www.MegaLab.it

[Spigolo]

Salve , qualche giorno fa, non riuscendo più ad installare alcun antivirusne a riavviare in modalità provissoria il pc, dopo varii "smanettamenti" ho scoperto di avere un Beagle...Ho eseguito il fix di symantec ed il beagle è stato rimosso(il computer adesso si riavvia in provissoria) però non riesco, comunque, ad installare alcun antivurus... Panda trova traccia di AVG, che non c'è nel mio pc, Kasperspy on line idem...
Ho eseguito GMER


ecco i risultati

gmerfile..Del log(lunghissimo) riporto solo i file che mi sembrano strani

File C:\Programmi\Yahoo!\Shared\YbSkinSelectRes.dll
File C:\WINDOWS\ime\shared
File C:\WINDOWS\ime\shared\res
File C:\WINDOWS\system32\drivers\srosa.sys


Da quel che ho compreso smanettando anche tra i vostri post il file
C:\WINDOWS\system32\drivers\srosa.sys
non è sicuro o sbaglio?

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-09-13 07:19:32
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.13 ----

Device \Driver\HSFHWBS2 \Device\RKSAMPLE0 IRP_MJ_CREATE [F95D24B0] HSFBS2S2.sys
Device \Driver\HSFHWBS2 \Device\RKSAMPLE0 IRP_MJ_CLOSE [F95D24B0] HSFBS2S2.sys
Device \Driver\HSFHWBS2 \Device\RKSAMPLE0 IRP_MJ_READ [F95D24B0] HSFBS2S2.sys
Device \Driver\HSFHWBS2 \Device\RKSAMPLE0 IRP_MJ_POWER [F95D24B0] HSFBS2S2.sys
Device \Driver\HSFHWBS2 \Device\RKSAMPLE0 IRP_MJ_SYSTEM_CONTROL [F95D24B0] HSFBS2S2.sys
Device \Driver\HSFHWBS2 \Device\RKSAMPLE0 IRP_MJ_PNP [F95D24B0] HSFBS2S2.sys
Device \Driver\HSF_DP \Device\HSF_MDMDevice0 IRP_MJ_CREATE [F94B0430] HSFDPSP2.sys
Device \Driver\HSF_DP \Device\HSF_MDMDevice0 IRP_MJ_CLOSE [F94B0430] HSFDPSP2.sys
Device \Driver\HSF_DP \Device\HSF_MDMDevice0 IRP_MJ_READ [F94B0430] HSFDPSP2.sys
Device \Driver\HSF_DP \Device\HSF_MDMDevice0 IRP_MJ_POWER [F94B0430] HSFDPSP2.sys
Device \Driver\HSF_DP \Device\HSF_MDMDevice0 IRP_MJ_SYSTEM_CONTROL [F94B0430] HSFDPSP2.sys
Device \Driver\HSF_DP \Device\HSF_MDMDevice0 IRP_MJ_PNP [F94B0430] HSFDPSP2.sys
Device \Driver\srosa \Device\srosa IRP_MJ_CREATE 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_CREATE_NAMED_PIPE 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_CLOSE 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_READ 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_WRITE 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_QUERY_INFORMATION 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_SET_INFORMATION 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_QUERY_EA 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_SET_EA 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_FLUSH_BUFFERS 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_QUERY_VOLUME_INFORMATION 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_SET_VOLUME_INFORMATION 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_DIRECTORY_CONTROL 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_FILE_SYSTEM_CONTROL 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_DEVICE_CONTROL 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_INTERNAL_DEVICE_CONTROL 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_SHUTDOWN 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_LOCK_CONTROL 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_CLEANUP 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_CREATE_MAILSLOT 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_QUERY_SECURITY 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_SET_SECURITY 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_POWER 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_SYSTEM_CONTROL 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_DEVICE_CHANGE 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_QUERY_QUOTA 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_SET_QUOTA 819B4F1E
Device \Driver\srosa \Device\srosa IRP_MJ_PNP 819B4F1E
Device \Driver\Gpc \Device\Gpc IRP_MJ_CREATE [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_CREATE_NAMED_PIPE [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_CLOSE [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_READ [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_WRITE [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_QUERY_INFORMATION [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_SET_INFORMATION [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_QUERY_EA [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_SET_EA [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_FLUSH_BUFFERS [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_QUERY_VOLUME_INFORMATION [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_SET_VOLUME_INFORMATION [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_DIRECTORY_CONTROL [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_FILE_SYSTEM_CONTROL [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_DEVICE_CONTROL [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_INTERNAL_DEVICE_CONTROL [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_SHUTDOWN [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_LOCK_CONTROL [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_CLEANUP [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_CREATE_MAILSLOT [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_QUERY_SECURITY [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_SET_SECURITY [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_POWER [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_SYSTEM_CONTROL [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_DEVICE_CHANGE [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_QUERY_QUOTA [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_SET_QUOTA [F9B58886] msgpc.sys
Device \Driver\Gpc \Device\Gpc IRP_MJ_PNP [F9B58886] msgpc.sys
Device \Driver\winachsf \Device\Winachsf0 IRP_MJ_CREATE [F949DBE6] HSFCXTS2.sys
Device \Driver\winachsf \Device\Winachsf0 IRP_MJ_CLOSE [F949DDE0] HSFCXTS2.sys
Device \Driver\winachsf \Device\Winachsf0 IRP_MJ_READ [F949DE8C] HSFCXTS2.sys
Device \Driver\winachsf \Device\Winachsf0 IRP_MJ_WRITE [F949DF1C] HSFCXTS2.sys
Device \Driver\winachsf \Device\Winachsf0 IRP_MJ_QUERY_INFORMATION [F949DB14] HSFCXTS2.sys
Device \Driver\winachsf \Device\Winachsf0 IRP_MJ_SET_INFORMATION [F949DB7C] HSFCXTS2.sys
Device \Driver\winachsf \Device\Winachsf0 IRP_MJ_FLUSH_BUFFERS [F949DF76] HSFCXTS2.sys
Device \Driver\winachsf \Device\Winachsf0 IRP_MJ_DEVICE_CONTROL [F949DFA4] HSFCXTS2.sys
Device \Driver\winachsf \Device\Winachsf0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F94A162C] HSFCXTS2.sys
Device \Driver\winachsf \Device\Winachsf0 IRP_MJ_CLEANUP [F949DA52] HSFCXTS2.sys
Device \Driver\winachsf \Device\Winachsf0 IRP_MJ_POWER [F94A1F96] HSFCXTS2.sys
Device \Driver\winachsf \Device\Winachsf0 IRP_MJ_SYSTEM_CONTROL [F94A2C72] HSFCXTS2.sys
Device \Driver\winachsf \Device\Winachsf0 IRP_MJ_PNP [F94A0E56] HSFCXTS2.sys

---- EOF - GMER 1.0.13 ----



gmer section

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-09-13 07:20:02
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\ntoskrnl.exe Impossibile trovare il file specificato.

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\Explorer.EXE[1740] SHELL32.dll!SHFileOperationW 7CA7D1B9 5 Bytes JMP 00FB1102 C:\Programmi\Unlocker\UnlockerHook.dll

---- EOF - GMER 1.0.13 ----



Arttendo aiuto

[Spigolo]

Ho effettuato lo scan on line su panda..tra i risultati questo:


Virus:W32/Bagle.KV.worm Disinfettato C:\WINDOWS\system32\drivers\srosa.sys

cosa devo fare?

[crazy.cat]

Preferirei vedere tutto lo scan online di kaspersky.
L'ultimo bagle lascia file infetti in giro per il pc e solo con kaspersky si ottengono dei buoni risultati di rilevazione.

