• Bannato User

    postate un log di hijackthis entrambi.


  • User Newbie

    Logfile of HijackThis v1.99.1
    Scan saved at 11.38.24, on 12/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\Icon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
    C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\drivers\bak\Icon.exe
    c:\programmi\internet explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\GATTO\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.libero.it/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
    O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
    O4 - HKLM..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
    O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKCU..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
    O15 - Trusted Zone: *.doginhispen.com
    O15 - Trusted Zone: *.whataboutadog.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://guidomonkey.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweapon/popcaploader_v6.cab
    O17 - HKLM\System\CCS\Services\Tcpip..{BE66D1EF-278E-4AE4-BAD5-EFC396E8A68D}: NameServer = 85.37.17.16 85.38.28.68
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


  • Bannato User

    ciao,sei infetto purtroppo da instant access.
    scarica Findawf http://noahdfear.geekstogo.com/FindAWF.exe
    avvialo,scegli la prima opzione e posta il log.


  • User Newbie

    Grazie dell'aiuto eccoti il responso, ora vado a lavoro perciò seguirò i tuoi consigli e le tue indicazioni stasera ancora grazie

    Find AWF report by noahdfear ©2006
    Version 1.40

    bak folders found

    
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\WINDOWS\BAK
    
    10/06/2004  13.48           286.720 vsnpstd.exe
                 1 File        286.720 byte
                 2 Directory  45.084.848.128 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\APPS\POWERC~1\BAK
    
    08/10/2004  04.14            81.920 PCMService.exe
                 1 File         81.920 byte
                 2 Directory  45.084.848.128 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\ITUNES\BAK
    
    23/02/2006  16.45           278.528 iTunesHelper.exe
                 1 File        278.528 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\MESSEN~2\BAK
    
    27/09/2006  20.36           190.024 MsgPlus.exe
                 1 File        190.024 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\QUICKT~1\BAK
    
    20/06/2006  17.19           282.624 qttask.exe
                 1 File        282.624 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\WINDOWS\SYSTEM32\BAK
    
    01/07/2004  12.58           118.784 hkcmd.exe
    01/07/2004  13.02           155.648 igfxtray.exe
    09/07/2001  12.50           155.648 NeroCheck.exe
                 3 File        430.080 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK
    
    15/01/2007  19.28           108.160 ashDisp.exe
                 1 File        108.160 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\GOOGLE\GOOGLE~3\BAK
    
    29/07/2007  17.05            68.856 GoogleToolbarNotifier.exe
                 1 File         68.856 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\HP\HPSOFT~1\BAK
    
    11/05/2005  23.12            49.152 HPWuSchd2.exe
                 1 File         49.152 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\NOKIA\NOKIAP~1\BAK
    
    13/12/2005  08.49           217.088 LAUNCH~1.EXE
                 1 File        217.088 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\SYNAPT~1\SYNTP\BAK
    
    26/09/2003  12.01           503.808 SynTPEnh.exe
    26/09/2003  12.01            98.304 SynTPLpr.exe
                 2 File        602.112 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\WINDOWS\IME\IMJP8_1\BAK
    
    19/08/2004  15.00           208.952 IMJPMIG.EXE
                 1 File        208.952 byte
                 2 Directory  45.084.839.936 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\WINDOWS\SYSTEM32\DRIVERS\BAK
    
    08/03/2004  14.23           217.088 Icon.exe
                 1 File        217.088 byte
                 2 Directory  45.084.839.936 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK
    
    11/03/2006  16.24           180.269 realsched.exe
                 1 File        180.269 byte
                 2 Directory  45.084.839.936 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK
    
    03/06/2004  23.05            32.881 jusched.exe
                 1 File         32.881 byte
                 2 Directory  45.084.839.936 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK
    
    19/08/2004  15.00           455.168 TINTSETP.EXE
                 1 File        455.168 byte
                 2 Directory  45.084.839.936 byte disponibili
    
    
    Duplicate files of bak directory contents
    
     28172  8 Oct 2007 "C:\WINDOWS\vsnpstd.exe"
    286720 10 Jun 2004 "C:\WINDOWS\bak\vsnpstd.exe"
    286720 10 Jun 2004 "C:\Programmi\File comuni\snpstd\vsnpstd.exe"
     28172  8 Oct 2007 "C:\APPS\Powercinema\PCMService.exe"
     81920  8 Oct 2004 "C:\APPS\Powercinema\bak\PCMService.exe"
     28172  8 Oct 2007 "C:\Programmi\iTunes\iTunesHelper.exe"
    278528 23 Feb 2006 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
     28172  8 Oct 2007 "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
    190024 27 Sep 2006 "C:\Programmi\MessengerPlus! 3\bak\MsgPlus.exe"
     28172  8 Oct 2007 "C:\Programmi\QuickTime\qttask.exe"
    282624 20 Jun 2006 "C:\Programmi\QuickTime\bak\qttask.exe"
     28172  8 Oct 2007 "C:\WINDOWS\system32\hkcmd.exe"
    118784  1 Jul 2004 "C:\PNP\VIDEO\WIN2000\HKCMD.EXE"
    118784  1 Jul 2004 "C:\WINDOWS\system32\bak\hkcmd.exe"
     28172  8 Oct 2007 "C:\WINDOWS\system32\igfxtray.exe"
    155648  1 Jul 2004 "C:\PNP\VIDEO\WIN2000\IGFXTRAY.EXE"
    155648  1 Jul 2004 "C:\WINDOWS\system32\bak\igfxtray.exe"
     28172  8 Oct 2007 "C:\WINDOWS\system32\NeroCheck.exe"
    155648  9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
     79224  6 Sep 2007 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
    108160 15 Jan 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"
    

    11813120 12 Nov 2005 "C:\Programmi\GoogleEarthSetup.exe"
    52272 3 Feb 2007 "C:\Programmi\Google\googletoolbar4user.exe"
    458820 3 Nov 2005 "C:\Programmi\Google\Google Earth\GoogleEarth.exe"
    28172 8 Oct 2007 "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    608936 11 Mar 2006 "C:\Programmi\File comuni\Real\GToolbar\GoogleToolbarInstaller.exe"
    138168 3 Feb 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
    68856 29 Jul 2007 "C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
    28172 8 Oct 2007 "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
    49152 11 May 2005 "C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe"
    28172 8 Oct 2007 "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe"
    217088 13 Dec 2005 "C:\Programmi\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE"
    503808 26 Sep 2003 "C:\PNP\MOUSE\SYNTPENH.EXE"
    28172 8 Oct 2007 "C:\Programmi\Synaptics\SynTP\SynTPEnh.exe"
    503808 26 Sep 2003 "C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe"
    98304 26 Sep 2003 "C:\PNP\MOUSE\SYNTPLPR.EXE"
    28172 8 Oct 2007 "C:\Programmi\Synaptics\SynTP\SynTPLpr.exe"
    98304 26 Sep 2003 "C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe"
    208952 19 Aug 2004 "C:\WINDOWS\ime\IMJP8_1\imjpmig.exe"
    208952 19 Aug 2004 "C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
    217088 8 Mar 2004 "C:\PNP\NET\ICON.EXE"
    217088 8 Mar 2004 "C:\WINDOWS\Temp\Icon.EXE"
    32768 16 Nov 2006 "C:\WINDOWS\Installer{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe"
    32768 15 Aug 2007 "C:\WINDOWS\Installer{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe"
    28172 8 Oct 2007 "C:\WINDOWS\system32\drivers\Icon.exe"
    217088 8 Mar 2004 "C:\WINDOWS\system32\drivers\bak\Icon.exe"
    217088 8 Mar 2004 "C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\Icon.exe"
    28172 8 Oct 2007 "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"
    180269 11 Mar 2006 "C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe"
    28172 8 Oct 2007 "C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe"
    75520 15 Dec 2006 "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
    32881 3 Jun 2004 "C:\Programmi\Java\j2re1.4.2_05\bin\bak\jusched.exe"
    455168 19 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe"
    455168 19 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"

    end of report


  • Bannato User

    @GATTO said:

    Grazie dell'aiuto eccoti il responso, ora vado a lavoro perciò seguirò i tuoi consigli e le tue indicazioni stasera ancora grazie

    Find AWF report by noahdfear ©2006
    Version 1.40

    bak folders found

    
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\WINDOWS\BAK
    
    10/06/2004  13.48           286.720 vsnpstd.exe
                 1 File        286.720 byte
                 2 Directory  45.084.848.128 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\APPS\POWERC~1\BAK
    
    08/10/2004  04.14            81.920 PCMService.exe
                 1 File         81.920 byte
                 2 Directory  45.084.848.128 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\ITUNES\BAK
    
    23/02/2006  16.45           278.528 iTunesHelper.exe
                 1 File        278.528 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\MESSEN~2\BAK
    
    27/09/2006  20.36           190.024 MsgPlus.exe
                 1 File        190.024 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\QUICKT~1\BAK
    
    20/06/2006  17.19           282.624 qttask.exe
                 1 File        282.624 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\WINDOWS\SYSTEM32\BAK
    
    01/07/2004  12.58           118.784 hkcmd.exe
    01/07/2004  13.02           155.648 igfxtray.exe
    09/07/2001  12.50           155.648 NeroCheck.exe
                 3 File        430.080 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK
    
    15/01/2007  19.28           108.160 ashDisp.exe
                 1 File        108.160 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\GOOGLE\GOOGLE~3\BAK
    
    29/07/2007  17.05            68.856 GoogleToolbarNotifier.exe
                 1 File         68.856 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\HP\HPSOFT~1\BAK
    
    11/05/2005  23.12            49.152 HPWuSchd2.exe
                 1 File         49.152 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\NOKIA\NOKIAP~1\BAK
    
    13/12/2005  08.49           217.088 LAUNCH~1.EXE
                 1 File        217.088 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\SYNAPT~1\SYNTP\BAK
    
    26/09/2003  12.01           503.808 SynTPEnh.exe
    26/09/2003  12.01            98.304 SynTPLpr.exe
                 2 File        602.112 byte
                 2 Directory  45.084.844.032 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\WINDOWS\IME\IMJP8_1\BAK
    
    19/08/2004  15.00           208.952 IMJPMIG.EXE
                 1 File        208.952 byte
                 2 Directory  45.084.839.936 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\WINDOWS\SYSTEM32\DRIVERS\BAK
    
    08/03/2004  14.23           217.088 Icon.exe
                 1 File        217.088 byte
                 2 Directory  45.084.839.936 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK
    
    11/03/2006  16.24           180.269 realsched.exe
                 1 File        180.269 byte
                 2 Directory  45.084.839.936 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK
    
    03/06/2004  23.05            32.881 jusched.exe
                 1 File         32.881 byte
                 2 Directory  45.084.839.936 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK
    
    19/08/2004  15.00           455.168 TINTSETP.EXE
                 1 File        455.168 byte
                 2 Directory  45.084.839.936 byte disponibili
    
