefox\Profiles\tdnop8x2.default\cert8.db Object is locked skipped
C:\Documents and Settings\nino\Dati applicazioni\Mozilla\Firefox\Profiles\tdnop8x2.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\nino\Dati applicazioni\Mozilla\Firefox\Profiles\tdnop8x2.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\nino\Dati applicazioni\Mozilla\Firefox\Profiles\tdnop8x2.default\history.dat Object is locked skipped
C:\Documents and Settings\nino\Dati applicazioni\Mozilla\Firefox\Profiles\tdnop8x2.default\key3.db Object is locked skipped
C:\Documents and Settings\nino\Dati applicazioni\Mozilla\Firefox\Profiles\tdnop8x2.default\parent.lock Object is locked skipped
C:\Documents and Settings\nino\Dati applicazioni\Mozilla\Firefox\Profiles\tdnop8x2.default\search.sqlite Object is locked skipped
C:\Documents and Settings\nino\Dati applicazioni\Mozilla\Firefox\Profiles\tdnop8x2.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\nino\Dati applicazioni\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-14c13a85/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\nino\Dati applicazioni\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-14c13a85 ZIP: infected - 1 skipped
C:\Documents and Settings\nino\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-70aa1067.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\nino\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-70aa1067.zip ZIP: infected - 1 skipped
C:\Documents and Settings\nino\Documenti\Musica\emule\Jfilm\Jfilm - Script 3.exe Infected: Trojan-Downloader.Win32.Bagle.jh skipped
C:\Documents and Settings\nino\Documenti\Musica\emule\Jfilm\Jfilm - Script 3.zip/Jfilm - Script 3.exe Infected: Trojan-Downloader.Win32.Bagle.jh skipped
C:\Documents and Settings\nino\Documenti\Musica\emule\Jfilm\Jfilm - Script 3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\nino\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\nino\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\nino\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\nino\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\tdnop8x2.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\nino\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\tdnop8x2.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\nino\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\tdnop8x2.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\nino\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\tdnop8x2.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\nino\Impostazioni locali\Temp\hsperfdata_nino\1316 Object is locked skipped
C:\Documents and Settings\nino\Impostazioni locali\Temp\Perflib_Perfdata_b74.dat Object is locked skipped
C:\Documents and Settings\nino\Impostazioni locali\Temp\SetupExe(20080308184521B24).log Object is locked skipped
C:\Documents and Settings\nino\Impostazioni locali\Temp\SetupTempKeyFile.tmp Object is locked skipped
C:\Documents and Settings\nino\Impostazioni locali\Temp\svchost.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
C:\Documents and Settings\nino\Impostazioni locali\Temp\~DF4E2C.tmp Object is locked skipped
C:\Documents and Settings\nino\Impostazioni locali\Temp\~DF9050.tmp Object is locked skipped
C:\Documents and Settings\nino\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\nino\Impostazioni locali\Temporary Internet Files\Content.IE5\TDP436GL\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\nino\Impostazioni locali\Temporary Internet Files\Content.IE5\Y96OER4S\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\nino\Impostazioni locali\Temporary Internet Files\Content.IE5\Y96OER4S\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\nino\ntuser.dat Object is locked skipped
C:\Documents and Settings\nino\ntuser.dat.LOG Object is locked skipped
C:\Programmi\AdVantage\AdVantage.exe Infected: not-a-virus:AdTool.Win32.WhenU.t skipped
C:\Programmi\AdVantage\TR.dll Infected: not-a-virus:AdTool.Win32.WhenU.r skipped
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-03-08.14-14-51.log Object is locked skipped
C:\Programmi\AskTBar\bar\1.bin\A5POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped
C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe Infected: Trojan-Downloader.Win32.Bagle.jh skipped
C:\Programmi\eMule\Temp\001.part Object is locked skipped
C:\Programmi\eMule\Temp\002.part Object is locked skipped
C:\Programmi\eMule\Temp\003.part Object is locked skipped
C:\Programmi\eMule\Temp\004.part Object is locked skipped
C:\Programmi\eMule\Temp\009.part Object is locked skipped
C:\Programmi\eMule\Temp\010.part Object is locked skipped
C:\Programmi\eMule\Temp\012.part Object is locked skipped
C:\Programmi\eMule\Temp\013.part Object is locked skipped
C:\Programmi\eMule\Temp\015.part Object is locked skipped
C:\Programmi\eMule\Temp\016.part Object is locked skipped
C:\Programmi\eMule\Temp\020.part Object is locked skipped
C:\Programmi\eMule\Temp\021.part Object is locked skipped
C:\Programmi\eMule\Temp\023.part Object is locked skipped
C:\Programmi\eMule\Temp\024.part Object is locked skipped
C:\Programmi\eMule\Temp\025.part Object is locked skipped
C:\Programmi\eMule\Temp\027.part Object is locked skipped
C:\Programmi\eMule\Temp\028.part Object is locked skipped
C:\Programmi\eMule\Temp\029.part Object is locked skipped
C:\Programmi\eMule\Temp\030.part Object is locked skipped
C:\Programmi\eMule\Temp\031.part Object is locked skipped
C:\Programmi\eMule\Temp\032.part Object is locked skipped
C:\Programmi\eMule\Temp\034.part Object is locked skipped
C:\Programmi\eMule\Temp\035.part Object is locked skipped
C:\Programmi\eMule\Temp\036.part Object is locked skipped
C:\Programmi\eMule\Temp\037.part Object is locked skipped
C:\Programmi\eMule\Temp\038.part Object is locked skipped
C:\Programmi\eMule\Temp\039.part Object is locked skipped
C:\Programmi\eMule\Temp\041.part Object is locked skipped
C:\Programmi\eMule\Temp\042.part Object is locked skipped
C:\Programmi\eMule\Temp\044.part Object is locked skipped
C:\Programmi\Live_TV\tbLive.dll Infected: not-a-virus:AdWare.Win32.Shopper.w skipped
C:\Programmi\Nero\Nero8\Nero BackItUp\BIU8.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP494\A0115160.exe Infected: not-a-virus:Downloader.Win32.ImLoader.e skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP496\A0115470.dll Infected: not-a-virus:AdTool.Win32.WhenU.r skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP496\A0115471.exe Infected: not-a-virus:AdTool.Win32.WhenU.s skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP505\A0116586.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP505\A0116616.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP505\A0116617.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP505\A0116618.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP505\A0116648.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP505\A0116667.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP505\A0116689.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP505\A0116705.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP505\A0116706.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP505\A0116707.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP505\A0116797.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116818.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116826.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116827.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116856.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116857.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116858.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116876.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116877.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116878.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116905.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116906.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116907.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116936.exe Infected: Trojan-Downloader.Win32.Bagle.jh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116937.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116938.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116958.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116959.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0116960.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0117015.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0117016.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0117017.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0117081.exe Infected: not-a-virus:AdTool.Win32.WhenU.t skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0117083.dll Infected: not-a-virus:AdTool.Win32.WhenU.r skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0117097.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0117126.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0117130.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP506\A0117131.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117235.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117236.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117253.exe Infected: Trojan-Downloader.Win32.Bagle.jh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117256.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117257.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117276.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117278.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117279.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117303.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117346.exe Infected: not-a-virus:AdTool.Win32.WhenU.t skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117348.dll Infected: not-a-virus:AdTool.Win32.WhenU.r skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117349.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117350.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117364.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117365.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117366.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117414.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117415.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117418.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117468.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117469.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0117470.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0118468.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0118469.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0118470.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0118811.exe Infected: Trojan-Downloader.Win32.Bagle.jh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0118813.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0118814.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0118815.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0118816.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0118878.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0118879.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0118880.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0118895.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0118896.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0118897.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0118917.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0118918.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0118919.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0119915.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0120078.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0121078.exe Infected: Trojan-Downloader.Win32.Bagle.jh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0121079.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0121080.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0121097.exe Infected: Trojan-Downloader.Win32.Bagle.jh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0121098.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0121099.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0121162.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0121178.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0121194.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0121213.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0121264.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0121462.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0121556.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\A0121691.sys Infected: Trojan-Downloader.Win32.Bagle.kh skipped
C:\System Volume Information\_restore{3C018861-145D-40A6-A95C-80499D077B6C}\RP507\change.log Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\Media\csrss.exe Infected: Backdoor.Win32.VB.cme skipped
C:\WINDOWS\out.exe Infected: Trojan-Clicker.Win32.Delf.ki skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dllcache\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\walg.exe Infected: Trojan-Clicker.Win32.Delf.nq skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wintems.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

