Mi controllate il log per cortesia? Grazie mille.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.54.20, on 21/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Programmi\Yuna Software\Messenger Plus!\PlusService.exe
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\APPS\skype\Phone\Skype.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.88.113.254:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\APPS\SKYPE\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PlusService] C:\Programmi\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Widget vodafone.lnk = C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\APPS\SKYPE\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\APPS\SKYPE\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {2A21D253-56C4-444B-B8E5-CC4922296416} (TSFSCLibInternet.TSFSC) - http://www.amt.genova.it/belt_web/cabs/TSFSCLibInternet.CAB
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab
O16 - DPF: {596B26AA-E941-4FB5-8F91-0762447578F0} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/fr_dream-chronicles/online/dream.1.0.0.17_fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8B74729-45A0-4DDB-85F3-42F75D1A1882}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA3C533B-6451-4E04-AE4D-4D9728B51DF4}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{FECA4316-6DC3-41D6-93C8-BF7247D7996A}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\APPS\SKYPE\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\PService\Pos.exe
O23 - Service: ServiceUpd (PowerOffer Upd Service) - ServiceUpd - D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\ServiceUpd\ServiceUpd.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13629 bytes

Disinstalla il programma Messenger Plus! che contiene spyware, poi rimuovi da hijack le seguenti righe

O4 - HKLM\..\Run: [PlusService] C:\Programmi\Yuna Software\Messenger Plus!\PlusService.exe
-
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\PService\Pos.exe
O23 - Service: ServiceUpd (PowerOffer Upd Service) - ServiceUpd - D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\ServiceUpd\ServiceUpd.exe

infine aggiorna Avast all'ultima versione disponibile

http://www.aiutamici.com/software?ID=80367

---

alfonso_aiutamici@hotmail.it

dopo un altro controllo con hijackthis mi sono resa conto che le due righe seguenti non sono state eliminate :
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\PService\Pos.exe
O23 - Service: ServiceUpd (PowerOffer Upd Service) - ServiceUpd - D:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\ServiceUpd\ServiceUpd.exe

fatto scansione, ecco il log :

ComboFix 11-11-23.03 - Utente 24/11/2011 17.43.22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.517 [GMT 1:00]
Eseguito da: d:\documents and settings\Utente\desktop\combofix.exe
Opzioni usate :: /killall
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0410.exe
c:\windows\kb913800.exe
c:\windows\unin0410.exe
d:\documents and settings\All Users\Dati applicazioni\TEMP
d:\documents and settings\Utente\Dati applicazioni\OfferBox
d:\documents and settings\Utente\Dati applicazioni\OfferBox\config.dat
d:\documents and settings\Utente\Dati applicazioni\OfferBox\config.xml
d:\documents and settings\Utente\WINDOWS
.
La copia infetta di c:\windows\system32\scecli.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\ServicePackFiles\i386\scecli.dll
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SROSA
.
.
((((((((((((((((((((((((( Files Creati Da 2011-10-24 al 2011-11-24 )))))))))))))))))))))))))))))))))))
.
.
2011-11-24 17:03 . 2011-11-24 17:03 63115 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-11-24 17:03 . 2011-11-24 17:03 8646 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-11-24 17:03 . 2011-11-24 17:03 6429 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-11-24 17:03 . 2011-11-24 17:03 4599 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-11-24 17:03 . 2011-11-24 17:03 9310 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-11-24 17:03 . 2011-11-24 17:03 5927 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-11-24 17:03 . 2011-11-24 17:03 8613 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-11-24 17:03 . 2011-11-24 17:03 1651 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-11-24 17:03 . 2011-11-24 17:03 6910 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-11-24 17:02 . 2011-11-24 17:02 8288 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-11-24 17:02 . 2011-11-24 17:02 6208 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-11-24 17:02 . 2011-11-24 17:02 18541 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-11-24 17:02 . 2011-11-24 17:02 51852 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-11-24 17:02 . 2011-11-24 17:02 20719 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-11-24 17:02 . 2011-11-24 17:02 8782 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-11-24 17:02 . 2011-11-24 17:02 7271 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-11-24 17:02 . 2011-11-24 17:02 23327 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-11-24 17:01 . 2011-11-24 17:01 56200 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{76B62A87-EE28-4995-89DA-54008BE3942F}\offreg.dll
2011-11-24 16:56 . 2008-04-14 02:13 187904 ----a-w- c:\windows\system32\scecli.dll
2011-11-24 14:15 . 2011-11-24 14:16 -------- d-----w- d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater
2011-11-24 14:15 . 2011-11-24 14:26 -------- d-----w- d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService
2011-11-22 09:24 . 2011-10-07 03:48 6668624 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{76B62A87-EE28-4995-89DA-54008BE3942F}\mpengine.dll
2011-11-19 10:54 . 2007-08-14 07:12 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-11-18 16:03 . 2011-11-18 16:03 -------- d-----w- c:\programmi\iPod
2011-11-17 15:47 . 2011-11-24 14:16 -------- d-----w- d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServiceUpd
2011-11-17 15:46 . 2011-11-17 15:47 -------- d-----w- d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PowerOffer
2011-11-17 15:46 . 2011-11-17 15:46 716318 ----a-w- c:\windows\unins000.exe
2011-11-16 15:58 . 2001-08-30 22:08 99328 ----a-w- c:\windows\system32\srusd.dll
2011-11-16 15:58 . 2001-08-30 22:08 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2011-11-16 15:58 . 2001-08-30 21:28 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-11-16 15:58 . 2001-08-30 21:28 6912 ----a-w- c:\windows\system32\dllcache\serscan.sys
2011-11-16 15:58 . 2001-08-30 22:07 71680 ----a-w- c:\windows\system32\fnfilter.dll
2011-11-16 15:58 . 2001-08-30 22:07 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 08:58 . 2011-05-15 07:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-10-25 19:07 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2010-03-04 22:54 6668624 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-03 03:06 . 2010-04-25 14:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2011-06-25 19:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2004-10-25 18:38 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-10-25 18:39 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-10-25 18:39 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 20:45 . 2010-06-29 08:25 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-03-04 23:20 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-05-28 08:37 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-03-04 23:21 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-03-04 23:21 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-03-04 23:21 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-03-04 23:21 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-03-04 23:21 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-03-04 23:21 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-03-04 23:21 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2004-10-25 18:39 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 15:00 . 2010-08-02 13:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-11-12 10:33 . 2011-10-06 15:15 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\programmi\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-06-07 36864]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2000-06-07 817664]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-29 196608]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-25 273528]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"PosService"="d:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe" [2011-11-21 89088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
d:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2011-4-2 142848]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-01-30 06:53 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\D:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk]
path=d:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\Widget vodafone.lnk
backup=c:\windows\pss\Widget vodafone.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\programmi\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OmniPass"=c:\apps\Softex\OmniPass\scureapp.exe
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"d:\\eMule\\emule.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\APPS\\SKYPE\\Phone\\Skype.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12501:TCP"= 12501:TCP:emule in ingresso
"12502:UDP"= 12502:UDP:emule in uscita
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
.
R?2 ServUpdater;Serv Updater;d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [23/11/2011 16.03.06 25600]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [20/05/2008 7.32.40 15328]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/05/2011 9.37.08 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/03/2010 0.21.47 320856]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [19/11/2011 11.54.03 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/03/2010 0.21.48 20568]
R2 PowerOffer Service;Pos Service;d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.exe [23/11/2011 16.03.06 34304]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [06/08/2008 10.34.02 216032]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24/02/2005 11.29.14 162176]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [17/07/2009 16.21.53 7040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [29/01/2010 9.57.53 135664]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [29/01/2010 9.57.53 135664]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5D.tmp --> c:\windows\system32\5D.tmp [?]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [06/04/2004 3.24.00 64088]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [15/12/2005 3.31.00 46848]
S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [24/10/2004 23.04.00 7796]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25/10/2004 19.39.34 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - SERVUPDATER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-29 08:57]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-29 08:57]
.
2011-11-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2011-11-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2183865090-2060284026-561532327-1005.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-11-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2183865090-2060284026-561532327-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-11-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2183865090-2060284026-561532327-1005.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-11-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2183865090-2060284026-561532327-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-11-24 c:\windows\Tasks\User_Feed_Synchronization-{4F08A5AB-931F-4027-811F-2EA20FAD7B6C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
2011-11-24 c:\windows\Tasks\User_Feed_Synchronization-{5A89C46A-075B-4F8D-B276-E2F80F16CD28}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyServer = 200.88.113.254:80
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{519146A1-D805-406E-B07C-30A80E690A10}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{555B6C10-012D-4E68-B07B-6B49B0EBA5A5}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{B1B7732B-72AA-4A2C-9B94-602F9CE2D9DE}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C0EBA99C-A0C9-4573-90AB-DFB61B4E3848}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{E8B74729-45A0-4DDB-85F3-42F75D1A1882}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{FA3C533B-6451-4E04-AE4D-4D9728B51DF4}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{FECA4316-6DC3-41D6-93C8-BF7247D7996A}: NameServer = 176.31.229.24,176.31.229.25
DPF: {2A21D253-56C4-444B-B8E5-CC4922296416} - hxxp://www.amt.genova.it/belt_web/cabs/TSFSCLibInternet.CAB
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab
DPF: {596B26AA-E941-4FB5-8F91-0762447578F0} - hxxp://games.bigfishgames.com/fr_dream-chronicles/online/dream.1.0.0.17_fr.cab
FF - ProfilePath - d:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\0c78yy6e.default\
FF - prefs.js: browser.search.selectedEngine - Cerca...
FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.com/
FF - prefs.js: network.proxy.ftp - 147.102.82.32
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 147.102.82.32
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 147.102.82.32
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 147.102.82.32
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 147.102.82.32
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-ArcSoft PhotoBase - c:\windows\IsUn0410.exe
AddRemove-ArcSoft PhotoStudio 2000 - c:\windows\IsUn0410.exe
AddRemove-Canon ScanGear Toolbox 3.0 - c:\windows\IsUn0410.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-24 18:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5D.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
c:\apps\Softex\OmniPass\opxpgina.dll
.
- - - - - - - > 'explorer.exe'(9568)
c:\windows\system32\WININET.dll
c:\programmi\Windows Desktop Search\deskbar.dll
c:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
c:\programmi\Windows Desktop Search\dbres.dll
c:\programmi\Windows Desktop Search\wordwheel.dll
c:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
c:\programmi\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\SCardSvr.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\apps\Softex\OmniPass\Omniserv.exe
c:\windows\System32\PAStiSvc.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
c:\apps\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\dllhost.exe
c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Ora fine scansione: 2011-11-24 18:16:57 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-11-24 17:16
.
Pre-Run: 10.806.013.952 byte disponibili
Post-Run: 10.718.851.072 byte disponibili
.
- - End Of File - - 338E8FF920D4C75A5246C5C5A02692B6

ComboFix ha eliminato il virus, e un driver che fa parte di un pericoloso Trojan rootkit: bagle.

Crea un file di testo .TXT sul desktop con il blocco note, chiamalo CFScript.txt. Salvalo.. trascinalo con il puntatore del mouse sull'icona di combofix situata sul desktop, partirà una nuova scansione; allega il report.

e la scanzione la devo fare di nuovo a connessione spenta e con real time di avast disattivato?

Fatto esattamente quello che mi hai detto, ecco il nuovo log :

ComboFix 11-11-23.03 - Utente 25/11/2011 20.08.50.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.334 [GMT 1:00]
Eseguito da: d:\documents and settings\Utente\Desktop\ComboFix.exe
Opzioni usate :: d:\documents and settings\Utente\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
FILE ::
"c:\windows\system32\5D.tmp"
"c:\windows\system32\DRIVERS\Lbd.sys"
"d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.exe"
"d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\7z.dll
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\AppLib.Zip.dll
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.InstallLog
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.InstallState
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\settings.ini
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\settings\settings.ini
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\7z.dll
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\AppLib.Zip.dll
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\InstallHelper.exe
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.InstallLog
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.InstallState
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\settings.ini
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\settings\settings.ini
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\System.Data.SQLite.dll
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\upd.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LBD
-------\Legacy_MEMSWEEP2
-------\Legacy_POWEROFFER_SERVICE
-------\Legacy_SERVUPDATER
-------\Service_Lbd
-------\Service_MEMSWEEP2
-------\Service_PowerOffer Service
-------\Service_ServUpdater
.
.
((((((((((((((((((((((((( Files Creati Da 2011-10-25 al 2011-11-25 )))))))))))))))))))))))))))))))))))
.
.
2011-11-25 19:24 . 2011-11-25 19:24 56200 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{66B46BB9-D64F-47FF-8E6A-ED93B63BCD4D}\offreg.dll
2011-11-25 09:49 . 2011-10-07 03:48 6668624 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\{66B46BB9-D64F-47FF-8E6A-ED93B63BCD4D}\mpengine.dll
2011-11-24 16:56 . 2008-04-14 02:13 187904 ----a-w- c:\windows\system32\scecli.dll
2011-11-19 10:54 . 2007-08-14 07:12 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-11-18 16:03 . 2011-11-18 16:03 -------- d-----w- c:\programmi\iPod
2011-11-17 15:47 . 2011-11-24 14:16 -------- d-----w- d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServiceUpd
2011-11-17 15:46 . 2011-11-17 15:46 716318 ----a-w- c:\windows\unins000.exe
2011-11-16 15:58 . 2001-08-30 22:08 99328 ----a-w- c:\windows\system32\srusd.dll
2011-11-16 15:58 . 2001-08-30 22:08 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2011-11-16 15:58 . 2001-08-30 21:28 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-11-16 15:58 . 2001-08-30 21:28 6912 ----a-w- c:\windows\system32\dllcache\serscan.sys
2011-11-16 15:58 . 2001-08-30 22:07 71680 ----a-w- c:\windows\system32\fnfilter.dll
2011-11-16 15:58 . 2001-08-30 22:07 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 08:58 . 2011-05-15 07:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-10-25 19:07 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2010-03-04 22:54 6668624 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-03 03:06 . 2010-04-25 14:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2011-06-25 19:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2004-10-25 18:38 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-10-25 18:39 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-10-25 18:39 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 20:45 . 2010-06-29 08:25 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-03-04 23:20 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-05-28 08:37 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-03-04 23:21 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-03-04 23:21 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-03-04 23:21 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-03-04 23:21 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-03-04 23:21 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-03-04 23:21 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-03-04 23:21 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2004-10-25 18:39 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 15:00 . 2010-08-02 13:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-11-12 10:33 . 2011-10-06 15:15 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-24_17.04.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-25 19:25 . 2011-11-25 19:25 16384 c:\windows\Temp\Perflib_Perfdata_128.dat
+ 2009-07-17 15:45 . 2011-11-25 19:26 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-17 15:45 . 2011-11-24 14:13 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-17 15:45 . 2011-11-24 14:13 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2009-07-17 15:45 . 2011-11-25 19:26 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2011-11-25 09:10 . 2011-11-25 19:26 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-07-17 15:45 . 2011-11-24 14:13 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-22 07:49 . 2011-11-25 19:26 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-22 07:49 . 2011-11-24 14:13 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\programmi\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-06-07 36864]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2000-06-07 817664]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-29 196608]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-25 273528]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"PosService"="d:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe" [2011-11-25 89088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
d:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2011-4-2 142848]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-01-30 06:53 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\D:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk]
path=d:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\Widget vodafone.lnk
backup=c:\windows\pss\Widget vodafone.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\programmi\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OmniPass"=c:\apps\Softex\OmniPass\scureapp.exe
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"d:\\eMule\\emule.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\APPS\\SKYPE\\Phone\\Skype.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12501:TCP"= 12501:TCP:emule in ingresso
"12502:UDP"= 12502:UDP:emule in uscita
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [20/05/2008 7.32.40 15328]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/05/2011 9.37.08 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/03/2010 0.21.47 320856]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [19/11/2011 11.54.03 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/03/2010 0.21.48 20568]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [06/08/2008 10.34.02 216032]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24/02/2005 11.29.14 162176]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [17/07/2009 16.21.53 7040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [29/01/2010 9.57.53 135664]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [29/01/2010 9.57.53 135664]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [06/04/2004 3.24.00 64088]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [15/12/2005 3.31.00 46848]
S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [24/10/2004 23.04.00 7796]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25/10/2004 19.39.34 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-29 08:57]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-29 08:57]
.
2011-11-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2011-11-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2183865090-2060284026-561532327-1005.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-11-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2183865090-2060284026-561532327-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-11-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2183865090-2060284026-561532327-1005.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-11-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2183865090-2060284026-561532327-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2011-11-25 c:\windows\Tasks\User_Feed_Synchronization-{4F08A5AB-931F-4027-811F-2EA20FAD7B6C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
2011-11-25 c:\windows\Tasks\User_Feed_Synchronization-{5A89C46A-075B-4F8D-B276-E2F80F16CD28}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://search.findeer.com
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{519146A1-D805-406E-B07C-30A80E690A10}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{555B6C10-012D-4E68-B07B-6B49B0EBA5A5}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{B1B7732B-72AA-4A2C-9B94-602F9CE2D9DE}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C0EBA99C-A0C9-4573-90AB-DFB61B4E3848}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{E8B74729-45A0-4DDB-85F3-42F75D1A1882}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{FA3C533B-6451-4E04-AE4D-4D9728B51DF4}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{FECA4316-6DC3-41D6-93C8-BF7247D7996A}: NameServer = 176.31.229.24,176.31.229.25
DPF: {2A21D253-56C4-444B-B8E5-CC4922296416} - hxxp://www.amt.genova.it/belt_web/cabs/TSFSCLibInternet.CAB
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab
DPF: {596B26AA-E941-4FB5-8F91-0762447578F0} - hxxp://games.bigfishgames.com/fr_dream-chronicles/online/dream.1.0.0.17_fr.cab
FF - ProfilePath - d:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\0c78yy6e.default\
FF - prefs.js: browser.search.selectedEngine - Cerca...
FF - prefs.js: browser.startup.homepage - hxxp://offerte.vodafone.it/vetrine/?ecmp=01_SEM_P
FF - prefs.js: network.proxy.ftp - 147.102.82.32
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 147.102.82.32
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 147.102.82.32
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 147.102.82.32
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 147.102.82.32
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-25 20:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
c:\apps\Softex\OmniPass\opxpgina.dll
.
- - - - - - - > 'explorer.exe'(5532)
c:\windows\system32\WININET.dll
c:\programmi\Windows Desktop Search\deskbar.dll
c:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
c:\programmi\Windows Desktop Search\dbres.dll
c:\programmi\Windows Desktop Search\wordwheel.dll
c:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
c:\programmi\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\SCardSvr.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\apps\Softex\OmniPass\Omniserv.exe
c:\windows\System32\PAStiSvc.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\apps\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\dllhost.exe
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe
c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Ora fine scansione: 2011-11-25 20:37:39 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-11-25 19:37
ComboFix2.txt 2011-11-24 17:17
.
Pre-Run: 11.005.501.440 byte disponibili
Post-Run: 10.977.083.392 byte disponibili
.
- - End Of File - - ED28990B0E86DCDD832DF0522412A76C

Ciao sara, questa cartella non mi piace, se non sai cosa è eliminala (prima per sicurezza dimmi cosa c'è dentro):
d:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServiceUpd

Poi, esegui TFC e OTF per pulire il PC e allega un nuovo log di hijackhtis.

ciao Francesco, ho fatto nuove scansioni con TFC e OTC come suggerito da te. Ti mando il nuovo log di hijackthis.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.18.32, on 26/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Alwil Software\Avast5\avastUI.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
D:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PosService] D:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [avast] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Widget vodafone.lnk = C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {2A21D253-56C4-444B-B8E5-CC4922296416} (TSFSCLibInternet.TSFSC) - http://www.amt.genova.it/belt_web/cabs/TSFSCLibInternet.CAB
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab
O16 - DPF: {596B26AA-E941-4FB5-8F91-0762447578F0} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/fr_dream-chronicles/online/dream.1.0.0.17_fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8B74729-45A0-4DDB-85F3-42F75D1A1882}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA3C533B-6451-4E04-AE4D-4D9728B51DF4}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{FECA4316-6DC3-41D6-93C8-BF7247D7996A}: NameServer = 176.31.229.24,176.31.229.25
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12309 bytes

Ma eliminando tutte questo voci posso stare tranquilla ? Dopo tutto funzionerà come prima ?.....