Ecco, la scansione di malware Bytes è terminata e risultano cinque elememtni infetti, ma fra questi file c'è una chiave di registro: HKEY LOCAL MACHINE/System CurrentCon... Se elimino anche questa chiave rischio di non far funzionare più bene il sistema?

Ecco, ho finito la scansione con Malaware Bytes ed il risultato è di quattro file infetti più una chiave di registro con tracce di infezione. Ho eliminato i file, ma sono preoccupata per la chiave di registro che non credo di poter eliminare per il funzionamento del computer. Si tratta della seguente chiave: HKEY LOCAL MACHINE\System\CurrentControlSet\Servises (Malware.Trace). Come devo comportarmi? (Scusa la mia ignoranza ma non sono molto pratica di Registro di Sistema).

Sicura di avere digitato bene l'ultima parola della chiave?
E' scritto : Servises
Dovrebbe essere scritta così: Services

Vuoi provare a fare una scansione con Combofix?
Se funziona, abbiamo risolto.
Scarica Combofix (eseguilo come Amministratore)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Non farti intimorire, dai vari messaggi "minacciosi" che compariranno.
Prosegui con la scansione.
Però, il log, lo voglio vedere. (fino adesso, non ne ho visto manco 1.)

N.B:
ELIMINA anche quello che NON hai selezionato:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace)

ComboFix 10-02-11.04 - Annamaria 14/02/2010 22.48.03.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2046.1079 [GMT 1:00]
Eseguito da: c:\users\Annamaria\Desktop\Rombo-fix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\jkbuwt.sys

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_heaw


((((((((((((((((((((((((( Files Creati Da 2010-01-14 al 2010-02-14 )))))))))))))))))))))))))))))))))))
.

2010-02-14 21:53 . 2010-02-14 21:56 -------- d-----w- c:\users\Annamaria\AppData\Local\temp
2010-02-14 21:53 . 2010-02-14 21:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-14 21:53 . 2010-02-14 21:53 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-02-14 21:53 . 2010-02-14 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-14 21:53 . 2010-02-14 21:53 -------- d-----w- c:\users\ALESSIO\AppData\Local\temp
2010-02-14 21:53 . 2010-02-14 21:53 -------- d-----w- c:\users\Alessio.PC-Annamaria\AppData\Local\temp
2010-02-14 18:58 . 2010-02-14 18:58 -------- d-----w- c:\users\Annamaria\AppData\Roaming\Malwarebytes
2010-02-14 18:58 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-14 18:58 . 2010-02-14 18:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-14 18:58 . 2010-02-14 18:58 -------- d-----w- c:\programdata\Malwarebytes
2010-02-14 18:58 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 13:59 . 2010-02-14 13:59 -------- d-----w- c:\users\Annamaria\AppData\Local\VS Revo Group
2010-02-14 13:59 . 2009-12-30 10:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-14 13:59 . 2010-02-14 13:59 -------- d-----w- c:\program files\VS Revo Group
2010-02-11 08:06 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-11 08:06 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-03 20:00 . 2010-02-03 20:00 -------- d-----w- C:\$AVG
2010-02-03 20:00 . 2010-02-03 20:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-03 20:00 . 2010-02-03 20:00 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-03 20:00 . 2010-02-03 20:00 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-03 20:00 . 2010-02-03 20:00 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-03 20:00 . 2010-02-14 20:59 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-03 20:00 . 2010-02-03 20:08 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-02-03 19:59 . 2010-02-03 19:59 -------- d-----w- c:\program files\AVG
2010-02-03 19:59 . 2010-02-03 19:59 -------- d-----w- c:\programdata\avg9
2010-02-02 22:05 . 2010-02-02 22:05 -------- d-----w- c:\users\Annamaria\AppData\Roaming\Ultra Fractal 5
2010-02-02 22:05 . 2010-02-02 22:05 -------- d-----w- c:\program files\Ultra Fractal 5
2010-02-02 18:14 . 2010-02-02 18:14 -------- d-----w- c:\users\Alessio.PC-Annamaria\AppData\Local\Corel
2010-02-02 18:14 . 2010-02-02 18:14 -------- d-----w- c:\users\Alessio.PC-Annamaria\AppData\Roaming\Corel
2010-02-01 12:46 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-28 12:02 . 2010-02-14 17:12 -------- d-----w- c:\users\Annamaria\AppData\Local\Corel
2010-01-27 12:18 . 2010-01-27 12:18 -------- d-----w- c:\program files\Windows Media Components
2010-01-27 12:16 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-21 17:26 . 2010-01-21 17:26 -------- d-----w- c:\users\Annamaria\AppData\Local\Tific
2010-01-21 17:26 . 2010-01-21 17:26 -------- d-----w- c:\users\Annamaria\AppData\Roaming\Tific
2010-01-19 12:46 . 2010-01-19 12:46 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-18 17:09 . 2010-01-18 17:09 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-01-18 17:04 . 2010-02-13 08:26 -------- d-----w- c:\users\Annamaria\AppData\Local\CrashDumps

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 20:49 . 2008-12-20 07:51 1 ----a-w- c:\users\Annamaria\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-14 17:12 . 2009-05-29 11:47 7520 --sha-w- c:\programdata\KGyGaAvL.sys
2010-02-14 17:12 . 2009-05-29 11:47 7520 --sha-w- c:\programdata\KGyGaAvL.sys
2010-02-12 07:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-07 17:15 . 2008-11-20 16:48 141416 ----a-w- c:\users\Annamaria\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-03 19:59 . 2010-02-04 08:42 3777280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-02-03 19:59 . 2010-02-04 08:42 1260800 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-02-02 18:14 . 2009-01-27 15:00 136688 ----a-w- c:\users\Alessio.PC-Annamaria\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-01 12:35 . 2009-01-30 12:38 -------- d-----w- c:\program files\Norton Internet Security
2010-02-01 12:24 . 2008-11-20 22:32 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-28 14:28 . 2008-11-20 21:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-28 12:11 . 2008-09-21 16:30 -------- d-----w- c:\program files\QuickTime
2010-01-28 12:01 . 2009-06-03 12:48 -------- d-----w- c:\program files\Corel
2010-01-28 12:00 . 2009-06-03 11:19 -------- d-----w- c:\programdata\Corel
2010-01-28 11:45 . 2009-10-27 10:47 -------- d-----w- c:\program files\Common Files\Corel
2010-01-28 11:09 . 2009-05-29 11:47 168 --sh--r- c:\programdata\9C73AEC086.sys
2010-01-28 11:09 . 2009-05-29 11:47 168 --sh--r- c:\programdata\9C73AEC086.sys
2010-01-27 13:32 . 2009-05-29 11:46 -------- d-----w- c:\users\Annamaria\AppData\Roaming\Corel
2010-01-27 13:31 . 2009-09-27 12:49 -------- d-----w- c:\programdata\NOS
2010-01-22 16:25 . 2008-11-20 20:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-20 17:40 . 2008-11-10 21:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-16 17:15 . 2008-12-02 08:41 -------- d-----w- c:\users\Annamaria\AppData\Roaming\dvdcss
2010-01-14 18:20 . 2006-11-06 01:52 401024 ----a-w- c:\windows\system32\perfc010.dat
2010-01-14 18:20 . 2006-11-06 01:52 1455460 ----a-w- c:\windows\system32\perfh010.dat
2010-01-08 15:26 . 2009-10-16 19:50 -------- d-----w- c:\program files\Jasc Software Inc
2010-01-02 06:38 . 2010-01-22 07:59 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 07:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 07:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 07:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 11:26 . 2008-11-20 19:21 -------- d-----w- c:\programdata\eMule
2010-01-01 11:25 . 2010-01-01 11:25 -------- d-----w- c:\program files\eMule
2009-12-28 19:51 . 2009-12-28 19:51 -------- d-----w- c:\program files\MSECache
2009-12-08 20:01 . 2010-02-11 08:05 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-11 08:05 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-11 08:05 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-11 08:05 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-11 08:05 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-11 08:05 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-11 08:05 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-11 08:05 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-11 08:05 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-11 08:05 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-11 08:05 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-11 08:05 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-11 08:05 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 21:43 . 2008-11-20 16:47 1356 ----a-w- c:\users\Annamaria\AppData\Local\d3d9caps.dat
2009-04-29 12:22 . 2009-04-29 12:22 53 ----a-w- c:\program files\GMLMatting.ini
2008-08-19 01:29 . 2009-10-27 10:40 112245248 ----a-w- c:\program files\psppx2.msi
2008-08-19 01:22 . 2009-10-27 10:40 279880 ----a-w- c:\program files\installer.exe
2008-08-19 01:22 . 2009-10-27 10:40 60416 ----a-w- c:\program files\1043.mst
2008-08-19 01:22 . 2009-10-27 10:40 61440 ----a-w- c:\program files\1040.mst
2008-08-19 01:22 . 2009-10-27 10:40 61440 ----a-w- c:\program files\1036.mst
2008-08-19 01:22 . 2009-10-27 10:40 59392 ----a-w- c:\program files\1034.mst
2008-08-19 01:22 . 2009-10-27 10:40 62464 ----a-w- c:\program files\1031.mst
2008-08-19 01:22 . 2009-10-27 10:40 12288 ----a-w- c:\program files\1033.mst
2008-08-19 01:22 . 2009-10-27 10:40 2007 ----a-w- c:\program files\Setup.ini
2008-08-19 01:22 . 2009-10-27 10:40 578 ----a-w- c:\program files\installer.xml
2008-08-19 01:22 . 2009-10-27 10:40 226661857 ----a-w- c:\program files\Data1.cab
2008-08-19 00:00 . 2009-10-27 10:40 8904 ----a-w- c:\program files\Installer.lang
2008-03-25 16:16 . 2009-10-27 10:40 757344 ----a-r- c:\program files\ycomp_setup_core.exe
2007-12-01 15:22 . 2009-04-29 12:22 315392 ----a-w- c:\program files\GMLMatting.8bf
2007-03-15 02:07 . 2009-10-27 10:40 2584848 ----a-w- c:\program files\msi31.exe
2007-03-15 01:58 . 2009-10-27 10:40 7242 ----a-w- c:\program files\0x040c.ini
2007-03-15 01:58 . 2009-10-27 10:40 7094 ----a-w- c:\program files\0x0407.ini
2007-03-15 01:58 . 2009-10-27 10:40 7022 ----a-w- c:\program files\0x040a.ini
2007-03-15 01:58 . 2009-10-27 10:40 6897 ----a-w- c:\program files\0x0410.ini
2007-03-15 01:58 . 2009-10-27 10:40 6814 ----a-w- c:\program files\0x0413.ini
2007-03-15 01:58 . 2009-10-27 10:40 6129 ----a-w- c:\program files\0x0409.ini
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-10 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-12-30 523408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-12-30 523408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\users\Annamaria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2009-4-13 157000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"="
"
"FirewallOverride"="
"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):69,be,08,f2,a0,37,ca,01

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [20/11/2008 22.17.29 17920]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [03/02/2010 21.00.06 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [03/02/2010 21.00.12 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [03/02/2010 20.59.41 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [03/02/2010 20.59.38 285392]
S2 Registry Helper Service;Registry Helper Service;c:\program files\Registry Helper\RegistryHelperService.exe --> c:\program files\Registry Helper\RegistryHelperService.exe [?]
S3 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [22/11/2008 15.42.07 21504]
S3 Revoflt;Revoflt;c:\windows\System32\drivers\revoflt.sys [14/02/2010 14.59.05 27192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-14 c:\windows\Tasks\User_Feed_Synchronization-{1EC84F94-5C7B-46C4-BB2E-F08FDF9AEBD3}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Scansione supplementare -------
.
mStart Page = hxxp://italian.ircfast.com/it/index.php?rvs=hompag
.

**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-163651712-1538293285-2878800606-1000\Software\CISRA\PhotoRecord]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-163651712-1538293285-2878800606-1000\Software\Google\Google Earth Plus\autoupdate]
@DACL=(02 0000)
"InstalledVersion"="4.2.0205.5730"
"UpdateURL"="https://www.keyhole.com/updatecheck/"
"AppPath"="C:/Program Files/Google/Google Earth"
"AvailableVersion"="4.3.7284.3916"
"AvailableURL"="http://earth.google.com/download-earth.html"
"AvailableDescription"="Optional:"
"NextUpdate"=dword:495658a3

[HKEY_USERS\S-1-5-21-163651712-1538293285-2878800606-1000\Software\Google\Google Earth Plus\Layer]
@DACL=(02 0000)
"FlySpeed"=hex:0a,d7,a3,70,3d,0a,c7,3f
"tourSpeed"=hex:0a,d7,a3,70,3d,0a,c7,3f
"tourCycles"=dword:00000001
"tourBalloonShow"=dword:00000000
"pauseTime"=hex:33,33,33,33,33,33,fb,3f
"drivingDirectionsSpeed"=hex:00,00,00,00,00,c0,62,40
"drivingDirectionsTilt"=hex:00,00,00,00,00,80,46,40
"drivingDirectionsRange"=hex:00,00,00,00,00,40,8f,40

[HKEY_USERS\S-1-5-21-163651712-1538293285-2878800606-1000\Software\Google\Google Earth Plus\Render]
@DACL=(02 0000)
"RenderingApi"=dword:00000000
"SwitchToDX"=dword:00000001
"FeetMiles"=dword:00000000
"CompassVisible"=dword:00000001

[HKEY_USERS\S-1-5-21-163651712-1538293285-2878800606-1000\Software\Google\Google Earth Plus\UsageStatistics]
@DACL=(02 0000)
"numRuns"=dword:00000003
"numRunsThisVersion"=dword:00000003
"loginHistory"=dword:00000000

[HKEY_USERS\S-1-5-21-163651712-1538293285-2878800606-1000\Software\Macromedia\FlashPlayer]
@DACL=(02 0000)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\conime.exe
c:\program files\Webshots\webshots.scr
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-14 23:03:01 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-14 22:02
ComboFix2.txt 2010-02-14 17:25
ComboFix3.txt 2010-02-14 16:41

Pre-Run: 222.474.993.664 byte disponibili
Post-Run: 222.037.164.032 byte disponibili

- - End Of File - - A61413F98D32C871B3C1BE081F4A5F9D
Ho copiato il log di combofix sul portatile:

Sì è ritornato tutto normale.

Caro R16 mi rendo conto di averti dato un lavoro super per il mio computer anche perché ormai è ora tarda, io purtroppo sono costretta a spegnere tutto per motivi familiari, non dovuti a me personalmente, perciò riprenderò domani le cose ancora in sospeso e ti auguro una buonanotte.

p.s. - non so come ringraziarti!

Non preoccuparti.
Siamo quasi alla fine.
Domani, (o quando puoi) postami un log di hijackthis per un controllo:
http://www.aiutamici.com/software?ID=11175
Buonanotte.

Un ultimo sforzo.

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema.
http://windowshelp.microsoft.com/Windows/it-IT/help/f0688925-5abe-4caf-b49a-018f8cfcaf4d1040.mspx#E3

Per eliminare i vari Tooll scaricati: (Combofix)
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.
Poi puoi eliminarlo.

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutamici.com/software?ID=11175

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O23 - Service: Registry Helper Service - Unknown owner - C:\Program Files\Registry Helper\RegistryHelperService.exe (file missing)

N.B:
Se la voce 023 non riesci a eliminarla, prova a eliminarla in Modalità provvisoria.

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Svuota la cartella prefetch:
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri, e Cancella tutti i file (anche la cartella readyboot,che verrà ricreata) meno il file layout.ini. (non eliminare il file layout.ini)

Riavvia il computer.

Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.

Abbiamo finito.

P.S:
Un ringraziamento, và anche all'amico paolopa.
Il suggerimento di farti scaricare Revo Unistaller, è stato, determinante, per riuscire a debellare quel fastidioso virus.
Mi ha permesso di darti indicazioni, per eliminarlo.

Se hai domande, o riscontri problemi, chiedi senza farti problemi.

Ciao R16 (ma ti chiami Alfonso?), ringrazio te e Paolopa per il valido aiuto che mi avete dato e infatti anche quello di Paolopa è stato determinante perché senza quel programma che mi ha indicato non sarei riuscita a cancellare il virus dal pannello di controllo. Siete stati bravissimi.
Adesso riporto qui la relazione del mio lavoro.
Ho seguito tutte le tue istruzioni alla lettera e sono arrivata in fondo, ho cancellato in modalità provvisoria il file di Registry Helper e quindi ho cancellato alla fine i file contenuti nella cartella prefecht escluso layout, però riandando a vedere i file cancellati si sono ricreati. Come faccio ad eliminarli completamente? Questo è l'unico problema che probabilmente non ho risolto. Buona serata
Annamaria