Condividi:        

Virus rilevati in System Volume Information

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Virus rilevati in System Volume Information

Postdi Biscottina » 03/11/09 10:20

Tutto è cominciato con il computer che in accensione si bloccava con la scritta American Megatrends. Premendo F1 o F2 non ricordo, ho sistemato l'ora e la data, l'ho spento e riacceso e dopo una breve schermata di scritte (mi sembrava più corta del solito) si acceso normalmente. Quello che ho rilevato facendo l'antivirus sono 2 virus nel sistema che non so come debellare, perchè AGV mi dice che sono troppo grandi per metterli in quarantena e io non so se si possono cancellare dei file di sistema.

"C:\System Volume Information\_restore{4E46A305-B72D-4F67-A44D-318BFBD2574E}\RP617\A0131593.exe:\Install.exe";"Trojan Generic14.VGI";"Infetto"

""C:\System Volume Information\_restore{4E46A305-B72D-4F67-A44D-318BFBD2574E}\RP617\A0131593.exe";"Trojan Generic14.VGI";"Infetto"

A dire la verità mi sembrano uguali.
Grazie del vostro aiuto
Ciao
Biscottina
Biscottina
Utente Junior
 
Post: 79
Iscritto il: 16/07/03 17:08

Sponsor
 

Re: Virus rilevati in System Volume Information

Postdi shel » 03/11/09 11:39

ciao

disattiva il ripristino, riavvia il pc e riattivalo creando un nuovo punto


Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.

non usare il pc durante la scansione, nemmeno il mouse!
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Virus rilevati in System Volume Information

Postdi Biscottina » 03/11/09 14:06

Grazie, proverò anche se mi sembra un tantino complicato per me.
Ciao
Biscottina
Biscottina
Utente Junior
 
Post: 79
Iscritto il: 16/07/03 17:08

Re: Virus rilevati in System Volume Information

Postdi shel » 03/11/09 14:11

ciao

non e' per niente complicato

se hai windows xp la procedura e' questa

Start --> programmi --> accessori --> utilita' di sistema --> ripristino configurazioni di sistema --> impostazioni ripristino configurazioni di sistema --> Disattiva ripristino!


Fatto questo, lanci combofix come ti ho descritto nel precedente post
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Virus rilevati in System Volume Information

Postdi Dylan666 » 03/11/09 15:26

disattivare e riattivare il ripristino configurazione di sistema è la soluzione al problema descritto.
L'uso del ComboFix è poi una sicurezza in poù, ma è opzionale.

Lo specifico perchè è un software che può sembrare complicato per chi non se ne intende
Avatar utente
Dylan666
Moderatore
 
Post: 40118
Iscritto il: 18/11/03 16:46

Re: Virus rilevati in System Volume Information

Postdi Biscottina » 03/11/09 15:45

Grazie per la risposta.
Ciao
Biscottina
Biscottina
Utente Junior
 
Post: 79
Iscritto il: 16/07/03 17:08

Re: Virus rilevati in System Volume Information

Postdi Biscottina » 04/11/09 20:13

Ciao ho disattivato il ripristino, spento e riacceso il PC rifatto l'antivirus ma i virus ci sono ancora. Non ho scaricato Combofix perchè ho paura di fare qualche casino e in quel caso non sarei più in grade di rimettere a posto le cose.
Un mio collega mi ha detto che in quella posizione non sono un problema e potrebbero essere dei falsi positivi. Speriamo sia così.
Grazie ancora
Biscottina
Biscottina
Utente Junior
 
Post: 79
Iscritto il: 16/07/03 17:08

Re: Virus rilevati in System Volume Information

Postdi Dylan666 » 04/11/09 20:20

ma ora i virus dove te li rileva? Sempre in c:\System Volume Information\_restore?
Non dovrebbe dato che ora quella cartella dovrebbe essere assolutamente vuota.
Facci sapere quindi in che cartella li rileva
Avatar utente
Dylan666
Moderatore
 
Post: 40118
Iscritto il: 18/11/03 16:46

Re: Virus rilevati in System Volume Information

Postdi Biscottina » 05/11/09 08:22

Sì è sempre quella, però c'è una cosa...il segno di spunta sul ripristino io l'avevo tolto prima, (ero andata a leggermi le varie risposte del forum) senza però fare niente e senza nemmeno dare l'ok, quindi credevo che non avesse tenuto conto dell'ultima azione. Ieri sera invece ho visto che non l'avevo, l'ho messo e l'ho tolto e ho fatto la procedura che avete detto, senza risultati però. Quindi adesso non so se rimettere il segno di spunta o se lasciarlo senza o cos'altro fare.
Biscottina
Biscottina
Utente Junior
 
Post: 79
Iscritto il: 16/07/03 17:08

Re: Virus rilevati in System Volume Information

Postdi Dylan666 » 05/11/09 17:44

Se togli o rimetti l'opzione devi dare ok, altrimenti non succede nulla.
Levando l'opzione e dando OK hai fatto cancllare tutti i punti di ripristino esistenti, quindi anche quelli che avevano creato un bacluk di Windows mentre esso era infetto (ecco perché risultava un virus nella cartella Restore).

se adesso il tuo windows è pultio e senza virus rimetti l'opzione e verranno creati nuovi punti di ripristino esenti da problemi
Avatar utente
Dylan666
Moderatore
 
Post: 40118
Iscritto il: 18/11/03 16:46

Re: Virus rilevati in System Volume Information

Postdi Biscottina » 05/11/09 20:16

Siccome i virus non erano spariti li ho tolti manualmente cancellando le cartelle, adesso va bene quindi metterò il segno di spunta.
Grazie a tutti ciao
Biscottina
Utente Junior
 
Post: 79
Iscritto il: 16/07/03 17:08

Re: Virus rilevati in System Volume Information

Postdi giggi8 » 04/03/10 08:22

Ciao, anche io ho lo stesso problema e ho segiuto la procedura come hai detto..ora dovrei postare il file di combofix...
giggi8
Newbie
 
Post: 2
Iscritto il: 04/03/10 08:18

Re: Virus rilevati in System Volume Information

Postdi giggi8 » 04/03/10 08:26

Eccolo

ComboFix 09-06-28.02 - Administrator 04/03/2010 1.44.14.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.3518.3244 [GMT 1:00]
Eseguito da: C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: avast! antivirus 4.8.1368 [VPS 100303-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ScanPanel.lnk
C:\WINDOWS\system32\drivers\unpr.sys

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_UNPR
-------\Service_Iprip
-------\Service_unpr


((((((((((((((((((((((((( Files Creati Da 2010-02-04 al 2010-03-04 )))))))))))))))))))))))))))))))))))
.

2010-03-04 00:39:08 . 2010-03-04 00:39:08 0 d-sh--w- C:\Documents and Settings\Administrator\IETldCache
2010-03-03 21:51:57 . 2002-03-05 02:43:10 167936 ----a-r- C:\WINDOWS\A4.dll
2010-03-03 21:51:57 . 2002-01-06 03:57:46 7168 ----a-r- C:\WINDOWS\system32\48UMicro.dll
2010-03-03 21:51:57 . 2001-10-18 10:01:16 45056 ----a-r- C:\WINDOWS\GetKey.dll
2010-03-03 20:35:48 . 2010-03-03 20:35:53 0 d-----w- C:\Programmi\CCleaner
2010-03-02 17:40:46 . 2001-08-30 19:41:06 12160 -c--a-w- C:\WINDOWS\system32\dllcache\mouhid.sys
2010-03-02 17:40:46 . 2001-08-30 19:41:06 12160 ----a-w- C:\WINDOWS\system32\drivers\mouhid.sys
2010-03-02 17:40:44 . 2008-04-13 18:45:28 10368 -c--a-w- C:\WINDOWS\system32\dllcache\hidusb.sys
2010-03-02 17:40:44 . 2008-04-13 18:45:28 10368 ----a-w- C:\WINDOWS\system32\drivers\hidusb.sys
2010-02-25 13:36:29 . 2010-02-25 13:36:29 0 d-----w- C:\WINDOWS\system32\wbem\Repository
2010-02-18 12:13:38 . 2010-02-18 12:14:33 0 d-----w- C:\Documents and Settings\giggi8\Impostazioni locali\Dati applicazioni\ArchiCAD_3576593739
2010-02-18 12:04:44 . 2010-02-18 12:04:44 0 d-----w- C:\Programmi\KASHU
2010-02-17 23:00:12 . 2010-02-17 23:00:12 0 d-----w- C:\Poker
2010-02-17 15:19:49 . 2010-02-17 15:19:49 454838 ----a-r- C:\Documents and Settings\giggi8\Dati applicazioni\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_4E26CB86DBBA59FA480DBE.exe
2010-02-17 15:19:49 . 2010-02-17 15:19:49 454838 ----a-r- C:\Documents and Settings\giggi8\Dati applicazioni\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_104F6807AB07EC86DCD1CC.exe
2010-02-17 15:19:48 . 2010-02-17 15:19:48 0 d-----w- C:\Programmi\AutomationLabs
2010-02-16 22:47:53 . 2010-02-16 22:47:53 0 ----a-w- C:\Documents and Settings\giggi8\1766d4565965ef090ea20ab7a405703c3673c19b.252056.bfr.zip
2010-02-16 22:47:49 . 2010-02-16 22:47:49 0 ----a-w- C:\Documents and Settings\giggi8\c7c48ba589280eb67116efc7ae4da538c7afb8cf.886922.bfr.zip
2010-02-15 18:26:45 . 2010-02-15 18:26:45 0 d-----w- C:\Programmi\Autodesk
2010-02-15 15:02:23 . 2010-02-15 15:02:23 0 d-----w- C:\Revit SDK 2010
2010-02-15 14:55:12 . 2010-02-15 14:57:24 0 d-----w- C:\RAC_2010_Italian_Win_32bit
2010-02-12 21:15:29 . 2010-02-12 21:15:29 0 d-----w- C:\temp
2010-02-12 19:19:16 . 2010-02-12 19:19:16 0 d-----w- C:\_rohos
2010-02-11 23:44:11 . 2010-02-11 23:44:11 0 d-----w- C:\WINDOWS\system32\Samsung PC Studio Codecs
2010-02-11 23:44:11 . 2006-02-07 14:53:00 61440 ----a-w- C:\WINDOWS\system32\mp4_vcodec.dll
2010-02-11 23:44:11 . 2006-01-09 12:27:00 679936 ----a-w- C:\WINDOWS\system32\fun_mp4_enc.dll
2010-02-11 23:44:11 . 2005-11-29 15:17:56 2067140 ----a-r- C:\WINDOWS\system32\avcodec.dll
2010-02-11 23:40:44 . 2005-12-22 11:24:54 11188 ----a-w- C:\WINDOWS\system32\drivers\sscdwhnt.sys
2010-02-11 23:40:44 . 2005-12-22 11:24:54 11188 ----a-w- C:\WINDOWS\system32\drivers\sscdwh.sys
2010-02-11 23:40:44 . 2005-12-22 11:24:52 137884 ----a-w- C:\WINDOWS\system32\drivers\sscdmdm.sys
2010-02-11 23:40:44 . 2005-12-22 11:24:52 11877 ----a-w- C:\WINDOWS\system32\drivers\sscdcmnt.sys
2010-02-11 23:40:44 . 2005-12-22 11:24:52 11877 ----a-w- C:\WINDOWS\system32\drivers\sscdcm.sys
2010-02-11 23:40:44 . 2005-12-22 11:24:52 10864 ----a-w- C:\WINDOWS\system32\drivers\sscdmdfl.sys
2010-02-11 23:40:44 . 2005-12-22 11:24:50 80272 ----a-w- C:\WINDOWS\system32\drivers\sscdbus.sys
2010-02-11 23:40:40 . 2010-02-11 23:40:45 0 d-----w- C:\WINDOWS\system32\Samsung_USB_Drivers
2010-02-11 23:35:47 . 2010-02-12 11:01:33 0 d-----w- C:\Documents and Settings\giggi8\Impostazioni locali\Dati applicazioni\Rohos
2010-02-11 23:34:24 . 2010-02-17 12:28:08 0 d-----w- C:\Programmi\Rohos
2010-02-11 19:42:36 . 2010-02-22 12:10:10 0 d-sh--w- C:\Documents and Settings\giggi8\UserData
2010-02-11 17:04:56 . 2010-02-11 17:04:56 0 d-----w- C:\Programmi\Samsung
2010-02-10 15:31:34 . 2010-02-12 00:28:40 0 d-----w- C:\Programmi\ElcomSoft
2010-02-10 02:38:05 . 2010-02-11 19:43:34 0 d-----w- C:\Restoration
2010-02-09 21:55:01 . 2010-02-11 19:43:46 0 d-----w- C:\Documents and Settings\giggi8\Impostazioni locali\Dati applicazioni\Installer2104
2010-02-09 21:49:16 . 2010-02-11 19:44:09 0 d-----w- C:\Documents and Settings\giggi8\Impostazioni locali\Dati applicazioni\Installer1856
2010-02-04 09:54:58 . 2010-02-04 09:54:58 0 d-----w- C:\Programmi\DataDoctorRecovery (Evaluation)
2010-02-02 15:33:00 . 2010-02-02 15:33:00 0 d-----w- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2010-02-02 15:28:52 . 2010-02-25 19:34:23 0 d-----w- C:\Documents and Settings\giggi8\Impostazioni locali\Dati applicazioni\Temp
2010-02-02 15:05:11 . 2010-02-03 15:33:00 0 d-----w- C:\Documents and Settings\giggi8\Impostazioni locali\Dati applicazioni\Google
2010-02-02 15:02:04 . 2010-02-02 15:40:19 0 d-----w- C:\Programmi\Google
2010-02-02 14:27:01 . 2010-02-02 14:27:01 0 d-----w- C:\Programmi\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 20:23:53 . 2009-12-18 18:10:20 0 d-----w- C:\Programmi\Java
2010-02-21 16:21:10 . 2009-12-20 16:05:49 0 d-----w- C:\Documents and Settings\giggi8\Dati applicazioni\PC Suite
2010-02-21 16:17:53 . 2010-01-15 18:21:28 0 d-----w- C:\Documents and Settings\giggi8\Dati applicazioni\CDRoller
2010-02-20 20:46:52 . 2009-12-26 01:51:26 0 d-----w- C:\Documents and Settings\giggi8\Dati applicazioni\vlc
2010-02-17 20:52:57 . 2009-01-06 17:40:14 0 d-----w- C:\Programmi\eMule
2010-02-17 16:10:44 . 2010-02-01 23:08:58 336 ----a-w- C:\Documents and Settings\giggi8\Dati applicazioni\settings.dat
2010-02-17 12:08:58 . 2009-12-18 16:31:13 0 d-----w- C:\Programmi\File comuni\Adobe
2010-02-16 20:53:26 . 2009-12-19 21:17:35 0 d-----w- C:\Programmi\Voltura
2010-02-15 18:30:40 . 2009-12-30 16:38:01 304096 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2010\9.0\1040\ResourceCache.dll
2010-02-15 18:30:39 . 2009-12-30 16:38:00 302848 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2010\9.0\1033\ResourceCache.dll
2010-02-15 18:28:03 . 2009-12-26 21:50:37 0 d-----w- C:\Programmi\File comuni\Autodesk Shared
2010-02-15 18:28:02 . 2009-12-26 21:50:37 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2010-02-15 18:27:22 . 2009-12-30 16:34:43 0 d-----w- C:\Programmi\Autodesk Revit Architecture 2010
2010-02-15 15:17:07 . 2009-12-26 21:50:37 0 d-----w- C:\Documents and Settings\giggi8\Dati applicazioni\Autodesk
2010-02-11 19:43:36 . 2009-12-18 00:20:59 0 d--h--w- C:\Programmi\InstallShield Installation Information
2010-02-08 14:30:58 . 2010-01-08 22:07:27 0 d-----w- C:\Programmi\File comuni\DVDVideoSoft
2010-02-02 23:08:37 . 2010-01-11 12:03:19 0 d-----w- C:\Documents and Settings\giggi8\Dati applicazioni\Nseries
2010-01-31 01:01:24 . 2009-12-19 20:24:25 0 d-----w- C:\Documents and Settings\giggi8\Dati applicazioni\Ahead
2010-01-30 10:54:10 . 2009-12-18 00:10:50 0 d-----w- C:\Programmi\Servizi in linea
2010-01-28 09:52:22 . 2009-12-18 00:30:12 97728 ----a-w- C:\Documents and Settings\giggi8\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-27 21:40:08 . 2009-12-29 22:27:27 0 d-----w- C:\Documents and Settings\giggi8\Dati applicazioni\dvdcss
2010-01-26 21:16:19 . 2009-12-19 21:15:04 25214 ----a-r- C:\Documents and Settings\giggi8\Dati applicazioni\Microsoft\Installer\{25AB02BF-E977-49B3-A743-270EA89A9C8F}\_4ae13d6c.exe
2010-01-26 21:16:19 . 2009-12-19 21:15:04 25214 ----a-r- C:\Documents and Settings\giggi8\Dati applicazioni\Microsoft\Installer\{25AB02BF-E977-49B3-A743-270EA89A9C8F}\_18be6784.exe
2010-01-26 21:16:19 . 2009-12-19 21:15:04 22486 ----a-r- C:\Documents and Settings\giggi8\Dati applicazioni\Microsoft\Installer\{25AB02BF-E977-49B3-A743-270EA89A9C8F}\_294823.exe
2010-01-26 21:16:19 . 2009-12-19 21:15:04 1078 ----a-r- C:\Documents and Settings\giggi8\Dati applicazioni\Microsoft\Installer\{25AB02BF-E977-49B3-A743-270EA89A9C8F}\_69525f90.exe
2010-01-26 21:16:19 . 2009-12-19 21:15:04 1078 ----a-r- C:\Documents and Settings\giggi8\Dati applicazioni\Microsoft\Installer\{25AB02BF-E977-49B3-A743-270EA89A9C8F}\_2cd672ae.exe
2010-01-25 21:02:32 . 2006-03-02 12:00:00 89016 ----a-w- C:\WINDOWS\system32\perfc010.dat
2010-01-25 21:02:32 . 2006-03-02 12:00:00 501470 ----a-w- C:\WINDOWS\system32\perfh010.dat
2010-01-24 00:39:41 . 2010-01-24 00:39:38 0 d-----w- C:\Programmi\SopCast
2010-01-19 19:21:14 . 2009-12-18 19:01:35 0 d-----w- C:\Documents and Settings\giggi8\Dati applicazioni\Graphisoft
2010-01-19 19:19:42 . 2010-01-19 19:19:42 0 d-----w- C:\Programmi\File comuni\Graphisoft Shared
2010-01-19 19:17:06 . 2009-12-18 18:42:35 0 d-----w- C:\Programmi\Graphisoft
2010-01-19 19:05:54 . 2010-01-15 18:46:14 0 d-----w- C:\Programmi\Recovery Toolbox for CD Free
2010-01-13 19:47:57 . 2010-01-13 19:47:57 0 d-----w- C:\Programmi\Windows Media Connect 2
2010-01-12 10:09:14 . 2010-01-12 10:09:14 0 d-----w- C:\Documents and Settings\giggi8\Dati applicazioni\Nero
2010-01-11 19:33:02 . 2009-12-22 11:03:25 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet
2010-01-11 12:24:00 . 2009-12-20 14:54:57 0 d-----w- C:\Programmi\File comuni\Nokia
2010-01-11 12:24:00 . 2009-12-20 14:52:38 0 d-----w- C:\Programmi\Nokia
2010-01-11 12:21:59 . 2010-01-11 12:21:59 36864 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2010-01-11 12:21:59 . 2010-01-11 12:21:59 3351812 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2010-01-11 12:21:59 . 2010-01-11 12:21:59 3203453 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2010-01-11 12:16:45 . 2010-01-11 12:16:45 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2010-01-11 12:16:43 . 2010-01-11 12:23:37 24419312 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_1.8.10IT.exe
2010-01-10 23:02:14 . 2009-12-22 18:28:16 0 d-----w- C:\Programmi\Spybot - Search & Destroy
2010-01-10 18:39:54 . 2009-12-22 18:28:16 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-01-08 22:07:33 . 2010-01-08 22:07:26 0 d-----w- C:\Programmi\DVDVideoSoft
2010-01-06 22:00:22 . 2009-12-18 18:44:37 0 d-----w- C:\Programmi\QuickTime
2010-01-06 21:59:40 . 2010-01-06 21:59:40 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2010-01-06 21:46:46 . 2010-01-06 21:46:46 0 d-----w- C:\Programmi\File comuni\Apple
2009-12-31 16:50:03 . 2006-03-02 12:00:00 353792 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2009-12-30 16:32:55 . 2009-12-30 16:32:55 416 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-12-26 22:01:20 . 2009-12-26 22:01:20 36864 ----a-w- C:\Documents and Settings\giggi8\Dati applicazioni\Autodesk\AutoCAD 2010\R18.0\ita\ContextualTabSelectorRules.dll
2009-12-22 17:00:01 . 2009-12-22 17:00:01 30208 ----a-w- C:\WINDOWS\system32\inetlog.dll
2009-12-21 21:55:23 . 2009-12-21 21:55:23 4 ----a-w- C:\WINDOWS\6816Error.dat
2009-12-21 21:55:23 . 2009-12-21 21:55:23 30720 ----a-w- C:\WINDOWS\6816White12.dat
2009-12-21 21:55:19 . 2009-12-21 21:55:19 30720 ----a-w- C:\WINDOWS\6816Dark12.dat
2009-12-21 21:55:16 . 2009-12-21 21:55:16 6 ----a-w- C:\WINDOWS\6816Exposure.dat
2009-12-21 21:55:16 . 2009-12-21 21:55:16 3 ----a-w- C:\WINDOWS\6816Offset.dat
2009-12-21 21:55:16 . 2009-12-21 21:55:16 3 ----a-w- C:\WINDOWS\6816Gain.dat
2009-12-21 19:06:28 . 2006-03-02 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-12-19 16:03:59 . 2009-12-19 16:03:59 249856 ------w- C:\WINDOWS\Setup1.exe
2009-12-19 16:03:58 . 2009-12-19 16:03:58 73216 ----a-w- C:\WINDOWS\ST6UNST.EXE
2009-12-19 13:43:06 . 2009-12-19 13:43:06 82380 ----a-w- C:\WINDOWS\system32\drivers\AFS2K.SYS
2009-12-18 21:49:30 . 2009-12-18 21:49:47 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
2009-12-18 18:47:16 . 2009-12-18 18:47:18 872448 ------w- C:\WINDOWS\UNMRW.exe
2009-12-18 18:47:16 . 2009-12-18 18:47:18 7582 ------w- C:\WINDOWS\system32\drivers\incdrm.sys
2009-12-18 16:29:55 . 2009-12-18 16:29:55 135 ----a-w- C:\Documents and Settings\giggi8\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-12-18 10:52:25 . 2009-12-18 00:11:24 76875 ----a-w- C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
2009-12-18 00:57:16 . 2009-12-18 00:57:16 159705 ----a-w- C:\WINDOWS\Scan to PDF Uninstaller.exe
2009-12-18 00:40:25 . 2009-12-18 00:40:25 0 ----a-w- C:\WINDOWS\nsreg.dat
2009-12-18 00:09:31 . 2009-12-18 00:09:31 21840 ----a-w- C:\WINDOWS\system32\emptyregdb.dat
2009-12-17 07:40:45 . 2009-12-18 00:08:23 346112 ----a-w- C:\WINDOWS\system32\mspaint.exe
2009-12-14 07:08:20 . 2006-03-02 12:00:00 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll
2009-12-09 10:07:07 . 2006-03-02 12:00:00 2148864 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2009-12-09 10:07:06 . 2004-08-19 15:34:20 2027520 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
2009-12-04 18:22:22 . 2006-03-02 12:00:00 455424 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
.

------- Sigcheck -------

[-] 2008-04-14 02:14:07 1036288 1D21873B67637ADDD565FC1C20BC726B C:\WINDOWS\explorer.exe
[-] 2008-04-14 02:14:07 1036288 1D21873B67637ADDD565FC1C20BC726B C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[-] 2008-04-14 02:14:03 15360 A93F4DDD4C68E5A1BC7D48E9717FD1AD C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 02:14:03 15360 A93F4DDD4C68E5A1BC7D48E9717FD1AD C:\WINDOWS\system32\ctfmon.exe

[-] 2008-04-14 02:14:20 57856 D00A3AEBC2E0120B8663A4BD5FF6D584 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 02:14:20 57856 D00A3AEBC2E0120B8663A4BD5FF6D584 C:\WINDOWS\system32\spoolsv.exe

[-] 2008-04-14 02:14:22 26624 24476447D3A949A0046A19D4AC007C71 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 02:14:22 26624 24476447D3A949A0046A19D4AC007C71 C:\WINDOWS\system32\userinit.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9cb62415-099f-4475-a363-2d037a9b3496}]
2008-02-14 13:54:02 1555480 ----a-w- C:\Programmi\Vueling_IT\tbVuel.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:14:03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 20:05:00 344064]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 23:51:40 81000]
"HP Software Update"="C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 10:40:22 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 07:19:12 176128]
"DeviceDiscovery"="C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 19:56:10 40960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:14:03 15360]

C:\Documents and Settings\giggi8\Menu Avvio\Programmi\Esecuzione automatica\
FreePOPs.lnk - C:\Programmi\FreePOPs\freepopsd.exe [2007-11-17 53248]
POSTIT.EXE [2002-4-26 59904]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-12-18 49152]
Adobe Reader Synchronizer.lnk - C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Pinnacle Scheduler.lnk - C:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2009-12-18 241664]
Post-it© Digital Notes.lnk - C:\Programmi\3M\PDNotes\PDNotes.exe [2006-3-21 6485528]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"C:\\Programmi\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"C:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\Graphisoft\\ArchiCAD 13\\ArchiCAD.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [18/12/2009 1.59.44 114768]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [18/12/2009 1.59.44 20560]
S2 gupdate;Servizio di Google Update (gupdate);C:\Programmi\Google\Update\GoogleUpdate.exe [02/02/2010 16.28.46 135664]
S2 TwonkyMedia;TwonkyMedia;C:\Programmi\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> C:\Programmi\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;C:\WINDOWS\system32\drivers\3xHybrid.sys [18/12/2009 11.55.24 1121536]
S3 bsusbser;PHD USB Device for Legacy Serial Communication;C:\WINDOWS\system32\drivers\bsusbser.sys [18/12/2009 1.20.48 94848]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [22/12/2009 15.43.53 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [22/12/2009 15.43.53 8320]
S3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\drivers\pctvvbi.sys [18/12/2009 11.54.57 6400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
vvdsvc REG_MULTI_SZ vvdsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34:12 . 2008-07-30 11:34:12]

2010-03-04 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Programmi\Google\Update\GoogleUpdate.exe [2010-02-02 15:28:46 . 2010-02-02 15:28:43]

2010-03-03 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Programmi\Google\Update\GoogleUpdate.exe [2010-02-02 15:28:46 . 2010-02-02 15:28:43]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-RTHDCPL - RTHDCPL.EXE


.
------- Scansione supplementare -------
.
TCP: {DA18A4C9-6855-4748-8EFF-51420E3B12E5} = 192.168.0.1
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
C:\Programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
C:\Programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
giggi8
Newbie
 
Post: 2
Iscritto il: 04/03/10 08:18


Torna a Sicurezza e Privacy


Topic correlati a "Virus rilevati in System Volume Information":


Chi c’è in linea

Visitano il forum: Nessuno e 76 ospiti