Scarica Avenger e CCleaner

Disinstalla i seguenti programmi da installazione applicazioni (e presenti):
WinSpywareProtect
AntiSpyCheck

Apri il blocco note e nella pagina copia/incolla:
Windows Registry Editor Version 5.00

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"WinSpywareProtect"=-

[-HKCR\CLSID\{5c7b71bb-6d49-4bdc-b60d-f9fe0481eb5f}]

salvalo in c:\ con il nome nome: fix.reg
tipo di file: tutti i file


Esegui avenger e nella finestra copia/incolla tutta la citazione:
files to delete:
C:\WINDOWS\system32\kfcpnd.dll
C:\Programmi\AntiSpyCheck\AntiSpyCheck.exe
C:\Documents and Settings\sergio\Dati applicazioni\Mozilla\Firefox\Profiles\23ncf8e8.def ault\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
C:\WINDOWS\system32\fixflash.exe
C:\Documents and Settings\All Users\Dati applicazioni\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe

folders to delete:
C:\Programmi\AntiSpyCheck
C:\Documents and Settings\All Users\Dati applicazioni\Adsl Software Limited\WinSpywareProtect

registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler | {5c7b71bb-6d49-4bdc-b60d-f9fe0481eb5f}
HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications | C:\Programmi\AntiSpyCheck\AntiSpyCheck.exe

programs to launch on reboot:
c:\fix.reg
Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato

Esegui CCleaner e ripulisci i file temporanei e i cookie (eseguilo 2 volte).

Svuota C:\WINDOWS\Prefetch

Usa la funzione "cerca" di windows ed elimina tutto quello che trovi con il nome di:
WinSpywareProtect
AntiSpyCheck

Da hjt fixa (magari non li troverai tutti):

(se conosci O1 - Hosts: 212.150.54.250 dv-networks.com non fixarla...)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 212.150.54.250 dv-networks.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [WinSpywareProtect] "C:\Documents and Settings\All Users\Dati applicazioni\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Programmi\LingoCom\Translator.lnk (file missing)
O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Programmi\LingoCom\Translator.lnk (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/s...eInstall_it.cab
O22 - SharedTaskScheduler: campaniform - {5c7b71bb-6d49-4bdc-b60d-f9fe0481eb5f} - C:\WINDOWS\system32\kfcpnd.dll (file missing)

Posta un nuovo rapporto di systemscan (hjt compreso) e il rapporto di avenger