Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » MEMORIA SU DISCO LOCALE (C:)

2 pages: [1] 2
MEMORIA SU DISCO LOCALE (C:) Opzioni
Topic Precedente · Topic Sucessivo
jacopopisu
Inviato: Thursday, March 11, 2010 3:31:38 PM
Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 38
Salve,
scrivo perché mi diminuisce continuamente la memoria su disco
ma non riesco a trovare il motivo. Ho vista ed ho già provato con CCleaner.
GRAZIE A TUTTI=)
Torna in alto
 
Sponsor
Inviato: Thursday, March 11, 2010 3:31:38 PM

 
Torna in alto
 
r16
Inviato: Thursday, March 11, 2010 3:34:16 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
jacopopisu ha scritto:
Salve,
scrivo perché mi diminuisce continuamente la memoria su disco
ma non riesco a trovare il motivo. Ho vista ed ho già provato con CCleaner.
GRAZIE A TUTTI=)

Prova a disattivare il Ripristino Configurazione Sistema,(spegni il pc) e poi riattivarlo.
Qualcosa di sicuro lo recuperi.
Torna in alto
 
fdaccc
Inviato: Thursday, March 11, 2010 3:36:18 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
Torna in alto
 
jacopopisu
Inviato: Thursday, March 11, 2010 3:51:04 PM
Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 38
dopo aver disattivato il ripristino configurazione sistema cosa devo fare??
(spento e riacceso)
Torna in alto
 
paolopa
Inviato: Thursday, March 11, 2010 4:07:24 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
riattivalo dopo aver spento e riacceso.puoi essere un poco piu' preciso nel descrivere il tuo problema?lo spazio nel disco rigido si riduce senza che tu faccia nulla?in che misura?hai iniziato a scaricare qualcosa che magari non hai terminato?aggiornamenti corposi?
hai fatto una scansione antivirus?
magari se mandi un log di hijack agevoli il compito di chi ti dara' qualche consiglio:
http://www.aiutamici.com/software?ID=11175
se temi di avere qualche infezione puoi fare una scansione con mbam:
http://software.aiutamici.com/software?ID=80346
lo scarichi,lo AGGIORNI e fai una scansione COMPLETA(se vuoi)
se rileva qualche infezione posta il log che ti rilascera'.
Torna in alto
 
jacopopisu
Inviato: Thursday, March 11, 2010 5:46:42 PM
Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 38
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.46.05, on 11/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Vista\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vista\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\msfeedssync.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.ask.com?o=15161&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Presario&pf=cnnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Vista\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US)_AppleWebKit/532.0_(KHTML,_like_Gecko)_Chrome/3.0.195.38_Safari/532.0" -"http://www8.agame.com/games/shockwave/d/designer_trends_3d/designer_trends_3d_girlsgogames_it.htm"
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10072 bytes
Torna in alto
 
jacopopisu
Inviato: Thursday, March 11, 2010 7:56:47 PM
Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 38
Malwarebytes' Anti-Malware 1.44
Versione del database: 3853
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

11/03/2010 19.48.43
mbam-log-2010-03-11 (19-48-43).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 280827
Tempo trascorso: 1 hour(s), 52 minute(s), 11 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Windows\System32\xvi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Torna in alto
 
paolopa
Inviato: Thursday, March 11, 2010 7:59:28 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
il log,all analisi online,non presenta infezioni,solo qualche bho disattivati che si po0trebbero fixare.
tieni presente che,se hai dei download in corso con utorrent,anche se li hai appena iniziati,lo spazio che occupano nelle loro cartelle di destinazione è quello dei file scaricati completamente,e nel caso di film per esempio,si fa presto a salire.se vuoi fare quella scansione ti levi il dubbio che ci sia qualcosa che non va.fai un po tu.
Torna in alto
 
jacopopisu
Inviato: Thursday, March 11, 2010 8:04:25 PM
Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 38
che scansione devo fare??
Torna in alto
 
paolopa
Inviato: Thursday, March 11, 2010 8:11:25 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
quella con mbam,il link è nel mio post sopra il log di hijack.ti avevo anche chiesto di descrivere un po meglio il tuo problema....
Torna in alto
 
jacopopisu
Inviato: Friday, March 12, 2010 2:57:04 PM
Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 38
ecco,
ad esempio ieri ho spento il computer e avevo 105 GB liberi oggi quando l'ho acceso ne avevo 104 GB
(non ho istallato o scaricato niente)
Torna in alto
 
fdaccc
Inviato: Friday, March 12, 2010 2:58:29 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
posta il risultato della scansione completa con mbam.
Torna in alto
 
