www.MegaLab.it

[barney]

Cari,
inizio già ringraziandovi, e dicendovi che a casa mia, 4 studenti, ormai vi conoscono tutti e sono partite un paio di mail ai nostri contatti per segnalarvi. Finita la captatio benevolentiae, passo al problema. Ho preso uno o più di un bagle. Ho fatto la procedura dello scansionamento on-line con Kaspersky, e però, ora, prima di cancellare i file con Avenger, vorrei che mi aiutaste con lo script da copiare e incollare: il risultato del report è quello che vedete di seguito: vi prego datemi una mano perché ho paura di combinare un bel casino:

KASPERSKY ONLINE SCANNER REPORT
Wednesday, February 06, 2008 1:36:12 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/02/2008
Kaspersky Anti-Virus database records: 550227


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 55383
Number of viruses found 10
Number of infected objects 199
Number of suspicious objects 2
Duration of the scan process 03:24:00

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\drivers\down\1250968.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\696906.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\710140.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\721296.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\723156.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\622390.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\631328.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\79843.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\90656.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\99671.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\101421.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\88562.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\102218.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\104296.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\106031.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\97921.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\109343.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\111437.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\120703.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\341093.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\341796.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\1259625.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\323671.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\343187.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\134984.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\95109.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\109000.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\113125.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14689109.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\14694375.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\331296.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\344671.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\353578.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\4432718.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\82062.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\4449093.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\90906.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\101828.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\528468.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\537109.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\15141546.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\15146875.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\15287500.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\15292281.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\119500.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\180390.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\192437.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\196359.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\61515.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\72718.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\75484.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\92515.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\101453.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\109375.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\58843.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\67140.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\WINDOWS\system32\drivers\down\76156.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\81281.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\50843.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\71500.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\73000.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\230109.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\676671.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\684281.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\690828.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\77921.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\84328.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\91203.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\92437.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\98390.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\110468.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\111828.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\66812.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\98890.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\101765.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\102281.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\79000.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\51781.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\98140.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\100625.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\62812.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\67734.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\66078.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\69125.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\93828.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\114890.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14619671.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\14620437.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14621640.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29142265.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29145859.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\29147359.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\56953.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\60234.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\62453.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\249718.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\253296.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\77265.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\83875.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\87718.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\88546.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\77906.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\88484.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\90468.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\53812.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\76234.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\80015.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\81453.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\135859.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\141250.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\145515.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\205468.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\51687.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\245031.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\251000.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\255671.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\52109.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\60203.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\65265.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\71937.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\64578.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\68218.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\116906.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\77687.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\85593.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\175828.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\187281.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\54796.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\69171.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\72171.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\74140.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\112609.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\84921.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\95593.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\55875.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\73343.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\227796.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\94500.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\58234.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\257687.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\67531.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\78765.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\59421.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\WINDOWS\system32\drivers\down\73031.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\76171.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\117609.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\121625.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\68781.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\dllcache\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\system32\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\system32\prodsrvs.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.ai skipped

C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\WINTEMS_EXE.vir Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\Temp\ASHeuristic\1250968_EXE.vir Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\Temp\ASHeuristic\323671_EXE.vir Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\Temp\ASHeuristic\134984_EXE.vir Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\Temp\ASHeuristic\95109_EXE.vir Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\Temp\ASHeuristic\113125_EXE.vir Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\Temp\ASHeuristic\MDELK.EXE Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\Temp\ASHeuristic\WINTEMS_EXE.vir Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\Temp\ASHeuristic\b64_3[1]_jpg.vir Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Altnet1.zip/asmend.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Altnet1.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\GIUSEPPE\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\GIUSEPPE\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\Z73O6RAB\b64_1[2].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\Z73O6RAB\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\Z73O6RAB\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\Z73O6RAB\mxd[1].jpg Infected: Trojan-Downloader.Win32.Bagle.jd skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\GN5SM55K\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\GN5SM55K\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\GN5SM55K\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\GN5SM55K\b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\TW0DP62A\mxd[1].jpg Infected: Trojan-Downloader.Win32.Bagle.jd skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\TW0DP62A\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\TW0DP62A\b64[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\RHAJSBCE\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\RHAJSBCE\b64[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\RHAJSBCE\mxd[1].jpg Infected: Trojan-Downloader.Win32.Bagle.jd skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\RHAJSBCE\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\AJIJ7NLA\b64_1[4].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\AJIJ7NLA\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\AJIJ7NLA\b64_1[2].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\AJIJ7NLA\b64_1[3].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\AJIJ7NLA\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\AJIJ7NLA\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\1JWJUO3A\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\1JWJUO3A\mxd[1].jpg Infected: Trojan-Downloader.Win32.Bagle.jh skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\1JWJUO3A\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\BL9T2ICI\mxd[1].jpg Infected: Trojan-Downloader.Win32.Bagle.jf skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\BL9T2ICI\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\BL9T2ICI\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\BL9T2ICI\b64_1[2].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\BL9T2ICI\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\6BHY5ESV\mxd[1].jpg Infected: Trojan-Downloader.Win32.Bagle.jf skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\6BHY5ESV\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\6BHY5ESV\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\6BHY5ESV\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\6BHY5ESV\mxd[2].jpg Infected: Trojan-Downloader.Win32.Bagle.jh skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\6BHY5ESV\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\6BHY5ESV\b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\0SLIOL3T\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\IXKLL18Z\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\GIUSEPPE\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\GIUSEPPE\Dati applicazioni\m\data.oct Infected: Trojan-Downloader.Win32.Bagle.jh skipped

C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.ig skipped

Scan process completed.

[ste_95]

Disabilita il ripristino configurazione di sistema.

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto

Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\prodsrvs.exe
C:\WINDOWS\system32\WINTEMS_EXE.vir
C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\0SLIOL3T\b64_3[1].jpg
C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\IXKLL18Z\b64_2[1].jpg
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Folders to delete:
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\Temp\ASHeuristic
C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\Z73O6RAB
C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\GN5SM55K
C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\TW0DP62A
C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\RHAJSBCE
C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\AJIJ7NLA
C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\1JWJUO3A
C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\BL9T2ICI
C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\6BHY5ESV
C:\Documents and Settings\GIUSEPPE\Dati applicazioni\m

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Riscarica gli installer dei programmi di sicurezza e prova a reinstallare un antivirus.

[barney]

Caro/a
Qui di seguito c'è il txt, però devo dirti una cosa, mentre al riavvio il programma stava facendo non so cosa in dos, è comparsa una schermata di errore. ora provo ad installare un antivirus, e speriamo bene

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\njbyabio

*******************

Script file located at: \??\C:\Program Files\vwqpylpa.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.
File C:\windows\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\mdelk.exe deleted successfully.
File C:\WINDOWS\system32\prodsrvs.exe deleted successfully.
File C:\WINDOWS\system32\WINTEMS_EXE.vir deleted successfully.
File C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\0SLIOL3T\b64_3[1].jpg deleted successfully.
File C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\IXKLL18Z\b64_2[1].jpg deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.
Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Folder C:\WINDOWS\Temp\ASHeuristic deleted successfully.
Folder C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\Z73O6RAB deleted successfully.
Folder C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\GN5SM55K deleted successfully.
Folder C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\TW0DP62A deleted successfully.
Folder C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\RHAJSBCE deleted successfully.
Folder C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\AJIJ7NLA deleted successfully.
Folder C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\1JWJUO3A deleted successfully.
Folder C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\BL9T2ICI deleted successfully.
Folder C:\Documents and Settings\GIUSEPPE\Impostazioni locali\Temporary Internet Files\Content.IE5\6BHY5ESV deleted successfully.
Folder C:\Documents and Settings\GIUSEPPE\Dati applicazioni\m deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[barney]

Mille grazie. Il problema sembra essersi risolto. Ho installato Kaspersky, che mi ha subito trovato altri due virus, due troyan: possibile?

[Fred]

possibilissimo: falli fuori.

[ste_95]

Probabilmente li individuerà nella cartella c:\Avenger, elimina manualmente tutta la cartella.

[barney]

eliminata, ma era vuota, comunque, non ho più nessun problema grazie a voi.
un mondo di grazie

[ste_95]

Ripristina anche la modalità provvisoria utilizzando questo file.