Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

sparito mezzo pc

Problemi con i sistemi operativi di casa Microsoft? Questa è la sezione che fa per te!

sparito mezzo pc

Messaggioda paove » dom dic 26, 2010 4:20 pm

Salve,ho acceso il pc, vista home, come sempre e senza aver fatto modifiche mi ritrovo con tre quarti dei programmi non presenti nel menu "tutti i programmi", cerco di aprire word e mi parte l'installazione; cerco il prompt di dos: non esiste; strumenti di amministrazione: vuoto. Il ripristino esiste ma non mi funziona. Cerco di fare il ripristino dall'avvio e mi chiede la password amministratore (non accetta le standard...), accedendo con l'utente che ha privilegi di amministratore non accetta la password. Sto provando a fare aggiornamenti e analisi con alcuni programmi di riparazione registro ma non risolvo il problema. Cosa potrei fare? Grazie
Avatar utente
paove
Aficionado
Aficionado
 
Messaggi: 120
Iscritto il: dom ott 29, 2006 6:51 pm

Re: sparito mezzo pc

Messaggioda Berga95 » dom dic 26, 2010 7:33 pm

[uhm] Scaricato qualche file di dubbia provenienza?
Comunque, procederei con Hitman Pro, giusto per farsi un'idea...
Guarda questo (gentilmente creato da hashcat, spero non si arrabbi [std] )

Immagine

Lo puoi scaricare da qui (versione a 32 bit)
Se trova qualcosa, attiva la licenza da 30 giorni e elimina quello che trova... poi posta il log, usando il tag MEMO:
The Doctor ha scritto:Uso corretto del tag MEMO:

Codice: Seleziona tutto
[memo]incolla il log qui[/memo]



EDIT: Riesci a connetterti ad internet con quel pc? Che programmi di ottimizzazione del registro stai utilizzando?
Non è morto ciò che in eterno può attendere - e col passare di strani eoni - anche la morte può morire.
~ H.P. Lovecraft
Avatar utente
Berga95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3342
Iscritto il: sab set 12, 2009 12:56 pm
Località: C:\Python27 | C:\Dev-Cpp | Treviso

Re: sparito mezzo pc

Messaggioda paove » dom dic 26, 2010 8:08 pm

sto provando hitman come mi hai suggerito. Ho provato a reinstallare anche un software di backup...nel caso non mi restasse alternativa, ma dice che l'installazione non è andata a buon fine, forse in quanto non si hanno sufficienti privilegi. Praticamente il system sembra bloccato...
Grazie per la risposta :)
Avatar utente
paove
Aficionado
Aficionado
 
Messaggi: 120
Iscritto il: dom ott 29, 2006 6:51 pm


Re: sparito mezzo pc

Messaggioda paove » dom dic 26, 2010 8:31 pm

a parte qualche cookie hitman non ha trovato niente. ho provato advanced system care, glary utilities, pc inspector, come programmi di diagnosi
Avatar utente
paove
Aficionado
Aficionado
 
Messaggi: 120
Iscritto il: dom ott 29, 2006 6:51 pm

Re: sparito mezzo pc

Messaggioda Ale2695 » dom dic 26, 2010 9:51 pm

Prova a vedere se nella cartella di Windows è presente il prompt dei comandi, almeno escludiamo danni ai files di sistema
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara

Re: sparito mezzo pc

Messaggioda paove » lun dic 27, 2010 12:02 pm

si, posso accedere al prompt
Avatar utente
paove
Aficionado
Aficionado
 
Messaggi: 120
Iscritto il: dom ott 29, 2006 6:51 pm

Re: sparito mezzo pc

Messaggioda FDAC » lun dic 27, 2010 1:28 pm

Scarica Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Nota:
● il programma devi scaricarlo preferibilmente con Internet Explorer

Posiziona Combofix sul Desktop ed esegui queste operazioni preliminari:
● disconnettiti da Internet
● sconnetti, fisicamente, il modem/router dal Computer

E' assolutamente necessario, se attivo:
disattivare l'Antivirus in uso, dall'icona presente sulla traybar (accanto all'orologio di Windows)
disattivare il Firewall eventualmente installato, dall'icona presente sulla traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un account con privilegi di Amministratore e segui le istruzioni che verranno rilasciate per eseguire la scansione
● verrà richiesta la installazione della Console di ripristino di emergenza: non la installare
● senza eseguire nessuna altra operazione, lascia che il tool completi la scansione e la fase di creazione del log

Note - durante la scansione:
● verranno creati alcuni file sul Desktop e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall, se attivo, potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer, qualora già non ci fosse

Quando Combofix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente (in caso contrario, riavvialo tu)
● ricollega, fisicamente, il modem/router al Computer
● connettiti a Internet
● vai in Disco Locale C:, cerca il log dal nome combofix.txt ed allegalo
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: sparito mezzo pc

Messaggioda paove » lun dic 27, 2010 5:50 pm

ComboFix 10-12-26.01 - Paolo 27/12/2010 14.07.04.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.2045.710 [GMT 1:00]
Eseguito da: c:\prova\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Microsoft
c:\program files\Perfect Optimizer
c:\program files\Perfect Optimizer\aamd532.dll
c:\program files\Perfect Optimizer\Config.db
c:\program files\Perfect Optimizer\config\head.bmp
c:\program files\Perfect Optimizer\config\Lng2Const.xml
c:\program files\Perfect Optimizer\config\logo.ico
c:\program files\Perfect Optimizer\config\Menu.xml
c:\program files\Perfect Optimizer\config\SmallLogo.bmp
c:\program files\Perfect Optimizer\config\splash.jpg
c:\program files\Perfect Optimizer\Data\Service\notebook_model.bat
c:\program files\Perfect Optimizer\Data\Service\office_model.bat
c:\program files\Perfect Optimizer\FreeUse.dll
c:\program files\Perfect Optimizer\InstallDll.dll
c:\program files\Perfect Optimizer\License.dll
c:\program files\Perfect Optimizer\PerfectOptimizer.exe
c:\program files\Perfect Optimizer\SEClean.DLL
c:\program files\Perfect Optimizer\SERes.DLL
c:\program files\Perfect Optimizer\sqlite3.dll
c:\program files\Perfect Optimizer\unins000.exe
c:\program files\Perfect Optimizer\Update.exe
c:\program files\Perfect Optimizer\WinUpdate.exe
c:\program files\webmediaplayer
c:\program files\webmediaplayer\resources\languages_v2.xml
c:\program files\webmediaplayer\resources\webmedias
c:\program files\webmediaplayer\sqlite3.dll
c:\users\Paolo\AppData\Local\atfsf.dat
c:\users\Paolo\AppData\Local\atfsf_navtmp.dat
c:\users\Paolo\AppData\Local\pblnx.dat
c:\users\Paolo\AppData\Local\pblnx_nav.dat
c:\users\Paolo\AppData\Local\pblnx_navps.dat
c:\users\Paolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect Optimizer
c:\users\Public\Documents\Server\admin.txt
c:\users\Public\Documents\Server\server.dat
c:\windows\system32\Ijl11.dll
c:\windows\system32\kWab.dll
c:\windows\system32\twain.dll
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-11-27 al 2010-12-27 )))))))))))))))))))))))))))))))))))
.

2010-12-27 14:03 . 2010-12-27 14:03 -------- d-----w- c:\users\manuela\AppData\Local\temp
2010-12-27 13:59 . 2010-12-27 13:59 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2010-12-27 13:59 . 2010-12-27 13:59 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-12-27 13:59 . 2010-12-27 13:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-26 19:29 . 2010-12-26 19:29 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-12-26 19:06 . 2010-12-26 19:06 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-26 19:05 . 2010-12-26 19:29 -------- d-----w- c:\programdata\Hitman Pro
2010-12-26 17:04 . 2010-12-26 17:12 -------- d-----w- c:\programdata\Microsoft Help
2010-12-26 13:23 . 2010-12-26 13:23 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-12-26 13:10 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-26 13:08 . 2010-10-28 15:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-26 13:08 . 2010-10-28 13:03 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-26 13:08 . 2010-06-16 15:12 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-26 11:53 . 2010-12-26 11:53 -------- d-----w- c:\windows\MATS
2010-12-26 09:19 . 2010-12-26 09:19 -------- d-----w- c:\users\Paolo\AppData\Local\FixItCenter
2010-12-26 09:00 . 2010-12-26 11:53 -------- d-----w- c:\program files\Microsoft Fix it Center
2010-12-26 04:01 . 2010-12-26 04:01 -------- d-----w- c:\programdata\Nitro PDF
2010-12-26 04:00 . 2010-12-26 04:00 -------- d-----w- c:\programdata\Bluetooth
2010-12-26 03:59 . 2010-12-26 03:59 -------- d-----w- c:\programdata\PC Suite
2010-12-26 03:58 . 2010-12-26 03:58 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-12-26 03:58 . 2010-12-26 03:58 -------- d-----w- c:\programdata\Creative
2010-12-26 03:58 . 2010-12-26 04:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-26 03:58 . 2010-12-26 03:58 -------- d-----w- c:\programdata\FNET
2010-12-26 03:58 . 2010-12-26 06:09 -------- d-----w- c:\programdata\GTek
2010-12-26 03:58 . 2010-12-26 03:58 -------- d-----w- c:\programdata\InstallShield
2010-12-26 03:58 . 2010-12-27 07:05 -------- d-----w- c:\programdata\LogMeIn
2010-12-26 03:58 . 2010-12-27 07:05 -------- d-----w- c:\programdata\NVIDIA
2010-12-25 19:55 . 2010-12-25 19:55 -------- d-----w- c:\windows\xxclone.arc
2010-12-25 18:44 . 2010-12-25 18:44 -------- d-----w- c:\programdata\WindowsSearch
2010-12-25 16:52 . 2010-12-25 16:52 -------- d--h--w- c:\programdata\yahoo!
2010-12-25 09:47 . 2010-12-25 09:47 -------- d-----w- c:\programdata\Ashampoo
2010-12-25 08:46 . 2010-12-25 08:46 -------- d-----w- c:\program files\XXCLONE
2010-12-21 13:01 . 2010-11-10 04:33 6273872 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{146508FC-DC02-4163-8A2B-2FA50D986892}\mpengine.dll
2010-12-20 20:03 . 2010-12-20 20:03 -------- d-----w- C:\Giochi
2010-12-20 15:31 . 2010-12-20 17:23 -------- d-----w- c:\users\Paolo\AppData\Roaming\XBMC
2010-12-20 15:31 . 2010-12-20 15:34 -------- d-----w- c:\program files\XBMC
2010-12-20 15:08 . 2010-12-20 15:08 -------- d-----w- c:\users\Paolo\.invoicex
2010-12-18 14:41 . 2010-12-18 14:41 -------- d-----w- c:\users\Paolo\AppData\Roaming\NPLUTO Corporation
2010-12-16 19:35 . 2010-12-16 19:35 -------- d-----w- c:\program files\Common Files\Skype
2010-12-15 17:40 . 2010-12-15 17:40 -------- d-----w- c:\users\Paolo\.filestore
2010-12-15 12:01 . 2010-12-27 13:07 -------- d-----w- c:\users\Paolo\AppData\Local\freetvradio Air
2010-12-15 12:00 . 2010-12-15 17:16 -------- d-----w- c:\users\Paolo\AppData\Roaming\freeTVRadio
2010-12-15 11:57 . 2010-12-15 11:58 -------- d-----w- c:\program files\freeTVRadio
2010-12-12 10:03 . 2010-12-12 10:03 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 7
2010-12-06 11:51 . 2010-12-06 12:20 -------- d-----w- c:\users\Public\installer heroes of the sky
2010-12-03 18:31 . 2010-12-03 18:31 -------- d-----w- c:\users\Paolo\AppData\Roaming\Avira
2010-12-01 19:45 . 2010-07-25 16:48 3728840 ----a-w- c:\windows\system32\GameMon.des
2010-12-01 19:44 . 2004-12-31 06:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-12-01 19:44 . 2003-07-16 15:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2010-12-01 19:44 . 2010-12-01 19:44 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-11-30 20:16 . 2010-12-18 12:32 -------- d-----w- C:\GamesCampus
2010-11-30 19:19 . 2010-12-18 20:04 -------- d-----w- c:\users\Paolo\AppData\Local\PMB Files
2010-11-30 19:18 . 2010-11-30 19:18 -------- d-----w- c:\program files\Pando Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-26 13:23 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2010-12-22 05:54 . 2009-05-28 13:36 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-22 05:54 . 2009-05-28 13:36 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-08 12:12 . 2008-06-12 16:35 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 12:11 . 2008-06-12 16:35 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 12:11 . 2008-06-12 16:35 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 12:11 . 2008-06-12 16:35 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-11-16 00:10 . 2010-11-16 00:10 65328 ----a-w- c:\windows\apppatch\matsshim.dll
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-10-22 13:59 . 2010-10-22 13:59 286720 ----a-w- c:\windows\iun507.exe
2010-10-19 09:41 . 2009-10-03 12:02 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-10-11 18:59 . 2010-10-11 18:59 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-10-01 13:48 . 2007-10-09 02:40 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-01 13:48 . 2007-10-09 02:40 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-01 10:19 . 2008-06-12 16:35 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2010-03-11 20:38 . 2010-03-30 05:05 653312 ----a-w- c:\program files\Common Files\SetupDLL.dll
2010-07-29 04:30 . 2008-09-19 19:06 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-04-13 15:52 . 2010-04-13 15:52 286720 ----a-w- c:\program files\mozilla firefox\components\htservice.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA}]
2010-08-19 12:27 135840 ----a-w- c:\program files\freeTVRadio\spointer\extensions\freetvradio_air_ie.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-12 133104]
"WinSent"="c:\users\Paolo\Downloads\winsent1110128_en\winsent.exe" [2009-06-29 382464]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2009-04-24 203416]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"RamBooster"="c:\program files\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664]
"IDriveE Startup"="c:\idrive\IDrvieEStartup.exe" [2010-02-08 177616]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-09-02 672632]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-07-04 398568]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"GizmoDriveDelegate"="c:\progra~1\GIZMO\GDRIVE.DLL" [2008-05-08 390752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-11-12 433152]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-26 208896]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-29 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-08-11 249856]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"00Hotkeys"="c:\program files\Qliner Hotkeys\HotKeys.exe" [2006-12-02 45056]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"FlipViewer Library"="c:\program files\E-Book Systems\FlipViewer\FlipViewerLibrary.exe" [2008-12-04 409288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2009-08-05 3788800]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-12-04 210240]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"HHOTTViewGSB"="c:\program files\HHOTT\HHOTT View\HTGSB.exe" [2010-04-13 492544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-05-10 906656]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\users\Paolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\idrive\IDriveEReg2ini.exe [2010-3-23 288176]
Memento.lnk - c:\program files\Memento\Memento.exe [2003-5-18 253952]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk.disabled]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk.disabled
backup=c:\windows\pss\PalTalk.lnk.disabled.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pblnx

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
2003-11-28 01:19 733184 ----a-w- c:\program files\Corel\Corel Graphics 12\Languages\IT\Programs\registration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Laplink Web Server]
2007-08-09 12:19 1152304 ----a-w- c:\program files\Laplink Everywhere\LapLinkEverywhere.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate1c9dd3c515177b6;Google Update Service (gupdate1c9dd3c515177b6);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 133104]
R2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc [x]
R3 Access Remote PC Service 5.1;Access Remote PC Service 5.1;c:\program files\Access Remote PC 5.1\rpcsetup.exe [2007-11-26 2220784]
R3 BthAvrcp;Profilo Bluetooth AVRCP;c:\windows\system32\DRIVERS\BthAvrcp.sys [2008-07-10 15872]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-09-02 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-09-01 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-03 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-03 72728]
R3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-04-13 33280]
R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2009-08-05 23680]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-29 30192]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
R3 HSFHWCD2;HSFHWCD2;c:\windows\system32\DRIVERS\HSFHWCD2.sys [x]
R3 HSXHWCD2;HSXHWCD2;c:\windows\system32\DRIVERS\HSXHWCD2.sys [2006-11-08 243712]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 267568]
R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-01-27 255488]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-07-25 3728840]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-05-28 14896]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-12-16 40368]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-24 64160]
S0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
S0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-11 721904]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2009-08-05 7936]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
S2 Gizmo Central;Gizmo Central;c:\program files\Gizmo\gservice.exe [2008-05-08 31856]
S2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2010-02-24 143360]
S2 IDriveWebM;IDrive WebManager;c:\idrive\IDriveWebM.exe [2010-02-01 124336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-24 537520]
S2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-26 311296]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-26 266240]
S2 SdReadSpool;SolidPDFCreatorReadSpool;c:\program files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [2009-03-18 189696]
S2 ServerProxyService;ServerProxyService;c:\program files\Laplink Everywhere\ServerProxyService.exe [2007-08-09 136496]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
S2 winShadow;winShadow;c:\program files\Laplink\winShadow\shwSrvc.exe [2007-08-09 673072]
S3 AVMNgBasM779;AVerMedia M779 Base Driver;c:\windows\system32\DRIVERS\AVerBas.sys [2007-02-13 49280]
S3 AVMNgCapM779;AVerMedia M779 Audio/Video Capture Driver;c:\windows\system32\DRIVERS\AVerCap.sys [2007-02-13 219648]
S3 AVMNgTunM779;AVerMedia M779 TVTuner Driver;c:\windows\system32\DRIVERS\AVerTun.sys [2007-02-13 147584]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-03 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-03 72728]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-10-09 5632]
S3 shwMirror;shwMirror;c:\windows\system32\DRIVERS\shwMirror.sys [2006-11-02 3584]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:06]

2010-12-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-04 11:22]

2010-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 13:25]

2010-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 13:25]

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-584481910-1332423684-1337546778-1001Core.job
- c:\users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 12:26]

2010-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-584481910-1332423684-1337546778-1001UA.job
- c:\users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 12:26]

2010-12-27 c:\windows\Tasks\User_Feed_Synchronization-{691529E4-74B1-4052-8097-D0726F93B092}.job
- c:\windows\system32\msfeedssync.exe [2010-12-26 04:25]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {B05AA15F-FB82-4431-80D3-B2393EDDAC18} = 212.216.112.112,212.216.172.62
FF - ProfilePath - c:\users\Paolo\AppData\Roaming\Mozilla\Firefox\Profiles\azrghvcw.default\
FF - prefs.js: browser.startup.homepage - hxxp://it.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 7\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Open IT Online: extension@openitonline.com - %profile%\extensions\extension@openitonline.com
FF - Ext: Dizionario italiano: it-IT@dictionaries.addons.mozilla.org - %profile%\extensions\it-IT@dictionaries.addons.mozilla.org
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: YouPlayer: youplayer@addons.mozilla.org - %profile%\extensions\youplayer@addons.mozilla.org
FF - Ext: FoxTrick: {9d1f059c-cada-4111-9696-41a62d64e3ba} - %profile%\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
FF - Ext: Alltid Hattrick Statistics: {fd048119-78ee-487f-8fb1-1668d3a6859b} - %profile%\extensions\{fd048119-78ee-487f-8fb1-1668d3a6859b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: CountdownClock: {19D3B002-1AD1-4a69-A5B3-AA98773DBB86} - %profile%\extensions\{19D3B002-1AD1-4a69-A5B3-AA98773DBB86}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Linky: linky@gemal.dk - %profile%\extensions\linky@gemal.dk
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM_ActiveSetup-Nitro PDF Professional - (no file)
AddRemove-UBCD4Win_is1 - f:\ubcd4win\unins000.exe
AddRemove-{EA12F03F-0973-4715-9CBA-F2845999E777}_is1 - c:\program files\Perfect Optimizer\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-27 15:04
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

Scansione files nascosti ...


c:\users\Paolo\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-584481910-1332423684-1337546778-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d5,1c,66,c3,6b,cb,8d,c9,68,53,92,91,18,38,e2,a5,6b,54,8e,6e,f2,a4,b8,
2d,d9,00,a0,4d,21,37,32,97,a8,24,6f,9f,ec,73,a2,8b,e0,6d,a3,7f,f0,03,c6,e5,\
"??"=hex:01,fb,0f,39,3d,9a,7b,5f,d0,14,b2,0b,14,ad,f9,42

[HKEY_USERS\S-1-5-21-584481910-1332423684-1337546778-1001\Software\SecuROM\License information*]
"datasecu"=hex:48,be,6d,58,e5,46,ed,12,d2,58,9d,b8,96,1b,04,91,47,bc,5b,19,a2,
29,93,52,00,50,ee,67,7e,05,a9,cd,6a,74,b3,c8,7c,ce,84,43,dc,6f,a0,e5,f6,f2,\
"rkeysecu"=hex:d3,f0,df,eb,2e,5e,50,a6,13,ae,a6,17,a8,7b,dc,dd

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-12-27 15:14:21
ComboFix-quarantined-files.txt 2010-12-27 14:14

Pre-Run: 46.605.426.688 byte disponibili
Post-Run: 46.945.574.912 byte disponibili

- - End Of File - - A3EE5308A6DD0FF5162A269AAED0B5C2
Avatar utente
paove
Aficionado
Aficionado
 
Messaggi: 120
Iscritto il: dom ott 29, 2006 6:51 pm

Re: sparito mezzo pc

Messaggioda FDAC » lun dic 27, 2010 5:57 pm

Ciao.
Se esiste, elimina queste cartelle:

c:\program files\Perfect Optimizer
c:\program files\webmediaplayer

e questa DLL:
c:\users\Paolo\AppData\Local\Temp\catchme.dll

P.S. Se non riuscissi a trovarli, prima Abilita la Visualizzazione delle cartelle e dei files nascosti, seguendo questa semplice procedura.

Procedura per Windows XP:
● clicca su Start - Pannello di controllo - Opzioni cartella
● clicca sulla scheda Visualizzazione
● in Impostazioni Avanzate cerca la casella Visualizza cartelle e file nascosti e spunta la voce

Procedura per Windows Vista e Seven:
● clicca su Start - Computer
● premi ora il tasto ALT per la visualizzazione della Barra dei Menù
● clicca su Strumenti - Opzioni cartella - Tab Visualizzazione
● spunta la voce a Visualizza cartelle e file nascosti


Disinstalla:
Spybot - Search & Destroy
WindowsSearch
yahoo!
Ad-Aware


Infine:
Scarica ed installa Hijackthis: http://www.trendmicro.com/ftp/products/ ... ckThis.msi

● lancia Hijackthis
● clicca sul pulsante Do a system scan and save a logfile
● al termine della scansione, che durerà una manciata di secondi, verrà rilasciato un file di testo: allegalo col tag MEMO

Comunica anche la situazione del tuo PC.
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: sparito mezzo pc

Messaggioda x-free » lun dic 27, 2010 6:15 pm

FDAC ha scritto:
Disinstalla:
Spybot - Search & Destroy
WindowsSearch
yahoo!
Ad-Aware



Non è necessario, magari paove utilizza questi programmi!
"Dopo essere venuto a contatto con un uomo religioso, sento sempre il bisogno di lavarmi le mani" - Friedrich Wilhelm Nietzsche
Avatar utente
x-free
Silver Member
Silver Member
 
Messaggi: 1369
Iscritto il: dom mar 29, 2009 12:03 pm
Località: Torino

Re: sparito mezzo pc

Messaggioda paove » lun dic 27, 2010 6:27 pm

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18.27.08, on 27/12/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Qliner Hotkeys\HotKeys.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\UsbBoost\TurboHddUsb.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HHOTT\HHOTT View\HTGSB.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Paolo\Downloads\winsent1110128_en\winsent.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Smart Desktop\SmartDesktop.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Users\Paolo\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\freeTVRadio\spointer\freetvradio_air.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll
O2 - BHO: Interest recogniser for Freetvradio (powered by Spointer) - {4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA} - C:\Program Files\freeTVRadio\spointer\extensions\freetvradio_air_ie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon Plug In - {A057A204-BACC-4D26-9E83-2DB586E27190} - C:\PROGRA~1\BABYLO~1\BABYLO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 11\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Babylon Plug In - {A057A204-BACC-4D26-9E83-2DB586E27190} - C:\PROGRA~1\BABYLO~1\BABYLO~1.DLL
O3 - Toolbar: HHOTTView - {E98C083C-BE4D-4339-A491-FB5FFFA34A00} - C:\Program Files\HHOTT\HHOTT View\HHOTTView.dll
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [00Hotkeys] "C:\Program Files\Qliner Hotkeys\HotKeys.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FlipViewer Library] "C:\Program Files\E-Book Systems\FlipViewer\FlipViewerLibrary.exe" /showmode=hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [UsbBoost] C:\Program Files\UsbBoost\TurboHddUsb.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HHOTTViewGSB] C:\Program Files\HHOTT\HHOTT View\HTGSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WinSent] C:\Users\Paolo\Downloads\winsent1110128_en\winsent.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [IDriveE Startup] "C:\IDrive\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [1 Call SmartDeskTop] C:\PROGRA~1\SMARTD~1\SMARTD~1.EXE
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~1\GIZMO\GDRIVE.DLL,Remount_Startup_Images
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [Google Update] "C:\Users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~1\GIZMO\GDRIVE.DLL,Remount_Startup_Images (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [ALSong] "C:\Program Files\ESTsoft\ALSong\ALSong.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [IDriveE Startup] "C:\IDrive\IDrvieEStartup.exe" Hide (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [20090604] C:\Program Files\Encore\Hoyle Puzzle and Board Games 2011\Ereg\encore_reg.exe /r "C:\Program Files\Encore\Hoyle Puzzle and Board Games 2011\Ereg\encore_reg.rpd" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\RunOnce: [CTAutoUpdate] "C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: IDrive Tray.lnk = C:\IDrive\IDriveEReg2ini.exe
O4 - Startup: Memento.lnk = C:\Program Files\Memento\Memento.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - User Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x ... DASAct.cab
O16 - DPF: {AFFBDA02-5D3A-11D9-AAC8-91EC5E497716} (ActiveXShadow Control) - https://www.ll2go.com/html/x-file/000/w ... dow_it.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{B05AA15F-FB82-4431-80D3-B2393EDDAC18}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Access Remote PC Service 5.1 - Access Remote PC (www.access-remote-pc.com) - C:\Program Files\Access Remote PC 5.1\rpcsetup.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Gizmo Central - Arainia Solutions - C:\Program Files\Gizmo\gservice.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9dd3c515177b6) (gupdate1c9dd3c515177b6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\IDrive\IDriveE Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IDrive WebManager (IDriveWebM) - Pro-Softnet - C:\IDrive\IDriveWebM.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxbf_device - - C:\Windows\system32\lxbfcoms.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SolidPDFCreatorReadSpool (SdReadSpool) - Solid Documents, LLC - C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
O23 - Service: ServerProxyService - Unknown owner - C:\Program Files\Laplink Everywhere\ServerProxyService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: winShadow - OmniCom Technologies - C:\Program Files\Laplink\winShadow\shwSrvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 26360 bytes


Ti ringrazio per l'aiuto che mi stai dando. Il pc è ancora come prima, non trovo gli strumenti di amministrazione, il pannello di controllo è modificato (non più come menu ma solo collegamento) ecc... :(
Avatar utente
paove
Aficionado
Aficionado
 
Messaggi: 120
Iscritto il: dom ott 29, 2006 6:51 pm

Re: sparito mezzo pc

Messaggioda FDAC » lun dic 27, 2010 6:29 pm

Ciao X Free.
Spybot - Search & Destroy ha il TeaTimer attivato, quindi va in conflitto con l'AV residente, rallentando il PC.
WindowsSearch e yahoo! sono delle Toolbar/Programmi aggiuntivi inutili.
Ad-Aware è uno degli AV più pessimi ( si puo' dire :) ) della storia di Windows, sin dalla versione DOS.
Spero di essermi chiarito.
Ciao e buone feste anche a te, X Free.
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: sparito mezzo pc

Messaggioda FDAC » lun dic 27, 2010 6:37 pm

Oddio, ma come hai ridotto questo povero PC [acc2]
Povero me, quanto lavoro mi dai [grazie]

Disinstalla:
Google Desktop Search
Lavasoft Ad-Aware
Spybot - Search & Destroy
Toolbar HHOTTView
Google Toolbar
Windows Live Toolbar
Babylon


Rilancia Hijackthis:
Do a System Scan Only
spunta la casellina fianco di ogni singola voce che ti indicherò sotto
● una volta spuntate le voci:
chiudi tutte le applicazioni aperte
chiudi tutte le pagine del browser aperte
● in Hijackthis fixa le voci cliccando su Fix checked

Queste le voci da fixare:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FlipViewer Library] "C:\Program Files\E-Book Systems\FlipViewer\FlipViewerLibrary.exe" /showmode=hide
O4 - HKLM\..\Run: [UsbBoost] C:\Program Files\UsbBoost\TurboHddUsb.exe
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HHOTTViewGSB] C:\Program Files\HHOTT\HHOTT View\HTGSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WinSent] C:\Users\Paolo\Downloads\winsent1110128_en\winsent.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [IDriveE Startup] "C:\IDrive\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [1 Call SmartDeskTop] C:\PROGRA~1\SMARTD~1\SMARTD~1.EXE
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~1\GIZMO\GDRIVE.DLL,Remount_Startup_Images
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [Google Update] "C:\Users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~1\GIZMO\GDRIVE.DLL,Remount_Startup_Images (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [ALSong] "C:\Program Files\ESTsoft\ALSong\ALSong.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [IDriveE Startup] "C:\IDrive\IDrvieEStartup.exe" Hide (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\Run: [20090604] C:\Program Files\Encore\Hoyle Puzzle and Board Games 2011\Ereg\encore_reg.exe /r "C:\Program Files\Encore\Hoyle Puzzle and Board Games 2011\Ereg\encore_reg.rpd" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-584481910-1332423684-1337546778-1000\..\RunOnce: [CTAutoUpdate] "C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: IDrive Tray.lnk = C:\IDrive\IDriveEReg2ini.exe
O4 - Startup: Memento.lnk = C:\Program Files\Memento\Memento.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - User Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x ... DASAct.cab
O16 - DPF: {AFFBDA02-5D3A-11D9-AAC8-91EC5E497716} (ActiveXShadow Control) - https://www.ll2go.com/html/x-file/000/w ... dow_it.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: sparito mezzo pc

Messaggioda x-free » lun dic 27, 2010 6:38 pm

L'utilità e l'inutilità sono due fattori strettamente soggettivi.

