Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Aiuto virus

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Aiuto virus

Messaggioda BeppeEpa » mar giu 22, 2010 9:10 pm

Salve [ciao] , sono un newbie del forum.
Da una quindicina di giorni il mio PC presentava strani rallentamenti, impuntamenti di explorer (non i.e.) che a richiesta apriva finestre senza visualizzare contenuti ed altre cose sospette senza che Panda AV o Malawarytes rilevassero alcun che.
Poi qualche giorno fa una scansione di Malawarebytes mi ha dato questo risultato

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Versione database: 4210

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

17/06/2010 23.53.54
mbam-log-2010-06-17 (23-53-54).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 147399
Tempo trascorso: 5 minuti, 29 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 50
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 1
File infetti: 29

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\TypeLib\{a043783e-4380-4270-b770-3b457c7d4cdf} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{616ee024-f676-45e5-8933-5be48fa9a60e} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{99806add-c5ef-4632-a3d0-3e778b051f94} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99806add-c5ef-4632-a3d0-3e778b051f94} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e7c28ebf-91a9-411a-9293-ce9deb0fd816} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b792a203-fb64-4909-aefe-a9efb2697e55} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{067b5d39-578c-4d25-a119-a475e24d5f95} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{039b7df6-3103-48f0-bd6f-24291bc7e637} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1bd69f2f-96b4-41b3-accf-c46ed55e3a58} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2194682f-acb0-45ce-b900-3fcd2d13bfb5} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{24d4e9fc-5097-483b-b0fe-6e3ef28bff4a} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{382be372-d636-451d-8fa8-54c51569ad88} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3a60359d-0eb2-4437-ad15-a08bee794c14} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{46902815-1008-40c8-ba07-4f3d2276e6d2} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{777421f7-878b-426e-b7f7-593cbe6b543d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{777421f7-878b-426e-b7f7-593cbe6b543f} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7876dc2b-dd2e-48d3-b182-6e261698aadb} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9b7984e0-1b06-434d-a233-5323ab08f05f} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a0f36689-35ea-4b9b-8b16-2236b0581557} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b1ce34ce-dfa2-4a5e-a99a-5fdef5021994} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ce9cc21b-4f0c-4da5-9a2b-cb4d6a631228} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0778c77-10e3-4ab3-9077-fe845de401b4} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e5b630a9-c1e3-42f3-b58b-9afa3662c010} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{02aab237-8e24-46ce-bd71-ab4f4df52e3c} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0d37433c-8c73-458e-a7d6-15de1cec0f91} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11921be2-a0a6-4532-b708-76537c9bb86d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37f08bce-c7b2-48e8-88b0-666bc1c58c36} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5b2f6a77-8a7e-4aa7-b6d7-fac7657f58bd} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5e395ec3-30f4-4a0e-a7f6-8878c60e8eb1} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6126a5f4-a096-4f8a-a272-c54fd7f63c17} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{69f34ba8-7ed4-4911-97f4-4b88adf25441} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7aa18156-1945-45af-9ac6-f1a9787ace06} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{841643d5-d102-4b24-917c-0caf6d9dfbf1} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b359b6ea-e892-4018-8cd2-4ecc9bd477a2} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cbabf241-9875-46c8-bb0b-6f90cc8d12fe} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e8cd244f-1836-4ffe-af58-1776580d1622} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f39659cf-699b-47ef-bb19-c15a84bbb143} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fa150b05-7510-471d-9afb-467b94462fde} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b3774019-f8c2-4a55-b075-ff0529b79c31} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b373722b-f571-43a6-b51d-15766456ca91} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ba79865a-c1ef-402f-9706-609eb2fb2360} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bae10fb0-a2ac-4c36-92ce-14bd30be0bb6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f251bed0-0544-42c7-abbc-93556e513238} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1aa2cad-0e89-4239-85e5-a91b69c5862d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f92ace0c-4692-4793-bc37-eabc55da988a} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9458b32-119c-4301-b86d-53a845894d5b} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f4a40134-ed3b-4069-bc86-ed9733bd3217} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9a9f058-a535-45d3-8414-e80cafd6d31f} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ff7bcf7c-1d4b-4717-a39a-0db1a107b62b} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f817f096-9e9d-45fc-be44-11cef283faea} (Trojan.Agent) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
C:\Windows\System32\System32 (Trojan.Agent) -> Quarantined and deleted successfully.

