Olimpo Informatico

[agatina]

perche' ogni tanto mi disconnette. questo il log

Logfile of HijackThis v1.99.1
Scan saved at 17.40.33, on 12/06/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\QuickTime\bak\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Skype\Plugin Manager\SkypePM.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\elenina\Impostazioni locali\Temp\Directory temporanea 2 per hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{04876BEA-311F-42B6-9DFD-0A07F07B835B}: NameServer = 193.12.150.2 212.247.152.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{04876BEA-311F-42B6-9DFD-0A07F07B835B}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

[kevin]

ciao Agatina,
mentre aspettiamo gli esperti potremmo iniziare a fare questo:

Avvia HijackThis, premi Do a system scan only, spunta queste voci e poi premi FixChecked:


O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com

poi riposta un nuovo log.

[agatina]

ecco
Logfile of HijackThis v1.99.1
Scan saved at 18.30.34, on 12/06/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\QuickTime\bak\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Skype\Plugin Manager\SkypePM.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\elenina\Impostazioni locali\Temp\Directory temporanea 3 per hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{04876BEA-311F-42B6-9DFD-0A07F07B835B}: NameServer = 193.12.150.2 212.247.152.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{04876BEA-311F-42B6-9DFD-0A07F07B835B}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

[bdoriano]

Il log di hijackthis sembrerebbe pulito.
Ti consiglio caldamente di aggiornare Windows con il Service Pack 2.

Per un ulteriore controllo, scarica questo tool e scompattalo in una sua cartella
avvia il tool
seleziona "File" => "Standard scripts "
metti la spunta su ?Advanced System Investigation"
clicca su "Execute selected scripts".
conferma.
Viene creato il file virusinfo_syscheck.zip che trovi nella sottocartella LOGS dove hai scompattato il tool.

carica il log su http://www.freefilehosting.net/ e qui metti solo il link per poterlo scaricare.

[Orange]

@BD

ciao, agatina, benvenuta anche dalla parte mia!
puoi fare anche il controllo con questo tool?
metti qui il log creato.

[agatina]

Grazie,orange,pensavo di aver risolto. ora rimango connesso,ma il pc e' lntissimo..
questo e' il log


Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~

Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\ITUNES\BAK

14/03/2007 19.05 257.088 iTunesHelper.exe
1 File 257.088 byte
2 Directory 39.505.174.528 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\MESSEN~1\BAK

02/08/2001 08.14 1.077.277 msmsgs.exe
1 File 1.077.277 byte
2 Directory 39.505.174.528 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\QUICKT~1\BAK

16/02/2007 10.54 282.624 qttask.exe
1 File 282.624 byte
2 Directory 39.505.174.528 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\WINDOWS\SYSTEM32\BAK

31/08/2001 14.00 13.312 ctfmon.exe
09/07/2001 12.50 155.648 NeroCheck.exe
2 File 168.960 byte
2 Directory 39.505.174.528 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\AHEAD\INCD\BAK

07/09/2004 15.25 1.400.944 InCD.exe
1 File 1.400.944 byte
2 Directory 39.505.174.528 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

08/11/2002 16.50 98.304 SMTray.exe
1 File 98.304 byte
2 Directory 39.505.055.744 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

08/12/2003 18.35 32.768 PDVDServ.exe
1 File 32.768 byte
2 Directory 39.505.055.744 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 39.505.055.744 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\SKYPE\PHONE\BAK

0 File 0 byte
2 Directory 39.505.055.744 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\TRUST\TRUSTM~1\BAK

03/06/2007 14.32 462.848 CnxDslTb.exe
1 File 462.848 byte
2 Directory 39.505.162.240 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK

15/03/2007 19.41 185.896 realsched.exe
1 File 185.896 byte
2 Directory 39.505.055.744 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\SECURI~2\BAK

02/11/2004 16.59 218.240 UsrPrmpt.exe
1 File 218.240 byte
2 Directory 39.505.055.744 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

23568 6 Jun 2007 "C:\Programmi\iTunes\iTunesHelper.exe"
257088 14 Mar 2007 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
102400 1 Apr 2007 "C:\WINDOWS\Installer\{AB90749C-7422-4580-8A7A-66CC5E9E5F98}\iTunesIco.exe"
116288 14 Mar 2007 "C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe"
23568 6 Jun 2007 "C:\Programmi\Messenger\msmsgs.exe"
1077277 2 Aug 2001 "C:\Programmi\Messenger\bak\msmsgs.exe"
1667584 20 Aug 2004 "C:\WINDOWS\SoftwareDistribution\Download\59c09c8627b551c5be08ab5777d2dca8\msmsgs.exe"
23568 6 Jun 2007 "C:\Programmi\QuickTime\qttask.exe"
282624 16 Feb 2007 "C:\Programmi\QuickTime\bak\qttask.exe"
13312 31 Aug 2001 "C:\WINDOWS\system32\ctfmon.exe"
13312 31 Aug 2001 "C:\WINDOWS\system32\bak\ctfmon.exe"
15360 20 Aug 2004 "C:\WINDOWS\SoftwareDistribution\Download\59c09c8627b551c5be08ab5777d2dca8\ctfmon.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
1400944 7 Sep 2004 "C:\Programmi\Ahead\InCD\bak\InCD.exe"
98304 8 Nov 2002 "C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe"
32768 8 Dec 2003 "C:\Programmi\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe"
23568 6 Jun 2007 "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
462848 3 Jun 2007 "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\bak\CnxDslTb.exe"
185896 15 Mar 2007 "C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe"
218240 2 Nov 2004 "C:\Programmi\File comuni\Symantec Shared\Security Center\bak\UsrPrmpt.exe"


end of report

[bdoriano]

Scarica questo tool e scompattalo in una sua cartella.
Avvialo.
Clicca su input script manually
clicca sulla lente d'ingrandimento
nella finestra che ti si apre, inserisci queste righe:

[agatina]

questo e' l'esito
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\swlyrpgg

*******************

Script file located at: \??\C:\WINDOWS\xjqollyk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\iTunes\iTunesHelper.exe deleted successfully.
File C:\Programmi\Messenger\msmsgs.exe deleted successfully.
File C:\Programmi\QuickTime\qttask.exe deleted successfully.
File C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe deleted successfully.
File move operation C:\Programmi\iTunes\bak\iTunesHelper.exe|C:\Programmi\iTunes\iTunesHelper.exe completed successfully.
File move operation C:\Programmi\Messenger\bak\msmsgs.exe|C:\Programmi\Messenger\msmsgs.exe completed successfully.
File move operation C:\Programmi\QuickTime\bak\qttask.exe|c:\Programmi\QuickTime\qttask.exe completed successfully.


File C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\bak\CnxDslTbexe not found!
File move operation C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\bak\CnxDslTbexe|C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe failed!

Could not process line:
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\bak\CnxDslTbexe|C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

[bdoriano]

Strano...

[agatina]

questo il risultato


Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~

Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\ITUNES\BAK

0 File 0 byte
2 Directory 39.489.703.936 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\MESSEN~1\BAK

0 File 0 byte
2 Directory 39.489.703.936 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\QUICKT~1\BAK

0 File 0 byte
2 Directory 39.489.703.936 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\WINDOWS\SYSTEM32\BAK

31/08/2001 14.00 13.312 ctfmon.exe
09/07/2001 12.50 155.648 NeroCheck.exe
2 File 168.960 byte
2 Directory 39.489.703.936 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\AHEAD\INCD\BAK

07/09/2004 15.25 1.400.944 InCD.exe
1 File 1.400.944 byte
2 Directory 39.489.703.936 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

08/11/2002 16.50 98.304 SMTray.exe
1 File 98.304 byte
2 Directory 39.489.703.936 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

08/12/2003 18.35 32.768 PDVDServ.exe
1 File 32.768 byte
2 Directory 39.489.703.936 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 39.489.703.936 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\SKYPE\PHONE\BAK

0 File 0 byte
2 Directory 39.489.703.936 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\TRUST\TRUSTM~1\BAK

0 File 0 byte
2 Directory 39.489.703.936 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK

15/03/2007 19.41 185.896 realsched.exe
1 File 185.896 byte
2 Directory 39.489.703.936 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 20C2-B032

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\SECURI~2\BAK

02/11/2004 16.59 218.240 UsrPrmpt.exe
1 File 218.240 byte
2 Directory 39.489.703.936 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

13312 31 Aug 2001 "C:\WINDOWS\system32\ctfmon.exe"
13312 31 Aug 2001 "C:\WINDOWS\system32\bak\ctfmon.exe"
15360 20 Aug 2004 "C:\WINDOWS\SoftwareDistribution\Download\59c09c8627b551c5be08ab5777d2dca8\ctfmon.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
1400944 7 Sep 2004 "C:\Programmi\Ahead\InCD\bak\InCD.exe"
98304 8 Nov 2002 "C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe"
32768 8 Dec 2003 "C:\Programmi\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe"
185896 15 Mar 2007 "C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe"
218240 2 Nov 2004 "C:\Programmi\File comuni\Symantec Shared\Security Center\bak\UsrPrmpt.exe"


end of report

[Orange]

a posto.
riscontri ancora problemi?

[agatina]

purtroppo. da quando clicco a quando le cartelle si aprono passano minimo 10 sec.... il norton, in apertura finisce la diagnostica in 5 minuti minimo. su internet e' lentissimo. avvilente

[Orange]

ma non sarà proprio Norton il problema? è tristemente nota la sua "leggerezza"...

al limite fai uno scan con Kaspersky per vedere se abbiamo tralasciato qualcosa.

[agatina]

questo dice kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, June 19, 2007 7:19:40 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/06/2007
Kaspersky Anti-Virus database records: 349312
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 25619
Number of viruses found: 30
Number of infected objects: 142 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:34:24

Infected Object Name / Virus Name / Last Action
C:\9C.tmp Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\LiveUpdate\2007-06-19_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\00E57405.exe Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\00EC47FE.exe Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\014804D8.exe Infected: Trojan-Downloader.Win32.Mediket.df skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\01FB55BA.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\01FE7FB7.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\069107A9.tmp Infected: Trojan-Proxy.Win32.Xorpix.ar skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\102B4782.dll Infected: Backdoor.Win32.Agent.uu skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\136E02C5.dll Infected: Backdoor.Win32.Agent.uu skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\13712C4E.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\14016B87.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\14326151.exe Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\1438354A.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\175B3284.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.as skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\1BD907C0.exe Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\1BE205B5.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\1DA93B44.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\1DB00F3D.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\1FF86ABA.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\200F10A1 Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\20123A9D.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\21491F86.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\216D5A6A.exe Infected: Trojan-Downloader.Win32.Murlo.fa skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\21DA75FF Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\22383796 Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\2372763D.exe Infected: Trojan.Win32.Qhost.it skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\23EA33C9.dll Infected: Backdoor.Win32.Agent.uu skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\25093B80.exe Infected: Trojan-Downloader.Win32.Mediket.df skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\25AE5F5B.exe Infected: Trojan-Downloader.Win32.Mediket.df skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\29D260BE.exe Infected: Trojan.Win32.Dialer.ri skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\2CE02AED.exe Infected: Trojan.Win32.Obfuscated.dr skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\2E5A4E1B.exe Infected: Trojan-Downloader.Win32.Mediket.df skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\2FDB4F98.exe Infected: Trojan-Downloader.Win32.Mediket.df skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\314F0228.dll Infected: Backdoor.Win32.Agent.adr skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\32D9350D.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\33724FE4.exe Infected: Trojan-Downloader.Win32.Mediket.df skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\33E851E2.exe Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\361B70A7.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\361E1AA3.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\38317AE1.exe Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\3894200B.dll Infected: Trojan.Win32.Agent.ady skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\38A471F9.exe Infected: Trojan.Win32.Obfuscated.dr skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\39DD31DD.exe Infected: Trojan-Downloader.Win32.Mediket.df skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\3A5A2365 Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\3A5D4D62.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\3AFC65CE.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\3B5E5162.exe Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\3BB92F64.exe Infected: Trojan-Downloader.Win32.Mediket.df skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\3C670C89.exe Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\3C7E3270.exe Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\3FD91D48.exe Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\404830CE.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\404B5ACA.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\40EC2162.exe Infected: Trojan-Downloader.Win32.Small.eqf skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\461C054A.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\46AC133C.exe Infected: Trojan-Downloader.Win32.Small.ego skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\48AB72CC.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\48D63DB7.dll Infected: Backdoor.Win32.Agent.uu skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\49345635.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\49631670.sys Infected: Trojan.Win32.Agent.ady skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\496961A0.dll Infected: Backdoor.Win32.Agent.adr skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\4A9333D7.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\4A975DD3.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\4D427DBF.txt Infected: Trojan.Win32.Dialer.ri skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\4E82105F.txt Infected: Trojan-Downloader.Win32.Small.ehs skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\4EF32D90.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\4F721304.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\4F737D98 Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\4F834F86.dll Infected: Backdoor.Win32.Agent.uu skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\4F834F86.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\520B0C2E.dll Infected: Backdoor.Win32.Agent.uu skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\524A7270.dll Infected: Backdoor.Win32.Agent.adr skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\524C1DD6.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\52A73571.exe Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\52B45D63.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\53825840.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\540467B0.exe Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\541B0D97.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\556E1D88.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\55C60B27.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\55D0091C.exe Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\589C1B00.exe Infected: Backdoor.Win32.Agent.alq skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\59327184.exe Infected: Trojan-Downloader.Win32.Mediket.df skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\59F46220.exe Infected: Trojan-Downloader.Win32.Mediket.df skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\5E4A27D0.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\5E606E8B.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\5E834470.dll Infected: Backdoor.Win32.Agent.uu skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\5EB5322D.exe Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\5EB85C2A.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\611C789A.dll Infected: Trojan-Proxy.Win32.Xorpix.ar skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\6743642F.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\69901258.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\6A1D07B1.dll Infected: Backdoor.Win32.Agent.uu skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\6A4E12E6.dll Infected: Backdoor.Win32.Agent.uu skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\6F7A0F34.dll Infected: Backdoor.Win32.Agent.uu skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\72202D86.exe Infected: Trojan-Downloader.Win32.Mediket.df skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\726E329B.exe Infected: Trojan-Downloader.Win32.Mediket.df skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\72B0575E.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\730B482A.dll Infected: Backdoor.Win32.Agent.uu skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\79EC3BF8.exe Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\7A582582.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\7D6A6884.exe Infected: Constructor.Win32.MicroJoiner.17 skipped
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\7D810E6B.htm Infected: Constructor.Win32.MicroJoiner.17 skipped
C:\Documents and Settings\elenina\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\elenina\Dati applicazioni\Microsoft\Internet Explorer\svchost.exe Infected: not-a-virus:Porn-Dialer.Win32.Small.w skipped
C:\Documents and Settings\elenina\Dati applicazioni\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\elenina\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\elenina\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\elenina\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\elenina\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\elenina\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\elenina\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\AntiSpam\Log\SPAM.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SNDCON.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SNDFW.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Programmi\File comuni\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Programmi\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Programmi\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Programmi\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Programmi\Norton Internet Security\Norton AntiVirus\Savrt\0085NAV~.TMP Object is locked skipped
C:\Programmi\Norton Internet Security\Norton AntiVirus\Savrt\0499NAV~.TMP Object is locked skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP10\A0001534.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP11\A0002534.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP11\A0002541.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP11\A0002554.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP11\A0002561.exe Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP11\A0002579.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP11\A0003579.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP11\A0003585.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP11\A0004585.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\A0004593.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\A0004603.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\A0004609.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\A0004624.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\A0005624.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\A0006624.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\A0006644.exe Infected: Trojan-Downloader.Win32.Mediket.dt skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\A0006645.exe Infected: Trojan.Win32.LipGame.cd skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\A0006646.dll Infected: Trojan-Clicker.Win32.Agent.ac skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\A0007624.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\A0008624.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\A0009627.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\A0009642.exe Infected: Trojan-Clicker.Win32.Agent.hz skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\A0009643.exe Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\A0009654.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\A0009670.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\A0009680.exe Infected: not-a-virus:Dialer.Win32.Agent.k skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP12\change.log Object is locked skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP9\A0000527.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{C4A4E5D3-2510-4D49-B0F0-015787786024}\RP9\A0001527.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\WINDOWS\csrs.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\WINDOWS\csrs.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\internt.exe Infected: Trojan.Win32.LipGame.ck skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CnxDslWz.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\etc\oldhosts Infected: Trojan.Win32.Qhost.it skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\itunesff.exe Infected: Trojan.Win32.LipGame.ck skipped
C:\WINDOWS\system32\msdrives\driverpp.sys Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\WINDOWS\system32\msnup.exe Infected: Trojan.Win32.Dialer.rt skipped
C:\WINDOWS\system32\update2.exe Infected: Trojan-Downloader.Win32.Small.egj skipped
C:\WINDOWS\system32\update7.exe Infected: Trojan-Downloader.Win32.Small.egj skipped
C:\WINDOWS\system32\vbsys2.dll Infected: Trojan-Clicker.Win32.Agent.ac skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\xpdx.sys Object is locked skipped
C:\WINDOWS\Temp\$_2341233.TMP Object is locked skipped
C:\WINDOWS\Temp\$_2341234.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[bdoriano]

C'è ancora qualcosina da ripulire...
Avvia avenger.
Clicca su input script manually
clicca sulla lente d'ingrandimento
nella finestra che ti si apre, inserisci queste righe:

[agatina]

ecco il log
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fkifpqlv

*******************

Script file located at: \??\C:\WINDOWS\System32\unqbpdci.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\9C.tmp deleted successfully.
File C:\Documents and Settings\elenina\Dati applicazioni\Microsoft\Internet Explorer\svchost.exe deleted successfully.
File C:\WINDOWS\csrs.dll deleted successfully.
File C:\WINDOWS\csrs.exe deleted successfully.
File C:\WINDOWS\internt.exe deleted successfully.
File C:\WINDOWS\system32\drivers\etc\oldhosts deleted successfully.
File C:\WINDOWS\system32\itunesff.exe deleted successfully.
File C:\WINDOWS\system32\msdrives\driverpp.sys deleted successfully.
File C:\WINDOWS\system32\msnup.exe deleted successfully.
File C:\WINDOWS\system32\update2.exe deleted successfully.
File C:\WINDOWS\system32\update7.exe deleted successfully.
File C:\WINDOWS\system32\vbsys2.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[bdoriano]

Ok. Rifai un log con hijackthis.

[agatina]

eccolo

Logfile of HijackThis v1.99.1
Scan saved at 20.58.27, on 19/06/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Skype\Plugin Manager\SkypePM.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\elenina\Impostazioni locali\Temp\Directory temporanea 4 per hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [itunesff] C:\WINDOWS\system32\itunesff.exe -go -c220 -w90
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04876BEA-311F-42B6-9DFD-0A07F07B835B}: NameServer = 193.12.150.2 212.247.152.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{04876BEA-311F-42B6-9DFD-0A07F07B835B}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O21 - SSODL: Systemcheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

[Orange]

vedo che abbiamo tralasciato un sacco di cose..

disattiva il ripristino
avvia in mod. provvisoria
fissa queste voci con HJT:
O4 - HKLM\..\Run: [itunesff] C:\WINDOWS\system32\itunesff.exe -go -c220 -w90
O21 - SSODL: Systemcheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)

svuota anche la cartella di quarantena di Norton
dai una ripulita con CCleaner e Eusing Free Registry Cleaner

rifai il log e mettilo qui

[bdoriano]

Disabilita il ripristino di sistema e riavvia il pc in modalità provvisoria.
Avvia hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci: