Olimpo Informatico

ChiaraAlbertin · Eroe Registrato: 07/02/08 13:09 Messaggi: 60

Ciao..ho visto che molti utenti hanno avuto questo problema di connessione a questi siti, che creano rallentamento al pc e chiusura delle finestre di explorer..e che questo è portato soprattutto da messenger..
come potete aiutarmi?
utilizzo explorer 7..se avete bisogno di altre informazioni chiedete..
grazie aspetto notizie

bdoriano · Inviato: 07 Feb 2008 22:36 Oggetto:

Ciao Chiara, Ciao

fai questa scansione con FindAWF.

PS: se vuoi, puoi presentarti qui

ChiaraAlbertin · Eroe Registrato: 07/02/08 13:09 Messaggi: 60

ho visto ke viene usato un certo programma dal nome hijackthis..

questo è il report

Logfile of HijackThis v1.99.1
Scan saved at 21.36.09, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\SYMNET~1\SNDMon.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\User\IMPOST~1\Temp\Rar$EX00.328\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\Programmi\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\Programmi\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197130409719
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chiarettasuperstar.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C50389EB-5485-4DE3-821F-01EF373FA850}: NameServer = 85.37.17.8 85.38.28.73
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe (file missing)

che devo fare ancora?...spero una risposta urgente..ne ho bisogno..il mio pc "soffre da molto tempo"..s riavvia da solo..le connessioni cadono da sole..non sò + ke fare..help..

ChiaraAlbertin · Eroe Registrato: 07/02/08 13:09 Messaggi: 60

dove trovo find AWF..?cn google nn lo trovo!

bdoriano · Inviato: 07 Feb 2008 22:41 Oggetto:

Ri-ciao Chiara,

in questo caso hijackthis non serve.
Fai queste scansione con FindAWF <-- clicca qui

ChiaraAlbertin · Eroe Registrato: 07/02/08 13:09 Messaggi: 60

si..grazie...sta andando..dopo fatta la scansione che devo fare?

bdoriano · Inviato: 07 Feb 2008 22:46 Oggetto:

Postare qui il log e attendere istruzioni.

ChiaraAlbertin · Eroe Registrato: 07/02/08 13:09 Messaggi: 60

Find AWF report by noahdfear ©2006
Version 1.40

bak folders found
~~~~~~~~~~~

Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CCA7-1969

Directory di C:\PROGRA~1\MESSEN~1\BAK

0 File 0 byte
2 Directory 197.073.887.232 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CCA7-1969

Directory di C:\PROGRA~1\MESSEN~2\BAK

12/12/2007 20.41 190.024 MsgPlus.exe
1 File 190.024 byte
2 Directory 197.073.887.232 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CCA7-1969

Directory di C:\PROGRA~1\QUICKT~1\BAK

11/12/2007 10.56 286.720 qttask.exe
1 File 286.720 byte
2 Directory 197.073.883.136 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CCA7-1969

Directory di C:\PROGRA~1\SYMNET~1\BAK

13/12/2007 17.33 95.960 SNDMon.exe
1 File 95.960 byte
2 Directory 197.073.883.136 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CCA7-1969

Directory di C:\WINDOWS\SYSTEM32\BAK

02/03/2006 13.00 15.360 ctfmon.exe
09/07/2001 10.50 155.648 NeroCheck.exe
2 File 171.008 byte
2 Directory 197.073.883.136 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CCA7-1969

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK

12/12/2007 19.58 68.856 GoogleToolbarNotifier.exe
1 File 68.856 byte
2 Directory 197.073.883.136 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CCA7-1969

Directory di C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

25/06/2003 11.24 49.152 HPWuSchd.exe
1 File 49.152 byte
2 Directory 197.073.883.136 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CCA7-1969

Directory di C:\PROGRA~1\HP\HPCORE~1\BAK

12/05/2004 15.18 241.664 hpcmpmgr.exe
1 File 241.664 byte
2 Directory 197.073.883.136 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CCA7-1969

Directory di C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 19.51 39.792 Reader_sl.exe
1 File 39.792 byte
2 Directory 197.073.883.136 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CCA7-1969

Directory di C:\PROGRA~1\HEWLET~1\DIGITA~1\BIN\BAK

21/05/2003 18.37 229.437 hpotdd01.exe
1 File 229.437 byte
2 Directory 197.073.883.136 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CCA7-1969

Directory di C:\PROGRA~1\ADOBE\PHOTOS~1\3.2\APPS\BAK

22/03/2007 15.09 63.712 apdproxy.exe
1 File 63.712 byte
2 Directory 197.073.883.136 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CCA7-1969

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

01/09/2003 12.42 176.128 hpztsb09.exe
1 File 176.128 byte
2 Directory 197.073.879.040 byte disponibili

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 29 Dec 2007 "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
190024 12 Dec 2007 "C:\Programmi\MessengerPlus! 3\bak\MsgPlus.exe"
14348 29 Dec 2007 "C:\Programmi\QuickTime\qttask.exe"
286720 11 Dec 2007 "C:\Programmi\QuickTime\bak\qttask.exe"
14348 29 Dec 2007 "C:\Programmi\SymNetDrv\SNDMon.exe"
95960 13 Dec 2007 "C:\Programmi\SymNetDrv\bak\SNDMon.exe"
15360 2 Mar 2006 "C:\WINDOWS\system32\ctfmon.exe"
15360 2 Mar 2006 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 29 Dec 2007 "C:\WINDOWS\system32\NeroCheck.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
52272 12 Dec 2007 "C:\Programmi\Google\googletoolbar1user.exe"
124400 12 Dec 2007 "C:\Programmi\Google\Google Updater\GoogleUpdater.exe"
14348 29 Dec 2007 "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
865928 12 Dec 2007 "C:\Documents and Settings\User\Desktop\Programmi e utilit?\Google_Updater.exe"
15732984 2 Jun 2007 "C:\Documents and Settings\User\Documenti\Documenti\Google_Earth_BZXW.exe"
138680 12 Dec 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
124400 12 Dec 2007 "C:\Programmi\Google\Google Updater\2.2.1070.1219\GoogleUpdaterRestartManager.exe"
68856 12 Dec 2007 "C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
4560394 11 Sep 2006 "C:\Documents and Settings\User\Documenti\Documenti\Documenti\Il Cosmo!\GoogleEarthWin.exe"
14348 29 Dec 2007 "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
49152 25 Jun 2003 "C:\Programmi\Hewlett-Packard\HP Software Update\bak\HPWuSchd.exe"
14348 29 Dec 2007 "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
241664 12 May 2004 "C:\Programmi\HP\hpcoretech\bak\hpcmpmgr.exe"
14348 29 Dec 2007 "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 10 Oct 2007 "C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
14348 29 Dec 2007 "C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
229437 21 May 2003 "C:\Programmi\Hewlett-Packard\Digital Imaging\bin\bak\hpotdd01.exe"
14348 29 Dec 2007 "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
63712 22 Mar 2007 "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"
14348 29 Dec 2007 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe"
176128 1 Sep 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb09.exe"

end of report

bdoriano · Inviato: 07 Feb 2008 22:58 Oggetto:

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

ChiaraAlbertin · Eroe Registrato: 07/02/08 13:09 Messaggi: 60

Risultato di avanger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dlqavfmv

*******************

Script file located at: \??\C:\xtaqrukb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\MessengerPlus! 3\MsgPlus.exe deleted successfully.
File C:\Programmi\QuickTime\qttask.exe deleted successfully.
File C:\Programmi\SymNetDrv\SNDMon.exe deleted successfully.
File C:\WINDOWS\system32\NeroCheck.exe deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.
File C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe deleted successfully.
File C:\Programmi\HP\hpcoretech\hpcmpmgr.exe deleted successfully.
File C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe deleted successfully.
File C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe deleted successfully.
File C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe deleted successfully.
File C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe deleted successfully.
File move operation C:\Programmi\MessengerPlus! 3\bak\MsgPlus.exe|C:\Programmi\MessengerPlus! 3\MsgPlus.exe completed successfully.
File move operation C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe completed successfully.
File move operation C:\Programmi\SymNetDrv\bak\SNDMon.exe|C:\Programmi\SymNetDrv\SNDMon.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe completed successfully.
File move operation C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe completed successfully.
File move operation C:\Programmi\Hewlett-Packard\HP Software Update\bak\HPWuSchd.exe|C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe completed successfully.
File move operation C:\Programmi\HP\hpcoretech\bak\hpcmpmgr.exe|C:\Programmi\HP\hpcoretech\hpcmpmgr.exe completed successfully.
File move operation C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe|C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe completed successfully.
File move operation C:\Programmi\Hewlett-Packard\Digital Imaging\bin\bak\hpotdd01.exe|C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe completed successfully.
File move operation C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe|C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe completed successfully.
File move operation C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb09.exe|C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Ecco il log di hijackthis (dovevo fare lo scan giusto?)
Logfile of HijackThis v1.99.1
Scan saved at 22.10.55, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\HP\hpcoretech\comp\hptskmgr.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\User\IMPOST~1\Temp\Rar$EX00.234\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\Programmi\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\Programmi\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197130409719
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chiarettasuperstar.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C50389EB-5485-4DE3-821F-01EF373FA850}: NameServer = 85.37.17.8 85.38.28.73
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe (file missing)

bdoriano · Inviato: 07 Feb 2008 23:17 Oggetto:

Ok, fai gli altri passaggi:

ChiaraAlbertin · Eroe Registrato: 07/02/08 13:09 Messaggi: 60

è normale ke c metta tanto x scaricare kaspersky on line scan??

bdoriano · Inviato: 07 Feb 2008 23:25 Oggetto:

Si, devi essere paziente.

ChiaraAlbertin · Eroe Registrato: 07/02/08 13:09 Messaggi: 60

posso fare una domanda?....io ora vado a dormire..però nn ho dovuto interrompere la scansione on line con kaspersky perchè c metteva troppo tempo..posso farla domani?..non è ke i report ke ho postato prima cambiano xkè riprendo la connessione e explorer s ricollega a quei 2 siti là???...se faccio la scansione domani mattina e lascio tt il gg d tempo x finirla, devo rifare prima i passaggi precedenti cn findAWF e poi d nuovo avenger..ecc ecc oppure posso semplicemente lanciare kaspersky?...in attesa d risposta..un ringraziamento in anticipo..sperando ke prima o poi s risolva il problema..

buonanotte

bdoriano · Inviato: 08 Feb 2008 09:53 Oggetto:

No, non è necessario rifare i passaggi precedenti.
Il tempo di scansione con Kaspersky dipende dalla velocità del tuo pc e da quanti files ospita sui dischi fissi.

ChiaraAlbertin · Eroe Registrato: 07/02/08 13:09 Messaggi: 60

http://www.freefilehosting.net/download/3bjjc

questo è il link del report della scansione online di kaspersky...

attendo ulteriori istruzioni...grazie mille...siete genitlissimi!!!!!

bdoriano · Inviato: 08 Feb 2008 20:33 Oggetto:

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

ChiaraAlbertin · Eroe Registrato: 07/02/08 13:09 Messaggi: 60

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cpooutbx

*******************

Script file located at: \??\C:\Documents and Settings\ojfsncba.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\User\Documenti\File ricevuti\patchXP.zip deleted successfully.
File C:\System Volume Information\_restore{CAED0F7F-3ECA-414C-BC9F-0F9CB11225B7}\RP71\A0033459.exe deleted successfully.
File C:\Documents and Settings\User\Desktop\albertin\Documents and Settings\User\Desktop\ALBERTIN\Programmi\eMule\Incoming\Giochi NOkia\[NOKIA S60] COLLEZIONE COMPLETA DEFINITIVA TUTTI I GIOCHI GAMELOFT - ago05 3230.6600.6260.6630.6680.7610.7650. PERFETTO(4).rar deleted successfully.

File C:\System Volume Information\_restore{CAED0F7F-3ECA-414C-BC9F-0F9CB11225B7}\RP71\A0033459.exe not found!
Deletion of file C:\System Volume Information\_restore{CAED0F7F-3ECA-414C-BC9F-0F9CB11225B7}\RP71\A0033459.exe failed!

Could not process line:
C:\System Volume Information\_restore{CAED0F7F-3ECA-414C-BC9F-0F9CB11225B7}\RP71\A0033459.exe
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

questo è il risultato d avanger..devo scaricare anke l'altro? e postare il risultato d questo e poi d nuovo d hijackthis?

bdoriano · Inviato: 08 Feb 2008 21:04 Oggetto:

Si.

ChiaraAlbertin · Eroe Registrato: 07/02/08 13:09 Messaggi: 60

REPORT DI COMBOFIX

ComboFix 08-02.05.3 - User 2008-02-08 19:49:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.603 [GMT 1:00]
Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-01-08 al 2008-02-08 )))))))))))))))))))))))))))))))))))
.

2008-02-07 22:05 . 2008-02-07 22:05 60,416 --a------ C:\WINDOWS\system32\drivers\hcqnq^ob.sys
2008-01-31 17:46 . 2008-01-31 17:47 <DIR> d-------- C:\WINDOWS\Strani files non buttare!
2008-01-31 16:31 . 2008-01-31 16:31 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-31 16:25 . 2008-01-31 18:33 <DIR> d-------- C:\Programmi\RADIO_USA
2008-01-31 16:24 . 2008-02-01 17:35 <DIR> d-------- C:\Programmi\Live_TV
2008-01-22 19:21 . 2008-01-22 19:21 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-01-22 19:21 . 2008-02-08 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-22 19:21 . 2008-02-08 19:49 8,874,016 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-22 19:21 . 2008-02-08 19:38 121,484 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-22 19:21 . 2008-01-31 18:20 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-22 19:21 . 2008-01-22 19:21 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-22 19:21 . 2008-02-08 19:50 80,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-22 19:21 . 2008-02-08 19:38 9,296 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-22 19:19 . 2008-01-22 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-01-22 19:14 . 2008-01-22 19:16 <DIR> d-------- C:\kav
2008-01-22 19:04 . 2008-02-07 22:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-19 15:29 . 2005-08-13 05:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Driver.ico
2008-01-19 15:26 . 2008-01-19 15:26 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-01-19 15:26 . 2003-02-21 18:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-19 15:26 . 2005-12-22 12:24 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-01-19 15:26 . 2005-12-22 12:24 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-01-19 15:26 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-01-19 15:26 . 2005-12-22 12:24 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-01-19 15:26 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-01-19 15:26 . 2005-12-22 12:24 11,188 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-01-19 15:26 . 2005-12-22 12:24 10,864 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-01-19 15:26 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-19 15:25 . 2008-01-19 15:25 <DIR> d-------- C:\Programmi\Samsung
2008-01-18 18:21 . 2008-01-18 18:21 <DIR> d-------- C:\WINDOWS\Sun
2008-01-18 18:14 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-18 18:13 . 2008-01-18 18:14 <DIR> d-------- C:\Programmi\Java
2008-01-18 18:12 . 2008-01-18 18:12 <DIR> d-------- C:\Programmi\File comuni\Java
2008-01-15 17:43 . 2008-01-15 17:43 341,065 --a------ C:\WINDOWS\system32\Kukuxumusu Underwater.scr
2008-01-15 17:42 . 2008-01-15 17:42 781,880 --a------ C:\WINDOWS\system32\Kukuxumusu Kukuclock.scr
2008-01-15 17:40 . 2008-01-15 17:40 521,925 --a------ C:\WINDOWS\system32\Kukuxumusu Terrific Gifts.scr
2008-01-15 17:38 . 2008-01-15 17:38 290,091 --a------ C:\WINDOWS\system32\Kukuxumusu Snail running.scr
2008-01-15 17:37 . 2008-01-15 17:40 <DIR> d-------- C:\Programmi\Kukuxumusu
2008-01-15 17:37 . 2008-01-15 17:41 941,713 --a------ C:\WINDOWS\system32\Kukuxumusu Digital Clock.scr
2008-01-15 17:36 . 2008-01-15 17:36 518,189 --a------ C:\WINDOWS\system32\Kukuxumusu Underwater2.scr
2008-01-15 17:35 . 2008-01-15 17:35 366,969 --a------ C:\WINDOWS\system32\Kukuxumusu Winter.scr
2008-01-08 23:00 . 2008-01-08 23:09 <DIR> d-------- C:\Programmi\Super Paroliamo
2008-01-08 23:00 . 2008-01-08 23:00 253,952 --------- C:\WINDOWS\Setup1.exe
2008-01-08 23:00 . 2008-01-08 23:00 74,752 --a------ C:\WINDOWS\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 09:40 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-02-07 21:06 --------- d-----w C:\Programmi\SymNetDrv
2008-02-07 21:06 --------- d-----w C:\Programmi\QuickTime
2008-02-07 21:06 --------- d-----w C:\Programmi\MessengerPlus! 3
2008-01-31 17:31 --------- d-----w C:\Programmi\eMule
2008-01-20 20:07 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Corel
2008-01-19 14:29 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-02 15:43 --------- d-----w C:\Programmi\File comuni\Corel
2008-01-02 15:43 --------- d-----w C:\Programmi\Corel
2008-01-02 15:23 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Corel
2008-01-02 15:17 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Apple Computer
2007-12-30 18:19 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\dvdcss
2007-12-23 22:30 --------- d-----w C:\Programmi\Messenger Plus! Live
2007-12-22 14:15 --------- d-----w C:\Programmi\iTunes
2007-12-22 10:45 --------- d-----w C:\Programmi\Virtools
2007-12-21 19:42 --------- d-----w C:\Programmi\File comuni\Apple
2007-12-21 19:42 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2007-12-17 23:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2007-12-17 23:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-17 21:59 --------- d-----w C:\Programmi\Apple Software Update
2007-12-17 21:59 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2007-12-17 19:50 --------- d-----w C:\Programmi\File comuni\Ahead
2007-12-17 19:50 --------- d-----w C:\Programmi\Ahead
2007-12-16 11:10 --------- d-----w C:\Programmi\Overland
2007-12-16 11:07 --------- d-----w C:\Programmi\MSXML 4.0
2007-12-15 13:11 --------- d-----w C:\Programmi\File comuni\Adobe
2007-12-15 12:59 --------- d-----w C:\Programmi\Hewlett-Packard
2007-12-15 12:39 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-12-15 12:36 --------- d-----w C:\Programmi\HP
2007-12-13 16:33 --------- d-----w C:\Programmi\Symantec
2007-12-13 16:26 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Symantec
2007-12-13 15:16 --------- d-----w C:\Programmi\VideoLAN
2007-12-13 15:16 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\vlc
2007-12-13 15:09 --------- d-----w C:\Programmi\PhotoFiltre
2007-12-13 14:27 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2007-12-13 12:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-12-12 19:06 --------- d-----w C:\Programmi\Windows Live
2007-12-12 19:04 --------- d-----w C:\Programmi\Microsoft SQL Server Compact Edition
2007-12-12 19:01 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2007-12-12 18:59 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-12-12 18:58 --------- d-----w C:\Programmi\Google
2007-12-12 18:56 --------- d-----w C:\Programmi\Neopets
2007-12-12 18:56 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Neopets Toolbar
2007-12-12 15:20 --------- d-----w C:\Programmi\Motive
2007-12-12 15:20 --------- d-----w C:\Programmi\Alice ti aiuta
2007-12-12 15:19 --------- d-----w C:\Programmi\Telecom Italia
2007-12-12 15:12 --------- d-----w C:\Programmi\Pirelli
2007-12-12 15:11 155,995 ----a-w C:\WINDOWS\java\Packages\033DZLBN.ZIP
2007-12-12 15:11 --------- d-----w C:\Programmi\Common Files
2007-12-11 16:26 --------- d-----w C:\Programmi\Microsoft Works
2007-12-11 16:07 --------- d-----w C:\Programmi\Microsoft.NET
2007-12-09 13:24 --------- d-----w C:\Programmi\ffdshow
2007-12-08 18:25 --------- d-----w C:\Programmi\VIA
2007-12-08 18:25 --------- d-----w C:\Programmi\File comuni\InstallShield
2007-12-08 18:22 --------- d-----w C:\Programmi\MSXML 6.0
2007-12-08 18:21 --------- d-----w C:\Programmi\Realtek Sound Manager
2007-12-08 18:21 --------- d-----w C:\Programmi\Realtek AC97
2007-12-08 18:21 --------- d-----w C:\Programmi\AvRack
2007-12-08 18:19 9,216 ----a-w C:\WINDOWS\system32\drivers\videX32.sys
2007-12-08 18:19 52,224 ----a-w C:\WINDOWS\system32\drivers\ViPrt.sys
2007-12-08 18:19 331,184 ------w C:\WINDOWS\system32\difxapi.dll
2007-12-08 18:19 18,432 ----a-w C:\WINDOWS\system32\vIdeInst.dll
2007-12-08 18:19 16,896 ----a-w C:\WINDOWS\system32\drivers\ViBus.sys
2007-12-08 17:54 --------- d-----w C:\Programmi\Asus
2007-12-08 17:50 5,810 ----a-w C:\WINDOWS\system32\drivers\ASACPI.sys
2007-12-08 17:17 --------- d-----w C:\Programmi\MSBuild
2007-12-08 17:14 --------- d-----w C:\Programmi\Reference Assemblies
2007-12-08 17:12 --------- d-----w C:\Programmi\Windows Media Connect 2
2007-12-08 16:39 --------- d-----w C:\Programmi\File comuni\SpeechEngines
2007-12-08 16:39 --------- d-----w C:\Programmi\File comuni\ODBC
2007-12-08 15:54 --------- d-----w C:\Programmi\microsoft frontpage
2007-12-08 15:51 --------- d-----w C:\Programmi\Servizi in linea
2007-12-08 15:50 --------- d-----w C:\Programmi\File comuni\MSSoap
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 15,360 2006-03-02 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2006-03-02 12:00:00 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-12 19:58 68856]
"MessengerPlus3"="C:\Programmi\MessengerPlus! 3\MsgPlus.exe" [2007-12-12 20:41 190024]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 21:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-12-13 17:33 95960]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"DeviceDiscovery"="C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37 229437]
"HP Software Update"="C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HP Component Manager"="C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 12:42 176128]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 00:43 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-12-12 16:20:16 212992]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2007-12-12 19:58:14 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-12-08 19:19]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-12-08 19:19]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-12-08 19:19]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 ADM8511;Convertitore ADMtek ADM8511/AN986 da USB a Fast Ethernet;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a643345a-af0d-11dc-bef6-0013c8bf0397}]
\Shell\Auto\command - activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - activexdebugger32.exe f
\Shell\open\Command - activexdebugger32.exe f

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-01 19:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-02-08 18:40:44 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programmi\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 19:50:13
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-08 19:51:02
.
2008-01-09 19:04:33 --- E O F ---

REPORT DI HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 19.52.24, on 08/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\User\IMPOST~1\Temp\Rar$EX00.391\HijackThis.exe
C:\DOCUME~1\User\IMPOST~1\Temp\Rar$EX00.703\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\Programmi\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\Programmi\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197130409719
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chiarettasuperstar.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C50389EB-5485-4DE3-821F-01EF373FA850}: NameServer = 85.37.17.8 85.38.28.73
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe (file missing)