aiuto.... e1xplorer

[alikucciola]

Ciao a tutti

ho beccato sto schifo di e1xplorer e sta cominciando a rompere davvero le scatole!!!!

vi allego il log... mi date una mano per favore???

grazie mille a chi mi sarà di aiuto...


eccovi il log:


Logfile of HijackThis v1.99.1
Scan saved at 17.16.09, on 22/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\Temp\aiqx1.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\DOCUME~1\cri-jeky\DOCUME~1\P-ZIP\FASTDE~1\FAST2.EXE
C:\361101032253584.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\avciman.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\cri-jeky\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {06123D8E-E72E-E69C-1FD7-0692D1D39773} - C:\WINDOWS\liqku1.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {3ED2E8E9-3BFB-60FF-55E4-3F040661DC84} - C:\WINDOWS\liqku1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [aiqx1.exe] C:\WINDOWS\Temp\aiqx1.exe
O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [FAST Defrag] C:\DOCUME~1\cri-jeky\DOCUME~1\P-ZIP\FASTDE~1\FAST2.EXE -tray
O4 - HKCU\..\Run: [Winstg] C:\3611010322516384.exe
O4 - HKCU\..\Run: [WinMedia] C:\361101032253584.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O15 - Trusted Zone: http://www.archivio.name
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.otherchance.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C05F8A9-9EDC-4CF0-8BBA-1F03A30371B7}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B76E73F-1A31-4C16-8F26-855C10AEBBB4}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7629D2D-733F-4282-BEBA-2FE300E9E49B}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C05F8A9-9EDC-4CF0-8BBA-1F03A30371B7}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C05F8A9-9EDC-4CF0-8BBA-1F03A30371B7}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.116
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

AIUTOOOOOOOOOOOOOOOOOOOOOOOOOO

[Smjert]

Non hai solo l'e1xplorer ma anche il Link Optimizer.

Scarica questo tool della Symantec per la rimozione del L.O., avvialo e fagli fare una scansione.

Avvia HijackThis, premi Do a system scan only, spunta queste voci e poi premi Fix Checked:

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {06123D8E-E72E-E69C-1FD7-0692D1D39773} - C:\WINDOWS\liqku1.dll (file missing)
2 - BHO: Class - {3ED2E8E9-3BFB-60FF-55E4-3F040661DC84} - C:\WINDOWS\liqku1.dll (file missing)
O4 - HKLM\..\Run: [aiqx1.exe] C:\WINDOWS\Temp\aiqx1.exe
O4 - HKCU\..\Run: [Winstg] C:\3611010322516384.exe
O4 - HKCU\..\Run: [WinMedia] C:\361101032253584.exe
O4 - Startup: PowerReg Scheduler.exe
O15 - Trusted Zone: http://www.archivio.name
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.otherchance.com

Scarica Avenger e decomprimilo sul desktop.

Adesso avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte qui sotto:

files to delete:
C:\3611010322516384.exe
C:\361101032253584.exe
C:\WINDOWS\liqku1.dll

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Registry Keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

folders to delete:
C:\WINDOWS\TEMP

Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente.

Riavvia il pc in Modalità Provvisoria (F8 al boot)

Usa la ricerca di Windows e trova questo file: PowerReg Scheduler.exe
(ricordati di attivare la ricerca nelle cartelle e nei file nascosti andando
in "Altre opzioni avanzate" e spuntando la voce
"Cerca nei file e nelle cartelle nascosti").

Se lo trovi cancellalo.

Posta un nuovo log di HijackThis e il log del tool Symantec (FixLinkOpt.log)

[Luke57]

@Smjert
Ciao, ma prima di fargli utilizzare Avenger non sarebbe meglio verificare la situazione complessiva? Ad esempio con Gmer? Io utilizzerei anche il tool della Prevx.
Comunque il caso è tuo, seguilo fino alla fine, non voglio interferire troppo

[Smjert]

@Smjert
Ciao, ma prima di fargli utilizzare Avenger non sarebbe meglio verificare la situazione complessiva? Ad esempio con Gmer? Io utilizzerei anche il tool della Prevx.
Comunque il caso è tuo, seguilo fino alla fine, non voglio interferire troppo

Hai ragione, di solito però bastano le operazioni che ho scritto (e alle persone che dopo quelle operazioni avevo fatto fare la scansione con GMER non ho trovato niente di anomalo) però fidarsi è bene ma non fidarsi è meglio.
è anche vero che ultimamente incontro casi in cui non basti solo un tool (che sia Prevx o che sia Symantec).

[alikucciola]

Ecco i nuovi log ho fatto tutto come mi hai detto

grazie mille.. dimmi se devo fare ancora qualcosa...

Logfile of HijackThis v1.99.1
Scan saved at 18.31.58, on 22/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\DOCUME~1\cri-jeky\DOCUME~1\P-ZIP\FASTDE~1\FAST2.EXE
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\cri-jeky\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [FAST Defrag] C:\DOCUME~1\cri-jeky\DOCUME~1\P-ZIP\FASTDE~1\FAST2.EXE -tray
O4 - HKCU\..\Run: [WinMedia] C:\361101032253584.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C05F8A9-9EDC-4CF0-8BBA-1F03A30371B7}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B76E73F-1A31-4C16-8F26-855C10AEBBB4}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7629D2D-733F-4282-BEBA-2FE300E9E49B}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C05F8A9-9EDC-4CF0-8BBA-1F03A30371B7}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C05F8A9-9EDC-4CF0-8BBA-1F03A30371B7}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.116
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: WebPse - Unknown owner - C:\Programmi\File comuni\System\hHm.exe


CANCELLATO IL FILE DI CUI SOPRA...

e questo è il log di avanger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\utcmtnmb

*******************

Script file located at: \??\C:\WINDOWS\vfccrurf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\3611010322516384.exe not found!
Deletion of file C:\3611010322516384.exe failed!

Could not process line:
C:\3611010322516384.exe
Status: 0xc0000034



File C:\361101032253584.exe not found!
Deletion of file C:\361101032253584.exe failed!

Could not process line:
C:\361101032253584.exe
Status: 0xc0000034



File C:\WINDOWS\liqku1.dll not found!
Deletion of file C:\WINDOWS\liqku1.dll failed!

Could not process line:
C:\WINDOWS\liqku1.dll
Status: 0xc0000034

Folder C:\WINDOWS\TEMP deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.


Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

[Smjert]

Molto strano, non è riuscito a cancellare i file, e in più ti è sbucata una nuova voce dal log.

Avvia HijackThis e come hai fatto prima fixa queste voci:

O4 - HKCU\..\Run: [WinMedia] C:\361101032253584.exe
O23 - Service: WebPse - Unknown owner - C:\Programmi\File comuni\System\hHm.exe

Scarica GMER da http://www.gmer.net

Avvia GMER e fai due scansioni (tasto Scan) una dal tab rootkit e l´altra dal tab autostart. Copiale tutte e due premendo il tasto Copy nei rispettivi tab e incollali in un file di testo che salverai.

Postami perfavore i 2 log di GMER.

[Smjert]

Ah tra l'altro hai dimeticato di postare il log del tool Symantec (o nn l'hai proprio fatto girare?)

[alikucciola]

si l'ho fatto girare...
lo devo rifare?
mi sa che quando mi si è impallato il pc ho perso il log
intanto faccio le due cose che mi hai detto

[Smjert]

Dipende, se è riuscito a finire la scansione non devi rifarla, in caso contrario sì.
Molto strano che il log si "perda" per il pc impallato... (se non l'hai cancellato tu...).

[alikucciola]

la scansione era finita!...
può essere benissimo che l'abbia cancellato io nel fare tutte le operazioni... stordita che sono hi hi hi hi

[Smjert]

(alikucciola alla ricerca del log sperduto!)

è abbastanza importante quel log.. hai già provato ad utilizzare la ricerca di windows? (ti ricordo che si chiama FixLinkOpt.log).

[alikucciola]

ma se l'ho buttato mi sa che devo farlo girare di nuovo
e va beh... adesso apena finisce gmer faccio rigirare anche quello...
chiedo perdono ma butta di qua butta di la mi sa che ho buttato troppo

[alikucciola]

ecco i due LOG

adesso faggio rigirare anche il prg di cui cestinato il log

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-22 19:25:53
Windows 5.1.2600


---- System - GMER 1.0.11 ----

SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwCreateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwOpenKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwSetValueKey
SSDT \??\C:\WINDOWS\System32\DRIVERS\PavProc.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\System32\DRIVERS\PavProc.sys ZwTerminateThread
SSDT \??\C:\WINDOWS\System32\PavSRK.sys ZwWriteVirtualMemory

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F8886810] ShldDrv.SYS
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F8886BD8] ShldDrv.SYS

---- Files - GMER 1.0.11 ----

File C:\Documents and Settings\cri-jeky\Documenti\P-ZIP\NOKIA\Programmi Nokia(37 Programmi per nokia 6600,6630,n70,n90)antivirus,ultra mp3,converter dvix to 3gp,vboy e altri\Camcoder\Nokia_6600_camcoder_pro_v3.75_for_s60(1)\Nokia_6600_camcoder_pro_v3.75_for_s60(1)\blzpda.nfo
File C:\Documents and Settings\cri-jeky\Documenti\P-ZIP\NOKIA\Programmi Nokia(37 Programmi per nokia 6600,6630,n70,n90)antivirus,ultra mp3,converter dvix to 3gp,vboy e altri\Camcoder\Nokia_6600_camcoder_pro_v3.75_for_s60(1)\Nokia_6600_camcoder_pro_v3.75_for_s60(1)\file_id.diz
File C:\Documents and Settings\cri-jeky\Documenti\P-ZIP\NOKIA\Programmi Nokia(37 Programmi per nokia 6600,6630,n70,n90)antivirus,ultra mp3,converter dvix to 3gp,vboy e altri\Camcoder\Nokia_6600_camcoder_pro_v3.75_for_s60(1)\Nokia_6600_camcoder_pro_v3.75_for_s60(1)\keygen.exe
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\01\10-{2C1C0D15-58F8-CF11-8456-804EC66CB836}-v1-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\11\12-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v11-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\11\12-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v11-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\13\14-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v13-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\13\14-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v13-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\15\16-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v15-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\15\16-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v15-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\17\18-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v17-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\17\18-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v17-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\19\20-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v19-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\19\20-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v19-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\21\22-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v21-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\21\22-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v21-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\23\24-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v23-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\23\24-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v23-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\25\26-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v25-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\25\26-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v25-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\27\29-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v27-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\27\29-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v27-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\30\32-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v30-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\30\32-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v30-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\33\35-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v33-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\33\35-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v33-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\34\37-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v34-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\34\37-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v34-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\38\38-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v38-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\38\38-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v38-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\39\40-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v39-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\39\40-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v39-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\42\42-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v42-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\42\42-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v42-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\43\43-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v43-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\43\43-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v43-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\44\44-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v44-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\44\44-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v44-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\45\45-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v45-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\45\45-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v45-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\46\46-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v46-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\cri-jeky\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\aliki79@hotmail.com\SharingMetadata\morrafabrizio@hotmail.it\DFSR\Staging\CS{2C1C0D15-58F8-CF11-8456-804EC66CB836}\46\46-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v46-{02ED2354-A3F6-4F88-9872-4532135C6BCB}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

---- EOF - GMER 1.0.11 ----


GMER 1.0.11.11390 - http://www.gmer.net
Autostart 2006-10-22 19:28:49
Windows 5.1.2600


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
avldr@DLLName = avldr.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
EPSONStatusAgent2 /*EPSON Printer Status Agent2*/@ = C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
PAVFNSVR /*Panda Function Service*/@ = "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe"
PavPrSrv /*Panda Process Protection Service*/@ = "C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe"
PAVSRV /*Panda anti-virus service*/@ = "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe"
PNMSRV /*Panda Network Manager*/@ = "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE"
PSIMSVC /*Panda IManager Service*/@ = "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe"
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
TPSrv /*Panda TPSrv*/@ = "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe"
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Logitech UtilityLogi_MwX.Exe = Logi_MwX.Exe
@SmappC:\Programmi\Analog Devices\SoundMAX\SMTray.exe = C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
@ATIPTAC:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
@APVXDWIN"C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s = "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
@WinampAgentC:\Programmi\Winamp\winampa.exe = C:\Programmi\Winamp\winampa.exe
@LVCOMSXC:\WINDOWS\System32\LVCOMSX.EXE = C:\WINDOWS\System32\LVCOMSX.EXE
@LogitechVideoRepairC:\Programmi\Logitech\Video\ISStart.exe = C:\Programmi\Logitech\Video\ISStart.exe
@LogitechVideoTrayC:\Programmi\Logitech\Video\LogiTray.exe = C:\Programmi\Logitech\Video\LogiTray.exe
@NeroCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@CnxTrApprundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB" = rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
@DataLayerC:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe = C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
@PCSuiteTrayApplicationC:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray /*file not found*/ = C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray /*file not found*/
@H2OC:\Programmi\SyncroSoft\Pos\H2O\cledx.exe = C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@LogitechSoftwareUpdateC:\Programmi\Logitech\Video\ManifestEngine.exe boot = C:\Programmi\Logitech\Video\ManifestEngine.exe boot
@PcSyncC:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/ = C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/
@FAST DefragC:\DOCUME~1\cri-jeky\DOCUME~1\P-ZIP\FASTDE~1\FAST2.EXE -tray = C:\DOCUME~1\cri-jeky\DOCUME~1\P-ZIP\FASTDE~1\FAST2.EXE -tray
@WinMediaC:\361101032253584.exe 2 5 3 5 8 4 . e x e /*file not found*/ = C:\361101032253584.exe 2 5 3 5 8 4 . e x e /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{65756541-C65C-11CD-0000-4B656E696100} /*Panda Antivirus*/C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} /*Immagini Logitech*/C:\Programmi\Logitech\Video\Namespc2.dll = C:\Programmi\Logitech\Video\Namespc2.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{FBFE7864-D495-41f0-B7DC-4BB601CC295E} /*Contact View*/C:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll = C:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll
@{C0C4375A-5B72-4efe-929D-3B848C3A1E91} /*Message View*/C:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll = C:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Web Folders*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Panda Antivirus@{65756541-C65C-11CD-0000-4B656E696100} = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Panda Antivirus@{65756541-C65C-11CD-0000-4B656E696100} = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll
000000000002@PackedCatalogItem = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll
000000000003@PackedCatalogItem = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024@PackedCatalogItem = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Logitech Desktop Messenger.lnk = Logitech Desktop Messenger.lnk
Microsoft Office.lnk = Microsoft Office.lnk
WinZip Quick Pick.lnk = WinZip Quick Pick.lnk

---- EOF - GMER 1.0.11 ----

[alikucciola]

per favore chi mi aiuta???

[Smjert]

Stavo aspettando il nuovo log del tool... cmq il log di GMER è a posto.

Riavvia il pc in Modalità Provvisoria (F8 al boot)

Apri una cartella qualunque, vai su
Strumenti->Opzioni Cartella->scheda Visualizzazione,
spunta la voce "Visualizza cartelle e file nascosti", togli la spunta a
"Nascondi file protetti di sistema" (digli di sì).

Trova e cancella (se ci sono) questi file C:\Programmi\File comuni\System\hHm.exe, C:\361101032253584.exe, C:\3611010322516384.exe, C:\WINDOWS\liqku1.dll

Per sicurezza aggiorna e fatti una scansione completa con il tuo Antivirus (Panda).

[alikucciola]

scusate per la latitanza e grazie a chi mi da un mano...

posto il log FixLnkOpt e quello di hijackthis

i file 36110... ecc ecc li ho cancellati da modalità provvisoria l'unic che non mi permette di cancelare perchè mi dice che è in uso anche in modalitàè provvisoria è il file hHm.exe

iutooooooo

grazie mille a tutti

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8

Trojan.Linkoptimizer has not been found on your computer.





Logfile of HijackThis v1.99.1
Scan saved at 11.04.42, on 24/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\DOCUME~1\cri-jeky\DOCUME~1\P-ZIP\FASTDE~1\FAST2.EXE
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\cri-jeky\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [FAST Defrag] C:\DOCUME~1\cri-jeky\DOCUME~1\P-ZIP\FASTDE~1\FAST2.EXE -tray
O4 - HKCU\..\Run: [WinMedia] C:\361101032253584.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C05F8A9-9EDC-4CF0-8BBA-1F03A30371B7}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B76E73F-1A31-4C16-8F26-855C10AEBBB4}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7629D2D-733F-4282-BEBA-2FE300E9E49B}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C05F8A9-9EDC-4CF0-8BBA-1F03A30371B7}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C05F8A9-9EDC-4CF0-8BBA-1F03A30371B7}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.116
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

[Luke57]

Ciao, utilizza avenger per eliminare il file, inserisci questo script:

files to delete:
C:\Programmi\File comuni\System\hHm.exe

[alikucciola]

ecco il log di avenger e il nuovo log di hijack

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\clpcsotx

*******************

Script file located at: \??\C:\mlsurbhh.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\File comuni\System\hHm.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Logfile of HijackThis v1.99.1
Scan saved at 11.21.10, on 24/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\DOCUME~1\cri-jeky\DOCUME~1\P-ZIP\FASTDE~1\FAST2.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\avciman.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\cri-jeky\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [FAST Defrag] C:\DOCUME~1\cri-jeky\DOCUME~1\P-ZIP\FASTDE~1\FAST2.EXE -tray
O4 - HKCU\..\Run: [WinMedia] C:\361101032253584.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C05F8A9-9EDC-4CF0-8BBA-1F03A30371B7}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B76E73F-1A31-4C16-8F26-855C10AEBBB4}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7629D2D-733F-4282-BEBA-2FE300E9E49B}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C05F8A9-9EDC-4CF0-8BBA-1F03A30371B7}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C05F8A9-9EDC-4CF0-8BBA-1F03A30371B7}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.116
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe



perchè questa riga nn se ne va anche se ho cancellato a mano con esito positivo il file da modalità provvisoria???

O4 - HKCU\..\Run: [WinMedia] C:\361101032253584.exe

grazie mille luke

[Luke57]

Ciao, hai provata a fissarla con hiajckthis, è una voce di registro.

[alikucciola]

posto il log di hujack è finalmente tutto a posto???

Logfile of HijackThis v1.99.1
Scan saved at 11.29.22, on 24/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\DOCUME~1\cri-jeky\DOCUME~1\P-ZIP\FASTDE~1\FAST2.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\avciman.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe
C:\Documents and Settings\cri-jeky\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [FAST Defrag] C:\DOCUME~1\cri-jeky\DOCUME~1\P-ZIP\FASTDE~1\FAST2.EXE -tray
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C05F8A9-9EDC-4CF0-8BBA-1F03A30371B7}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B76E73F-1A31-4C16-8F26-855C10AEBBB4}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7629D2D-733F-4282-BEBA-2FE300E9E49B}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C05F8A9-9EDC-4CF0-8BBA-1F03A30371B7}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C05F8A9-9EDC-4CF0-8BBA-1F03A30371B7}: NameServer = 85.255.115.58,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.116
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

grazie mille!!!!!!!