wolfestein
Inviato: Friday, March 12, 2010 3:09:41 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,950
Dal log vedo che hai molte applicazioni aperte che ben poco servono al funzionamento del pc e magari si scaricano aggiornamenti.
Prova a svuotare la cartella dei file temporanei scrivendo questa stringa inella barra di ricerca o in esegui %temp% dai l'ok e elimina tutto il contenuto,alcuni files forse non si cancelleranno ma è normale in quanto saranno in uso.
Non è corretto dire memoria su disco locale ma spazio.L'hd non è una memoria ma un contenitore di dati,la ram e la rom sono memorie,poi c'è la memoria flash che si immagazzina dati ma il suo funzionamento è diverso dagli hd.
Torna in alto
 
paolopa
Inviato: Friday, March 12, 2010 3:10:02 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
mbam ti ha trovato ed eliminato un infezione,ma a questi punti forse è meglio sondare piu' a fondo:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: dopo aver scaricato COMBOFIX disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

ps:ho visto solo oggi il log di mbam,non so come mai,senno ti avrei risposto prima.
Torna in alto
 
fdaccc
Inviato: Friday, March 12, 2010 3:32:17 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
un consiglio spassionato: installa il SP3. =)
Torna in alto
 
paolopa
Inviato: Friday, March 12, 2010 3:39:25 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
@fdaccc:quando è uscito l'sp3 per vista?
Torna in alto
 
fdaccc
Inviato: Friday, March 12, 2010 3:41:11 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
ops xD
nella fretta non ho letto il SO paolo Sick

Torna in alto
 
jacopopisu
Inviato: Friday, March 12, 2010 6:07:03 PM
Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 38
ComboFix 10-03-11.06 - Vista 12/03/2010 17.51.03.4.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.39.1040.18.3002.1752 [GMT 1:00]
Eseguito da: c:\users\vista\documents\downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Creati Da 2010-02-12 al 2010-03-12 )))))))))))))))))))))))))))))))))))
.