File infetti:
C:\Windows\System32\System32\cis-2.4.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\issacapi_bs-2.3.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\issacapi_pe-2.3.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\issacapi_se-2.3.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MACXMLProto.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MaDRM.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MaJGUILib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MaJUtilLib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MAMACExtract.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MASetupCaller.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MASetupCleaner.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MaXMLProto.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MK_Lyric.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MSCLib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MSFLib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MSLUR71.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\msvcp60.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MTTELECHIP.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MTXSYNCICON.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzaf1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzapp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzapp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzdecode.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzeffect.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzmp4sp.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzmpgsp.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzoggsp.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzwmts.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\psapi.dll (Trojan.Agent) -> Quarantined and deleted successfully.


Dopo la pulizia pensavo che fosse tutto a posto, anche perché una scansione con Hijackthis non mi segnalava niente di sospetto.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18.10.31, on 19/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\ApVxdWin.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\SearchFilterHost.exe
O:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig/dell?hl=it&clie ... bd=3071018
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fornito da Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe"
O4 - HKLM\..\Run: [Display] C:\Program Files\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-21-3703642538-2008134003-4070867022-1000\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Beppe')
O4 - HKUS\S-1-5-21-3703642538-2008134003-4070867022-1000\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'Beppe')
O4 - HKUS\S-1-5-21-3703642538-2008134003-4070867022-1000\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Beppe')
O4 - HKUS\S-1-5-21-3703642538-2008134003-4070867022-1000\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" (User 'Beppe')
O4 - HKUS\S-1-5-21-3703642538-2008134003-4070867022-1000\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount (User 'Beppe')
O4 - HKUS\S-1-5-21-3703642538-2008134003-4070867022-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Beppe')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download All by ASUS Download - C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\ASDownloadAll.htm
O8 - Extra context menu item: Download using ASUS Download - C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\ASDownload.htm
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Servizio di Google Update (gupdate1c995e31bfb9bf0) (gupdate1c995e31bfb9bf0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrvx86.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda security\panda antivirus pro 2010\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\psimsvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11633 bytes


Anche Malawarebytes non ha più segnalato problemi ma questi sono rimasti e colpiscono in maniera diversa i tre account utenti presenti sul PC.
Leggendo su vari forum ho trovato riferimenti a Combofix, che ho scaricato e sono riuscito a far girare dopo un paio di tentativi; purtroppo non sono in grado di interpretarne i risultati e i problemi sono rimasti.
Ho fatto anche un tentativo con Avira Antirootkit tool, di cui allego il log

Avira AntiRootkit Tool (1.1.0.1)

========================================================================================================
- Scan started martedì 22 giugno 2010 - 0.25.07
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 288.04 GB
- Working disk free size : 79.35 GB (27 %)
--------------------------------------------------------------------------------------------------------

Results:
Value data mismatch : HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM -> autorecover mofs

--------------------------------------------------------------------------------------------------------
Files: 0/205918
Registry items: 1/598623
Processes: 0/84
Scan time: 00:07:04
--------------------------------------------------------------------------------------------------------
Active processes:
- SYSTEM (PID 4)
- DSAgnt.exe (PID 5408)
- svchost.exe (PID 1448)
- svchost.exe (PID 2020)
- svchost.exe (PID 1340)
- avguard.exe (PID 2824)
- spoolsv.exe (PID 1840)
- CPSHelpRunner.exe (PID 5128)
- RtHDVCpl.exe (PID 3540)
- svchost.exe (PID 1116)
- svchost.exe (PID 1824)
- smss.exe (PID 552)
- svchost.exe (PID 1192)
- svchost.exe (PID 1404)
- GoogleDesktop.exe (PID 5804)
- csrss.exe (PID 620)
- sched.exe (PID 1680)
- wininit.exe (PID 672)
- services.exe (PID 716)
- lsm.exe (PID 736)
- lsass.exe (PID 728)
- csrss.exe (PID 684)
- winlogon.exe (PID 896)
- svchost.exe (PID 920)
- nvvsvc.exe (PID 1020)
- svchost.exe (PID 1060)
- wmpnscfg.exe (PID 796)
- SearchIndexer.exe (PID 2288)
- psksvc.exe (PID 1220)
- TPSrv.exe (PID 1260)
- wmpnetwk.exe (PID 4224)
- DLG.exe (PID 3104)
- RoxMediaDB9.exe (PID 3524)
- svchost.exe (PID 1896)
- SLsvc.exe (PID 1424)
- nvvsvc.exe (PID 1536)
- PSHost.exe (PID 4040)
- RoxWatch9.exe (PID 2408)
- explorer.exe (PID 4160)
- MSASCui.exe (PID 4480)
- sprtcmd.exe (PID 4208)
- TomTomHOMERunner.exe (PID 4872)
- audiodg.exe (PID 1984)
- PsCtrlS.exe (PID 3728)
- PSIService.exe (PID 2136)
- SDWinSec.exe (PID 3952)
- StarWindServiceAE.exe (PID 3304)
- WUDFHost.exe (PID 2648)
- svchost.exe (PID 2484)
- dwm.exe (PID 2080)
- PavFnSvr.exe (PID 2376)
- svchost.exe (PID 1848)
- a2service.exe (PID 2220)
- prevxcsi.exe (PID 2692)
- AVENGINE.EXE (PID 3364)
- taskeng.exe (PID 4516)
- nvSCPAPISvr.exe (PID 3740)
- dgdersvc.exe (PID 3980)
- FsUsbExService.Exe (PID 2500)
- mDNSResponder.exe (PID 4032)
- svchost.exe (PID 2512)
- PsImSvc.exe (PID 3488)
- ACService.exe (PID 2628)
- WebProxy.exe (PID 4700)
- pavsrvx86.exe (PID 3512)
- RoxWatchTray9.exe (PID 4108)
- svchost.exe (PID 4028)
- sprtsvc.exe (PID 3096)
- PnkBstrA.exe (PID 2992)
- mainserv.exe (PID 3136)
- TomTomHOMEService.exe (PID 3296)
- PavPrSrv.exe (PID 3276)
- AppleMobileDeviceService.exe (PID 3700)
- svchost.exe (PID 3532)
- prevxcsi.exe (PID 3392)
- taskeng.exe (PID 5972)
- avirarkd.exe (PID 6068)
- avgnt.exe (PID 4456)
- EEventManager.exe (PID 776)
- issch.exe (PID 1032)
- cyqhlhxo.exe (PID 3580) (Avira AntiRootkit Tool)
- apcsystray.exe (PID 5816)
- jusched.exe (PID 5636)
- conime.exe (PID 2504)
========================================================================================================
- Scan finished martedì 22 giugno 2010 - 0.32.11
===================================================================================================


Dimenticavo, sia Panda che Avira (scaricato ed usato per l'occasione) hanno individuato alcuni malaware (4 o 5 in tutto) che sono riusciti a disinfettare ma i problemi rimangono.

Da ultimo ho cercato di disattivare ed eliminare i punti di ripristino dal mio sistema. Non è stato facile perché il virus me lo impediva ma alla fine lo ho eliminato da C:\........ per scoprire che il virus me li ha trasferiti su D:\ ed E:\ .
Scusate la lungaggine. Qualcuno può darmi una mano? [grazie]
Avatar utente
BeppeEpa
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: mar giu 22, 2010 8:39 pm

Re: Aiuto virus

Messaggioda farbix89 » mar giu 22, 2010 9:31 pm

Visto che qualche traccia del virus è rimasta di sicuro,una bella scansione in provvisoria dovrebbe cancellare anche quello che rimane delle infezioni.

Prova a scansionare in provvisoria con Avast o Avira.
Avatar utente
farbix89
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 14093
Iscritto il: ven feb 13, 2009 10:09 pm

Re: Aiuto virus

Messaggioda sondlive07 » mar giu 22, 2010 11:39 pm

me che ci fai con il pc che sei arrivato a tal punto....'centro accoglienza virus' [rotfl]
scherzo....
se fossi in te seguirei il consiglio di farb [^]
Se fossi uno scultore ti scolpirei... Se fossi un cantautore ti canterei... Se fossi un pittore ti dipingerei... Ma sono solo un trombettista! [:)]
Avatar utente
sondlive07
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2446
Iscritto il: mar feb 02, 2010 8:52 pm
Località: casa mia


Re: Aiuto virus

Messaggioda ste_95 » mer giu 23, 2010 6:36 am

E inoltre, già che la scansione con ComboFix l'hai fatta, puoi postare il log? [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Aiuto virus

Messaggioda BeppeEpa » mer giu 23, 2010 8:52 am

Ho fatto una scansione con AVIRA in modalità provvisoria, ma non ha rilevato niente.
Non trovo più il log di combofix. Scusate [acc2], potrei averlo cancellato per errore . Quando torno da lavoro faccio un'altra scansione e vi posto il risultato.
Avatar utente
BeppeEpa
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: mar giu 22, 2010 8:39 pm

Re: Aiuto virus

Messaggioda BeppeEpa » mer giu 23, 2010 9:45 pm

Dopo qualche blocco del programma, un paio di riavvii e qualche benedizione al dio dei computer sono riuscito ad ottenere un log di Combofix che allego di seguito

ComboFix 10-06-23.01 - Beppe e Sandra 23/06/2010 22.14.49.4.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.39.1040.18.2045.1119 [GMT 2:00]
Eseguito da: c:\users\Beppe e Sandra\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Creati Da 2010-05-23 al 2010-06-23 )))))))))))))))))))))))))))))))))))
.

2010-06-23 20:19 . 2010-06-23 20:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-23 20:19 . 2010-06-23 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-23 20:19 . 2010-06-23 20:19 -------- d-----w- c:\users\Beppe\AppData\Local\temp
2010-06-23 20:19 . 2010-06-23 20:19 -------- d-----w- c:\users\Maria Caterina\AppData\Local\temp
2010-06-22 20:23 . 2010-06-22 20:25 -------- d-----w- c:\users\Beppe e Sandra\AppData\Local\Adobe
2010-06-22 18:09 . 2010-06-22 20:43 -------- d-----w- C:\FyK
2010-06-22 07:57 . 2010-06-22 07:57 -------- d-----w- c:\users\Beppe\AppData\Local\Adobe
2010-06-21 00:41 . 2009-11-25 09:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-21 00:41 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-06-21 00:41 . 2010-06-21 00:41 -------- d-----w- c:\programdata\Avira
2010-06-21 00:41 . 2010-06-21 00:41 -------- d-----w- c:\program files\Avira
2010-06-21 00:22 . 2010-06-21 00:22 -------- d-----w- c:\users\Beppe\AppData\Local\Apps
2010-06-20 23:32 . 2008-11-06 00:03 -------- d-----w- C:\SDFix
2010-06-19 21:05 . 2010-06-20 23:49 1356 ----a-w- c:\users\Beppe e Sandra\AppData\Local\d3d9caps.dat
2010-06-19 19:26 . 2010-06-23 20:19 -------- d-----w- c:\users\Beppe e Sandra\AppData\Local\temp
2010-06-09 15:33 . 2010-06-09 15:33 -------- d-----w- c:\program files\MyFree Codec
2010-06-09 15:19 . 2010-05-01 06:50 201728 ----a-w- c:\users\Beppe e Sandra\AppData\Roaming\Samsung\Kies\CmdAgent.dll
2010-06-09 14:12 . 2009-10-27 22:51 5120 ----a-w- c:\users\Beppe e Sandra\AppData\Roaming\Samsung\Kies\UpdateTemp\it-IT\MCS.Thunder.Update.resources.dll
2010-06-09 14:11 . 2010-06-09 14:11 -------- d-----w- c:\programdata\PC Suite
2010-06-09 14:11 . 2010-06-09 14:11 -------- d-----w- c:\users\Beppe\AppData\Roaming\PC Suite
2010-06-09 14:03 . 2009-09-21 08:55 12160 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2010-06-09 14:03 . 2009-09-21 08:55 12160 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2010-06-09 13:57 . 2010-06-09 13:57 -------- d-----w- c:\program files\DIFX
2010-06-09 13:57 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-06-09 13:55 . 2009-10-09 02:38 217088 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-06-09 13:55 . 2009-10-09 02:36 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-06-09 13:55 . 2009-09-30 08:47 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2010-06-09 13:54 . 2010-06-09 13:56 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-09 13:54 . 2010-06-09 13:54 -------- d-----w- c:\users\Beppe e Sandra\AppData\Roaming\Samsung
2010-06-09 13:53 . 2010-06-09 13:53 -------- d-----w- c:\program files\MarkAny
2010-06-09 13:53 . 2010-06-09 15:19 -------- d-----w- c:\programdata\Samsung
2010-06-09 13:53 . 2010-06-09 13:58 -------- d-----w- c:\program files\Samsung
2010-06-09 13:53 . 2010-06-09 13:53 -------- d-----w- c:\program files\Common Files\Samsung
2010-06-09 08:07 . 2010-06-22 18:37 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-09 07:55 . 2010-06-22 18:37 214720 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-09 07:55 . 2010-06-09 07:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-09 07:55 . 2010-06-09 07:55 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-06-09 07:55 . 2010-06-09 07:55 -------- d-----w- c:\programdata\id Software
2010-06-08 21:58 . 2010-06-08 21:59 836 ----a-w- c:\users\Beppe\cc_20100608_235850.reg
2010-06-08 21:30 . 2010-06-08 21:30 139152 ----a-w- c:\users\Beppe e Sandra\AppData\Roaming\PnkBstrK.sys
2010-06-07 13:21 . 2010-06-07 13:21 -------- d-----w- c:\users\Maria Caterina\AppData\Roaming\ArcSoft
2010-06-06 19:39 . 2010-06-06 19:39 -------- d-----w- c:\program files\JRE
2010-06-06 09:03 . 2010-05-19 19:00 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE717.tmp.exe
2010-05-29 20:32 . 2010-05-29 20:32 -------- d-----w- c:\program files\ISL
2010-05-29 20:10 . 2010-05-29 20:37 -------- d-----w- c:\users\Beppe\AppData\Local\ISL
2010-05-29 19:52 . 2010-05-29 19:52 -------- d-----w- c:\users\Beppe\AppData\Local\Panasonic
2010-05-29 19:08 . 2010-05-29 19:08 -------- d-----w- c:\users\Beppe e Sandra\AppData\Local\Panasonic
2010-05-29 19:08 . 2010-05-29 19:08 -------- d-----w- c:\programdata\Panasonic
2010-05-29 18:17 . 2010-05-29 20:31 -------- d-----w- c:\windows\Downloaded Installations
2010-05-29 18:16 . 2010-05-29 18:16 -------- d-----w- c:\users\Beppe e Sandra\AppData\Roaming\ArcSoft
2010-05-29 18:15 . 2010-05-29 19:35 -------- d-----w- c:\programdata\ArcSoft
2010-05-29 18:14 . 2010-05-29 18:14 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-05-29 18:09 . 2010-05-29 18:09 -------- d-----w- c:\program files\Common Files\Panasonic
2010-05-29 18:08 . 2010-05-29 18:08 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-05-29 18:08 . 2010-05-29 18:08 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-05-29 18:06 . 2010-05-29 18:06 -------- d-----w- c:\users\Beppe e Sandra\AppData\Roaming\InstallShield
2010-05-29 13:37 . 2010-05-29 18:08 -------- d-----w- c:\program files\Panasonic
2010-05-25 19:54 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 20:09 . 2009-11-27 22:29 71910 ----a-w- c:\programdata\nvModes.dat
2010-06-23 20:09 . 2009-10-23 21:55 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-06-23 20:09 . 2009-10-23 21:55 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-06-23 20:09 . 2008-03-26 21:10 -------- d-----w- c:\programdata\NVIDIA
2010-06-23 18:45 . 2009-10-23 21:55 416976 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-06-23 18:45 . 2009-10-23 21:55 416976 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-06-23 18:39 . 2009-09-26 18:22 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-22 08:03 . 2008-10-15 12:21 1 ----a-w- c:\users\Beppe\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-20 23:31 . 2009-11-22 08:46 -------- d-----w- c:\users\Beppe e Sandra\AppData\Roaming\TeraCopy
2010-06-19 21:04 . 2010-01-10 22:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-19 20:01 . 2009-10-02 09:01 -------- d-----w- c:\program files\Wise Disk Cleaner
2010-06-19 16:10 . 2006-11-06 01:49 662608 ----a-w- c:\windows\system32\perfh010.dat
2010-06-19 16:10 . 2006-11-06 01:49 120120 ----a-w- c:\windows\system32\perfc010.dat
2010-06-19 14:59 . 2007-10-23 22:22 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-19 14:59 . 2007-11-02 19:28 -------- d-----w- c:\users\Beppe e Sandra\AppData\Roaming\Thunderbird
2010-06-19 14:54 . 2009-05-07 22:31 -------- d-----w- c:\users\Beppe\AppData\Roaming\TeraCopy
2010-06-19 14:43 . 2009-04-26 16:17 -------- d-----w- c:\program files\a-squared Free
2010-06-19 12:35 . 2008-09-21 14:50 -------- d-----w- c:\programdata\PrevxCSI
2010-06-17 21:46 . 2008-12-20 14:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-15 23:15 . 2007-11-14 11:16 -------- d-----w- c:\program files\Canon
2010-06-14 21:23 . 2007-10-17 23:07 -------- d-----w- c:\programdata\Roxio
2010-06-14 09:41 . 2010-03-15 01:17 -------- d-----w- c:\program files\Mp3tag
2010-06-14 09:27 . 2009-06-04 14:29 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-09 14:10 . 2007-10-17 23:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-09 10:53 . 2009-07-01 00:04 -------- d-----w- c:\users\Beppe\AppData\Roaming\Media Player Classic
2010-06-08 22:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-07 23:29 . 2007-11-01 08:39 89576 ----a-w- c:\users\Beppe e Sandra\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-07 13:23 . 2009-04-07 14:38 1 ----a-w- c:\users\Maria Caterina\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-07 13:21 . 2007-10-30 09:28 89576 ----a-w- c:\users\Maria Caterina\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-06 22:00 . 2007-10-23 10:46 89576 ----a-w- c:\users\Beppe\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-06 21:50 . 2008-10-14 05:46 -------- d-----w- c:\program files\OpenOffice.org 3
2010-06-06 08:21 . 2009-11-28 21:18 -------- d-----w- c:\users\Beppe e Sandra\AppData\Roaming\Media Player Classic
2010-06-06 08:20 . 2007-10-29 10:25 -------- d-----w- c:\program files\CCleaner
2010-06-05 06:37 . 2007-10-23 20:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 09:15 . 2009-10-02 08:59 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-05-30 05:41 . 2007-10-27 18:04 -------- d-----w- c:\users\Beppe\AppData\Roaming\ArcSoft
2010-05-29 19:28 . 2007-11-16 01:18 -------- d-----w- c:\users\Beppe\AppData\Roaming\ZoomBrowser EX
2010-05-29 18:14 . 2007-10-24 19:24 -------- d-----w- c:\program files\ArcSoft
2010-05-26 17:06 . 2010-06-08 21:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-08 21:32 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 13:44 . 2007-10-29 10:57 -------- d-----w- c:\programdata\DVD Shrink
2010-05-21 12:14 . 2009-10-02 19:41 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 15:00 . 2007-10-17 23:13 -------- d-----w- c:\program files\Google
2010-05-13 07:11 . 2010-05-13 07:10 -------- d-----w- c:\program files\Epson Software
2010-05-12 00:13 . 2010-05-12 00:13 265016 ----a-w- c:\users\Beppe e Sandra\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe
2010-05-07 10:49 . 2010-05-07 10:49 47104 ----a-w- c:\users\Beppe e Sandra\AppData\Roaming\Samsung\Kies\UpdateTemp\MSC.Thunder.Update.Util.dll
2010-05-06 22:00 . 2007-11-22 01:19 680 ----a-w- c:\users\Beppe\AppData\Local\d3d9caps.dat
2010-05-04 05:59 . 2010-06-08 21:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-08 21:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-08 21:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-08 21:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-04 02:48 . 2010-05-04 02:48 9728 ----a-w- c:\users\Beppe e Sandra\AppData\Roaming\Samsung\Kies\UpdateTemp\Interop.CmdAgentLib.dll
2010-05-04 02:41 . 2010-05-04 02:41 204288 ----a-w- c:\users\Beppe e Sandra\AppData\Roaming\Samsung\Kies\UpdateTemp\CabLib.dll
2010-05-04 02:41 . 2010-05-04 02:41 12288 ----a-w- c:\users\Beppe e Sandra\AppData\Roaming\Samsung\Kies\UpdateTemp\AdminCmdAgent.dll
2010-05-04 02:40 . 2010-05-04 02:40 6656 ----a-w- c:\users\Beppe e Sandra\AppData\Roaming\Samsung\Kies\UpdateTemp\MSC.Thunder.UAC.dll
2010-05-01 14:13 . 2010-06-08 21:32 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 06:50 . 2009-10-26 13:40 95568 ----a-w- c:\windows\system32\dgdersvc.exe
2010-05-01 06:50 . 2009-10-26 13:40 726352 ----a-w- c:\windows\system32\dgderapi.dll
2010-05-01 06:50 . 2009-10-26 13:40 18136 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2010-04-29 21:43 . 2010-04-29 21:42 -------- d-----w- c:\program files\iTunes
2010-04-29 21:42 . 2010-04-29 21:42 -------- d-----w- c:\program files\iPod
2010-04-29 21:42 . 2007-10-26 19:55 -------- d-----w- c:\program files\Common Files\Apple
2010-04-29 21:39 . 2010-04-29 21:39 -------- d-----w- c:\program files\Bonjour
2010-04-29 21:33 . 2010-04-29 21:33 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-29 13:39 . 2008-12-20 14:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2008-12-20 14:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-13 11:10 . 2010-04-13 11:10 629824 ----a-w- c:\programdata\id Software\QuakeLive\npquakezero.dll
2010-04-13 11:03 . 2010-04-13 11:03 2373712 ----a-w- c:\programdata\id Software\QuakeLive\pbsvc.exe
2010-04-12 15:29 . 2010-04-18 12:44 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-11 10:38 . 2010-04-11 10:38 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb1884.tmp.exe
2010-04-10 15:05 . 2010-04-10 15:05 65328 ----a-w- c:\windows\AppPatch\matsshim.dll
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 17:01 . 2010-06-08 21:32 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-03-26 08:33 . 2010-04-17 18:19 1496064 ----a-w- c:\users\Beppe e Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\6cceb9gp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 08:33 . 2010-04-14 06:06 1496064 ----a-w- c:\users\Beppe\AppData\Roaming\Mozilla\Firefox\Profiles\fbu17h29.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 08:33 . 2010-04-17 18:19 43008 ----a-w- c:\users\Beppe e Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\6cceb9gp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 08:33 . 2010-04-17 18:19 339456 ----a-w- c:\users\Beppe e Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\6cceb9gp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 08:33 . 2010-04-14 06:06 43008 ----a-w- c:\users\Beppe\AppData\Roaming\Mozilla\Firefox\Profiles\fbu17h29.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 08:33 . 2010-04-14 06:06 339456 ----a-w- c:\users\Beppe\AppData\Roaming\Mozilla\Firefox\Profiles\fbu17h29.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 08:32 . 2010-04-17 18:19 346112 ----a-w- c:\users\Beppe e Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\6cceb9gp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-26 08:32 . 2010-04-14 06:06 346112 ----a-w- c:\users\Beppe\AppData\Roaming\Mozilla\Firefox\Profiles\fbu17h29.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-18 21:49 . 2008-04-08 07:41 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-12-07 18:08 . 2007-11-06 00:19 88 --sh--r- c:\windows\System32\0A7EC7C30F.sys
2007-10-18 06:45 . 2007-10-18 06:40 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-18 30192]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-02 4452352]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" [2009-09-25 906496]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe" [2009-08-12 56064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\users\Maria Caterina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-1-7 267576]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-7 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 15:58 58672 ----a-w- c:\windows\System32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-09-03 18:12 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-06-19 09:44 195072 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-10-30 18:52 16200 ----a-w- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-06-08 17:40 128560 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):76,0e,91,c9,c0,f9,c9,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-06 721904]
R2 gupdate1c995e31bfb9bf0;Servizio di Google Update (gupdate1c995e31bfb9bf0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 133104]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-18 30192]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [x]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
R3 yeddef;YEDDEF driver;c:\windows\system32\Drivers\yeddef.sys [x]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2009-06-30 28552]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2009-04-30 22024]
S0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [2009-04-30 27656]
S1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2009-09-30 75016]
S1 Asapi;Asapi; [x]
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2009-06-16 53128]
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2008-03-28 22072]
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2009-06-16 193800]
S1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2009-06-16 12:33 159112]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2009-06-16 46728]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-04-17 1872320]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2009-08-06 49160]
S2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\ASTRA32\ASTRA32.sys [2007-02-22 30864]
S2 CSIScanner;CSIScanner;c:\program files\PrevxCSI\prevxcsi.exe [2009-04-30 4368952]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-05-01 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-09 217088]
S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost [x]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2009-06-30 163336]
S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe [2009-08-25 28928]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-05-07 92008]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-05-01 18136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-10-09 36640]
S3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:\windows\system32\DRIVERS\neti1639.sys [2009-09-09 199432]
S3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x]
S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
panda REG_MULTI_SZ Gwmsrv
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 18:18]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 18:18]

2009-03-16 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\program files\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-10-02 12:25]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/ig/dell?hl=it&clie ... bd=3071018
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download All by ASUS Download - c:\program files\ASUS\WL-500gP Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - c:\program files\ASUS\WL-500gP Wireless Router Utilities\ASDownload.htm
FF - ProfilePath - c:\users\Beppe e Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\6cceb9gp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it|http://ww ... t/portale/
FF - component: c:\users\Beppe e Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\6cceb9gp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\progra~1\MEADCO~1\npmeadax.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Panda Security\TotalScan\npwrapper.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Beppe e Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\6cceb9gp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 22:19
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-06-23 22:22:00
ComboFix-quarantined-files.txt 2010-06-23 20:21
ComboFix2.txt 2010-06-19 19:26

Pre-Run: 84.932.104.192 byte disponibili
Post-Run: 84.955.652.096 byte disponibili

- - End Of File - - A4C3827BDBDBF9B69885550C11BA0542

Altro sintomo; mi sono accorto che ogni tanto l'utilizzo della CPU arriva al 50-60% (uno dei due core risulta completamente occupato) senza che io stia eseguendo qualche task particolarmente impegnativa.
Ditemi che non devo formattare tutto [XX(]
Avatar utente
BeppeEpa
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: mar giu 22, 2010 8:39 pm

Re: Aiuto virus

Messaggioda ste_95 » gio giu 24, 2010 9:14 am

Ma sei sicuro di aver formattato una settimana fa??

Dai un'occhiata a questo: http://www.MegaLab.it/3502/computer-len ... ei-malware
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Aiuto virus

Messaggioda IVANA » gio giu 24, 2010 11:17 am

scusatemi sono nuova e disperata. E anche inesperta.
Dunque mi sono iscritta al forum ma non trovo un segno minimo di esitenza di icona del tipo nuovo messaggio. A parte questo che sicuramente dipenderà dalla mia inettitudine, ho paura di avere un bagle e non riesco a toglierlo in nessun modo, Non mi fa accedere a findykill non mi fa installare lo spyware, il defrag niente.....
cosa faccio butto il pc o mi butto dalla finestra?
Grazie e scusate se mi sono intromessa in una discussione sbagliata
Avatar utente
IVANA
Neo Iscritto
Neo Iscritto
 
Messaggi: 2
Iscritto il: gio giu 24, 2010 10:46 am

Re: Aiuto virus

Messaggioda ste_95 » gio giu 24, 2010 11:22 am

[ciao]

Qualche moderatore dividerà la discussione [:)], nel frattempo, prova questo:
http://www.MegaLab.it/3591/avira-antivir-rescue-system
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Re: Aiuto virus

Messaggioda IVANA » gio giu 24, 2010 11:28 am

anche se ho disinstallato l'antivirus?
Avatar utente
IVANA
Neo Iscritto
Neo Iscritto
 
Messaggi: 2
Iscritto il: gio giu 24, 2010 10:46 am

Re: Aiuto virus

Messaggioda crazy.cat » gio giu 24, 2010 11:56 am

IVANA ha scritto:anche se ho disinstallato l'antivirus?

si.
E' un cd di boot che ti permette di avviare il tuo pc e di fare una scansione completa.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 11 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising