www.MegaLab.it

[gioia271965]

il messaggio è questo "IMPOSSIBILE ELIMINARE XXXXXXXXX.ERRORE DURANTE L'ELIMINAZIONE DELLA CHIAVE."
oppure "IMPOSSIBILE ELIMINARE TUTTI I VALORI SPECIFICATI"

Avevo pensato a un altro messaggio di "errore" per il quale avevo la soluzione.

[Uomo_Senza_Sonno]

Non ne sono sicuro ma è probabile allora che ci sia qualche processo attivo che impedisce l'eliminazione manuale delle chiavi di registro. Sempre meglio controllare anche se dai log che hai postato non si direbbe. In alternativa, potresti provare ad usare il megalabCD per interagire nel registro di sistema da esterno, anche se forse è come usare la bomba atomica per uccidere una mosca.
Altra alternativa, se non hai già provato, è riprovare la rimozione manuale dalla modalità provvisoria.

[tiger]

Ti consiglio di utilizzare Process Hacker 1.11 (potente e free e anche versione portable zip) per analizzare se c'e qualche processo e/o service strano,
notevole la funzione di analisi degli hidden processes.

[tonyfly]

scusate se rompo ancora.Dopo varie pulizie riprovo a postare i log di Combofix e Hyjackis
Log di Combofix

ComboFix 10-01-22.03 - antonio 23/01/2010 13.08.56.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3070.2461 [GMT 1:00]
Eseguito da: d:\documents and settings\antonio\Documenti\Download\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\$recycle.bin\S-1-5-21-3879457570-3484254678-1068390782-1003

.
((((((((((((((((((((((((( Files Creati Da 2009-12-23 al 2010-01-23 )))))))))))))))))))))))))))))))))))
.

2010-01-23 11:53 . 2010-01-23 11:53 -------- d-----w- d:\documents and settings\antonio\Dati applicazioni\Windows Desktop Search
2010-01-23 11:51 . 2008-03-07 17:02 98304 ------w- d:\windows\system32\dllcache\nlhtml.dll
2010-01-23 11:51 . 2008-03-07 17:02 29696 ------w- d:\windows\system32\dllcache\mimefilt.dll
2010-01-23 11:51 . 2008-03-07 17:02 192000 ------w- d:\windows\system32\dllcache\offfilt.dll
2010-01-22 16:56 . 2009-11-25 12:01 1230080 ----a-w- d:\documents and settings\All Users\Dati applicazioni\AVG Security Toolbar\IEToolbar.dll
2010-01-22 13:31 . 2010-01-22 13:31 -------- d-----w- d:\documents and settings\antonio\Dati applicazioni\AVG9
2010-01-21 17:31 . 2010-01-21 17:31 -------- d-----w- d:\documents and settings\antonio\Impostazioni locali\Dati applicazioni\AVG Security Toolbar
2010-01-21 15:41 . 2010-01-21 15:41 12464 ----a-w- d:\windows\system32\avgrsstx.dll
2010-01-21 15:41 . 2010-01-22 16:56 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\AVG Security Toolbar
2010-01-21 15:35 . 2010-01-21 15:35 -------- d-----w- d:\programmi\Avira
2010-01-21 15:35 . 2010-01-21 15:35 -------- d-----w- d:\programmi\File comuni\PCSuite
2010-01-20 20:34 . 2010-01-20 20:34 -------- d-----w- d:\documents and settings\antonio\Dati applicazioni\Malwarebytes
2010-01-20 20:34 . 2010-01-20 20:34 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-20 20:33 . 2010-01-20 20:43 -------- d-----w- d:\programmi\SUPERAntiSpyware
2010-01-20 20:33 . 2010-01-20 20:33 -------- d-----w- d:\documents and settings\antonio\Dati applicazioni\SUPERAntiSpyware.com
2010-01-20 20:33 . 2010-01-20 20:33 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-01-20 20:23 . 2010-01-20 20:33 -------- d-----w- d:\programmi\SUPERAntiSpyware(2)
2010-01-20 20:23 . 2010-01-20 20:33 -------- d-----w- d:\documents and settings\antonio\Dati applicazioni\SUPERAntiSpyware(2).com
2010-01-20 14:08 . 2010-01-20 20:34 -------- d-----w- d:\programmi\Widget vodafone(2).it
2010-01-19 20:01 . 2010-01-20 20:34 -------- d-----w- D:\RECYCLER(2)
2010-01-18 19:50 . 2010-01-18 19:50 52224 ----a-w- d:\documents and settings\antonio\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-18 19:50 . 2010-01-21 16:01 117760 ----a-w- d:\documents and settings\antonio\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-18 19:49 . 2010-01-21 15:40 4043032 ----a-w- d:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgui.exe
2010-01-18 19:49 . 2010-01-21 15:40 1260312 ----a-w- d:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-01-18 19:49 . 2010-01-21 15:40 2033432 ----a-w- d:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtray.exe
2010-01-18 19:49 . 2010-01-21 15:40 3776280 ----a-w- d:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2010-01-18 19:49 . 2010-01-21 15:40 2352920 ----a-w- d:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgresf.dll
2010-01-18 19:49 . 2010-01-21 15:40 916248 ----a-w- d:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcfgx.dll
2010-01-18 19:49 . 2010-01-21 15:40 3967256 ----a-w- d:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2010-01-18 19:33 . 2010-01-23 11:23 -------- d-----w- d:\windows\system32\drivers\Avg
2010-01-18 19:33 . 2010-01-21 15:40 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\avg9
2010-01-18 19:33 . 2010-01-18 19:33 -------- d-----w- d:\programmi\AVG
2010-01-18 19:33 . 2010-01-18 19:33 -------- d-----w- D:\$AVG
2010-01-18 16:41 . 2010-01-18 19:33 -------- d-----w- d:\documents and settings\antonio\Dati applicazioni\Malwarebytes(2)
2010-01-18 16:41 . 2010-01-18 19:33 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Malwarebytes(2)
2010-01-18 16:41 . 2010-01-18 19:33 -------- d-----w- d:\programmi\Malwarebytes' Anti-Malware(2)
2010-01-17 21:57 . 2010-01-17 21:57 -------- d-----w- d:\documents and settings\Banco1\Impostazioni locali\Dati applicazioni\Martau
2010-01-17 21:56 . 2010-01-17 21:56 -------- d-----w- d:\documents and settings\Banco1\IETldCache
2010-01-16 10:40 . 2010-01-16 10:40 360584 ----a-w- d:\windows\system32\drivers\avgtdix.sys
2010-01-16 10:40 . 2010-01-16 10:40 333192 ----a-w- d:\windows\system32\drivers\avgldx86.sys
2010-01-16 10:40 . 2010-01-16 10:40 28424 ----a-w- d:\windows\system32\drivers\avgmfx86.sys
2010-01-15 19:18 . 2010-01-20 20:54 5115824 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-15 14:27 . 2010-01-15 14:27 388096 ----a-r- d:\documents and settings\antonio\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-15 14:27 . 2010-01-15 14:27 -------- d-----w- d:\programmi\TrendMicro
2010-01-13 13:58 . 2010-01-13 13:58 -------- d-----w- d:\documents and settings\antonio\Dati applicazioni\it.vodafone.desktopwidget.75C5D0AC8E830B80BD4FBC0B32A23F0123E8C097.1
2010-01-07 14:23 . 2009-11-21 15:54 471552 ------w- d:\windows\system32\dllcache\aclayers.dll
2010-01-07 14:23 . 2009-10-12 13:38 150016 ------w- d:\windows\system32\dllcache\rastls.dll
2010-01-07 14:23 . 2009-10-12 13:38 79872 ------w- d:\windows\system32\dllcache\raschap.dll
2010-01-07 14:23 . 2009-10-13 10:33 271360 ------w- d:\windows\system32\dllcache\oakley.dll
2010-01-07 14:23 . 2009-10-21 05:38 75776 ------w- d:\windows\system32\dllcache\strmfilt.dll
2010-01-07 14:23 . 2009-10-21 05:38 25088 ------w- d:\windows\system32\dllcache\httpapi.dll
2010-01-07 14:23 . 2009-10-20 16:20 265728 ------w- d:\windows\system32\dllcache\http.sys
2010-01-07 14:09 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 14:09 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 12:15 . 2008-05-16 22:17 91426848 --sha-w- d:\windows\system32\drivers\fidbox.dat
2010-01-23 12:04 . 2008-05-16 22:17 1077620 --sha-w- d:\windows\system32\drivers\fidbox.idx
2010-01-23 11:53 . 2001-08-31 11:00 622822 ----a-w- d:\windows\system32\perfh010.dat
2010-01-23 11:53 . 2001-08-31 11:00 117260 ----a-w- d:\windows\system32\perfc010.dat
2010-01-23 11:53 . 2008-11-16 16:53 -------- d-----w- d:\programmi\Windows Desktop Search
2010-01-21 15:35 . 2010-01-21 15:35 -------- d-----w- d:\programmi\File comuni\Nokia
2010-01-21 15:35 . 2008-08-28 11:35 -------- d-----w- d:\programmi\DIFX
2010-01-21 15:35 . 2010-01-21 14:24 -------- d-----w- d:\programmi\PC Connectivity Solution
2010-01-21 15:35 . 2010-01-21 14:23 -------- d-----w- d:\programmi\Nokia
2010-01-21 15:35 . 2010-01-20 20:34 -------- d-----w- d:\programmi\Malwarebytes' Anti-Malware
2010-01-21 14:31 . 2010-01-21 14:31 0 ---ha-w- d:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-01-21 14:31 . 2010-01-21 14:31 0 ---ha-w- d:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-01-21 14:22 . 2010-01-21 14:22 95232 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-01-21 14:22 . 2010-01-21 14:22 8192 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-21 14:22 . 2010-01-21 14:22 61440 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-21 14:22 . 2010-01-21 14:22 10240 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-21 14:22 . 2008-08-28 11:34 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Installations
2010-01-21 14:22 . 2010-01-21 14:22 34541248 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_ita.exe
2010-01-20 21:00 . 2009-02-15 17:50 -------- d-----w- d:\programmi\Microsoft Silverlight
2010-01-20 20:34 . 2010-01-20 20:34 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\NOS
2010-01-20 20:34 . 2008-11-05 20:51 -------- d-----w- d:\programmi\File comuni\Wise Installation Wizard
2010-01-18 19:26 . 2009-08-30 13:38 -------- d-----w- d:\programmi\Alwil Software
2010-01-13 23:36 . 2008-12-09 22:46 -------- d-----w- d:\programmi\Google
2010-01-13 23:31 . 2009-07-28 14:14 -------- d-----w- d:\documents and settings\antonio\Dati applicazioni\BlackBean
2010-01-13 23:28 . 2008-05-08 11:31 -------- d--h--w- d:\programmi\InstallShield Installation Information
2010-01-12 20:05 . 2008-12-10 00:05 -------- d-----w- d:\documents and settings\antonio\Dati applicazioni\uTorrent
2010-01-07 13:46 . 2008-07-17 18:24 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-12-29 12:48 . 2008-05-08 12:19 -------- d-----w- d:\documents and settings\antonio\Dati applicazioni\dvdcss
2009-12-21 19:06 . 2007-01-03 10:56 916480 ----a-w- d:\windows\system32\wininet.dll
2009-12-16 20:06 . 2009-12-16 20:06 -------- d-----w- d:\documents and settings\antonio\Dati applicazioni\Apple Computer
2009-12-16 20:04 . 2008-05-11 22:13 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-11-21 15:54 . 2007-01-03 10:46 471552 ----a-w- d:\windows\AppPatch\aclayers.dll
2009-11-04 15:05 . 2009-11-04 15:05 93360 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2009-03-03 16:17 . 2009-03-03 16:17 1453 ----a-w- d:\programmi\ST6UNST.002
2008-11-03 14:55 . 2008-11-03 14:55 3252 ----a-w- d:\programmi\ST6UNST.001
2008-11-03 14:55 . 2008-11-03 14:55 1485 ----a-w- d:\programmi\ST6UNST.000
2008-11-03 14:54 . 2008-11-03 14:54 1508 ----a-w- d:\programmi\ST6UNST.LOG
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"googletalk"="d:\programmi\Google\Google Talk\googletalk.exe" [2007-11-21 3293184]
"MSMSGS"="d:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SUPERAntiSpyware"="d:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
"PC Suite Tray"="d:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="d:\programmi\Apoint\Apoint.exe" [2003-11-07 114688]
"snpstd"="d:\windows\vsnpstd.exe" [2005-10-11 339968]
"VX1000"="d:\windows\vVX1000.exe" [2006-06-29 707376]
"SunJavaUpdateSched"="d:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVG9_TRAY"="d:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-21 2033432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Windows Search.lnk - d:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- d:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Connessione Rete.lnk]
path=d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Connessione Rete.lnk
backup=d:\windows\pss\Connessione Rete.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Copernico.lnk]
path=d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Copernico.lnk
backup=d:\windows\pss\Copernico.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ImageMixer 3 SE Camera Monitor for SD.lnk]
path=d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ImageMixer 3 SE Camera Monitor for SD.lnk
backup=d:\windows\pss\ImageMixer 3 SE Camera Monitor for SD.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
backup=d:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
d:\programmi\Lavasoft\Ad-Aware\AAWTray.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-09-13 09:12 139264 ----a-w- d:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 02:14 110592 ----a-w- d:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-01-05 06:56 2002160 ----a-w- d:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Nokia.PCSync"="d:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
"SpybotSD TeaTimer"=d:\programmi\Spybot - Search & Destroy\TeaTimer.exe
"PC Suite Tray"="d:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"MSMSGS"="d:\programmi\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CanonMyPrinter"=d:\programmi\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu"=d:\programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
"QuickTime Task"="d:\programmi\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
"nwiz"=nwiz.exe /install
"Adobe Reader Speed Launcher"="d:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HKSERV.EXE"=d:\programmi\Sony\HotKey Utility\HKserv.exe
"Nero DriveSpeed"=d:\progra~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE
"NeroFilterCheck"=d:\programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programmi\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"d:\\Programmi\\eMule\\emule.exe"=
"d:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"d:\\Programmi\\uTorrent\\uTorrent.exe"=
"d:\\Programmi\\Skype\\Phone\\Skype.exe"=
"d:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programmi\\Lphant\\eLePhantClient.exe"=
"d:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Programmi\\AVG\\AVG9\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:TCP"= 50000:TCP:tcp emule
"50001:UDP"= 50001:UDP:tcp emule
"4889:TCP"= 4889:TCP:home
"4890:UDP"= 4890:UDP:home
"4662:TCP"= 4662:TCP:banco020202
"4672:UDP"= 4672:UDP:banco020202

R0 a347scsi;a347scsi;d:\windows\system32\drivers\a347scsi.sys [08/05/2008 15.18.37 5248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [16/01/2010 11.40.59 333192]
R1 AvgTdiX;AVG Free Network Redirector;d:\windows\system32\drivers\avgtdix.sys [16/01/2010 11.40.59 360584]
R1 SASDIFSV;SASDIFSV;d:\programmi\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 7.56.04 9968]
R1 SASKUTIL;SASKUTIL;d:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 7.56.02 74480]
R2 avg9wd;AVG Free WatchDog;d:\programmi\AVG\AVG9\avgwdsvc.exe [21/01/2010 16.40.49 285392]
R3 SASENUM;SASENUM;d:\programmi\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 7.56.06 7408]
R3 ti21sony;ti21sony;d:\windows\system32\drivers\ti21sony.sys [08/05/2008 11.16.27 812544]
S0 a347bus;a347bus;d:\windows\system32\drivers\a347bus.sys [08/05/2008 15.18.37 160640]
S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys d:\windows\system32\DRIVERS\Lbd.sys
S1 cmdGuard;cmdGuard;d:\windows\system32\DRIVERS\cmdguard.sys d:\windows\system32\DRIVERS\cmdguard.sys
S1 cmdHlp;cmdHlp;d:\windows\system32\DRIVERS\cmdhlp.sys d:\windows\system32\DRIVERS\cmdhlp.sys
S2 gupdate1c9aafc83997e88;Google Update Service (gupdate1c9aafc83997e88);d:\programmi\Google\Update\GoogleUpdate.exe [22/03/2009 15.43.06 133104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [19/01/2009 15.59.45 22640]
S4 setup_7.0.0.180_15.05.2008_16-33;setup_7.0.0.180_15.05.2008_16-33;"d:\documents and settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_15.05.2008_16-33.exe" -r d:\documents and settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_15.05.2008_16-33.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-22 d:\windows\Tasks\ccleaner.job
- d:\programmi\CCleaner\CCleaner.exe [2009-02-19 17:27]

2010-01-23 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\programmi\Google\Update\GoogleUpdate.exe [2009-03-22 14:43]

2010-01-23 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\programmi\Google\Update\GoogleUpdate.exe [2009-03-22 14:43]

2010-01-17 d:\windows\Tasks\OGADaily.job
- d:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-01-23 d:\windows\Tasks\OGALogon.job
- d:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {0A37138E-1533-4E9A-8AC9-51C82A78E98C} = 212.216.112.112,212.216.172.62
DPF: Microsoft XML Parser for Java - file:///D:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - d:\documents and settings\antonio\Dati applicazioni\Mozilla\Firefox\Profiles\ppqn978l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: d:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: d:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: d:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: d:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: d:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: d:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: d:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\programmi\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programmi\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programmi\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programmi\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programmi\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programmi\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programmi\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: d:\programmi\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - trued:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-PC Suite Tray - c:\xp\programmi su xp\nokia suite\Nokia PC Suite 7\PCSuite.exe



**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\d:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="D?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(892)
d:\programmi\SUPERAntiSpyware\SASWINLO.dll
d:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2700)
d:\windows\system32\WININET.dll
d:\programmi\Windows Desktop Search\deskbar.dll
d:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
d:\programmi\Windows Desktop Search\dbres.dll
d:\programmi\Windows Desktop Search\wordwheel.dll
d:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
d:\programmi\Windows Desktop Search\msnlExtRes.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-01-23 13:16:29
ComboFix-quarantined-files.txt 2010-01-23 12:16
ComboFix2.txt 2010-01-18 18:56

Pre-Run: 11.885.023.232 byte disponibili
Post-Run: 11.854.741.504 byte disponibili

- - End Of File - - 03264A9EAC59BC0589908B9DA26C3AD2

Log di HyJackthis

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 13.36.59, on 23/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\AVG\AVG9\avgwdsvc.exe
D:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
D:\Programmi\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\Programmi\AVG\AVG9\avgnsx.exe
D:\Programmi\AVG\AVG9\avgchsvx.exe
D:\Programmi\AVG\AVG9\avgrsx.exe
D:\Programmi\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\Explorer.EXE
D:\Programmi\Apoint\Apoint.exe
D:\WINDOWS\vsnpstd.exe
D:\WINDOWS\vVX1000.exe
D:\Programmi\Java\jre6\bin\jusched.exe
D:\PROGRA~1\AVG\AVG9\avgtray.exe
D:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
D:\Programmi\Google\Google Talk\googletalk.exe
D:\Programmi\Messenger\msmsgs.exe
D:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
D:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Programmi\Apoint\Apntex.exe
D:\Programmi\Windows Desktop Search\WindowsSearch.exe
D:\Programmi\PC Connectivity Solution\ServiceLayer.exe
D:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Programmi\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
D:\Programmi\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Apoint] D:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [snpstd] D:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [VX1000] D:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] D:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [googletalk] "D:\Programmi\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MSMSGS] "D:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Windows Search.lnk = D:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 0247750796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0247671250
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A37138E-1533-4E9A-8AC9-51C82A78E98C}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A37138E-1533-4E9A-8AC9-51C82A78E98C}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9aafc83997e88) (gupdate1c9aafc83997e88) - Google Inc. - D:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - D:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - D:\WINDOWS\system32\DRIVERS\xaudio.exe

--
End of file - 7758 bytes

Quando ho avviato Combofix mi dice che avevo Antivir attivo. Ma dove??? Se non riesco ad installarlo. Poi mi dice che ho Comodo firewall attivato...ma se l'ho utilizzato e rimosso quasi 2 anni fà!!! Bohh

[gioia271965]

perché non provi a usare la funzione "cerca"? Inserisci i nomi dei programmi settando la scansione anche nelle cartelle e file nascosti. Magari vien fuori qualcosa.

[tonyfly]

RISOLTO
Ieri ho installato Avast 5, dopo aver letto l'ottima recensione di Crazy.cat. Ho fatto una scansione e dopo aver finito mi dice che ha trovato un troyan.Poi mi dice di riavviare che mi avrebbe fatto anche una scansione nel boot.Alla fine mi ha levato tre file,me ne ha riparato altri 3. Mi dico fra me e me:"ma come? ho fatto una scansione con combofix e niente, avg 9 che te lo dico a fà,findy kill niente,malware bytes niente,superantisyware niente...e questo Avast mi trova tutte ste schifezze?"...................beh fatto stà che ho fatto la prova del 9: ho cliccato sull'icona dell'ombrello rosso di Antivir e finalmente l'installazione si avvia!!!!!! Naturalmente ho annullato il processo perché ho deciso che adesso il mio paladino salva computer sarà AVAST 5.0 !!!!!!


Grazie a tutti.