Logfile of HijackThis v1.99.1
Scan saved at 19.03.07, on 05/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\WebRebates4\webrebates.exe
C:\Programmi\Internet Sweeper Pro\is.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WebRebates4\w11150.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\michela\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?andutm_id=400134&utm_content=leftnav&utm_source=&utm_medium=&utm_campaign=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://world.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400134&utm_content=leftnav&utm_source=&utm_medium=&utm_campaign=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=:s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Programmi\Accoona\ASearchAssist.dll
O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Programmi\Accoona\atoolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1040 -lock
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Programmi\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=081006 serial=PE02CBX-0000003-NMD lang=EN
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\michela\IMPOST~1\Temp\UIUCU.EXE -CLEAN_UP
O4 - HKLM\..\Run: [webrebates] "C:\Programmi\WebRebates4\webrebates.exe"
O4 - HKCU\..\Run: [Internet Sweeper Pro] C:\Programmi\Internet Sweeper Pro\is.exe min
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates. - file://C:\Programmi\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://world.yahoo.com
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Programmi\Internet Sweeper Pro\autocomp.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

Ciao ,
esegui queste operazioni

Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono.

==================================
R3 - Default URLSearchHook is missing
-
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Programmi\Accoona\ASearchAssist.dll
O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Programmi\Accoona\atoolbar.dll
-
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\michela\IMPOST~1\Temp\UIUCU.EXE -CLEAN_UP
O4 - HKLM\..\Run: [webrebates] "C:\Programmi\WebRebates4\webrebates.exe"
O4 - HKCU\..\Run: [Internet Sweeper Pro] C:\Programmi\Internet Sweeper Pro\is.exe min
-
O8 - Extra context menu item: Web Rebates. - file://C:\Programmi\WebRebates4\websrebates\webtrebates\toprC0.htm
==================================

Elimina le cartelle in rosso
==================================
C:\Programmi\<font color=red><b>Accoona</font id=red></b>
C:\Programmi\<font color=red><b>WebRebates4</font id=red></b>
C:\Programmi\<font color=red><b>Internet Sweeper Pro</font id=red></b>
==================================

Utilizza questo programma per eliminare i file inutili
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1223

utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus con questi programmi
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1043
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1177

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura e crea un nuovo punto di ripristino, leggi qui alla voce 8
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=170&SH=N

Fai una scansione antivirus on line da questo indirizzo
http://security.symantec.com/sscv6/default.asp?productid=globalsites&langid=it&venid=sym
se la scansione rileva virus, ti consiglio di formattare il disco fisso e reinstallare tutto.

Nel sistema non é presente un Antivirus, installa questo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=728

Nel sistema non é presente un Firewall, installa questo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=56
e disattiva l'inutile firewall di XP, leggi qui
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=160&SH=N

Utilizza questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1041

---

Collaboratore Aiutamici