    
    Duplicate files of bak directory contents
    
     28172  8 Oct 2007 "C:\WINDOWS\vsnpstd.exe"
    286720 10 Jun 2004 "C:\WINDOWS\bak\vsnpstd.exe"
    286720 10 Jun 2004 "C:\Programmi\File comuni\snpstd\vsnpstd.exe"
     28172  8 Oct 2007 "C:\APPS\Powercinema\PCMService.exe"
     81920  8 Oct 2004 "C:\APPS\Powercinema\bak\PCMService.exe"
     28172  8 Oct 2007 "C:\Programmi\iTunes\iTunesHelper.exe"
    278528 23 Feb 2006 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
     28172  8 Oct 2007 "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
    190024 27 Sep 2006 "C:\Programmi\MessengerPlus! 3\bak\MsgPlus.exe"
     28172  8 Oct 2007 "C:\Programmi\QuickTime\qttask.exe"
    282624 20 Jun 2006 "C:\Programmi\QuickTime\bak\qttask.exe"
     28172  8 Oct 2007 "C:\WINDOWS\system32\hkcmd.exe"
    118784  1 Jul 2004 "C:\PNP\VIDEO\WIN2000\HKCMD.EXE"
    118784  1 Jul 2004 "C:\WINDOWS\system32\bak\hkcmd.exe"
     28172  8 Oct 2007 "C:\WINDOWS\system32\igfxtray.exe"
    155648  1 Jul 2004 "C:\PNP\VIDEO\WIN2000\IGFXTRAY.EXE"
    155648  1 Jul 2004 "C:\WINDOWS\system32\bak\igfxtray.exe"
     28172  8 Oct 2007 "C:\WINDOWS\system32\NeroCheck.exe"
    155648  9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
     79224  6 Sep 2007 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
    108160 15 Jan 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"
    

    11813120 12 Nov 2005 "C:\Programmi\GoogleEarthSetup.exe"
    52272 3 Feb 2007 "C:\Programmi\Google\googletoolbar4user.exe"
    458820 3 Nov 2005 "C:\Programmi\Google\Google Earth\GoogleEarth.exe"
    28172 8 Oct 2007 "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    608936 11 Mar 2006 "C:\Programmi\File comuni\Real\GToolbar\GoogleToolbarInstaller.exe"
    138168 3 Feb 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
    68856 29 Jul 2007 "C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
    28172 8 Oct 2007 "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
    49152 11 May 2005 "C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe"
    28172 8 Oct 2007 "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe"
    217088 13 Dec 2005 "C:\Programmi\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE"
    503808 26 Sep 2003 "C:\PNP\MOUSE\SYNTPENH.EXE"
    28172 8 Oct 2007 "C:\Programmi\Synaptics\SynTP\SynTPEnh.exe"
    503808 26 Sep 2003 "C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe"
    98304 26 Sep 2003 "C:\PNP\MOUSE\SYNTPLPR.EXE"
    28172 8 Oct 2007 "C:\Programmi\Synaptics\SynTP\SynTPLpr.exe"
    98304 26 Sep 2003 "C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe"
    208952 19 Aug 2004 "C:\WINDOWS\ime\IMJP8_1\imjpmig.exe"
    208952 19 Aug 2004 "C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
    217088 8 Mar 2004 "C:\PNP\NET\ICON.EXE"
    217088 8 Mar 2004 "C:\WINDOWS\Temp\Icon.EXE"
    32768 16 Nov 2006 "C:\WINDOWS\Installer{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe"
    32768 15 Aug 2007 "C:\WINDOWS\Installer{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe"
    28172 8 Oct 2007 "C:\WINDOWS\system32\drivers\Icon.exe"
    217088 8 Mar 2004 "C:\WINDOWS\system32\drivers\bak\Icon.exe"
    217088 8 Mar 2004 "C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\Icon.exe"
    28172 8 Oct 2007 "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"
    180269 11 Mar 2006 "C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe"
    28172 8 Oct 2007 "C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe"
    75520 15 Dec 2006 "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
    32881 3 Jun 2004 "C:\Programmi\Java\j2re1.4.2_05\bin\bak\jusched.exe"
    455168 19 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe"
    455168 19 Aug 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"

    end of report

    ciao,scarica avenger http://swandog46.geekstogo.com/avenger.zip
    clicca sull'opzione **Input script manually **e poi sulla **lente di ingrandimento.
    **nello spazio bianco,fai copia|incolla delle seguenti righe:

    files to delete:
    C:\WINDOWS\vsnpstd.exe
    C:\APPS\Powercinema\PCMService.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\Programmi\MessengerPlus! 3\MsgPlus.exe
    C:\Programmi\QuickTime\qttask.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\NeroCheck.exe
    C:\Programmi\Alwil Software\Avast4\ashDisp.exe
    C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
    C:\Programmi\Nokia\Nokia PC Suite 6\LAUNCH~1.EXE
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE
    C:\WINDOWS\system32\drivers\Icon.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

    files to move:
    C:\WINDOWS\bak\vsnpstd.exe | C:\WINDOWS\vsnpstd.exe
    C:\APPS\Powercinema\bak\PCMService.exe | C:\APPS\Powercinema\PCMService.exe
    C:\Programmi\iTunes\bak\iTunesHelper.exe | C:\Programmi\iTunes\iTunesHelper.exe
    C:\Programmi\MessengerPlus! 3\bak\MsgPlus.exe | C:\Programmi\MessengerPlus! 3\MsgPlus.exe
    C:\Programmi\QuickTime\bak\qttask.exe | C:\Programmi\QuickTime\qttask.exe
    C:\WINDOWS\system32\bak\hkcmd.exe | C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\bak\igfxtray.exe | C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\bak\NeroCheck.exe | C:\WINDOWS\system32\NeroCheck.exe
    C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe | C:\Programmi\Alwil Software\Avast4\ashDisp.exe
    C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe | C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
    C:\Programmi\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE | C:\Programmi\Nokia\Nokia PC Suite 6\LAUNCH~1.EXE
    C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe | C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe | C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE | C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE
    C:\WINDOWS\system32\drivers\bak\Icon.exe | C:\WINDOWS\system32\drivers\Icon.exe
    C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe | C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\Programmi\Java\j2re1.4.2_05\bin\bak\jusched.exe | C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe | C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE | C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

    Poi clicca su Done.
    poi sul semaforo verde,due volte si,il pc si riavviera',posta qua il log di avenger(C:/avenger.txt) e poi dimmi come va.

    strano si separano le lettere.sara' un errore del forum

    comunque google e toolbar attaccato,modificalo tu nello script.(nell'ultima righa)


  • User Newbie

    grazie ma sembrerebbe che ancora non abbiamo risolto eccoti quello che mi hai richiesto

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\qfwoqrqw


    Script file located at: ??\C:\WINDOWS\ycbxiwst.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger


    Beginning to process script file:

    File C:\WINDOWS\vsnpstd.exe deleted successfully.
    File C:\APPS\Powercinema\PCMService.exe deleted successfully.
    File C:\Programmi\iTunes\iTunesHelper.exe deleted successfully.
    File C:\Programmi\MessengerPlus! 3\MsgPlus.exe deleted successfully.
    File C:\Programmi\QuickTime\qttask.exe deleted successfully.
    File C:\WINDOWS\system32\hkcmd.exe deleted successfully.
    File C:\WINDOWS\system32\igfxtray.exe deleted successfully.
    File C:\WINDOWS\system32\NeroCheck.exe deleted successfully.
    File C:\Programmi\Alwil Software\Avast4\ashDisp.exe deleted successfully.

    File C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe not found!
    Deletion of file C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe failed!

    Could not process line:
    C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
    Status: 0xc0000034

