www.MegaLab.it

[zinga]

Buongiorno.....avrei bisogno di un aiuto con il worm bagle.....chiramente non riesco a toglerlo dal pc.
Mi date una mano a creare lo script per avenger?
Allego qui sotto il log di scansione on-line di kapersky
Grazie


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 12, 2008 9:10:20 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/02/2008
Kaspersky Anti-Virus database records: 556591
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 141687
Number of viruses found: 11
Number of infected objects: 70
Number of suspicious objects: 0
Duration of the scan process: 10:51:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\andrea\Impostazioni locali\Dati applicazioni\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Dati applicazioni\Roxio\MediaManager\Album.ldb Object is locked skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Dati applicazioni\Roxio\MediaManager\Album.psod Object is locked skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Dati applicazioni\Roxio\Sidewinder\Sidewinder.log Object is locked skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Cronologia\History.IE5\MSHist012008021120080212\index.dat Object is locked skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temp\JETA664.tmp Object is locked skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\0AHPSWI9\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\6P03E165\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\6P03E165\b64_1[2].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\BRXZZL0S\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\BRXZZL0S\b64_31[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\CBN3EWH1\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\CBN3EWH1\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\D0SN15OX\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\D0SN15OX\b64_1[2].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\E1VCD8FU\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\E72ZALMR\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\ESEA6ZET\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\K16FGP27\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\K16FGP27\b64_31[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\K94BWRC3\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\andrea.SCUOLAUFFICIO\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\PCANDREA\ASPNET\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\PCANDREA\ASPNET\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\PCANDREA\ASPNET\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\PCANDREA\ASPNET\ntuser.dat.LOG Object is locked skipped
C:\Programmi\eMule\Incoming\IDM.UltraEdit.v12.00.Incl.Keymaker-ACME.zip/IDM.UltraEdit.v12.00.Incl.Keymaker-ACME.exe Infected: Trojan-Downloader.Win32.Agent.egk skipped
C:\Programmi\eMule\Incoming\IDM.UltraEdit.v12.00.Incl.Keymaker-ACME.zip ZIP: infected - 1 skipped
C:\Programmi\FreePOPs\log.txt Object is locked skipped
C:\Programmi\FreePOPs\stderr.txt Object is locked skipped
C:\Programmi\FreePOPs\stdout.txt Object is locked skipped
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.jf skipped
C:\Programmi\Symantec AntiVirus\SAVRT\0304NAV~.TMP Object is locked skipped
C:\Programmi\Symantec AntiVirus\SAVRT\0892NAV~.TMP Object is locked skipped
C:\Programmi\Symantec AntiVirus\VPTray.exe Infected: Trojan-Downloader.Win32.Bagle.jf skipped
C:\Programmi\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\Programmi\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
C:\Programmi\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP143\A0032664.sys Infected: Trojan-Downloader.Win32.Bagle.iw skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP143\A0032669.exe Infected: Trojan-Downloader.Win32.Bagle.jh skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP143\A0032671.exe Infected: Trojan-Downloader.Win32.Bagle.jf skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP143\A0032692.sys Infected: Trojan-Downloader.Win32.Bagle.iw skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP143\A0032944.exe Infected: Trojan-Downloader.Win32.Bagle.jf skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP143\A0033942.sys Infected: Trojan-Downloader.Win32.Bagle.iw skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP143\A0033987.sys Infected: Trojan-Downloader.Win32.Bagle.iw skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP143\A0033996.sys Infected: Trojan-Downloader.Win32.Bagle.iw skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP144\A0034019.sys Infected: Trojan-Downloader.Win32.Bagle.iw skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP145\A0034178.exe Infected: Trojan-Downloader.Win32.Bagle.jf skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP145\A0034179.sys Infected: Trojan-Downloader.Win32.Bagle.iw skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP145\A0034285.exe Infected: Trojan-Downloader.Win32.Bagle.jf skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP145\A0034286.sys Infected: Trojan-Downloader.Win32.Bagle.iw skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP145\A0034287.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP145\A0034288.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP146\A0034333.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP146\A0034334.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP146\A0034361.sys Infected: Trojan-Downloader.Win32.Bagle.iw skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP146\A0034396.exe Infected: Trojan-Downloader.Win32.Bagle.jf skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP147\A0034397.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP147\A0034398.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP147\A0034437.sys Infected: Trojan-Downloader.Win32.Bagle.iw skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP147\A0034438.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP147\A0034439.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP147\A0034440.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP147\A0034476.exe Infected: Trojan-Downloader.Win32.Bagle.jf skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP148\A0034691.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP148\A0034692.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP148\A0034716.exe Infected: Trojan-Downloader.Win32.Bagle.jf skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP148\A0034717.sys Infected: Trojan-Downloader.Win32.Bagle.iw skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP148\A0034718.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP148\A0034719.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP148\A0034742.exe Infected: Trojan-Downloader.Win32.Bagle.jf skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP148\A0034743.sys Infected: Trojan-Downloader.Win32.Bagle.iw skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP149\A0034769.exe Infected: Trojan-Downloader.Win32.Bagle.jf skipped
C:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP149\change.log Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D59D782E-4C44-4859-B1C3-5078A9808DD8}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\Logfiles\W3SVC1\ex080211.log Object is locked skipped
C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
E:\andrea\info_siti\UltraVNC-102-Setup.exe/file04 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
E:\andrea\info_siti\UltraVNC-102-Setup.exe/file05 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
E:\andrea\info_siti\UltraVNC-102-Setup.exe/file34 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
E:\andrea\info_siti\UltraVNC-102-Setup.exe Inno: infected - 3 skipped
E:\andrea\scaricati\intranet\calendari\ol7.exe/WISE0081.BIN Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
E:\andrea\scaricati\intranet\calendari\ol7.exe/WISE0082.BIN Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
E:\andrea\scaricati\intranet\calendari\ol7.exe WiseSFX: infected - 2 skipped
E:\andrea\UltraVNC-102-Setup.exe/file04 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
E:\andrea\UltraVNC-102-Setup.exe/file05 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
E:\andrea\UltraVNC-102-Setup.exe/file34 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
E:\andrea\UltraVNC-102-Setup.exe Inno: infected - 3 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{03F4BECC-E9DC-46D4-B830-978A6A698F77}\RP149\change.log Object is locked skipped

Scan process completed.

[zinga]

allego file Kap. formato .zip

[ste_95]

Disabilita il ripristino configurazione di sistema.

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto

Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\0AHPSWI9\b64_31[1].jpg
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\6P03E165\b64_1[1].jpg
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\6P03E165\b64_1[2].jpg
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\BRXZZL0S\b64_31[1].jpg
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\BRXZZL0S\b64_31[2].jpg
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\CBN3EWH1\b64_1[1].jpg
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\CBN3EWH1\b64_31[1].jpg
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\D0SN15OX\b64_1[1].jpg
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\D0SN15OX\b64_1[2].jpg
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\E1VCD8FU\b64_31[1].jpg
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\E72ZALMR\b64_1[1].jpg
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\ESEA6ZET\b64_1[1].jpg
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\K16FGP27\b64_31[1].jpg
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\K16FGP27\b64_31[2].jpg
C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\K94BWRC3\b64_1[1].jpg
C:\Programmi\eMule\Incoming\IDM.UltraEdit.v12.00.Incl.Keymaker-ACME.zip
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\Downloaded Program Files\popcaploader.dll

Folders to delete:
C:\WINDOWS\system32\drivers\down

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Riscarica gli installer dei programmi di sicurezza e prova a reinstallare un antivirus.

[zinga]

Ecco il log di avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wdprouwf

*******************

Script file located at: \??\C:\WINDOWS\vaeqgmow.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.
File C:\windows\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\mdelk.exe deleted successfully.
File C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\0AHPSWI9\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\6P03E165\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\6P03E165\b64_1[2].jpg deleted successfully.
File C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\BRXZZL0S\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\BRXZZL0S\b64_31[2].jpg deleted successfully.
File C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\CBN3EWH1\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\CBN3EWH1\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\D0SN15OX\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\D0SN15OX\b64_1[2].jpg deleted successfully.
File C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\E1VCD8FU\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\E72ZALMR\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\ESEA6ZET\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\K16FGP27\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\K16FGP27\b64_31[2].jpg deleted successfully.
File C:\Documents and Settings\andrea.SCUOLAUFFICIO\Impostazioni locali\Temporary Internet Files\Content.IE5\K94BWRC3\b64_1[1].jpg deleted successfully.
File C:\Programmi\eMule\Incoming\IDM.UltraEdit.v12.00.Incl.Keymaker-ACME.zip deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.
File C:\Programmi\Symantec AntiVirus\VPTray.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\popcaploader.dll deleted successfully.
Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Reinstallato antivirus (symantec corporate ed) e sembra funzionare, posso riabilitare ripristino configurazione sistema?
L'unica cosa il pc mi sembra molto lento.....

Sono "pulito" ora?

[ste_95]

Si, sembra tutto a posto. Puoi riabilitare il ripristino configurazione di sistema.

Ripristina anche la modalità provvisoria utilizzando questo file.

[zinga]

Grazie mille, sei stato gentilissimo.

Buona giornata e buon lavoro

A.