Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Superamento spazio archiviazione profilo

Superamento spazio archiviazione profilo Opzioni
Topic Precedente · Topic Sucessivo
borgio1971
Inviato: Saturday, October 02, 2010 4:57:32 PM
Rank: Newbie

Iscritto dal : 10/2/2010
Posts: 8
Ciao a tutti
mi sono iscritto al forum nella speranza che qualcuno riesca ad aiutarmi per sto cavolo di problema che non riesco a risolvere!!

All'avvio di windows, in basso a destra sulla barra delle applicazioni, mi compare una X bianca dentro ad un cerchio rosso e se ci clicco mi compare al centro dello schermo una finestra dove scorrono una serie di applicazioni...in alto sulla finestra mi viene scritto "lo spazio disponibile per l'archiviazione del profilo è stato superato. Per poter chiudere la sessione è necessario spostare alcuni elementi dal profilo alla reteo alla memoria di massa locale". Ho un PC abbastanza nuovo e molta memoria quindi il problema non è sicuramente lo spazio destinato al profilo anche perchè ho spostanto quasi tutto su un Hard disk esterno.

Le ho provate di tutte, ho eliminato le quote assegnate...ho cercato Virus...ho utilizzato Advanced System care per cercare eventuali altri tipi di proble ma...niente..

Avete un'idea??

Grazie
Torna in alto
 
Sponsor
Inviato: Saturday, October 02, 2010 4:57:32 PM

 
Torna in alto
 
a.roselli
Inviato: Saturday, October 02, 2010 5:45:22 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,052
Scarica questo programma e leggi le istruzioni per inserire il tuo log

http://software.aiutamici.com/software?ID=11175

alfonso_aiutamici@hotmail.it
Torna in alto
 
wolfestein
Inviato: Saturday, October 02, 2010 5:46:56 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,948
Prova a fare delle scansioni con Malwarebytes e Superantispyware(aggiornali prima di usarli)disattivando prima il ripristino di sistema ed elimina eventuali malware trovati.Riavvia il pc e riattiva il ripristino di sistema e se tutto è ok creati un nuovo punto di ripristino.
Se il problema persiste metti un log di HijackThis nella sezione Sicurezza Virus.
http://www.aiutamici.com/software?ID=11397
http://www.aiutamici.com/software?ID=80346
Per cortesia quando mettete una richiesta di aiuto dite quale sistema operativo usate.
Grazie.
Torna in alto
 
borgio1971
Inviato: Saturday, October 02, 2010 6:25:17 PM
Rank: Newbie

Iscritto dal : 10/2/2010
Posts: 8
Scusa hai ragione...utilizzo XP

Puoi dirmi per favore come posso disattivare il ripristino del sistema? se nn ho capito male dovrei disattivarlo prima di lanciare le scansioni con i due software che mi hai indicato?

Grazie mille
Torna in alto
 
borgio1971
Inviato: Saturday, October 02, 2010 7:10:06 PM
Rank: Newbie

Iscritto dal : 10/2/2010
Posts: 8
a.roselli ha scritto:
Scarica questo programma e leggi le istruzioni per inserire il tuo log

