Olimpo Informatico

[adp1975]

Ciao, ho un problema e non so più dove sbattere la testa. Il computer non mi funzionava più, leggendovi o scoperto di avere Link Optimizer e l'ho eliminato. Ho ancora però qualcosa, visto che non riesco ad accedere nessun link che parli di hijackthis. Ho fatto un scan con runAnalyzer e questo è il log:
Logfile of RunAlyzer 0.3. Copyright © 2000-2005 Safer Networking Limited. All rights reserved.
Scan saved at 07/11/2006 22:06:23
Platform: Windows XP (Build: 2600) Service Pack 2 (5.1.2600)

Running processes:
[System]
System
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
c:\windows\siemenstool.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
C:\Programmi\Network Associates\VirusScan\Mcshield.exe
C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\VEXPLITE\viritsvc.exe
naPrdMgr.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\iPod\bin\iPodService.exe
wmiprvse.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\alg.exe
C:\Programmi\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Safer Networking\RunAlyzer\RunAlyzer.exe

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\siemenstool.exe",
O4 - HKCU\..\Run: [RealPlayer] C:\Programmi\Real\RealPlayer\realplay.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O23 - Service: Driver ACPI Microsoft (ACPI) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ACPI.sys
O23 - Service: Driver del controller integrato Microsoft (ACPIEC) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
O23 - Service: Eliminatore di eco acustico del kernel Microsoft (aec) - /owner unsupported/ - C:\WINDOWS\system32\drivers\aec.sys
O23 - Service: AFD (AFD) - /owner unsupported/ - C:\WINDOWS\System32\drivers\afd.sys
O23 - Service: Avvisi (Alerter) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Servizio Gateway di livello applicazione (ALG) - /owner unsupported/ - C:\WINDOWS\System32\alg.exe
O23 - Service: Driver del processore AMD (AmdK8) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\AmdK8.sys
O23 - Service: Gestione applicazione (AppMgmt) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Protocollo client ARP 1394 (Arp1394) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\arp1394.sys
O23 - Service: Servizio stato di ASP.NET (aspnet_state) - /owner unsupported/ - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: Driver per supporti asincroni RAS (AsyncMac) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O23 - Service: Controller disco rigido IDE/ESDI standard (atapi) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\atapi.sys
O23 - Service: Protocollo client ARP ATM (Atmarpc) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O23 - Service: Audio Windows (AudioSrv) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver stub audio (audstub) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\audstub.sys
O23 - Service: Driver per l?adattatore di rete Broadcom 802.11 (BCM43XX) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
O23 - Service: Servizio trasferimento intelligente in background (BITS) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Browser di computer (Browser) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: WIDCOMM USB Bluetooth Driver (BTWUSB) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\btwusb.sys
O23 - Service: Conexant AMC Audio (CAMCAUD) - /owner unsupported/ - C:\WINDOWS\system32\drivers\camc6aud.sys
O23 - Service: Canon Camera Access Library 8 (CCALib8) - /owner unsupported/ - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Driver del CD-ROM (Cdrom) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O23 - Service: Servizio di indicizzazione (CiSvc) - /owner unsupported/ - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - /owner unsupported/ - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: Driver scheda AC Microsoft (CmBatt) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\CmBatt.sys
O23 - Service: Driver della batteria composita Microsoft (Compbatt) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\compbatt.sys
O23 - Service: Applicazione di sistema COM+ (COMSysApp) - /owner unsupported/ - C:\WINDOWS\system32\dllhost.exe
O23 - Service: CO_Mon (CO_Mon) - /owner unsupported/ - C:\WINDOWS\system32\Drivers\CO_Mon.sys
O23 - Service: Servizi di crittografia (CryptSvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Utilità di avvio processo server DCOM (DcomLaunch) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Client DHCP (Dhcp) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver del disco (Disk) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\disk.sys
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - /owner unsupported/ - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Gestione dischi logici (dmserver) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Sintetizzatore DLS Microsoft Kernel (DMusic) - /owner unsupported/ - C:\WINDOWS\system32\drivers\DMusic.sys
O23 - Service: Client DNS (Dnscache) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Decodificatore audio DRM del kernel Microsoft (drmkaud) - /owner unsupported/ - C:\WINDOWS\system32\drivers\drmkaud.sys
O23 - Service: EABFiltr (eabfiltr) - /owner unsupported/ - C:\WINDOWS\system32\drivers\EABFiltr.sys
O23 - Service: eabusb (eabusb) - /owner unsupported/ - C:\WINDOWS\system32\drivers\eabusb.sys
O23 - Service: EntDrv51 (EntDrv51) - /owner unsupported/ - C:\WINDOWS\system32\drivers\EntDrv51.sys
O23 - Service: Servizio di segnalazione errori (ERSvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Registro eventi (Eventlog) - /owner unsupported/ - C:\WINDOWS\system32\services.exe
O23 - Service: Sistema di eventi COM+ (EventSystem) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Compatibilità di Cambio rapido utente (FastUserSwitchingCompatibility) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver controller disco floppy (Fdc) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\fdc.sys
O23 - Service: Driver disco floppy (Flpydisk) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\flpydisk.sys
O23 - Service: FltMgr (FltMgr) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\fltMgr.sys
O23 - Service: Driver archiviazione volumi (Ftdisk) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ftdisk.sys
O23 - Service: GEAR CDRom Filter (GEARAspiWDM) - /owner unsupported/ - C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
O23 - Service: Utilità di classificazione pacchetti generica (Gpc) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O23 - Service: Guida in linea e supporto tecnico (helpsvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: HID Input Service (HidServ) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver di classe HID Microsoft (HidUsb) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O23 - Service: HP WMI Interface (hpqwmi) - /owner unsupported/ - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: HTTP (HTTP) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\HTTP.sys
O23 - Service: SSL HTTP (HTTPFilter) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver di porta mouse PS/2 e tastiera i8042 (i8042prt) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O23 - Service: Driver filtro masterizzazione CD (Imapi) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\imapi.sys
O23 - Service: Servizio COM di masterizzazione CD IMAPI (ImapiService) - /owner unsupported/ - C:\WINDOWS\system32\imapi.exe
O23 - Service: IOSLINK (IOSLINK) - /owner unsupported/ - C:\WINDOWS\system32\drivers\IosLink.sys
O23 - Service: Driver Windows Firewall IPv6 (Ip6Fw) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
O23 - Service: Driver filtro traffico IP (IpFilterDriver) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O23 - Service: Driver tunnel IP in IP (IpInIp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O23 - Service: Traduttore indirizzi di rete IP (IpNat) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipnat.sys
O23 - Service: Servizio iPod (iPodService) - /owner unsupported/ - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Driver IPSEC (IPSec) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O23 - Service: Servizio enumeratore infrarossi (IRENUM) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\irenum.sys
O23 - Service: Driver bus PnP ISA/EISA (isapnp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\isapnp.sys
O23 - Service: Driver classe tastiera (Kbdclass) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O23 - Service: Driver di tastiera HID (kbdhid) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\kbdhid.sys
O23 - Service: Mixer wave audio del kernel Microsoft (kmixer) - /owner unsupported/ - C:\WINDOWS\system32\drivers\kmixer.sys
O23 - Service: Server (lanmanserver) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Workstation (lanmanworkstation) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - /owner unsupported/ - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Helper NetBIOS di TCP/IP (LmHosts) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - /owner unsupported/ - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe /ServiceStart
O23 - Service: Network Associates McShield (McShield) - /owner unsupported/ - C:\Programmi\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - /owner unsupported/ - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Messenger (Messenger) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Condivisione desktop remoto di NetMeeting (mnmsrvc) - /owner unsupported/ - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Driver classe mouse (Mouclass) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O23 - Service: Driver di mouse HID (mouhid) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mouhid.sys
O23 - Service: Redirector del client WebDav (MRxDAV) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O23 - Service: MRXSMB (MRxSmb) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O23 - Service: Distributed Transaction Coordinator (MSDTC) - /owner unsupported/ - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer (MSIServer) - /owner unsupported/ - C:\WINDOWS\system32\msiexec.exe
O23 - Service: Proxy di servizio di flusso Microsoft (MSKSSRV) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O23 - Service: Proxy clock di flusso Microsoft (MSPCLOCK) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O23 - Service: Proxy di gestione qualità di flusso Microsoft (MSPQM) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSPQM.sys
O23 - Service: Driver BIOS Microsoft System Management (mssmbios) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O23 - Service: Mup (Mup) - /owner unsupported/ -
O23 - Service: Driver di sistema NDIS (NDIS) - /owner unsupported/ -
O23 - Service: Driver TAPI NDIS di accesso remoto (NdisTapi) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O23 - Service: Protocollo I/O modalità utente su NDIS (Ndisuio) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O23 - Service: Driver WAN NDIS di accesso remoto (NdisWan) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O23 - Service: Interfaccia NetBIOS (NetBIOS) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\netbios.sys
O23 - Service: NetBios su Tcpip (NetBT) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\netbt.sys
O23 - Service: DDE di rete (NetDDE) - /owner unsupported/ - C:\WINDOWS\system32\netdde.exe
O23 - Service: DDE DSDM di rete (NetDDEdsdm) - /owner unsupported/ - C:\WINDOWS\system32\netdde.exe
O23 - Service: Accesso rete (Netlogon) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: Connessioni di rete (Netman) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: 1394 Net Driver (NIC1394) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\nic1394.sys
O23 - Service: NLA (Network Location Awareness) (Nla) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Provider supporto protezione LM NT (NtLmSsp) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: Archivi rimovibili (NtmsSvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver filtro traffico IPX (NwlnkFlt) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O23 - Service: Driver inoltratore traffico IPX (NwlnkFwd) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O23 - Service: Controller host Texas Instruments IEEE 1394 compatibile OHCI (ohci1394) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ohci1394.sys
O23 - Service: Office Source Engine (ose) - /owner unsupported/ - C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: Driver della porta parallela (Parport) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\parport.sys
O23 - Service: Driver bus PCI (PCI) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\pci.sys
O23 - Service: Plug and Play (PlugPlay) - /owner unsupported/ - C:\WINDOWS\system32\services.exe
O23 - Service: Servizi IPSEC (PolicyAgent) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: WAN Miniport (PPTP) (PptpMiniport) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O23 - Service: Driver processore (Processor) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\processr.sys
O23 - Service: Archiviazione protetta (ProtectedStorage) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: Utilità di pianificazione pacchetti QoS (PSched) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\psched.sys
O23 - Service: Driver Direct Parallel Link (Ptilink) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O23 - Service: PxHelp20 (PxHelp20) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\PxHelp20.sys
O23 - Service: Driver connessione automatica Accesso remoto (RasAcd) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O23 - Service: Auto Connection Manager di Accesso remoto (RasAuto) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: WAN Miniport (IrDA) (Rasirda) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rasirda.sys
O23 - Service: WAN Miniport (L2TP) (Rasl2tp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O23 - Service: Connection Manager di Accesso remoto (RasMan) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver PPPOE di accesso remoto (RasPppoe) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O23 - Service: Direct Parallel (Raspti) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\raspti.sys
O23 - Service: Rdbss (Rdbss) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O23 - Service: Gestione sessione di assistenza mediante desktop remoto (RDSessMgr) - /owner unsupported/ - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Driver filtro riproduzione CD-ROM audio digitale (redbook) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\redbook.sys
O23 - Service: Routing e Accesso remoto (RemoteAccess) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: RPC Locator (RpcLocator) - /owner unsupported/ - C:\WINDOWS\system32\locator.exe
O23 - Service: RPC (Remote Procedure Call) (RpcSs) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: QoS RSVP (RSVP) - /owner unsupported/ - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver (RTL8023xp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
O23 - Service: Gestione account di protezione (SAM) (SamSs) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: smart card (SCardSvr) - /owner unsupported/ - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Utilità di pianificazione (Schedule) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Secdrv (Secdrv) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O23 - Service: Accesso secondario (seclogon) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Notifica eventi di sistema (SENS) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver filtro Serenum (serenum) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\serenum.sys
O23 - Service: Driver della porta seriale (Serial) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\serial.sys
O23 - Service: Unità disco floppy ad alta capacità (Sfloppy) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\sfloppy.sys
O23 - Service: Windows Firewall / Condivisione connessione Internet (ICS) (SharedAccess) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Rilevamento hardware shell (ShellHWDetection) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver periferica Miniport SMC IrCC (SMCIRDA) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\smcirda.sys
O23 - Service: Frazionatore audio del kernel Microsoft (splitter) - /owner unsupported/ - C:\WINDOWS\system32\drivers\splitter.sys
O23 - Service: Spooler di stampa (Spooler) - /owner unsupported/ - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Driver filtro Ripristino configurazione di sistema (sr) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\sr.sys
O23 - Service: Servizio Ripristino configurazione di sistema (srservice) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Srv (Srv) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\srv.sys
O23 - Service: Servizio di rilevamento SSDP (SSDPSRV) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Acquisizione di immagini di Windows (WIA) (stisvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver bus software (swenum) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\swenum.sys
O23 - Service: Sintetizzatore Wavetable GS kernel Microsoft (swmidi) - /owner unsupported/ - C:\WINDOWS\system32\drivers\swmidi.sys
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - /owner unsupported/ - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Synaptics TouchPad Driver (SynTP) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\SynTP.sys
O23 - Service: Periferica audio di sistema Microsoft Kernel (sysaudio) - /owner unsupported/ - C:\WINDOWS\system32\drivers\sysaudio.sys
O23 - Service: Avvisi e registri di prestazioni (SysmonLog) - /owner unsupported/ - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: szkg (szkg) - /owner unsupported/ - system32\DRIVERS\szkg.sys
O23 - Service: Telefonia (TapiSrv) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver protocollo TCP/IP (Tcpip) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O23 - Service: Driver della periferica terminale (TermDD) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\termdd.sys
O23 - Service: Servizi terminal (TermService) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Temi (Themes) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Manutenzione collegamenti distribuiti client (TrkWks) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - /owner unsupported/ - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Driver aggiornamento microcodice (Update) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\update.sys
O23 - Service: Host di periferiche Plug and Play universali (upnphost) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Gruppo di continuità (UPS) - /owner unsupported/ - C:\WINDOWS\System32\ups.exe
O23 - Service: Driver audio USB (WDM) (usbaudio) - /owner unsupported/ - C:\WINDOWS\system32\drivers\usbaudio.sys
O23 - Service: Driver principale generico USB Microsoft (usbccgp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
O23 - Service: Driver Miniport controller enhanced host USB 2.0 Microsoft (usbehci) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O23 - Service: Hub abilitato USB2 (usbhub) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O23 - Service: Driver miniport per controller open host USB Microsoft (usbohci) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbohci.sys
O23 - Service: Driver scanner USB (usbscan) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O23 - Service: Driver archiviazione di massa USB (USBSTOR) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O23 - Service: Driver Miniport Controller Universal Host USB Microsoft (usbuhci) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbuhci.sys
O23 - Service: Virit eXplorer Lite (viritsvclite) - /owner unsupported/ - C:\VEXPLITE\viritsvc.exe
O23 - Service: Copia replicata del volume (VSS) - /owner unsupported/ - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Ora di Windows (W32Time) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver ARP IP di accesso remoto (Wanarp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O23 - Service: Driver di compatibilità audio Microsoft WINMM WDM (wdmaud) - /owner unsupported/ - C:\WINDOWS\system32\drivers\wdmaud.sys
O23 - Service: WebClient (WebClient) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Strumentazione gestione Windows (winmgmt) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Servizio Numero di serie per dispositivi multimediali portatili (WmdmPmSN) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Strumentazione gestione Microsoft Windows per ACPI (WmiAcpi) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
O23 - Service: Scheda WMI Performance (WmiApSrv) - /owner unsupported/ - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Centro sicurezza PC (wscsvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Aggiornamenti automatici (wuauserv) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Zero Configuration reti senza fili (WZCSVC) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizio Provisioning di rete (xmlprov) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {939AD2FC-2C13-CC5C-35E9-66E5D43620D5} - blank
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} () - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} () - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} () - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} () - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} () - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
Grazie in anticipo

[Smjert]

Allora, vai sulla barra di avvio Start->Esegui->digita regedit, ti si apre l'editor di registro, naviga fino a questa chiave HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, selezionala e nella parte a destra trova questa voce Userinit, cliccaci sopra con il destro->Modifica, nella casella cancella questa parte "c:\windows\siemenstool.exe", compresa la virgola finale mentre lascia la virgola iniziale.

Scarica poi questi due tool camuffati per togliere il LinkOptimizer:

Prevx
http://www.mytempdir.com/1038236

Symantec
http://www.mytempdir.com/1038249

Il prevx lo fai girare da Modalità Normale (alla fine ti chiederà di riavviare il pc), il Symantec da Modalità Provvisoria (F8 al boot).

Mentre sei in M.P. cancella questo file c:\windows\siemenstool.exe.

Torna in Modalità Normale

Posta il log del tool Prevx (C:\gromozon_removal) e del tool Symantec (FixLinkOpt.log).

Scarica HijackThis camuffato,prova a fare un log, decomprimendolo in una cartella tutta sua (ad es. C:\HijackThis), avviandolo e premendo su Do a system scan and save a log file.
Posta poi il log di HijackThis.

[adp1975]

Seguite le istruzioni. Come avevo detto, non ho LinkOptimizer
Log di Gromozon (= a quello di Symantec):
Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni


Trojan.Gromozon does not exist - your system is clean.

L'unica cosa è che non riesco in alcun modo ad aprire Hijackthis. Ho provato a cercare la versione cammuffata, ma mi si chiude il browser.

[Smjert]

[adp1975]

Hijack non c'è modo di farlo.
Questo il report di Kapersky:
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 45077
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 01:31:39

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Network Associates\BOPDATA\_Date-20061110_Time-185831531_EnterceptExceptions.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Network Associates\BOPDATA\_Date-20061110_Time-185831531_EnterceptRules.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Network Associates\Common Framework\Db\Agent_YOUR-A47779BE2C.log Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Network Associates\Common Framework\Db\PrdMgr_YOUR-A47779BE2C.log Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped

C:\Documents and Settings\Francesco\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Francesco\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Francesco\Impostazioni locali\Cronologia\History.IE5\MSHist012006111020061111\index.dat Object is locked skipped

C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Francesco\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Francesco\ntuser.dat Object is locked skipped

C:\Documents and Settings\Francesco\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\VEXPLITE\Francesco\reg.dat Object is locked skipped

C:\VEXPLITE\reg_ecc.dat Object is locked skipped

C:\VEXPLITE\VIRITMON.LOG Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SiemensTool.exe Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{593E64C7-DE44-41F8-BFAD-EA050D2C0119}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[Smjert]

Avevi detto di aver seguito tutte le istruzioni.. mentre dalla scansione di Kaspersky si vede che hai ancora C:\WINDOWS\SiemensTool.exe, devi cancellarlo!
Poi controlla quella chiave di registro (Winlogon) e guarda se c'è solo userinit.exe o se è ritornato siemenstool.exe.

Fai anche una scansione online con Panda.
Alla fine salva il report e posta qua il suo contenuto.

[adp1975]

Veramente l'avevo cancellato... per il resto delle istruzioni ci sentiamo domani...

Intanto grazie per l'aiuto

[adp1975]

Allora il file Siemenstool.exe non mi si cancella, mi dice che è in uso da un altro utente. Lo stesso se cerco di cancellare la extension dalla chiave di registro...
Questo il report di panda:
Incident Status Location

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Francesco\Cookies\francesco@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Francesco\Cookies\francesco@adrevolver[3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Francesco\Cookies\francesco@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Francesco\Cookies\francesco@atdmt[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Francesco\Cookies\francesco@bs.serving-sys[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Francesco\Cookies\francesco@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Francesco\Cookies\francesco@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Francesco\Cookies\francesco@questionmarket[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Francesco\Cookies\francesco@serving-sys[1].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Francesco\Cookies\francesco@spylog[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Francesco\Cookies\francesco@statcounter[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Francesco\Cookies\francesco@tradedoubler[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Francesco\Cookies\francesco@tribalfusion[1].txt

[Smjert]

siemenstool devi eliminarlo da Modalità Provvisoria.

Svuota i cookie del tuo browser.

Edit: cosa vuol dire che non riesci a cancellare la Extension dal registro? cioè non riesci a modificare Winlogon?

[adp1975]

Allora, il file non me lo cancella nemmeno da M.P. (ho cancellato i cookies): mi dice che è in uso da un altro programma o da un altro utente.
E sì, hai capito bene, non riesco a modificare Winlogon: una volta cancellato quello che mi hai detto di cancellare, si ripresenta bello come il sole!
Edit: volevo aggiungere che spesso mi si apre una finestra che mi chiede di connettermi, come se avessi il modem. Ho la connessione LAN.

[Smjert]

Allora scarica Unlocker, installalo (togli la spunta ad Assistant).
Clicca con il destro su siemenstool.exe poi Unlocker, ti apre una finestra che ti segna quali processi stanno usando quel file, segnateli da qualche parte poi premi Sblocca Tutto, a questo punto dovresti poter cancellare il file.
Scrivimi i processi che lo utilizzavano.

[adp1975]

Evviva! Siemenstool.exe si è cancellato! Unlocker mi diceva che il path era locked ma non che era in uso da altri processi. Comunque da Unlocker ho fatto delete e me l'ha cancellato.
Finalmente ho potuto installare Hijackthis. Questo è il report (grazie tante per l'aiuto che mi stai dando!):

Logfile of HijackThis v1.99.1
Scan saved at 19:15:21, on 13/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
C:\Programmi\Network Associates\VirusScan\Mcshield.exe
C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\HPQ\SHARED\HPQWMI.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\Rar$EX00.922\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q305&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&modelID=EH650EA&product_full_name=Pavilion%20ZV6100&PROD_SERIAL_ID=CND53607DD&PURCH_DT_MONTH=09&PURCH_DT_DAY=30&PURCH_DT_YEAR=2005&gwCountry=IT&language=IT&prodOS=011
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\siemenstool.exe",
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {939AD2FC-2C13-CC5C-35E9-66E5D43620D5} - blank (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Programmi\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

[Smjert]

Ciao, Bene!

Avvia HijackThis, premi Do a system scan only, spunta queste voci e poi premi FixChecked:

[adp1975]

Fatto!!!!! Grazie mille!!!!!!
Zeus rules!