[Spigolo]

Sono riuscita ad installare sul mio pc Kaspersky....
Ecco i risultati


Protection : running
--------------------
Total scanned: 193700
Detected: 2
Untreated: 0
Start time: 15/09/2007 7.27.38
Duration: 01.32.22


Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan-Downloader.Win32.Bagle.dq File: c:\programmi\sony\sonicstage\ssaad.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.du File: C:\Documents and Settings\alisea\Dati applicazioni\m\shared\3D Galaxy : Space Tour screensaver 1.1 [Key+Serial].zip/3D Galaxy : Space Tour screensaver 1.1 [Key+Serial].exe


Events
------
Time Event
---- -----
15/09/2007 7.21.19 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
15/09/2007 7.21.22 Protection of your computer started.
15/09/2007 7.25.10 Please restart your computer to complete the installation of new or updated protection components.
15/09/2007 7.26.06 Please restart your computer to complete the installation of new or updated protection components.
15/09/2007 7.26.07 Update completed successfully
15/09/2007 7.26.40 Protection of your computer is not running. You are advised to resume protection.
15/09/2007 7.27.34 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
15/09/2007 7.27.38 Protection of your computer started.
15/09/2007 7.30.28 File c:\progra~1\sony\sonics~1\ssaad.exe: detected Trojan program 'Trojan-Downloader.Win32.Bagle.dq'.
15/09/2007 7.30.28 Security threats have been detected. You are advised to neutralize them immediately.
15/09/2007 7.30.28 File c:\progra~1\sony\sonics~1\ssaad.exe: is still infected, postponed.
15/09/2007 7.31.35 File C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe: detected Trojan program 'Trojan-Downloader.Win32.Bagle.dq'.
15/09/2007 7.31.35 File C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe: is still infected, postponed.
15/09/2007 7.32.01 File c:\programmi\sony\sonicstage\ssaad.exe: detected Trojan program 'Trojan-Downloader.Win32.Bagle.dq'.
15/09/2007 7.56.49 File C:\Documents and Settings\alisea\Dati applicazioni\m\shared\3D Galaxy : Space Tour screensaver 1.1 [Key+Serial].zip/3D Galaxy : Space Tour screensaver 1.1 [Key+Serial].exe: detected Trojan program 'Trojan-Downloader.Win32.Bagle.du'.
15/09/2007 7.56.49 File C:\Documents and Settings\alisea\Dati applicazioni\m\shared\3D Galaxy : Space Tour screensaver 1.1 [Key+Serial].zip/3D Galaxy : Space Tour screensaver 1.1 [Key+Serial].exe: is still infected, postponed.
15/09/2007 8.31.21 File C:\Programmi\Sony\SonicStage\SSAAD.exe: detected Trojan program 'Trojan-Downloader.Win32.Bagle.dq'.
15/09/2007 8.31.21 File C:\Programmi\Sony\SonicStage\SSAAD.exe: is still infected, postponed.
15/09/2007 8.46.00 File c:\documents and settings\alisea\dati applicazioni\m\shared\3d galaxy : space tour screensaver 1.1 [key+serial].zip/3D Galaxy : Space Tour screensaver 1.1 [Key+Serial].exe: detected Trojan program 'Trojan-Downloader.Win32.Bagle.du'.
15/09/2007 8.46.30 File c:\documents and settings\alisea\dati applicazioni\m\shared\3d galaxy : space tour screensaver 1.1 [key+serial].zip/3D Galaxy : Space Tour screensaver 1.1 [Key+Serial].exe: deleted.
15/09/2007 8.46.30 File c:\programmi\sony\sonicstage\ssaad.exe: detected Trojan program 'Trojan-Downloader.Win32.Bagle.dq'.
15/09/2007 8.46.55 File c:\programmi\sony\sonicstage\ssaad.exe: deleted.
15/09/2007 8.46.55 File c:\programmi\sony\sonicstage\ssaad.exe cannot be deleted.
15/09/2007 8.57.53 Update completed successfully


Reports
-------
Component Status Start Finish Size
--------- ------ ----- ------ ----
Proactive Defense running 15/09/2007 7.27.38 0 bytes
File Anti-Virus running 15/09/2007 7.27.38 470 KB
Mail Anti-Virus running 15/09/2007 7.27.38 0 bytes
Web Anti-Virus running 15/09/2007 7.27.38 96,0 KB
Scan startup objects completed 15/09/2007 7.29.48 15/09/2007 8.47.20 560,5 KB
Scan completed 15/09/2007 7.49.19 15/09/2007 8.46.55 35,8 MB
Update completed 15/09/2007 8.56.56 15/09/2007 8.57.53 14,1 KB


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----
Infected: Trojan program Trojan-Downloader.Win32.Bagle.dq c:\programmi\sony\sonicstage\ssaad.exe 600,0 KB
Infected: Trojan program Trojan-Downloader.Win32.Bagle.du c:\documents and settings\alisea\dati applicazioni\m\shared\3d galaxy 0 bytes




Protection : running
--------------------
Total scanned: 4867
Detected: 2
Untreated: 0
Start time: 16/09/2007 5.21.27
Duration: 00.44.30


Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan-Downloader.Win32.Bagle.dq File: c:\programmi\sony\sonicstage\ssaad.exe
deleted: Trojan program Trojan-Downloader.Win32.Bagle.du File: C:\Documents and Settings\alisea\Dati applicazioni\m\shared\3D Galaxy : Space Tour screensaver 1.1 [Key+Serial].zip/3D Galaxy : Space Tour screensaver 1.1 [Key+Serial].exe


Events
------
Time Event
---- -----
15/09/2007 7.21.19 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
15/09/2007 7.21.22 Protection of your computer started.
15/09/2007 7.25.10 Please restart your computer to complete the installation of new or updated protection components.
15/09/2007 7.26.06 Please restart your computer to complete the installation of new or updated protection components.
15/09/2007 7.26.07 Update completed successfully
15/09/2007 7.26.40 Protection of your computer is not running. You are advised to resume protection.
15/09/2007 7.27.34 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
15/09/2007 7.27.38 Protection of your computer started.
15/09/2007 7.30.28 File c:\progra~1\sony\sonics~1\ssaad.exe: detected Trojan program 'Trojan-Downloader.Win32.Bagle.dq'.
15/09/2007 7.30.28 Security threats have been detected. You are advised to neutralize them immediately.
15/09/2007 7.30.28 File c:\progra~1\sony\sonics~1\ssaad.exe: is still infected, postponed.
15/09/2007 7.31.35 File C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe: detected Trojan program 'Trojan-Downloader.Win32.Bagle.dq'.
15/09/2007 7.31.35 File C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe: is still infected, postponed.
15/09/2007 7.32.01 File c:\programmi\sony\sonicstage\ssaad.exe: detected Trojan program 'Trojan-Downloader.Win32.Bagle.dq'.
15/09/2007 7.56.49 File C:\Documents and Settings\alisea\Dati applicazioni\m\shared\3D Galaxy : Space Tour screensaver 1.1 [Key+Serial].zip/3D Galaxy : Space Tour screensaver 1.1 [Key+Serial].exe: detected Trojan program 'Trojan-Downloader.Win32.Bagle.du'.
15/09/2007 7.56.49 File C:\Documents and Settings\alisea\Dati applicazioni\m\shared\3D Galaxy : Space Tour screensaver 1.1 [Key+Serial].zip/3D Galaxy : Space Tour screensaver 1.1 [Key+Serial].exe: is still infected, postponed.
15/09/2007 8.31.21 File C:\Programmi\Sony\SonicStage\SSAAD.exe: detected Trojan program 'Trojan-Downloader.Win32.Bagle.dq'.
15/09/2007 8.31.21 File C:\Programmi\Sony\SonicStage\SSAAD.exe: is still infected, postponed.
15/09/2007 8.46.00 File c:\documents and settings\alisea\dati applicazioni\m\shared\3d galaxy : space tour screensaver 1.1 [key+serial].zip/3D Galaxy : Space Tour screensaver 1.1 [Key+Serial].exe: detected Trojan program 'Trojan-Downloader.Win32.Bagle.du'.
15/09/2007 8.46.30 File c:\documents and settings\alisea\dati applicazioni\m\shared\3d galaxy : space tour screensaver 1.1 [key+serial].zip/3D Galaxy : Space Tour screensaver 1.1 [Key+Serial].exe: deleted.
15/09/2007 8.46.30 File c:\programmi\sony\sonicstage\ssaad.exe: detected Trojan program 'Trojan-Downloader.Win32.Bagle.dq'.
15/09/2007 8.46.55 File c:\programmi\sony\sonicstage\ssaad.exe: deleted.
15/09/2007 8.46.55 File c:\programmi\sony\sonicstage\ssaad.exe cannot be deleted.
15/09/2007 8.57.53 Update completed successfully
15/09/2007 9.50.32 Process (PID 1764) tried to access Kaspersky Anti-Virus process (PID 716), but the action has been blocked by the Self-Defense component. No action on your part is required.
15/09/2007 9.56.32 Process (PID 336) tried to access Kaspersky Anti-Virus process (PID 1936), but the action has been blocked by the Self-Defense component. No action on your part is required.
15/09/2007 9.56.32 Process (PID 336) tried to access Kaspersky Anti-Virus process (PID 716), but the action has been blocked by the Self-Defense component. No action on your part is required.
15/09/2007 14.52.55 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
15/09/2007 14.53.16 Protection of your computer started.
15/09/2007 14.55.17 Update error: The updates source cannot be found.
15/09/2007 14.57.03 Update completed successfully
15/09/2007 14.57.36 Databases are up-to-date
15/09/2007 14.58.11 Databases are up-to-date
15/09/2007 14.58.34 Databases are up-to-date
15/09/2007 16.15.12 Protection of your computer is not running. You are advised to resume protection.
15/09/2007 17.06.53 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
15/09/2007 17.06.56 Protection of your computer started.
15/09/2007 17.27.54 Update error: The updates source cannot be found.
15/09/2007 17.28.32 Process (PID 1972) tried to access Kaspersky Anti-Virus process (PID 3632), but the action has been blocked by the Self-Defense component. No action on your part is required.
15/09/2007 18.22.57 Update error: Connection terminated.
15/09/2007 19.00.32 Update error: The updates source cannot be found.
15/09/2007 19.32.58 Update error: The updates source cannot be found.
15/09/2007 20.10.18 Update completed successfully
15/09/2007 20.11.37 Protection of your computer is not running. You are advised to resume protection.
16/09/2007 5.21.25 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
16/09/2007 5.21.27 Protection of your computer started.
16/09/2007 5.24.58 Update completed successfully


Reports
-------
Component Status Start Finish Size
--------- ------ ----- ------ ----
Proactive Defense running 16/09/2007 5.21.27 0 bytes
File Anti-Virus running 16/09/2007 5.21.27 293,2 KB
Mail Anti-Virus running 16/09/2007 5.21.27 0 bytes
Update completed 16/09/2007 5.21.30 16/09/2007 5.24.57 15,9 KB
Web Anti-Virus running 16/09/2007 5.21.27 507,2 KB
Scan startup objects completed 16/09/2007 5.23.39 16/09/2007 5.25.48 558,6 KB


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----
Infected: Trojan program Trojan-Downloader.Win32.Bagle.dq c:\programmi\sony\sonicstage\ssaad.exe 600,0 KB
Infected: Trojan program Trojan-Downloader.Win32.Bagle.du c:\documents and settings\alisea\dati applicazioni\m\shared\3d galaxy 0 bytes

[crazy.cat]

Se sei riuscito a reinstallare l'antivirus sei a posto, non serviva ripostare i log di gmer.
E' stato lo screensaver ad infettarti.