    File C:\Programmi\HP\HP Software Update\HPWuSchd2.exe deleted successfully.
    File C:\Programmi\Nokia\Nokia PC Suite 6\LAUNCH~1.EXE deleted successfully.
    File C:\Programmi\Synaptics\SynTP\SynTPEnh.exe deleted successfully.
    File C:\Programmi\Synaptics\SynTP\SynTPLpr.exe deleted successfully.
    File C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE deleted successfully.
    File C:\WINDOWS\system32\drivers\Icon.exe deleted successfully.
    File C:\Programmi\File comuni\Real\Update_OB\realsched.exe deleted successfully.
    File C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe deleted successfully.
    File C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE deleted successfully.
    File move operation C:\WINDOWS\bak\vsnpstd.exe|C:\WINDOWS\vsnpstd.exe completed successfully.
    File move operation C:\APPS\Powercinema\bak\PCMService.exe|C:\APPS\Powercinema\PCMService.exe completed successfully.
    File move operation C:\Programmi\iTunes\bak\iTunesHelper.exe|C:\Programmi\iTunes\iTunesHelper.exe completed successfully.
    File move operation C:\Programmi\MessengerPlus! 3\bak\MsgPlus.exe|C:\Programmi\MessengerPlus! 3\MsgPlus.exe completed successfully.
    File move operation C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe completed successfully.
    File move operation C:\WINDOWS\system32\bak\hkcmd.exe|C:\WINDOWS\system32\hkcmd.exe completed successfully.
    File move operation C:\WINDOWS\system32\bak\igfxtray.exe|C:\WINDOWS\system32\igfxtray.exe completed successfully.
    File move operation C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe completed successfully.
    File move operation C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe|C:\Programmi\Alwil Software\Avast4\ashDisp.exe completed successfully.
    File move operation C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe|C:\Programmi\HP\HP Software Update\HPWuSchd2.exe completed successfully.
    File move operation C:\Programmi\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE|C:\Programmi\Nokia\Nokia PC Suite 6\LAUNCH~1.EXE completed successfully.
    File move operation C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe|C:\Programmi\Synaptics\SynTP\SynTPEnh.exe completed successfully.
    File move operation C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe|C:\Programmi\Synaptics\SynTP\SynTPLpr.exe completed successfully.
    File move operation C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE|C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE completed successfully.
    File move operation C:\WINDOWS\system32\drivers\bak\Icon.exe|C:\WINDOWS\system32\drivers\Icon.exe completed successfully.
    File move operation C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe|C:\Programmi\File comuni\Real\Update_OB\realsched.exe completed successfully.
    File move operation C:\Programmi\Java\j2re1.4.2_05\bin\bak\jusched.exe|C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe completed successfully.
    File move operation C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe completed successfully.
    File move operation C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE|C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE completed successfully.

    Completed script processing.


    Finished! Terminate.


  • User Newbie

    mi sono accorto che c'erano 2 errori e prima ne avevo corretto solo 1 ho rifatto tutto con il testo giusto......questo è il responso.....cmq explorer non funziona ancora

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\tkuxisfl


    Script file located at: ??\C:\WINDOWS\tywmosyu.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger


    Beginning to process script file:

    File C:\WINDOWS\vsnpstd.exe deleted successfully.
    File C:\APPS\Powercinema\PCMService.exe deleted successfully.
    File C:\Programmi\iTunes\iTunesHelper.exe deleted successfully.
    File C:\Programmi\MessengerPlus! 3\MsgPlus.exe deleted successfully.
    File C:\Programmi\QuickTime\qttask.exe deleted successfully.
    File C:\WINDOWS\system32\hkcmd.exe deleted successfully.
    File C:\WINDOWS\system32\igfxtray.exe deleted successfully.
    File C:\WINDOWS\system32\NeroCheck.exe deleted successfully.
    File C:\Programmi\Alwil Software\Avast4\ashDisp.exe deleted successfully.
    File C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe deleted successfully.
    File C:\Programmi\HP\HP Software Update\HPWuSchd2.exe deleted successfully.
    File C:\Programmi\Nokia\Nokia PC Suite 6\LAUNCH~1.EXE deleted successfully.
    File C:\Programmi\Synaptics\SynTP\SynTPEnh.exe deleted successfully.
    File C:\Programmi\Synaptics\SynTP\SynTPLpr.exe deleted successfully.
    File C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE deleted successfully.
    File C:\WINDOWS\system32\drivers\Icon.exe deleted successfully.
    File C:\Programmi\File comuni\Real\Update_OB\realsched.exe deleted successfully.
    File C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe deleted successfully.
    File C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE deleted successfully.

    File C:\WINDOWS\bak\vsnpstd.exe not found!
    File move operation C:\WINDOWS\bak\vsnpstd.exe|C:\WINDOWS\vsnpstd.exe failed!

    Could not process line:
    C:\WINDOWS\bak\vsnpstd.exe|C:\WINDOWS\vsnpstd.exe
    Status: 0xc0000034

    File C:\APPS\Powercinema\bak\PCMService.exe not found!
    File move operation C:\APPS\Powercinema\bak\PCMService.exe|C:\APPS\Powercinema\PCMService.exe failed!

    Could not process line:
    C:\APPS\Powercinema\bak\PCMService.exe|C:\APPS\Powercinema\PCMService.exe
    Status: 0xc0000034

    File C:\Programmi\iTunes\bak\iTunesHelper.exe not found!
    File move operation C:\Programmi\iTunes\bak\iTunesHelper.exe|C:\Programmi\iTunes\iTunesHelper.exe failed!

    Could not process line:
    C:\Programmi\iTunes\bak\iTunesHelper.exe|C:\Programmi\iTunes\iTunesHelper.exe
    Status: 0xc0000034

    File C:\Programmi\MessengerPlus! 3\bak\MsgPlus.exe not found!
    File move operation C:\Programmi\MessengerPlus! 3\bak\MsgPlus.exe|C:\Programmi\MessengerPlus! 3\MsgPlus.exe failed!

    Could not process line:
    C:\Programmi\MessengerPlus! 3\bak\MsgPlus.exe|C:\Programmi\MessengerPlus! 3\MsgPlus.exe
    Status: 0xc0000034

    File C:\Programmi\QuickTime\bak\qttask.exe not found!
    File move operation C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe failed!

    Could not process line:
    C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe
    Status: 0xc0000034

    File C:\WINDOWS\system32\bak\hkcmd.exe not found!
    File move operation C:\WINDOWS\system32\bak\hkcmd.exe|C:\WINDOWS\system32\hkcmd.exe failed!

    Could not process line:
    C:\WINDOWS\system32\bak\hkcmd.exe|C:\WINDOWS\system32\hkcmd.exe
    Status: 0xc0000034

    File C:\WINDOWS\system32\bak\igfxtray.exe not found!
    File move operation C:\WINDOWS\system32\bak\igfxtray.exe|C:\WINDOWS\system32\igfxtray.exe failed!

    Could not process line:
    C:\WINDOWS\system32\bak\igfxtray.exe|C:\WINDOWS\system32\igfxtray.exe
    Status: 0xc0000034

    File C:\WINDOWS\system32\bak\NeroCheck.exe not found!
    File move operation C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe failed!

    Could not process line:
    C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe
    Status: 0xc0000034

    File C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe not found!
    File move operation C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe|C:\Programmi\Alwil Software\Avast4\ashDisp.exe failed!

    Could not process line:
    C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe|C:\Programmi\Alwil Software\Avast4\ashDisp.exe
    Status: 0xc0000034

    File C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe not found!
    File move operation C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe|C:\Programmi\HP\HP Software Update\HPWuSchd2.exe failed!

    Could not process line:
    C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe|C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
    Status: 0xc0000034

    File C:\Programmi\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE not found!
    File move operation C:\Programmi\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE|C:\Programmi\Nokia\Nokia PC Suite 6\LAUNCH~1.EXE failed!

    Could not process line:
    C:\Programmi\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE|C:\Programmi\Nokia\Nokia PC Suite 6\LAUNCH~1.EXE
    Status: 0xc0000034

    File C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe not found!
    File move operation C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe|C:\Programmi\Synaptics\SynTP\SynTPEnh.exe failed!

    Could not process line:
    C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe|C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    Status: 0xc0000034

    File C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe not found!
    File move operation C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe|C:\Programmi\Synaptics\SynTP\SynTPLpr.exe failed!

    Could not process line:
    C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe|C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    Status: 0xc0000034

    File C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE not found!
    File move operation C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE|C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE failed!

    Could not process line:
    C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE|C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE
    Status: 0xc0000034

    File C:\WINDOWS\system32\drivers\bak\Icon.exe not found!
    File move operation C:\WINDOWS\system32\drivers\bak\Icon.exe|C:\WINDOWS\system32\drivers\Icon.exe failed!

    Could not process line:
    C:\WINDOWS\system32\drivers\bak\Icon.exe|C:\WINDOWS\system32\drivers\Icon.exe
    Status: 0xc0000034

    File C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe not found!
    File move operation C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe|C:\Programmi\File comuni\Real\Update_OB\realsched.exe failed!

    Could not process line:
    C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe|C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    Status: 0xc0000034

    File C:\Programmi\Java\j2re1.4.2_05\bin\bak\jusched.exe not found!
    File move operation C:\Programmi\Java\j2re1.4.2_05\bin\bak\jusched.exe|C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe failed!

    Could not process line:
    C:\Programmi\Java\j2re1.4.2_05\bin\bak\jusched.exe|C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
    Status: 0xc0000034

    File C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe not found!
    File move operation C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe failed!

    Could not process line:
    C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    Status: 0xc0000034

    File C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE not found!
    File move operation C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE|C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE failed!

    Could not process line:
    C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE|C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
    Status: 0xc0000034

    Completed script processing.


    Finished! Terminate.


  • Bannato User

    riposta un log di findawf.


  • User Newbie

    appena apro il pc adesso mi chiede "HPPProductAssistant" disc........che cos'è??
    cmq ecco il log

    Find AWF report by noahdfear ©2006
    Version 1.40

    bak folders found

    
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\WINDOWS\BAK
    
                 0 File              0 byte
                 2 Directory  45.080.645.632 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\APPS\POWERC~1\BAK
    
                 0 File              0 byte
                 2 Directory  45.080.645.632 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\ITUNES\BAK
    
                 0 File              0 byte
                 2 Directory  45.080.641.536 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\MESSEN~2\BAK
    
                 0 File              0 byte
                 2 Directory  45.080.641.536 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\QUICKT~1\BAK
    
                 0 File              0 byte
                 2 Directory  45.080.641.536 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\WINDOWS\SYSTEM32\BAK
    
                 0 File              0 byte
                 2 Directory  45.080.641.536 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK
    
                 0 File              0 byte
                 2 Directory  45.080.641.536 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\GOOGLE\GOOGLE~3\BAK
    
                 0 File              0 byte
                 2 Directory  45.080.641.536 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\HP\HPSOFT~1\BAK
    
                 0 File              0 byte
                 2 Directory  45.080.641.536 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\NOKIA\NOKIAP~1\BAK
    
                 0 File              0 byte
                 2 Directory  45.080.641.536 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\SYNAPT~1\SYNTP\BAK
    
                 0 File              0 byte
                 2 Directory  45.080.641.536 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\WINDOWS\IME\IMJP8_1\BAK
    
                 0 File              0 byte
                 2 Directory  45.080.641.536 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\WINDOWS\SYSTEM32\DRIVERS\BAK
    
                 0 File              0 byte
                 2 Directory  45.080.641.536 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK
    
                 0 File              0 byte
                 2 Directory  45.080.637.440 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK
    
                 0 File              0 byte
                 2 Directory  45.080.637.440 byte disponibili
    Il volume nell'unit? C ? HDD
    Numero di serie del volume: 70E8-BCFA
    
    Directory di C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK
    
                 0 File              0 byte
                 2 Directory  45.080.637.440 byte disponibili
    
    
    Duplicate files of bak directory contents
    

    end of report


  • Bannato User

    il log di findawf e' pulito.
    proviamo cosi:
    scansione con total scan www.nanoscan.com/as/v1/
    clicca su full scan e poi su scan now.aspetta che fa l'update e la scansione,quando ha finito esce un log.
    caricalo qua:
    http://megaupload.com
    e dacci il link per scaricarlo


  • User Newbie

    grazie ancora per il tuo aiuto!!!ho fatto lo scan che mi hai detto.......però sono dovuto uscire e quando sono tornato da lavoro lo scan mi aveva riavviato in automatico il pc e non c'era nessun log.......il problema continua ad esserci.........hai altri suggerimenti????


  • User

    format 😄 (invio) ? :mmm: 😄