Spywarefri Forum | fejlsikker tilstand

4 af 5

fejlsikker tilstand

[ Ignorer ] [ # 46 ] mortenus
30.01.2007 05:54:25 Antal indlæg: 37	ja prøvede at trykke 2 istedet.. virker vist bedre den er ikke færdig endnu men fandt denne bagle og slettede C:\document an settings\Ejer \applikation Data\hidires\hidr.exe(infected with W32/bagle.Rx)
[ Ignorer ] [ # 47 ] mortenus
30.01.2007 06:10:11 Antal indlæg: 37	lige et par spm er det overhovedet muligt at fjerne denne orm helt. og kan det som den har ændret, gendannes HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot og installeret, fjernes HKEY_LOCAL_MACHINE\System\ CurrentControlSet\Services\m_hook uden at jeg skal geninstallere xp igen. så vidt jeg ku læse blev der benyttet en bagdør via en proxyserver og ..... I al stilhed droppes i baggrunden en kopi af ormen til det inficerede system i roden af C drevet som temp.zip, mens Bagle både dræber en lang liste af sikkerhedssoftware og forbinder sig til en stribe webservere (99 i alt) for at opdatere sig selv. Den henter fjernkoden ned som ”re_file.exe”, og eksekverer den på det inficerede system. På den måde er forfatteren i stand til at fjernkontrollere inficerede systemer. De fleste af disse websider/domæner befinder sig i Rusland og Tjekkiet. Fra ”temp.zip” kopieres en udpakket version af Bagle-FY over i mappen for dokumenter og indstillinger – mere præcist under \Application Data\hidn\hidn.exe. I samme mappe droppes et rootkit med filnavnet ” m_hook.sys”. For at rootkittet opnår den ønskede funktionalitet foretages følgende ændringer i registreringsdatabasen: hvis systemgendannelse, fejlsikker tilstand, firewall først engang er blevet smadret via registreringsdatabasen. skal jeg så partout geninstallere. eller vil nogle af funktionerne vende tilbage når ormen er fjernet??.
[ Ignorer ] [ # 48 ] mortenus
30.01.2007 07:32:15 Antal indlæg: 37	hej igen smider lige denne log Logfile of HijackThis v1.99.1 Scan saved at 05:27:52, on 30/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Ejer\Dokumenter\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\imapi.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe C:\Programmer\Multimedia Card Reader\shwicon2k.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\Programmer\HP\hpcoretech\hpcmpmgr.exe C:\Programmer\HP DVD\Umbrella\DVDTray.exe C:\Programmer\Webroot\Spy Sweeper\SpySweeperUI.exe C:\HP\KBD\KBD.EXE C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmer\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SoftwareDistribution\Download\Install\NDP20-KB922770-X86.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\MsiExec.exe C:\Documents and Settings\Ejer\Skrivebord\sikkerhed, renseprogrammer\spywarefri.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.iha.dk/wpad.dat O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll O4 - HKLM\..\Run: [UpdateManager] “C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe” /r O4 - HKLM\..\Run: [Sunkist2k] “C:\Programmer\Multimedia Card Reader\shwicon2k.exe” O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [nwiz] “nwiz.exe” /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [HP Component Manager] “C:\Programmer\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM\..\Run: [DVDTray] “C:\Programmer\HP DVD\Umbrella\DVDTray.exe” O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM\..\Run: [NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SpySweeper] “C:\Programmer\Webroot\Spy Sweeper\SpySweeperUI.exe” /startintray O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] “E:\antivirus filer\SUPERAntiSpyware.exe” O8 - Extra context menu item: Send To &Bluetooth; - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O15 - Trusted Zone: .sputnik.dk O15 - Trusted Zone: .tv2.dk O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://fyssrv02.udd.sembsc.dk/iNotes6W.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: !SASWinLogon - E:\antivirus filer\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Documents and Settings\Administrator\Skrivebord\ewido anti-spyware 4.0\guard.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Documents and Settings\Ejer\Dokumenter\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\iPod Updater 2005-09-06\iPod\bin\iPodService.exe O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Programmer\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe” -s “C:\Programmer\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe” “WMP54Gv4.exe (file missing) der er stadig ingen af førnævnte funktioner der virker
[ Ignorer ] [ # 49 ] Magic Spyhunter
30.01.2007 10:07:02 Administrator Supporter Emeritus Antal indlæg: 32078	Lad os lige tjekke om det er et rootkit der laver de numre - Hent derefter dette værktøj, og gem det på dit skrivebord: http://www.uploads.ejvindh.net/rootchk.exe Kør programmet. Efter kort tid vil der dukke en logfil op, som kan findes her C:\rootlog txt. Kopier indholdet af denne log herind i tråden NB: Filen “rootchk exe” bliver af visse antivirus-programmer identificeret som “Trojan”. Det har dog ikke noget på sig! Signatur Sund Computer fornuft
[ Ignorer ] [ # 50 ] mortenus
30.01.2007 13:27:39 Antal indlæg: 37	hej det vil jeg forsøge… her er lige loggen fra SDFIX, som jeg glemte Norman Generic Fix Copyright © 1990 - 2006, Norman ASA. Built 2007/01/19 13:17:51 Norman Scanner Engine Version: 5.90.28 Nvcbin.def Version: 5.90.00, Date: 2007/01/19 13:17:51, Variants: 183681 Nvcmacro.def Version: 5.90.00, Date: 2006/05/30 15:17:46, Variants: 12 Running pre-scan cleanup routine: Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 2 Logged on user: DIT-SUY66U0SY5J\Ejer Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00BF4550 Removed hosts entry: 127.0.0.1 bin.errorprotector.com Removed hosts entry: 127.0.0.1 br.errorsafe.com Removed hosts entry: 127.0.0.1 br.winantivirus.com Removed hosts entry: 127.0.0.1 br.winfixer.com Removed hosts entry: 127.0.0.1 cdn.drivecleaner.com Removed hosts entry: 127.0.0.1 cdn.errorsafe.com Removed hosts entry: 127.0.0.1 cdn.winsoftware.com Removed hosts entry: 127.0.0.1 de.errorsafe.com Removed hosts entry: 127.0.0.1 de.winantivirus.com Removed hosts entry: 127.0.0.1 download.cdn.drivecleaner.com Removed hosts entry: 127.0.0.1 download.cdn.errorsafe.com Removed hosts entry: 127.0.0.1 download.cdn.winsoftware.com Removed hosts entry: 127.0.0.1 download.errorsafe.com Removed hosts entry: 127.0.0.1 download.systemdoctor.com Removed hosts entry: 127.0.0.1 download.winantispyware.com Removed hosts entry: 127.0.0.1 download.windrivecleaner.com Removed hosts entry: 127.0.0.1 download.winfixer.com Removed hosts entry: 127.0.0.1 drivecleaner.com Removed hosts entry: 127.0.0.1 dynamique.drivecleaner.com