http://software.aiutamici.com/software?ID=11175



Ciao
ecco il file di log



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18.57.47, on 02/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\Programmi\AVG\AVG10\avgwdsvc.exe
C:\Programmi\AVG\AVG10\avgtray.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\proquota.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\Hp\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\AVG\AVG10\avgnsx.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\AVG\AVG10\avgemcx.exe
C:\Programmi\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
c:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
c:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Programmi\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\msnvnj32.exe,C:\WINDOWS\system32\mshtxd32.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Super-Search -Find more of what you need - {0286A85D-CD62-43bb-B7A9-A87D1D027160} - C:\PROGRA~1\EASYSE~1\BHO\15SUPE~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Recfree toolbar helper - {D286E828-E6B9-484d-A058-D7323666DE33} - C:\Programmi\RecFree.com\recfree\1.3.60.6\recfree.dll
O2 - BHO: PriceGong - {D2A2595C-4FE4-4315-AA9B-19DBD6271B71} - C:\Programmi\PriceGong\1.5.0\PriceGongIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Programmi\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteVacuum] C:\Programmi\EasySearch\SiteVacuumClient.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Programmi\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Programmi\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [{F91E0CF0-8140-0FF9-CFC5-26A46A5C615F}] "C:\Documents and Settings\gianni\Dati applicazioni\Kooxy\alyr.exe"
O4 - HKCU\..\Run: [{7731DA7F-F589-2D08-9B45-368EFB7C31A4}] "C:\Documents and Settings\gianni\Dati applicazioni\Zomoe\ibaq.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search the web - http://toolbar.recfree.com/rcfr/ctxmnu.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233045102390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG10\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\0045.DLL
O20 - Winlogon Notify: OneCard - C:\Programmi\HPQ\IAM\Bin\AsWlnPkg.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG10\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: ONDA Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\onda_mon.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Wyeke Service - Unknown owner - C:\Documents and Settings\All Users\Dati applicazioni\Wyeke\wyeke119.exe (file missing)

--
End of file - 15406 bytes
Torna in alto
 
a.roselli
Inviato: Saturday, October 02, 2010 8:08:37 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,052
Ciao,
esegui queste operazioni

Se fossi in te formatterei e reinstallerei tutto a nuovo.

ATTENZIONE prima di procedere con le riparazioni, fate la copia di riserva dei vostri dati, a volte eliminando un virus il sistema potrebbe non riavviarsi.
____________________________

Disattiva il ripristino di configurazione, leggi qui come fare
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Riavvia in modalità provvisoria, leggi qui come fare
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

apri HIJAC THIS ed elimina come indicato in questo articolo
http://guide.aiutamici.com/software?ID=11175
le righe che seguono.

==================================
O2 - BHO: Super-Search -Find more of what you need - {0286A85D-CD62-43bb-B7A9-A87D1D027160} - C:\PROGRA~1\EASYSE~1\BHO\15SUPE~1.DLL
-
O2 - BHO: Recfree toolbar helper - {D286E828-E6B9-484d-A058-D7323666DE33} - C:\Programmi\RecFree.com\recfree\1.3.60.6\recfree.dll
-
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
-
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
-
O4 - HKCU\..\Run: [{F91E0CF0-8140-0FF9-CFC5-26A46A5C615F}] "C:\Documents and Settings\gianni\Dati applicazioni\Kooxy\alyr.exe"
O4 - HKCU\..\Run: [{7731DA7F-F589-2D08-9B45-368EFB7C31A4}] "C:\Documents and Settings\gianni\Dati applicazioni\Zomoe\ibaq.exe"
-
O8 - Extra context menu item: &Search the web - http://toolbar.recfree.com/rcfr/ctxmnu.html
-
O23 - Service: Wyeke Service - Unknown owner - C:\Documents and Settings\All Users\Dati applicazioni\Wyeke\wyeke119.exe (file missing)
==================================


Elimina le cartelle in rosso
==================================
C:\PROGRAMMI\EASYSE~1
C:\Programmi\RecFree.com
C:\WINDOWS\SMINST
C:\Documents and Settings\gianni\Dati applicazioni\Kooxy
C:\Documents and Settings\gianni\Dati applicazioni\Zomoe
==================================


Utilizza questo programma per eliminare eventuali spyware
http://www.aiutamici.com/software?ID=10831

sempre in modalità provvisoria fai una scansione Antivirus,

quindi riavvia il computer e riattiva il ripristino configurazione

Nel sistema non é presente un Firewall, installa questo programma se non ne utilizzi già uno
http://software.aiutamici.com/software?ID=80361

Utilizza questo programma
http://www.aiutamici.com/software?ID=11041


Se risolvi il problema fai una copia di riserva del sistema, leggi questa guida
http://www.aiutamici.com/software?ID=10886

alfonso_aiutamici@hotmail.it
Torna in alto
 
r16
Inviato: Saturday, October 02, 2010 8:21:41 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Ci sarebbe da eliminare anche questa voce:
Commenta:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\msnvnj32.exe,C:\WI NDOWS\system32\mshtxd32.exe,

Però consiglio, prima di eliminarla, di fare una scansione con Malwarebytes:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Elimina gli eventuali file infetti trovati.
Posta il log.
Torna in alto
 
borgio1971
Inviato: Saturday, October 02, 2010 11:27:44 PM
Rank: Newbie

Iscritto dal : 10/2/2010
Posts: 8
r16 ha scritto:
Ciao.
Ci sarebbe da eliminare anche questa voce:
Commenta:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\msnvnj32.exe,C:\WI NDOWS\system32\mshtxd32.exe,

Però consiglio, prima di eliminarla, di fare una scansione con Malwarebytes:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Elimina gli eventuali file infetti trovati.
Posta il log.



Eccolo

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4733

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/10/2010 23.25.15
mbam-log-2010-10-02 (23-25-15).txt

Tipo di scansione: Scansione completa (C:\|D:\|F:\|)
Elementi esaminati: 243132
Tempo trascorso: 1 ore, 13 minuti, 50 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 35
Valori di registro infetti: 5
Voci infette nei dati di registro: 0
Cartelle infette: 11
File infetti: 39

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge.1 (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\supersearch.bhobridge (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0286a85d-cd62-43bb-b7a9-a87d1d027160} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0286a85d-cd62-43bb-b7a9-a87d1d027160} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0286a85d-cd62-43bb-b7a9-a87d1d027160} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0286a85d-cd62-43bb-b7a9-a87d1d027160} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2ea256ed-74b3-4322-b1e0-53d00c693e6e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\supersearch.bhobridge.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\supersearch.supersearchfirefoxmgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\supersearch.supersearchfirefoxmgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01677b4b-0610-4814-94a0-5f570dd7a88f} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78ff2f80-613a-47d7-8871-912b1236f704} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01677b4b-0610-4814-94a0-5f570dd7a88f} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78ff2f80-613a-47d7-8871-912b1236f704} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01677b4b-0610-4814-94a0-5f570dd7a88f} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ee53711b-0711-4999-88f0-33dc043623b1} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48c9e279-c48c-48c1-9afc-e4e9e5e5e350} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8203fee5-918a-43c5-bfe0-34b4159fd2e4} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{83369246-c6ef-4138-982a-664a62b463e4} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{956999e9-a0be-48c9-9bcc-5a7d3e31bf97} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wyeke (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{fd90c192-481b-4a89-9fd7-cfa65709f541} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0fdcf5f0-d211-4412-a6e3-dd4938e26e24} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{105e2c3f-b804-4e5b-acdd-fd7733908d0e} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a30dfaca-4174-438e-bdb8-ae8fd54313a7} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aff229f4-c47c-4965-8a83-2bfca62ab441} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cb5a0bc8-e15f-48e8-afc2-95cef3e97ac3} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d5f2caa6-16d2-4d34-9aff-3dc30d94b8c1} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sitevacuum (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\luckytender (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Wyeke (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Wyeke Service (Adware.Agent) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sitevacuum (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{f91e0cf0-8140-0ff9-cfc5-26a46a5c615f} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{7731da7f-f589-2d08-9b45-368efb7c31a4} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\appinit_dlls (Trojan.Witkinat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\crntdll (Trojan.Witkinat) -> Quarantined and deleted successfully.

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
C:\Programmi\EasySearch (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\BHO (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\BHO\FFExt (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\BHO\FFExt\chrome (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\BHO\FFExt\chrome\content (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\FFExt (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\FFExt\chrome (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\FFExt\chrome\content (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\LuckyTender (Adware.LuckyTender) -> Quarantined and deleted successfully.
C:\Programmi\LuckyTender\1.3.1 (Adware.LuckyTender) -> Quarantined and deleted successfully.
C:\Programmi\Wyeke (Adware.Agent) -> Quarantined and deleted successfully.

File infetti:
C:\Programmi\EasySearch\BHO\15.SuperSearch.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\gianni\Impostazioni locali\Temp\10.SuperSearch.dll (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\gianni\Impostazioni locali\Temp\11.SuperSearch.dll (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\gianni\Impostazioni locali\Temp\ILJ1hmeJh1.log (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Documents and Settings\gianni\Impostazioni locali\Temp\Rar$EX00.484\AVSAudioConverter.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Programmi\Wyeke\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmi\Mozilla Firefox\components\SuperSearchXPCOM.dll (Adware.SuperSearch) -> Quarantined and deleted successfully.
F:\SOFTWARE\Convertitore DVX-DVD\VSO.Software.ConvertXtoDVD.v2.1.14.223.Cracked-F4CG\Patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\MFC42U.DLL (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\SiteVacuumClient.bue (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\SiteVacuumClient.exe (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\SiteVacuumClient.tlb (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\SiteVacuumLicense.txt (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\tskill.exe (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\uninst.exe (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\UpdateHelper.exe (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\what.is.SiteVacuumClient.exe.txt (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\WSConfig.ini (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\BHO\DeploymentHelper.exe (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\BHO\MFC42U.DLL (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\BHO\SuperSearchLicense.txt (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\BHO\SVConfig.ini (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\BHO\uninst.exe (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\BHO\what.is.SiteVacuum.txt (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\BHO\FFExt\chrome.manifest (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\BHO\FFExt\install.rdf (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\BHO\FFExt\chrome\content\script-injector.js (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\BHO\FFExt\chrome\content\supersearch.xul (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\FFExt\chrome.manifest (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\FFExt\install.rdf (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\FFExt\chrome\content\script-injector.js (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\EasySearch\FFExt\chrome\content\sitevacuum.xul (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\LuckyTender\uninst.exe (Adware.LuckyTender) -> Quarantined and deleted successfully.
C:\Programmi\Wyeke\wyeke.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmi\Mozilla Firefox\components\ISuperSearchXPCOM.xpt (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Programmi\Mozilla Firefox\extensions\supersearch@supersearch.com (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WORK.DAT (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\gianni\Impostazioni locali\Temp\in1A.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\gianni\Impostazioni locali\Temp\XXXBA.RESUR (Malware.Trace) -> Quarantined and deleted successfully.
Torna in alto
 
borgio1971
Inviato: Sunday, October 03, 2010 1:01:28 PM
Rank: Newbie

Iscritto dal : 10/2/2010
Posts: 8
r16 ha scritto:
Ciao.
Ci sarebbe da eliminare anche questa voce:
Commenta:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\msnvnj32.exe,C:\WI NDOWS\system32\mshtxd32.exe,

Però consiglio, prima di eliminarla, di fare una scansione con Malwarebytes:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Elimina gli eventuali file infetti trovati.
Posta il log.




niente da fare...ho fatto la scansione con Malwarebytes e dopo ho eliminato la riga ma..niente...quella maledetta X ricompare all'avvio di windows

sto seriamente pensando di riformattare tutto

Comunque grazie infinite per l'aiuto
Torna in alto
 
r16
Inviato: Sunday, October 03, 2010 2:06:23 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
sto seriamente pensando di riformattare tutto

Se vuoi formattare, non sarò di certo io, che te lo impedirà.
Però devo sapere se vuoi tentare di risolvere.
Se vuoi continuare, posta un log aggiornato di HJT.
Torna in alto
 
borgio1971
Inviato: Sunday, October 03, 2010 4:18:46 PM
Rank: Newbie

Iscritto dal : 10/2/2010
Posts: 8
r16 ha scritto:
Commenta:
sto seriamente pensando di riformattare tutto

Se vuoi formattare, non sarò di certo io, che te lo impedirà.
Però devo sapere se vuoi tentare di risolvere.
Se vuoi continuare, posta un log aggiornato di HJT.


no..no anzi..io se non ti rompe continuo volentieri

ecco il log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.17.57, on 03/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\Programmi\AVG\AVG10\avgwdsvc.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\SYSTEM32\proquota.exe
c:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\AVG\AVG10\avgnsx.exe
C:\Programmi\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
c:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Programmi\AVG\AVG10\avgcsrvx.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: PriceGong - {D2A2595C-4FE4-4315-AA9B-19DBD6271B71} - C:\Programmi\PriceGong\1.5.0\PriceGongIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Programmi\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD08] c:\Programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Programmi\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Programmi\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233045102390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: OneCard - C:\Programmi\HPQ\IAM\Bin\AsWlnPkg.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG10\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: ONDA Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\onda_mon.exe (file missing)
O23 - Service: PC Angel (PCA) - Unknown owner - C:\WINDOWS\SMINST\PCAngel.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14786 bytes
Torna in alto
 
r16
Inviato: Sunday, October 03, 2010 4:49:31 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Disattiva il Tea Timer di SpyBot:

Apri SpyBot in modalità avanzata (menù modalità - avanzata) poi vai in utilità - resident e togli la spunta a TeaTimer, e riavvia il pc.

Ci sono ancora delle infezioni.
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
Torna in alto
 
borgio1971
Inviato: Sunday, October 03, 2010 5:58:57 PM
Rank: Newbie

Iscritto dal : 10/2/2010
Posts: 8
r16 ha scritto:
Ciao.
Disattiva il Tea Timer di SpyBot:

Apri SpyBot in modalità avanzata (menù modalità - avanzata) poi vai in utilità - resident e togli la spunta a TeaTimer, e riavvia il pc.

Ci sono ancora delle infezioni.
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.



fatto!!

ComboFix 10-10-02.02 - gianni 03/10/2010 17.44.18.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.3063.2410 [GMT 2:00]
Eseguito da: c:\documents and settings\gianni\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\Wyeke
c:\documents and settings\gianni\Dati applicazioni\PriceGong
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\1.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\a.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\b.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\c.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\d.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\e.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\f.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\g.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\h.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\i.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\J.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\k.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\l.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\m.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\n.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\o.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\p.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\q.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\r.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\s.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\t.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\u.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\v.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\w.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\x.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\y.xml
c:\documents and settings\gianni\Dati applicazioni\PriceGong\Data\z.xml
c:\documents and settings\gianni\Recent\referto.pdf
c:\programmi\GooglePlusVideos
c:\programmi\GooglePlusVideos\DeploymentHelper.exe
c:\programmi\GooglePlusVideos\FFExt\chrome.manifest
c:\programmi\GooglePlusVideos\FFExt\chrome\content\googleplusvideos.xul
c:\programmi\GooglePlusVideos\FFExt\chrome\content\script-injector.js
c:\programmi\GooglePlusVideos\FFExt\install.rdf
c:\programmi\GooglePlusVideos\GooglePlusVideosLicense.txt
c:\programmi\GooglePlusVideos\GVConfig.ini
c:\programmi\GooglePlusVideos\MFC42U.DLL
c:\programmi\GooglePlusVideos\Uninstall.bat
D:\Autorun.inf
F:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WYEKE_SERVICE


((((((((((((((((((((((((( Files Creati Da 2010-09-03 al 2010-10-03 )))))))))))))))))))))))))))))))))))
.

2010-10-02 22:23 . 2010-10-03 07:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-10-02 22:23 . 2010-10-02 22:23 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-10-02 17:07 . 2010-10-02 17:07 63488 ----a-w- c:\documents and settings\gianni\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-10-02 17:07 . 2010-10-02 17:07 52224 ----a-w- c:\documents and settings\gianni\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-10-02 17:07 . 2010-10-02 17:07 117760 ----a-w- c:\documents and settings\gianni\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-10-02 17:06 . 2010-10-02 17:06 -------- d-----w- c:\documents and settings\gianni\Dati applicazioni\SUPERAntiSpyware.com
2010-10-02 17:06 . 2010-10-02 17:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-10-02 17:05 . 2010-10-02 17:05 -------- d-----w- c:\documents and settings\gianni\Dati applicazioni\Malwarebytes
2010-10-02 17:05 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 17:05 . 2010-10-02 17:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-10-02 17:05 . 2010-10-02 17:05 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-10-02 17:05 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 17:04 . 2010-10-02 17:06 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-10-02 16:26 . 2010-10-02 16:26 388096 ----a-r- c:\documents and settings\gianni\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-02 16:26 . 2010-10-02 16:26 -------- d-----w- c:\programmi\Trend Micro
2010-09-30 21:41 . 2010-09-30 21:41 -------- d-----w- C:\$AVG
2010-09-30 21:28 . 2010-09-30 21:28 -------- d-----w- c:\documents and settings\gianni\Dati applicazioni\IObit
2010-09-30 21:28 . 2010-09-30 21:28 -------- d-----w- c:\programmi\IObit
2010-09-30 20:58 . 2010-09-30 20:58 17552011 ----a-w- c:\documents and settings\gianni\Dati applicazioni\Intelli-studio\iUpdate.exe
2010-09-29 22:19 . 2010-09-29 22:19 -------- d-----w- c:\documents and settings\gianni\Dati applicazioni\AVG10
2010-09-29 22:16 . 2010-09-29 22:16 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\Common Files
2010-09-29 22:13 . 2010-10-03 15:02 -------- d-----w- c:\windows\system32\drivers\AVG
2010-09-29 22:13 . 2010-09-29 22:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVG10
2010-09-29 22:07 . 2010-09-29 22:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MFAData
2010-09-25 22:21 . 2009-10-20 16:20 265728 ------w- c:\windows\system32\dllcache\http.sys
2010-09-25 21:24 . 2008-06-14 17:32 272768 ------w- c:\windows\system32\dllcache\bthport.sys
2010-09-25 15:43 . 2010-09-25 15:43 -------- d-----w- c:\windows\ServicePackFiles
2010-09-23 21:08 . 2010-09-25 12:28 -------- d-----w- c:\documents and settings\gianni\Dati applicazioni\Ulead Systems
2010-09-23 21:04 . 2010-09-23 21:04 -------- d-----w- c:\windows\system32\windows media
2010-09-23 21:04 . 2010-09-23 21:04 -------- d--h--w- c:\windows\msdownld.tmp
2010-09-23 21:03 . 2010-09-23 21:03 -------- d-----w- c:\programmi\Windows Media Components
2010-09-23 21:02 . 2010-09-23 21:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2010-09-23 21:02 . 2010-09-23 21:02 -------- d-----w- c:\programmi\File comuni\Ulead Systems
2010-09-23 21:02 . 2010-09-23 21:02 -------- d-----w- c:\programmi\Ulead Systems
2010-09-23 20:57 . 2008-04-13 17:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-09-23 20:57 . 2008-04-13 17:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-09-23 20:49 . 2007-11-15 18:33 468096 ----a-w- c:\windows\system32\drivers\StkTMini.sys
2010-09-23 20:49 . 2006-12-20 06:38 12351744 ----a-w- c:\windows\system32\drivers\StkCPipe.sys
2010-09-13 14:27 . 2010-09-13 14:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-07 01:49 . 2010-09-07 01:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 01:48 . 2010-09-07 01:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 01:48 . 2010-09-07 01:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 01:48 . 2010-09-07 01:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 08:53 . 2004-08-30 11:20 85330 ----a-w- c:\windows\system32\perfc010.dat
2010-10-03 08:53 . 2004-08-30 11:20 492504 ----a-w- c:\windows\system32\perfh010.dat
2010-09-30 21:06 . 2010-06-06 10:03 -------- d-----w- c:\documents and settings\gianni\Dati applicazioni\Intelli-studio
2010-09-29 22:12 . 2009-01-27 08:22 -------- d-----w- c:\programmi\AVG
2010-09-29 22:05 . 2009-03-07 22:12 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-09-29 22:05 . 2010-02-01 14:54 -------- d-----w- c:\programmi\IKEA HomePlanner
2010-09-29 21:39 . 2009-07-17 23:43 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-09-25 22:27 . 2006-08-23 04:48 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-09-25 15:47 . 2004-08-30 11:19 83535 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-09-25 13:43 . 2009-01-27 08:30 101984 ----a-w- c:\documents and settings\gianni\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-08-19 19:42 . 2010-08-19 19:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-19 19:42 . 2010-08-19 19:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-19 19:42 . 2010-08-19 19:42 26192 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2010-08-17 13:17 . 2004-08-19 08:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 21:39 . 2010-08-16 21:39 23949040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Yahoo!\YUpdater\msgup1000_1270_it.exe
2010-08-15 01:25 . 2009-11-23 09:38 -------- d-----w- c:\documents and settings\gianni\Dati applicazioni\TeamViewer
2010-08-12 13:54 . 2010-07-31 14:15 -------- d-----w- c:\programmi\ONDA CONNECTION MANAGER
2010-07-22 15:48 . 2004-08-19 08:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-20 22:41 . 2009-11-07 11:18 256 ----a-w- c:\windows\system32\pool.bin
2009-04-07 18:52 . 2009-04-07 18:52 28672 ----a-w- c:\programmi\mozilla firefox\components\GooglePlusVideosXPCOM.dll
2008-10-19 09:58 . 2008-10-19 09:58 49152 ----a-w- c:\programmi\mozilla firefox\components\SiteVacuumXPCOM.dll
2009-02-01 10:45 . 2009-02-01 10:44 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}]
2009-08-10 22:48 288056 ----a-w- c:\programmi\PriceGong\1.5.0\PriceGongIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Messenger (Yahoo!)"="c:\programmi\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="c:\programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 131072]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"WatchDog"="c:\programmi\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
"SynTPStart"="c:\programmi\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"RoxWatchTray"="c:\programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"IntelliPoint"="c:\programmi\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"HPHUPD08"="c:\programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-17 49152]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"UVS10 Preload"="c:\programmi\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"AVG_TRAY"="c:\programmi\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-1-30 217088]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
BlueSoleil.lnk - c:\programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-11-3 656384]
HP Digital Imaging Monitor.lnk - c:\programmi\Hp\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\programmi\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^DVD Check.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-26 19:06 4351216 ----a-w- c:\programmi\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programmi\\AVG\\AVG10\\avgemcx.exe"=

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16.27.24 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 3.48.50 26064]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [08/01/2009 0.39.36 20744]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 3.48.54 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 3.49.00 298448]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20.25.48 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 20.41.30 67656]
R2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe -k Cognizance [19/08/2004 10.00.00 14336]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [31/07/2010 14.44.42 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [03/09/2010 10.35.50 6104144]
R2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG10\avgwdsvc.exe [10/09/2010 1.45.22 265400]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [17/02/2009 1.09.04 8192]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21.42.36 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21.42.38 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21.42.34 26192]
S2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\onda_mon.exe --> c:\windows\system32\SupportAppXL\onda_mon.exe [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [07/12/2008 13.44.54 30088]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys --> c:\windows\system32\DRIVERS\gtipci21.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 15.58.48 26248]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [31/07/2010 16.16.08 100480]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [31/07/2010 16.16.08 87552]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [31/07/2010 16.16.08 100480]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [31/07/2010 16.16.08 100480]
S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [03/02/2009 17.23.11 311684]
S3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkTMini.sys [23/09/2010 22.49.11 468096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
Contenuto della cartella 'Scheduled Tasks'

2009-02-02 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\programmi\Microsoft IntelliPoint\ipoint.exe [2008-06-10 11:56]

2010-10-03 c:\windows\Tasks\User_Feed_Synchronization-{3C673716-9310-4749-85AB-F934D9B6F1C2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &Cerca con Google - c:\programmi\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Traduci parola in italiano - c:\programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Link a ritroso - c:\programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Pagine simili - c:\programmi\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Versione cache della pagina - c:\programmi\Google\GoogleToolbar1.dll/cmcache.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\gianni\Dati applicazioni\Mozilla\Firefox\Profiles\hp0x0gyv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://it.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_it&p=
FF - component: c:\programmi\AVG\AVG10\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKLM-Run-Recguard - c:\windows\Sminst\Recguard.exe
AddRemove-Creative WebCam - c:\windows\CtDrvIns.exe -uninstall USB\VID_041E&PID_400D -plugin P1001Pin.dll
AddRemove-recfree - c:\programmi\RecFree.com\recfree\1.3.60.6\uninstall.exe
AddRemove-RecFreeToolbar - c:\programmi\RecFree.com\RecFreeToolbar\1.3.11.0\uninstall.exe



**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????pS??7?4?7?3??????? ??4B??????????????hB?????pS?

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1084)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\programmi\HPQ\IAM\Bin\AsWlnPkg.dll

- - - - - - - > 'explorer.exe'(1612)
c:\windows\system32\WININET.dll
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\programmi\HPQ\IAM\Bin\SFSShell.dll
c:\programmi\HPQ\IAM\bin\ItMsg.dll
c:\programmi\HPQ\IAM\bin\1040\SFSShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\DllHost.exe
c:\windows\System32\SCardSvr.exe
c:\programmi\HPQ\IAM\bin\asghost.exe
c:\windows\system32\agrsmsvc.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
c:\windows\system32\igfxsrvc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\IVT Corporation\BlueSoleil\BTNtService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\AVG\AVG10\avgnsx.exe
c:\programmi\AVG\AVG10\avgemcx.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\programmi\Windows Media Player\WMPNetwk.exe
c:\programmi\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programmi\iPod\bin\iPodService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\programmi\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Ora fine scansione: 2010-10-03 17:56:52 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-10-03 15:56

Pre-Run: 128.895.201.280 byte disponibili
Post-Run: 129.452.834.816 byte disponibili

- - End Of File - - FE37630A99823660E182D0AB2437799E

adesso provo a riavviare e ti dico
Torna in alto
 
borgio1971
Inviato: Sunday, October 03, 2010 6:19:16 PM
Rank: Newbie

Iscritto dal : 10/2/2010
Posts: 8
r16 ha scritto:
Ciao.
Disattiva il Tea Timer di SpyBot:

Apri SpyBot in modalità avanzata (menù modalità - avanzata) poi vai in utilità - resident e togli la spunta a TeaTimer, e riavvia il pc.

Ci sono ancora delle infezioni.
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.



Evvivaaaa!!!! Dancing X sparita!!

cavolo ragazzi..non so chi siate....ma avete 2 palle che vi fumano!!

Grazie grazie grazie

Applause

Mi consigli di utilizzare un programma di firewall e di lasciare Spybot SD sempre attivo?

Ancora Grazie e complimenti...mai ricevuta un assistenza ed una consulenza cosi!!
Torna in alto
 
panchoz
Inviato: Sunday, October 03, 2010 6:31:52 PM

Rank: AiutAmico

Iscritto dal : 11/6/2008
Posts: 2,452

Il firewall è assolutamente necessario http://www.aiutamici.com/software?ID=80361



Spybot S&D è un programma per le scansioni "a richiesta"; riguardo alla funzione di immunizzazione andrebbe integrato con SpywareBlaster http://www.aiutamici.com/software?ID=11041


Ma attendi consigli Speak to the hand
Torna in alto
 
r16
Inviato: Sunday, October 03, 2010 6:51:32 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Lascia disattivato il Tea Timer.
Disistalla o Superantispyware, oppure SpyBot.
Uno dei due è superfluo.

Posta un log di HJT, per le pulizie finali.
Cosa sono le lettere :
D:\
F:\
Periferiche esterne? (chiavette, o HD esterni)
Se sì, NON inserirle fino a bonifica terminata.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Superamento spazio archiviazione profilo


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.