Ciao a tutti! Vi prego aiutatemi! Questo è uno dei pochi momenti che riesco a collegarmi a internet!!! Ho il virus internet connection che mi perseguita.... :cry:

Questo è il log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.42.38, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
C:\WINDOWS\Explorer.EXE
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\QuickTime\bak\qttask.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB IE.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier .exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Vale\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\it.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615. 5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB IE.EXE /FU "C:\WINDOWS\TEMP\E_S115.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB IE.EXE /FU "C:\WINDOWS\TEMP\E_SA6.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB IE.EXE /FU "C:\DOCUME~1\Vale\IMPOST~1\Temp\E_S2F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft PowerPoint\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/it/Prg/ESTPTest.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8110EF56-CC56-45E2-B4A7-02D2E6377B0B}: NameServer = 62.211.69.150 212.48.4.15
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe

--
End of file - 10077 bytes


Ditemi cosa fare, Grazie mille :smack:

Ciao Vale9, benvenuto/a
ho aperto per te una nuova discussione (leggi il Regolamento del forum Sicurezza (http://forum.html.it/forum/showthread.php?s=&threadid=997970) )

Posta il report di FindAWF (http://noahdfear.geekstogo.com/FindAWF.exe) (scegli opzione "1")

Ciao

Eccolo qua!!



Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit… C Š HDD
Numero di serie del volume: D8F5-C85F

Directory di C:\APPS\POWERC~1\BAK

11/05/2005 13.48 127.118 PCMService.exe
1 File 127.118 byte
2 Directory 56.062.562.304 byte disponibili
Il volume nell'unit… C Š HDD
Numero di serie del volume: D8F5-C85F

Directory di C:\PROGRA~1\QUICKT~1\BAK

01/09/2006 15.57 282.624 qttask.exe
1 File 282.624 byte
2 Directory 56.062.562.304 byte disponibili
Il volume nell'unit… C Š HDD
Numero di serie del volume: D8F5-C85F

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 14.00 15.360 ctfmon.exe
25/11/2005 08.52 221.184 WLan.exe
2 File 236.544 byte
2 Directory 56.062.558.208 byte disponibili
Il volume nell'unit… C Š HDD
Numero di serie del volume: D8F5-C85F

Directory di C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK

12/08/2005 14.43 45.056 cli.exe
1 File 45.056 byte
2 Directory 56.062.558.208 byte disponibili
Il volume nell'unit… C Š HDD
Numero di serie del volume: D8F5-C85F

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 56.062.558.208 byte disponibili
Il volume nell'unit… C Š HDD
Numero di serie del volume: D8F5-C85F

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

04/06/2007 19.20 68.856 GoogleToolbarNotifier.exe
1 File 68.856 byte
2 Directory 56.062.558.208 byte disponibili
Il volume nell'unit… C Š HDD
Numero di serie del volume: D8F5-C85F

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~3\BAK

02/08/2007 21.23 1.836.544 GoogleDesktop.exe
1 File 1.836.544 byte
2 Directory 56.062.558.208 byte disponibili
Il volume nell'unit… C Š HDD
Numero di serie del volume: D8F5-C85F

Directory di C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

10/03/2005 18.43 688.218 SynTPEnh.exe
10/03/2005 18.44 98.394 SynTPLpr.exe
2 File 786.612 byte
2 Directory 56.062.558.208 byte disponibili
Il volume nell'unit… C Š HDD
Numero di serie del volume: D8F5-C85F

Directory di C:\WINDOWS\IME\IMJP8_1\BAK

19/08/2004 14.00 208.952 IMJPMIG.EXE
1 File 208.952 byte
2 Directory 56.062.558.208 byte disponibili
Il volume nell'unit… C Š HDD
Numero di serie del volume: D8F5-C85F

Directory di C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

11/05/2007 03.06 40.048 Reader_sl.exe
1 File 40.048 byte
2 Directory 56.062.558.208 byte disponibili
Il volume nell'unit… C Š HDD
Numero di serie del volume: D8F5-C85F

Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK

04/06/2007 21.56 180.269 realsched.exe
1 File 180.269 byte
2 Directory 56.062.558.208 byte disponibili
Il volume nell'unit… C Š HDD
Numero di serie del volume: D8F5-C85F

Directory di C:\PROGRA~1\FILECO~1\ULEADS~1\AUTODE~1\BAK

26/11/2004 11.43 90.112 monitor.exe
1 File 90.112 byte
2 Directory 56.062.554.112 byte disponibili
Il volume nell'unit… C Š HDD
Numero di serie del volume: D8F5-C85F

Directory di C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

12/07/2007 04.00 132.496 jusched.exe
1 File 132.496 byte
2 Directory 56.062.554.112 byte disponibili
Il volume nell'unit… C Š HDD
Numero di serie del volume: D8F5-C85F

Directory di C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

19/08/2004 14.00 455.168 TINTSETP.EXE
1 File 455.168 byte
2 Directory 56.062.554.112 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

127118 11 May 2005 "C:\APPS\Powercinema\bak\PCMService.exe"
282624 1 Sep 2006 "C:\Programmi\QuickTime\bak\qttask.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
221184 25 Nov 2005 "C:\PNP\WLANAP\WLAN.EXE"
221184 25 Nov 2005 "C:\WINDOWS\system32\bak\WLan.exe"
45056 12 Aug 2005 "C:\Programmi\ATI Technologies\ATI.ACE\bak\cli.exe"
52272 6 Feb 2007 "C:\Programmi\Google\googletoolbar3user.exe"
14348 18 Mar 2008 "C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier .exe"
69632 13 Nov 2007 "C:\Programmi\Google\Google Earth\googleearth.exe"
755304 14 Mar 2007 "C:\Programmi\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe"
124912 19 Aug 2007 "C:\Programmi\Google\Google Updater\GoogleUpdater.exe"
26694 17 Feb 2008 "C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756 B57CAB4E6A8B.exe"
124912 19 Aug 2007 "C:\WINDOWS\Temp\giseb07f\GoogleUpdater.exe"
619536 10 Oct 2007 "C:\Programmi\File comuni\Real\GToolbar\googletoolbarinstaller.exe"
138680 4 Jun 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 4 Jun 2007 "C:\Programmi\Google\GoogleToolbarNotifier\bak\Goog leToolbarNotifier.exe"
1836544 2 Aug 2007 "C:\Programmi\Google\Google Desktop Search\bak\GoogleDesktop.exe"
1831936 4 Jun 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp1\GoogleDesktopSetupHelper.exe"
1831936 4 Jun 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp2\GoogleDesktopSetupHelper.exe"
1831936 4 Jun 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp3\GoogleDesktopSetupHelper.exe"
1836544 1 Aug 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp4\GoogleDesktopSetupHelper.exe"
1836544 2 Aug 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp5\GoogleDesktopSetupHelper.exe"
1836544 31 Jan 2008 "C:\Programmi\Google\Google Desktop Search\gcdtmp6\GoogleDesktopSetupHelper.exe"
1836544 2 Feb 2008 "C:\Programmi\Google\Google Desktop Search\gcdtmp7\GoogleDesktopSetupHelper.exe"
1836544 2 Feb 2008 "C:\Programmi\Google\Google Desktop Search\gcdtmp8\GoogleDesktopSetupHelper.exe"
124912 19 Aug 2007 "C:\Programmi\Google\Google Updater\2.2.940.34809\GoogleUpdaterRestartManager. exe"
52272 6 Feb 2007 "C:\Programmi\Google\googletoolbar3user.exe"
14348 18 Mar 2008 "C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier .exe"
69632 13 Nov 2007 "C:\Programmi\Google\Google Earth\googleearth.exe"
755304 14 Mar 2007 "C:\Programmi\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe"
124912 19 Aug 2007 "C:\Programmi\Google\Google Updater\GoogleUpdater.exe"
26694 17 Feb 2008 "C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756 B57CAB4E6A8B.exe"
124912 19 Aug 2007 "C:\WINDOWS\Temp\giseb07f\GoogleUpdater.exe"
619536 10 Oct 2007 "C:\Programmi\File comuni\Real\GToolbar\googletoolbarinstaller.exe"
138680 4 Jun 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 4 Jun 2007 "C:\Programmi\Google\GoogleToolbarNotifier\bak\Goog leToolbarNotifier.exe"
1836544 2 Aug 2007 "C:\Programmi\Google\Google Desktop Search\bak\GoogleDesktop.exe"
1831936 4 Jun 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp1\GoogleDesktopSetupHelper.exe"
1831936 4 Jun 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp2\GoogleDesktopSetupHelper.exe"
1831936 4 Jun 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp3\GoogleDesktopSetupHelper.exe"
1836544 1 Aug 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp4\GoogleDesktopSetupHelper.exe"
1836544 2 Aug 2007 "C:\Programmi\Google\Google Desktop Search\gcdtmp5\GoogleDesktopSetupHelper.exe"
1836544 31 Jan 2008 "C:\Programmi\Google\Google Desktop Search\gcdtmp6\GoogleDesktopSetupHelper.exe"
1836544 2 Feb 2008 "C:\Programmi\Google\Google Desktop Search\gcdtmp7\GoogleDesktopSetupHelper.exe"
1836544 2 Feb 2008 "C:\Programmi\Google\Google Desktop Search\gcdtmp8\GoogleDesktopSetupHelper.exe"
124912 19 Aug 2007 "C:\Programmi\Google\Google Updater\2.2.940.34809\GoogleUpdaterRestartManager. exe"
688218 10 Mar 2005 "C:\PNP\MOUSE\SYNTPENH.EXE"
688218 10 Mar 2005 "C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe"
688218 10 Mar 2005 "C:\Programmi\Synaptics\SynTP\Media\SYNTPENH.EXE"
98394 10 Mar 2005 "C:\PNP\MOUSE\SYNTPLPR.EXE"
98394 10 Mar 2005 "C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe"
98394 10 Mar 2005 "C:\Programmi\Synaptics\SynTP\Media\SYNTPLPR.EXE"
208952 19 Aug 2004 "C:\WINDOWS\ime\IMJP8_1\imjpmig.exe"
208952 19 Aug 2004 "C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
40048 11 May 2007 "C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
180269 4 Jun 2007 "C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe"
90112 26 Nov 2004 "C:\Programmi\File comuni\Ulead Systems\AutoDetector\bak\monitor.exe"
36975 3 Jun 2005 "C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe"
49263 9 Nov 2006 "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
75520 15 Dec 2006 "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
83608 14 Mar 2007 "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
132496 12 Jul 2007 "C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe"
455168 19 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe"
455168 19 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"


end of report

Ciao Vale,
dammi un po' di tempo per scrivere lo script, diciamo una mezz'oretta. A dopo.

ok Deifobe! A dopo :)

1) Scarica Avenger (http://swandog46.geekstogo.com/avenger2/avenger2.html) e CCleaner (http://www.filehippo.com/download_ccleaner/)
Scarica sul desktop il file di testo zippato script_vale.zip (http://www.freefilehosting.net/download/3i573) e il programma Locate32 (http://locate32.net/files/exe/locate32-3.0.7.7010.exe)
Disconnetti il pc da internet

2) Esegui avenger, nella finestra che si apre copia/incolla TUTTO il contenuto del file di testo scaricato e clicca su "execute" (il pc si riavvierà). Dovrai postare il rapporto di avenger

3) Svuota: C:\WINDOWS\Prefetch

Installa ed esegui CCleaner e ripulisci i file temporanei e i cookies (eseguilo 2 volte)

4) Clicca su "start" - "pannello di controllo" - "opzioni internet" - "connessioni" e rimuovi, se ancora presente, la connessione "internet connection"

5) Installa locate32: clicca su esegui => avanti x 3 volte => togli tutte le spunte e spunta solo "create files .dbs files...." => clicca su "fine"
(se poi vuoi crearti l'icona sul desktop spunta anche la prima voce)

Eseguilo (start => tutti i programmi => locate => locate 32)
nella finestra che si apre clicca su: options => settings => auto update => add
in "schedule updates" inserisci At Startup => ok

Poi, clicca su "Size and Date"
metti la spunta a "minimum filesize " e nella finestra a destra digita 14348 ("bytes")
metti la spunta a "maximum filesize " e nella finestra a destra digita 14348 ("bytes")

Clicca su "find now"
Se compare un elenco di files, clicca su "file" => "save reports" => salvalo

Poi, fai una nuova ricerca:
metti la spunta a "minimum filesize " e nella finestra a destra digita 15360 ("bytes")
metti la spunta a "maximum filesize " e nella finestra a destra digita 15360 ("bytes")

Clicca su "find now"
Se compare un elenco di files, clicca su "file" => "save reports" => salvalo

6) Carica i rapporti di locate32 + avenger su Savefile (http://www.savefile.com/) e posta i link ottenuti

Ciao

Ciao!

ecco i link dei files

http://www.savefile.com/files/1597262

http://www.savefile.com/files/1597287

http://www.savefile.com/files/1597288

sempre con avenger:

files to delete:
C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe3945341578
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe1124255306
C:\WINDOWS\system32\ctfmon.exe1155906826
C:\WINDOWS\system32\ctfmon.exe1210752022
C:\WINDOWS\system32\ctfmon.exe1432113318
C:\WINDOWS\system32\ctfmon.exe1440717302
C:\WINDOWS\system32\ctfmon.exe1525946688
C:\WINDOWS\system32\ctfmon.exe1620940796
C:\WINDOWS\system32\ctfmon.exe1750372310
C:\WINDOWS\system32\ctfmon.exe1760592484
C:\WINDOWS\system32\ctfmon.exe1867221758
C:\WINDOWS\system32\ctfmon.exe1919882566
C:\WINDOWS\system32\ctfmon.exe2002848132
C:\WINDOWS\system32\ctfmon.exe2054659390
C:\WINDOWS\system32\ctfmon.exe208977454
C:\WINDOWS\system32\ctfmon.exe2242052454
C:\WINDOWS\system32\ctfmon.exe2363264652
C:\WINDOWS\system32\ctfmon.exe2457861138
C:\WINDOWS\system32\ctfmon.exe250687902
C:\WINDOWS\system32\ctfmon.exe2573238168
C:\WINDOWS\system32\ctfmon.exe2594695996
C:\WINDOWS\system32\ctfmon.exe2631420166
C:\WINDOWS\system32\ctfmon.exe2713818404
C:\WINDOWS\system32\ctfmon.exe2823426590
C:\WINDOWS\system32\ctfmon.exe2849627410
C:\WINDOWS\system32\ctfmon.exe3038943860
C:\WINDOWS\system32\ctfmon.exe3054419126
C:\WINDOWS\system32\ctfmon.exe3054519488
C:\WINDOWS\system32\ctfmon.exe3306066072
C:\WINDOWS\system32\ctfmon.exe3344908540
C:\WINDOWS\system32\ctfmon.exe3579627512
C:\WINDOWS\system32\ctfmon.exe3587662958
C:\WINDOWS\system32\ctfmon.exe3712750378
C:\WINDOWS\system32\ctfmon.exe3724389544
C:\WINDOWS\system32\ctfmon.exe3867081560
C:\WINDOWS\system32\ctfmon.exe4020462486
C:\WINDOWS\system32\ctfmon.exe4117913532
C:\WINDOWS\system32\ctfmon.exe4223427054
C:\WINDOWS\system32\ctfmon.exe440262214
C:\WINDOWS\system32\ctfmon.exe447637388
C:\WINDOWS\system32\ctfmon.exe662364820
C:\WINDOWS\system32\ctfmon.exe708909562
C:\WINDOWS\system32\ctfmon.exe968065718

clicca su execute - posta il rapporto

Dopo il riavvio, esegui locate 32, attendi che venga aggiornato il file files.dbs e riesegui le due ricerche.

Scarica SystemScan (http://www.suspectfile.com/systemscan), disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus, carica il rapporto che trovi sul desktop su Savefile (http://www.savefile.com/) e posta il link ottenuto.

fatto questo, dobbiamo solo cambiare antivirus, se per te va bene. Volendo puoi tornare a norton.. ma è necessario eseguire almeno una scansione con avira.. altrimenti rischi di ritrovarti nuovamente con la connessione indesiderata.

ciao

http://www.savefile.com/files/1597727

http://www.savefile.com/files/1597728

http://www.savefile.com/files/1597729

http://www.savefile.com/files/1597730

questi files non finiscono più.... ;)

con avenger:

files to delete:
C:\DOCUME~1\Vale\IMPOST~1\Temp\r208874676.exe
C:\DOCUME~1\Vale\IMPOST~1\Temp\r2074218478.exe
C:\DOCUME~1\Vale\IMPOST~1\Temp\r968450602.exe
C:\DOCUME~1\Vale\IMPOST~1\Temp\r4212570686.exe
C:\DOCUME~1\Vale\IMPOST~1\Temp\r1439449718.exe
C:\DOCUME~1\Vale\IMPOST~1\Temp\r2118982332.exe
C:\DOCUME~1\Vale\IMPOST~1\Temp\r1130132748.exe
C:\DOCUME~1\Vale\IMPOST~1\Temp\r617911660.exe
C:\DOCUME~1\Vale\IMPOST~1\Temp\r3483306800.exe
C:\DOCUME~1\Vale\IMPOST~1\Temp\r2243036306.exe
C:\DOCUME~1\Vale\IMPOST~1\Temp\r2095370098.exe
C:\DOCUME~1\Vale\IMPOST~1\Temp\r2974806756.exe
C:\DOCUME~1\Vale\IMPOST~1\Temp\r1171802702.exe
C:\DOCUME~1\Vale\IMPOST~1\Temp\r403571708.exe
C:\DOCUME~1\Vale\IMPOST~1\Temp\r2093813750.exe
C:\DOCUME~1\Vale\IMPOST~1\Temp\r1786478802.exe
C:\DOCUME~1\Vale\IMPOST~1\Temp\r788675784.exe

folders to delete:
C:\APPS\Powercinema\bak
C:\Programmi\Adobe\Reader 8.0\Reader\bak
C:\Programmi\ATI Technologies\ATI.ACE\bak
C:\Programmi\File comuni\Real\Update_OB\bak
C:\Programmi\File comuni\Symantec Shared\bak
C:\Programmi\File comuni\Ulead Systems\AutoDetector\bak
C:\Programmi\Google\Google Desktop Search\bak
C:\Programmi\Google\GoogleToolbarNotifier\bak
C:\Programmi\Java\jre1.6.0_02\bin\bak
C:\Programmi\QuickTime\bak
C:\Programmi\Synaptics\SynTP\bak
C:\WINDOWS\ime\IMJP8_1\bak
C:\WINDOWS\system32\bak
C:\WINDOWS\system32\IME\TINTLGNT\bak

clicca su execute

esegui locate32 e attendi l'aggiornamento dell'archivio
clicca su "Size and Date"
metti la spunta a "minimum filesize " e nella finestra a destra digita 12596 ("bytes")
metti la spunta a "maximum filesize " e nella finestra a destra digita 12596 ("bytes")

posta il rapporto

Non mi hai detto se vuoi disinstallare l'antivirus e montare avira..