Removed hosts entry: 127.0.0.1 errorprotector.com Removed hosts entry: 127.0.0.1 errorsafe.com Removed hosts entry: 127.0.0.1 es.winantivirus.com Removed hosts entry: 127.0.0.1 fr.winantivirus.com Removed hosts entry: 127.0.0.1 fr.winfixer.com Removed hosts entry: 127.0.0.1 go.drivecleaner.com Removed hosts entry: 127.0.0.1 go.errorsafe.com Removed hosts entry: 127.0.0.1 go.winantispyware.com Removed hosts entry: 127.0.0.1 go.winantivirus.com Removed hosts entry: 127.0.0.1 hk.winantivirus.com Removed hosts entry: 127.0.0.1 instlog.errorsafe.com Removed hosts entry: 127.0.0.1 instlog.winantivirus.com Removed hosts entry: 127.0.0.1 instlog.winfixer.com Removed hosts entry: 127.0.0.1 jsp.drivecleaner.com Removed hosts entry: 127.0.0.1 kb.errorsafe.com Removed hosts entry: 127.0.0.1 kb.winantivirus.com Removed hosts entry: 127.0.0.1 nl.errorsafe.com Removed hosts entry: 127.0.0.1 se.errorsafe.com Removed hosts entry: 127.0.0.1 secure.drivecleaner.com Removed hosts entry: 127.0.0.1 secure.errorsafe.com Removed hosts entry: 127.0.0.1 secure.winantispam.com Removed hosts entry: 127.0.0.1 secure.winantispy.com Removed hosts entry: 127.0.0.1 secure.winantivirus.com Removed hosts entry: 127.0.0.1 support.winantivirus.com Removed hosts entry: 127.0.0.1 trial.updates.winsoftware.com Removed hosts entry: 127.0.0.1 ulog.winantivirus.com Removed hosts entry: 127.0.0.1 utils.errorsafe.com Removed hosts entry: 127.0.0.1 utils.winantivirus.com Removed hosts entry: 127.0.0.1 utils.winfixer.com Removed hosts entry: 127.0.0.1 winantispyware.com Removed hosts entry: 127.0.0.1 winantivirus.com Removed hosts entry: 127.0.0.1 winfixer.com Removed hosts entry: 127.0.0.1 winfixer2006.com Removed hosts entry: 127.0.0.1 winsoftware.com Removed hosts entry: 127.0.0.1 http://www.drivecleaner.com Removed hosts entry: 127.0.0.1 http://www.errorprotector.com Removed hosts entry: 127.0.0.1 http://www.errorsafe.com Removed hosts entry: 127.0.0.1 http://www.systemdoctor.com Removed hosts entry: 127.0.0.1 http://www.utils.winfixer.com Removed hosts entry: 127.0.0.1 http://www.win-anti-virus-pro.com Removed hosts entry: 127.0.0.1 http://www.win-virus-pro.com Removed hosts entry: 127.0.0.1 http://www.winantispam.com Removed hosts entry: 127.0.0.1 http://www.winantispy.com Removed hosts entry: 127.0.0.1 http://www.winantispyware.com Removed hosts entry: 127.0.0.1 http://www.winantivirus.com Removed hosts entry: 127.0.0.1 http://www.winantiviruspro.com Removed hosts entry: 127.0.0.1 http://www.windrivecleaner.com Removed hosts entry: 127.0.0.1 http://www.windrivesafe.com Removed hosts entry: 127.0.0.1 http://www.winfixer.com Removed hosts entry: 127.0.0.1 http://www.winfixer2006.com Removed hosts entry: 127.0.0.1 http://www.winsoftware.com Scan started: 30/01/2007 03:40:12 Scanning running processes and process memory… Number of processes/threads found: 2353 Number of processes/threads scanned: 2353 Number of processes/threads not scanned: 0 Number of infected processes/threads terminated: 0 Total scanning time: 0 minutes 19 seconds Scanning file system… C:\. C:\_4F8C6AA1FD574453AD605BAB58436D00/Objects/glm/ww2_indust_set1/columns/column2x2y4zBtechB.cgf (Error whilst scanning file) C:\Documents and Settings\Ejer\Application Data\hidires\hidr.exe (Infected with W32/Bagle.RX) Removed registry value: HKCU\Software\Microsoft\Windows\CurrentVersion\Run -> drvsyskit = “C:\Documents and Settings\Ejer\Application Data\hi….” Deleted file C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown20 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown21 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown22 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown23 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown24 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown25 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown26 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown27 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown28 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown29 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown30 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown31 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown32 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown33 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown34 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown35 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown36 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown37 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown38 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown39 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown40 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown41 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown42 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown43 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown44 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown45 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown46 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown47 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown48 (Error whilst scanning file) C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\a2archive\xmldso4.cab/unknown49 (Error whilst scanning file) C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP100\A0016122.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP100\A0016139.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP100\A0016154.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP101\A0016156.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP102\A0016169.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP102\A0016210.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP103\A0017212.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP106\A0020342.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020583.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020584.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020585.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020586.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020587.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020588.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020589.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020590.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020591.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020592.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020593.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020594.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020595.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020596.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020597.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020598.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020599.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020600.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020601.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020602.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020603.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020604.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020605.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020606.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020607.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020608.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020609.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020610.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020611.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020612.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020613.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020614.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020615.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020616.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020617.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020618.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020619.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020620.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020621.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020622.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020623.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020624.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020625.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020626.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020627.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020628.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020629.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020630.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020631.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020632.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020633.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020634.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020635.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020636.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020637.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020638.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020639.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020640.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020641.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020642.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020643.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020644.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020645.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020646.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020647.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020648.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020649.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020650.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020651.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020652.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020653.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020654.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020655.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020656.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020657.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020658.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020659.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020660.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020661.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020662.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020663.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020664.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020665.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020666.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020667.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020668.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020669.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020670.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020671.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020672.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020677.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020682.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020683.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020684.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020685.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020686.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020687.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020688.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020689.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020690.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020691.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020692.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020693.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020694.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020695.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020696.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020697.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020698.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020699.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020700.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020701.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020702.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020703.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020704.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020705.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020706.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020707.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020708.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020709.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020710.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020711.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020712.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020713.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020714.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020715.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020716.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020717.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020718.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020719.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020720.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020721.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020722.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020723.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020724.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020725.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020726.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020727.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020728.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020729.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020730.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020731.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020732.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020733.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020734.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020735.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020736.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020737.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020738.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020739.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020740.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020741.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020742.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020743.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020744.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020745.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020746.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020747.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020748.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020749.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020750.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020751.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020752.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020753.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020754.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020755.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020756.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020757.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020758.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020759.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020760.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020761.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020762.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020763.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020764.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020765.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020766.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020767.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020768.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020769.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020770.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020771.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020772.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020773.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020774.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020775.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020776.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020777.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020778.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020779.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020780.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020781.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020782.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020783.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020784.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020785.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020786.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020787.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020788.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020789.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020790.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020791.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020792.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020793.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020794.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020795.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020796.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020797.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020798.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020799.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020800.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020801.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020802.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020803.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020804.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020805.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020806.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020807.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020808.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020809.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020810.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020811.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020812.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020813.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020814.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020815.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020816.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020817.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020818.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020819.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020820.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020821.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020822.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020823.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020824.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020825.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020826.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020827.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020828.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020829.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020830.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020831.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020832.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020833.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020834.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020835.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020836.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020837.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020838.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020839.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020840.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020841.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0020842.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021114.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021115.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021116.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021177.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021178.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021225.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021226.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021228.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021229.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021239.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021240.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021241.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021242.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021243.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021244.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021245.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021246.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021247.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021248.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021251.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021252.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021253.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021254.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021255.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021256.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021257.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021258.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021259.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021260.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021265.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021266.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021270.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021271.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021272.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021273.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021276.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021277.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021278.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021279.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021280.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP108\A0021281.exe (Infected with W32/Bagle.RY) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022893.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022894.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022895.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022896.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022897.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022898.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022899.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022900.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022901.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022902.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022903.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022904.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022905.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022906.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022907.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022908.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022909.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022910.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022911.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022912.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022913.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022914.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022915.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022916.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022917.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022918.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022919.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022920.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022921.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022922.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022923.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022924.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022925.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022926.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022927.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022928.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022929.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022930.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022931.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022932.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022933.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022934.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022935.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022936.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022937.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022938.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022939.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022940.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022941.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022942.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022943.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022944.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022945.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022946.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022947.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022948.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022949.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022950.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022951.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022952.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022953.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022954.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022955.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022956.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022957.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022958.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022959.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022960.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022961.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022962.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022963.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022964.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022965.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022966.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022967.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022968.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022969.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022970.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022971.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022972.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022973.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022974.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022975.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022976.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022977.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022978.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022979.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022980.exe (Infected with W32/Bagle.RP) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022981.exe (Infected with W32/Bagle.RS) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022982.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022983.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022984.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022985.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022986.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022987.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022988.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022989.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022990.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022991.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022992.exe (Infected with W32/Bagle.RX) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022993.exe (Infected with W32/Bagle.RZ) Deleted file C:\System Volume Information\_restore{A760429D-B2C8-4A37-9C31-A7BFB448DA32}\RP111\A0022994.exe (Infected with W32/Bagle.RX) Dele
[ Ignorer ] [ # 51 ] mortenus
30.01.2007 13:30:39 Antal indlæg: 37	her fra rootlog ******************************* ROOTCHK-LOG No Rustock/Peacomm-rootkits found. ******************************* ROOTCHK-LOG-end
[ Ignorer ] [ # 52 ] Ejvindh
30.01.2007 15:45:04 Redaktør Supporter Emeritus Antal indlæg: 6158	Det er et godt link, du har lagt der, og det viser tydeligt, at du har et rootkit, som vi skal have gjort kål på. Jeg overfører derfor tråden til Rootkit-kategorien. Der gælder nogle særlige forhold for supporten i denne kategori, som du kan læse om her: http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=29320 Start med følgende: Download Rootkit Unhooker herfra: http://rku.xell.ru/?l=e&a=dl Installér programmet. Kør så RKU. Klik på fanebladet “Report”, klik på knappen “Scan”. Lad programmet skanne færdig, klik på “File-Save Report”, og gem rapporten et sted, hvor du kan finde den igen. Læg indholdet af denne rapport herind.
[ Ignorer ] [ # 53 ] Ejvindh
30.01.2007 16:02:27 Redaktør Supporter Emeritus Antal indlæg: 6158	Hent også dette værktøj, og gem det på dit skrivebord: http://www.uploads.ejvindh.net/driverchk.exe Kør programmet. Efter kort tid vil der dukke en logfil op, som kan findes her C:\rootlog txt. Kopier indholdet af denne log herind i tråden.
[ Ignorer ] [ # 54 ] mortenus
30.01.2007 16:40:15 Antal indlæg: 37	er gjort >SSDT State NtAllocateVirtualMemory Actual Address 0x8738BA70 Hooked by: Unknown module filename NtCreateFile Actual Address 0xF55A52D0 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtCreateKey Actual Address 0xF55B00D0 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtCreateProcess Actual Address 0x873B6190 Hooked by: Unknown module filename NtCreateProcessEx Actual Address 0x8738C238 Hooked by: Unknown module filename NtCreateThread Actual Address 0x8738BD40 Hooked by: Unknown module filename NtDeleteFile Actual Address 0xF55A5950 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtDeleteKey Actual Address 0xF55B10B0 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtDeleteValueKey Actual Address 0xF55B0D00 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtLoadKey Actual Address 0xF55B13E0 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtOpenFile Actual Address 0xF55A57A0 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtQueueApcThread Actual Address 0x8738BAE8 Hooked by: Unknown module filename NtReadVirtualMemory Actual Address 0x8738B980 Hooked by: Unknown module filename NtRenameKey Actual Address 0x873CC020 Hooked by: Unknown module filename NtReplaceKey Actual Address 0xF55B16D0 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtRestoreKey Actual Address 0xF55B1980 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtSetContextThread Actual Address 0x8738BBD8 Hooked by: Unknown module filename NtSetInformationFile Actual Address 0xF55A5AC0 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtSetInformationKey Actual Address 0x87395420 Hooked by: Unknown module filename NtSetInformationProcess Actual Address 0x8738BE30 Hooked by: Unknown module filename NtSetInformationThread Actual Address 0x8738BC50 Hooked by: Unknown module filename NtSetValueKey Actual Address 0xF55B0897 Hooked by: C:\WINDOWS\System32\vsdatant.sys NtSuspendProcess Actual Address 0x8738BDB8 Hooked by: Unknown module filename NtSuspendThread Actual Address 0x8738BB60 Hooked by: Unknown module filename NtTerminateProcess Actual Address 0x8738C1C0 Hooked by: Unknown module filename NtTerminateThread Actual Address 0x8738BCC8 Hooked by: Unknown module filename NtWriteVirtualMemory Actual Address 0x8738B9F8 Hooked by: Unknown module filename >Processes >Drivers >Files Suspect File: C:\$Extend\$ObjId::$DATA Status: Opened for exclusive access by other app or by System Suspect File: C:\$Extend\$Quota::$DATA Status: Opened for exclusive access by other app or by System Suspect File: C:\$Extend\$Reparse::$DATA Status: Opened for exclusive access by other app or by System Suspect File: C:\AudioDVDCreator_Temp::$DATA Status: Hidden Suspect File: C:\cmdcons::$DATA Status: Hidden Suspect File: C:\Config.Msi::$DATA Status: Hidden Suspect File: C:\C_DILLA::$DATA Status: Hidden Suspect File: C:\Documents and Settings::$DATA Status: Hidden Suspect File: C:\DVDCodecPack::$DATA Status: Hidden Suspect File: C:\hiberfil.sys::$DATA Status: Opened for exclusive access by other app or by System Suspect File: C:\hp::$DATA Status: Hidden Suspect File: C:\IDAPI::$DATA Status: Hidden Suspect File: C:\Kaspersky::$DATA Status: Hidden Suspect File: C:\lewebdejamy::$DATA Status: Hidden Suspect File: C:\lgfolder::$DATA Status: Hidden Suspect File: C:\NoLopBackups::$DATA Status: Hidden Suspect File: C:\pagefile.sys::$DATA Status: Opened for exclusive access by other app or by System Suspect File: C:\Program Files::$DATA Status: Hidden Suspect File: C:\Programmer::$DATA Status: Hidden Suspect File: C:\Python22::$DATA Status: Hidden Suspect File: C:\RECYCLER::$DATA Status: Hidden Suspect File: C:\SAV32CLI::$DATA Status: Hidden Suspect File: C:\SDFix::$DATA Status: Hidden Suspect File: C:\System Volume Information::$DATA Status: Opened for exclusive access by other app or by System Suspect File: C:\system.sav::$DATA Status: Hidden Suspect File: C:\WEBBANK::$DATA Status: Hidden Suspect File: C:\WINDOWS::$DATA Status: Hidden Suspect File: C:\WMVPBR::$DATA Status: Hidden Suspect File: C:\WUTemp::$DATA Status: Hidden >Hooks ntoskrnl.exe+0x0000B978, Type: Inline - RelativeCall at address 0x804E2978 hook handler located in [unknown_code_page] tcpip.sys—>ndis.sys—>NdisRegisterProtocol, Type: IAT modification at address 0xF563BF60 hook handler located in [unknown_code_page] wanarp.sys—>ndis.sys—>NdisDeregisterProtocol, Type: IAT modification at address 0xF70EBB1C hook handler located in [unknown_code_page] wanarp.sys—>ndis.sys—>NdisRegisterProtocol, Type: IAT modification at address 0xF70EBB28 hook handler located in [unknown_code_page] [1432]ssu.exe—>kernel32.dll—>CreateFileA, Type: Inline - RelativeJump at address 0x7C801A24 hook handler located in [SSU.EXE] [1432]ssu.exe—>kernel32.dll—>LoadLibraryExW, Type: Inline - RelativeJump at address 0x7C801AF1 hook handler located in [SSU.EXE] [1432]ssu.exe—>kernel32.dll—>VirtualAlloc, Type: Inline - RelativeJump at address 0x7C809A51 hook handler located in [SSU.EXE] [1432]ssu.exe—>kernel32.dll—>VirtualFree, Type: Inline - RelativeJump at address 0x7C809AE4 hook handler located in [SSU.EXE] [1432]ssu.exe—>kernel32.dll—>VirtualProtect, Type: Inline - RelativeJump at address 0x7C801AD0 hook handler located in [SSU.EXE] !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
[ Ignorer ] [ # 55 ] Ejvindh
30.01.2007 16:56:54 Redaktør Supporter Emeritus Antal indlæg: 6158	Så mangler du bare loggen fra driverchk…
[ Ignorer ] [ # 56 ] mortenus
30.01.2007 17:30:40 Antal indlæg: 37	com vil ikke køre driverchk…. vender tilbage senere
[ Ignorer ] [ # 57 ] Ejvindh
30.01.2007 18:11:26 Redaktør Supporter Emeritus Antal indlæg: 6158	So sorry [:o)] , der var en bug i den fil, som jeg havde uploadet. Prøv lige at hente en ny version. Så skulle den virke [:I]
[ Ignorer ] [ # 58 ] mortenus
30.01.2007 23:39:47 Antal indlæg: 37	her hvad jeg fik ud af driverchk ******************************* Check for m_hook-rootkit m_hook-rootkit not found. ******************************* Check for m_hook-rootkit-end
[ Ignorer ] [ # 59 ] mortenus
31.01.2007 05:44:25 Antal indlæg: 37	mange tak for hjælpen alle sammen… det har været meget lærerigt.. Grundet tidmangel valgte jeg at bruge genoprettelses cdérne som jeg skabte tidligere. Her kunne jeg vælge mellem to modes… den ene hvor jeg gendannede men beholdte data og den anden hvor jeg formaterede harddisken.. Jeg valgte den første, hvilket har resulteret i at der er flere ting der skal geninstalleres igen men også en stor del er stadig bevaret. det virkede fint og fejlsikker tilstand og zonealarm virker også ... har ikke prøvet systemgendannelse endnu, det venter jeg lidt med. er der nogle der kender til zonealarm må de gerne fortælle mig hvilken besked jeg skal passe på..da jeg lige nu ser rimelig sort bare på en sådan her Generic Host Process for Win32 services wants to accept connections from the trusted zone. Er dette min internetopkobling der spørger zonealarm om adgang eller hvad ??? svar udbedes helst Jeg smider lige en Hijack så i ka se om der er sket en ændring Logfile of HijackThis v1.99.1 Scan saved at 03:38:21, on 31-01-2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\Programmer\Multimedia Card Reader\shwicon2k.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\System32\rundll32.exe C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\ZoneLabs\isafe.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Programmer\Internet Explorer\iexplore.exe C:\Documents and Settings\Ejer\Skrivebord\sikkerhed, renseprogrammer\spywarefri.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spywarefri.dk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmer\HP\Digital Imaging\bin\hpdtlk02.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] “C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe” /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [Sunkist2k] C:\Programmer\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Zone Labs Client] “C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe” O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related; Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ser dette fornuftigt ud eller ligger ormen og arbejder stadig ??????????????????????
[ Ignorer ] [ # 60 ] Ejvindh
31.01.2007 12:48:40 Redaktør Supporter Emeritus Antal indlæg: 6158	Jeg må ærligt indrømme, at jeg nu ikke længere har helt overblik over situationen på din computer, fordi jeg ikke ved hvad din gendannelses-cd har foretaget sig. Der er ikke noget at se i HJT-loggen, men det har der ikke været længe. Kan du ikke prøve at gå ind i registreringsdatabasen, og se om du stadig kan finde m_hook entryen? Hvis du vil være HELT sikker på at være fri for skidtet skulle du nok have valgt formaterings-løsningen. Grunden til dette er, at de fleste gendannelses-værktøjer ikke hverken sletter filer, eller ændrer på registreringsdatabasen. Og så kan skidt godt overleve. Angående ZA’s forespørgsel, så må denne proces gerne få adgang. Bemærk at det kan være en god ide at få opdateret dit windows. Du er nu kun sikret med ServicePack1, og bør som det mindste også få lagt ServicePack2 ind.

4 af 5

« Først

Forrige

Næste