[Luke57]

Ciao, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio
Avvia il file avenger.exe
All'interno del box bianco,copia e incolla le scritte seguenti (lo script è più ampiop di quanto rilevato da kaspersky, per sicurezza):

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\System32\mdelk.exe
C:\Documents and Settings\nino\Documenti\Musica\emule\Jfilm\Jfilm - Script 3.exe
C:\Programmi\AskTBar\bar\1.bin\A5POPSWT.DLL
C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Live_TV\tbLive.dll
C:\WINDOWS\Media\csrss.exe
C:\WINDOWS\out.exe

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\down
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5
C:\Documents and Settings\nino\Dati applicazioni\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-14c13a85 ZIP
C:\Documents and Settings\nino\Documenti\Musica\emule\Jfilm\Jfilm - Script 3.zip
C:\Documents and Settings\nino\Impostazioni locali\Temp
C:\Programmi\eMule\Temp

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Clicca sul pulsante Execute


Il pc dovrebbe riavviarsi da solo, se così non fosse riavvialo manualmente.
Allega poi il log generato da avenger, lo trovi in C:\avenger.txt è un file di testo.

P.S. Se avenger non dovesse funzionare, scaricalo da qui:
http://www.wikifortio.com/630243/AntiBagle.zip

Disattiva anche il ripristino configurazione di sistema (click tasto dx su risorse del computer>proprietà>ripristino configurazione di sistema, mettila spunta a "disattiva........">OK). Al riavvio ce la reinserisci con la medesima procedura.

[carlox]

Ciao Luke57 e grazie per l'aiuto...

Ho scaricato Avenger da qui: http://www.wikifortio.com/630243/AntiBagle.zip

perchè dall'altro link mi diceva che è un'applicazione non valida per win32!!!,

Quando dici di copiare lo sript all'interno del box bianco ti riferisci a dove, in Avenger, è scritto "Load script from file"?

Grazie