2010-03-12 16:58 . 2010-03-12 16:58 -------- d-----w- c:\users\Vista\AppData\Local\temp
2010-03-12 16:58 . 2010-03-12 16:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-03-12 16:58 . 2010-03-12 16:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-12 10:02 . 2010-03-02 14:23 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100311.036\NAVENG.SYS
2010-03-12 10:02 . 2010-03-02 14:23 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100311.036\NAVEX15.SYS
2010-03-12 10:02 . 2009-08-29 09:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100311.036\NAVENG32.DLL
2010-03-12 10:02 . 2009-08-29 09:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100311.036\NAVEX32A.DLL
2010-03-12 10:02 . 2010-03-02 14:23 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100311.036\CCERASER.DLL
2010-03-12 10:02 . 2010-03-02 14:23 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100311.036\ECMSVR32.DLL
2010-03-12 10:02 . 2009-08-29 09:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100311.036\EECTRL.SYS
2010-03-12 10:02 . 2009-08-29 09:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100311.036\ERASER.SYS
2010-03-11 16:51 . 2010-03-11 16:51 -------- d-----w- c:\users\Vista\AppData\Roaming\Malwarebytes
2010-03-11 16:50 . 2010-03-12 16:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 16:50 . 2010-03-11 16:50 -------- d-----w- c:\programdata\Malwarebytes
2010-03-11 14:19 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100310.001\IDSvix86.sys
2010-03-11 14:19 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100310.001\IDSXpx86.sys
2010-03-11 14:19 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100310.001\Scxpx86.dll
2010-03-11 14:19 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100310.001\IDSxpx86.dll
2010-03-11 14:19 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100310.001\IDSviA64.sys
2010-03-10 16:32 . 2010-03-10 19:06 -------- d-----w- c:\users\Vista\AppData\Local\CrashDumps
2010-03-08 19:39 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100305.002\Scxpx86.dll
2010-03-08 19:39 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100305.002\IDSXpx86.sys
2010-03-08 19:39 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100305.002\IDSvix86.sys
2010-03-08 19:39 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100305.002\IDSxpx86.dll
2010-03-08 19:39 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100305.002\IDSviA64.sys
2010-03-04 17:27 . 2010-03-04 17:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-04 16:58 . 2010-03-04 16:58 -------- d-----w- c:\users\Vista\AppData\Local\Apple_Inc
2010-03-04 16:24 . 2010-03-04 16:24 -------- d-----w- c:\users\Public\CyberLink
2010-03-02 18:56 . 2010-03-02 18:56 -------- d-----w- c:\program files\Trend Micro
2010-03-02 14:21 . 2009-12-03 06:09 44080 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-03-02 14:07 . 2010-03-02 14:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-02 14:06 . 2010-03-02 14:07 -------- d-----w- c:\program files\Symantec
2010-03-02 14:06 . 2009-08-30 00:16 164216 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
2010-03-02 14:06 . 2009-08-26 22:13 900464 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\OCS\hsplayer.dll
2010-03-02 14:06 . 2009-09-01 09:02 893296 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\CLT\cltLMSx.dll
2010-03-02 14:06 . 2010-03-02 17:24 -------- d-----w- c:\windows\system32\drivers\NAV
2010-03-02 14:06 . 2010-03-02 14:06 -------- d-----w- c:\program files\Norton AntiVirus
2010-03-02 14:05 . 2010-03-02 14:05 -------- d-----w- c:\program files\NortonInstaller
2010-02-24 15:24 . 2010-02-24 15:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2010-02-24 14:20 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 14:20 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 14:20 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 14:20 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 14:19 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 14:19 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 14:19 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 14:19 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 14:19 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 14:19 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 14:19 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 14:19 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 14:19 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-22 20:23 . 2010-02-24 15:24 -------- d--h--w- c:\users\Vista\AppData\Roaming\sys
2010-02-21 20:39 . 2010-02-21 20:39 -------- d-----w- c:\users\Vista\AppData\Roaming\java
2010-02-21 20:39 . 2010-02-21 20:39 45056 ---ha-w- c:\users\Vista\AppData\Roaming\java\msnmsgs.exe
2010-02-21 20:39 . 2010-02-21 20:40 45056 ----a-w- c:\users\Vista\AppData\Roaming\msnmsgs.exe
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-11 17:45 . 2010-02-11 17:45 676912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx64.sys
2010-02-11 17:45 . 2010-02-11 17:45 611216 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100211.001\bbRGen.dll
2010-02-11 17:45 . 2010-02-11 17:45 536112 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx86.sys
2010-02-11 17:45 . 2010-02-11 17:45 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100211.001\BHRules.dll
2010-02-11 17:45 . 2010-02-11 17:45 1406352 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100211.001\BHEngine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 16:47 . 2009-05-16 16:12 -------- d-----w- c:\users\Vista\AppData\Roaming\uTorrent
2010-03-12 16:42 . 2008-08-01 06:27 -------- d-----w- c:\programdata\WildTangent
2010-03-11 18:13 . 2009-03-22 08:25 -------- d-----w- c:\programdata\Lx_cats
2010-03-11 15:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-10 19:53 . 2008-08-01 15:35 665702 ----a-w- c:\windows\system32\perfh010.dat
2010-03-10 19:53 . 2008-08-01 15:35 121302 ----a-w- c:\windows\system32\perfc010.dat
2010-03-10 19:05 . 2009-03-23 11:45 -------- d-----w- c:\program files\Sparta - La Battaglia delle Termopili
2010-03-06 18:04 . 2009-05-28 12:18 122 ----a-w- c:\users\Vista\AppData\Roaming\wklnhst.dat
2010-03-04 17:24 . 2009-02-25 13:16 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-03-04 17:17 . 2008-08-01 07:17 -------- d-----w- c:\program files\Common Files\Java
2010-03-04 17:15 . 2008-08-01 07:17 -------- d-----w- c:\program files\Java
2010-03-04 17:08 . 2008-08-01 06:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-04 17:05 . 2008-08-01 06:59 -------- d-----w- c:\program files\CyberLink
2010-03-04 16:24 . 2009-03-23 11:09 -------- d-----w- c:\users\Vista\AppData\Roaming\CyberLink
2010-03-04 06:43 . 2008-08-01 07:08 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-03-02 15:51 . 2009-03-08 15:16 5972 ----a-w- c:\users\Vista\AppData\Local\d3d9caps.dat
2010-03-02 14:21 . 2008-08-01 06:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-02 14:06 . 2010-03-02 14:07 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-02 14:06 . 2010-03-02 14:07 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-02 14:06 . 2009-05-29 18:21 -------- d-----w- c:\programdata\Norton
2010-03-02 14:05 . 2009-05-29 18:20 -------- d-----w- c:\programdata\NortonInstaller
2010-02-24 15:24 . 2009-02-25 11:14 102816 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 14:50 . 2009-02-25 11:22 102816 ----a-w- c:\users\Vista\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-22 12:28 . 2010-03-06 11:23 1282824 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-02-09 20:58 . 2009-08-20 19:11 -------- d-----w- c:\program files\uTorrent
2010-02-08 21:00 . 2010-02-08 21:00 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-08 21:00 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-08 21:00 . 2010-02-08 21:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-08 21:00 . 2010-02-08 21:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-08 20:39 . 2010-02-08 20:39 -------- d-----w- c:\program files\Bonjour
2010-02-08 20:33 . 2008-08-01 06:55 -------- d-----w- c:\programdata\Microsoft Help
2010-02-08 19:34 . 2010-02-08 19:34 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-02-08 19:33 . 2010-02-08 19:33 -------- d-----w- c:\program files\Microsoft.NET
2010-02-08 19:33 . 2010-02-08 19:33 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-08 19:31 . 2010-02-08 19:31 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-02-08 19:22 . 2008-08-01 06:42 -------- d-----w- c:\program files\Microsoft Works
2010-02-08 18:29 . 2009-03-19 18:15 -------- d-----w- c:\program files\Google
2010-02-07 16:46 . 2010-02-07 16:46 123788 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-07 16:46 . 2009-06-16 10:14 -------- d-----w- c:\users\Vista\AppData\Roaming\Apple Computer
2010-02-07 16:11 . 2010-02-07 16:10 -------- d-----w- c:\program files\iTunes
2010-02-07 16:10 . 2010-02-07 16:10 -------- d-----w- c:\program files\iPod
2010-02-07 16:10 . 2009-06-16 10:11 -------- d-----w- c:\program files\Common Files\Apple
2010-02-07 16:06 . 2010-02-07 16:06 -------- d-----w- c:\program files\QuickTime
2010-02-07 16:02 . 2010-02-07 16:02 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-04 15:51 . 2010-03-06 11:23 49152 ----a-w- c:\windows\Help\OEM\scripts\Interop.TaskScheduler.dll
2010-01-29 18:48 . 2010-01-29 18:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-01-24 20:22 . 2008-08-01 06:01 -------- d-----w- c:\programdata\Symantec
2010-01-22 14:13 . 2009-03-05 17:21 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-22 13:49 . 2009-03-05 16:55 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-20 14:26 . 2010-01-20 14:26 -------- d-----w- c:\program files\MSECache
2010-01-18 16:36 . 2010-01-18 16:34 -------- d-----w- c:\program files\Opera
2010-01-06 15:38 . 2010-02-24 14:19 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 14:19 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 14:19 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 14:19 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 10:53 . 2009-08-28 07:09 89 ----a-w- c:\users\Vista\AppData\Local\lredjwn.bat
2010-01-02 06:38 . 2010-01-22 06:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 06:44 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 06:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 06:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-17 16:14 . 2009-09-20 09:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-08-01 15:38 . 2008-08-01 15:38 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-09 319280]
"Google Update"="c:\users\Vista\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-12 133104]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-11 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 435120]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20480]
"FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 312240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c7,69,91,4b,5f,52,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1384446576-1961234908-3673197661-1000]
"EnableNotificationsRef"=dword:00000001

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1105000.07F\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1105000.07F\SYMEFA.SYS [2009-11-26 172592]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [2010-02-11 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1105000.07F\ccHPx86.sys [2009-12-09 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100310.001\IDSvix86.sys [2009-10-28 343088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1105000.07F\Ironx86.SYS [2009-11-26 116272]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAV\1105000.07F\SYMTDIV.SYS [2009-11-22 340016]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-04-26 517040]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 99248]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe [2009-12-09 126392]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 102448]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
[HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{1D1BADC6-EAC7-0CCD-03A7-EDF22BE6FCD8}]
c:\users\Vista\AppData\Roaming\sys\winfinder.exe [BU]
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1384446576-1961234908-3673197661-1000Core.job
- c:\users\Vista\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-12 16:04]

2010-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1384446576-1961234908-3673197661-1000UA.job
- c:\users\Vista\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-12 16:04]

2010-03-08 c:\windows\Tasks\HPCeeScheduleForVista.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-01 13:14]

2010-03-12 c:\windows\Tasks\User_Feed_Synchronization-{F233B6AA-D954-4DF7-9560-114012602893}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.ask.com?o=15161&l=dis
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 17:58
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-03-12 18:01:55
ComboFix-quarantined-files.txt 2010-03-12 17:01
ComboFix2.txt 2010-03-02 20:24

Pre-Run: 112.064.503.808 byte disponibili
Post-Run: 112.036.626.432 byte disponibili

- - End Of File - - ED8BC8EFF9CBE055380BC07CE3D432CB
Torna in alto
 
paolopa
Inviato: Friday, March 12, 2010 6:56:27 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
combo sembra che non abbia trovato infezioni,ma aspetta che controlli il log qualcuno veramente capace.non sono riuscito a trovare notizie sull infezione che ti ha quarantinato mbam,comunque l importante è che sia stata levata.intanto che aspettiamo di sapere che ne pensa r16 direi che potremmo cominciare a fare un po di pulizie:
Fai queste operazioni di pulizia generale:
Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte le caselline (senza timori)e clicca su Remove selected
per la disinstallazione di combo e la cancellazione dei punti di ripristino preferisco aspettare il benestare di r16.
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » MEMORIA SU DISCO LOCALE (C:)


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.