Buone feste anche a te FDAC ;)
"Dopo essere venuto a contatto con un uomo religioso, sento sempre il bisogno di lavarmi le mani" - Friedrich Wilhelm Nietzsche
Avatar utente
x-free
Silver Member
Silver Member
 
Messaggi: 1369
Iscritto il: dom mar 29, 2009 12:03 pm
Località: Torino

Re: sparito mezzo pc

Messaggioda Ale2695 » lun dic 27, 2010 6:56 pm

FDAC ha scritto:Disinstalla:
Google Desktop Search
Lavasoft Ad-Aware
Spybot - Search & Destroy
Toolbar HHOTTView
Google Toolbar
Windows Live Toolbar
Babylon

perché dovrebbe disinstallare per forza questi programmi? Magari la Google Toolbar o Google Desktop Search li usa! Non puoi costringere una persona a disinstallare cose che magari usa! Attieniti alla rimozione di eventuali malware, non far rimuovere programmi potenzialmente utili! E anche suggerire di togliere l'AV, in alcuni casi, serve solo a peggiorare la situazione. Avast non si avvia? Rimuovilo! Non mi sembra il modo migliore di operare.
Mi scuso per l' [ot] , spero che comunque tu riesca a risolvere il problema [^]
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara

Re: sparito mezzo pc

Messaggioda x-free » lun dic 27, 2010 7:14 pm

Ale2695 ha scritto:perché dovrebbe disinstallare per forza questi programmi? Magari la Google Toolbar o Google Desktop Search li usa! Non puoi costringere una persona a disinstallare cose che magari usa!


Era sostanzialmente quello che intendevo dire io nel post precedente [;)]
"Dopo essere venuto a contatto con un uomo religioso, sento sempre il bisogno di lavarmi le mani" - Friedrich Wilhelm Nietzsche
Avatar utente
x-free
Silver Member
Silver Member
 
Messaggi: 1369
Iscritto il: dom mar 29, 2009 12:03 pm
Località: Torino

Re: sparito mezzo pc

Messaggioda Ale2695 » lun dic 27, 2010 7:19 pm

x-free ha scritto:
Ale2695 ha scritto:perché dovrebbe disinstallare per forza questi programmi? Magari la Google Toolbar o Google Desktop Search li usa! Non puoi costringere una persona a disinstallare cose che magari usa!


Era sostanzialmente quello che intendevo dire io nel post precedente [;)]

L'ho letto solo dopo aver scritto il mio, scusa
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara

Re: sparito mezzo pc

Messaggioda paove » lun dic 27, 2010 7:26 pm

Innanzi tutto ringrazio per l'aiuto che sto ricevendo.
E mi scuso per il lavoro di analisi che mi è stato fatto, ma con un pc "casalingo" che gira da 4 anni mi aspettavo di trovare tante cose, sia utili che inutili. Effettivamente ora, dopo l'eliminazione di tutti quei file per me strani, posso accedere al pc con almeno 5 minuti di anticipo rispetto a prima. Rimane ancora però la limitazione ai programmi che avevo prima (strumenti amministrazione vuoto, programmi spariti e scombussolamenti vari)
Avatar utente
paove
Aficionado
Aficionado
 
Messaggi: 120
Iscritto il: dom ott 29, 2006 6:51 pm

Re: sparito mezzo pc

Messaggioda Ale2695 » lun dic 27, 2010 7:35 pm

paove ha scritto:Innanzi tutto ringrazio per l'aiuto che sto ricevendo.
E mi scuso per il lavoro di analisi che mi è stato fatto, ma con un pc "casalingo" che gira da 4 anni mi aspettavo di trovare tante cose, sia utili che inutili. Effettivamente ora, dopo l'eliminazione di tutti quei file per me strani, posso accedere al pc con almeno 5 minuti di anticipo rispetto a prima. Rimane ancora però la limitazione ai programmi che avevo prima (strumenti amministrazione vuoto, programmi spariti e scombussolamenti vari)

Un infezione sicuramente sul computer era in corso, ma ora dovrebbe essere stata debellata. L'unico problema è che quel fatto che segnali, che io sappia, non viene provocato da nessun malware che io conosca... Quindi, non saprei...
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara

Re: sparito mezzo pc

Messaggioda FDAC » lun dic 27, 2010 8:28 pm

Le Toolbar, non mi sono mai piaciute.
Posta un log aggiornato di Hijackthis.
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Prossimo

Torna a Sistema Operativo

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising