qualcuno è cosi gentile,da indicarmi come posso fare per liberarmi di questo virus che mi assilla da mesi.
Updated: July 3, 2006 11:50:16 AM GDT
Type: Adware
Version: www.dollarrevenue.com
Risk Impact: High
File Names: 45.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

The following instructions pertain to all Symantec antivirus products that support security risk detection.

Update the definitions.
Run a full system scan.
Delete any values added to the registry.

For specific details on each of these steps, read the following instructions.

1. To update the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.


2. To run the scan
Start your Symantec antivirus program, and then run a full system scan.

If any files are detected, and depending on which software version you are using, you may see one or more of the following options:

Note: This applies only to versions of Norton AntiVirus that support security risk detection. If you are running a version of Symantec AntiVirus Corporate Edition that supports security risk detection, and security risk detection has been enabled, you will only see a message box that gives the results of the scan. If you have questions in this situation, contact your network administrator.

Exclude (Not recommended): If you click this button, it will set the risk so that it is no longer detectable. That is, the antivirus program will keep the security risk on your computer and will no longer detect it to remove from your computer.


Ignore or Skip: This option tells the scanner to ignore the risk for this scan only. It will be detected again the next time that you run a scan.


Cancel: This option is new to Norton Antivirus 2005. It is used when Norton Antivirus 2005 has determined that it cannot delete a security risk. This Cancel option tells the scanner to ignore the risk for this scan only, and thus, the risk will be detected again the next time that you run a scan.

To actually delete the security risk:
Click its file name (under the Filename column).
In the Item Information box that displays, write down the full path and file name.
Then use Windows Explorer to locate and delete the file.


Delete: This option will attempt to delete the detected files. In some cases, the scanner will not be able to do this.
If you see a message, "Delete Failed" (or similar message), manually delete the file.
Click the file name of the risk that is under the Filename column.
In the Item Information box that displays, write down the full path and file name.
Then use Windows Explorer to locate and delete the file.


Important: If you are unable to start your Symantec antivirus product or the product reports that it cannot delete a detected file, you may need to stop the risk from running in order to remove it. To do this, run the scan in Safe mode. For instructions, read the document, How to start the computer in Safe Mode. Once you have restarted in Safe mode, run the scan again.

After the files are deleted, restart the computer in Normal mode and proceed with the next section.

Warning messages may be displayed when the computer is restarted, since the risk may not be fully removed at this point. You can ignore these messages and click OK. These messages will not appear when the computer is restarted after the removal instructions have been fully completed. The messages displayed may be similar to the following:

Title: [FILE PATH]
Message body: Windows cannot find [FILE NAME]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.


3. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. Read the document: How to make a backup of the Windows registry.

Click Start > Run.
Type regedit

Then click OK.

Note: If the registry editor fails to open the risk may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.


Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\drsmartl


In the right pane, delete the value:

"Install" = "1"


Exit the Registry Editor.

http://www.webroot.com/it/downloads/
Scarica Spysweeper in versione trial, fai una scansione in modalità provvisoria e vedrai che risolverai ;)

posta un log di HJT qui (http://www.hwupgrade.it/forum/showthread.php?t=937676)

l'ho fatto un paio di volte non ci sono riuscito nemmeno mandarli , in quarantina,e poi cancellarli sono due mi pare. questo è il logo

8.17: Traces Found: 10
8.17: Full Sweep has completed. Elapsed time 00.19.09
8.17: File Sweep Complete, Elapsed Time: 00.17.48
8.17: Warning: Failed to access drive L:
8.17: Warning: Failed to access drive K:
8.17: Warning: Failed to access drive J:
8.17: Warning: Failed to access drive I:
8.17: Warning: Failed to access drive H:
8.16: Warning: Failed to access drive E:
8.16: Warning: Failed to access drive D:
8.00: Starting File Sweep
7.59: Warning: Failed to access drive A:
7.59: Cookie Sweep Complete, Elapsed Time: 00.00.00
7.59: salvo@web2.realtracker[1].txt (ID = 3242)
7.59: Found Spy Cookie: realtracker cookie
7.59: salvo@mediaplex[1].txt (ID = 6442)
7.59: Found Spy Cookie: mediaplex cookie
7.59: Starting Cookie Sweep
7.59: Registry Sweep Complete, Elapsed Time:00.00.41
7.59: HKLM\software\classes\dtdp\ (ID = 876977)
7.59: HKCR\dtdp\ (ID = 876940)
7.59: Found Adware: mediaplace
7.59: HKLM\software\classes\typelib\{1dc9d842-044d-11e1-b3c9-00805e499d93}\ (ID = 136961)
7.59: HKLM\software\classes\interface\{1dc9d84f-044d-11e1-b3c9-00805e499d93}\ (ID = 136960)
7.59: HKLM\software\classes\proxyspdobj.proxyspdobj\ (ID = 136958)
7.59: HKCR\typelib\{1dc9d842-044d-11e1-b3c9-00805e499d93}\ (ID = 136957)
7.59: HKCR\interface\{1dc9d84f-044d-11e1-b3c9-00805e499d93}\ (ID = 136956)
7.59: HKCR\proxyspdobj.proxyspdobj\ (ID = 136954)
7.59: Found Adware: proxyspd
7.59: Starting Registry Sweep
7.59: Memory Sweep Complete, Elapsed Time: 00.00.36
7.58: Starting Memory Sweep
7.58: Sweep initiated using definitions version 734
7.58: Spy Sweeper 5.0.7.1608 started
7.58: | Start of Session, sabato 23 settembre 2006 |
********
7.58: | End of Session, sabato 23 settembre 2006 |
7.01: Traces Found: 10
7.01: Full Sweep has completed. Elapsed time 00.20.18
7.01: File Sweep Complete, Elapsed Time: 00.18.33
7.01: Warning: Failed to access drive L:
7.01: Warning: Failed to access drive K:
7.01: Warning: Failed to access drive J:
7.01: Warning: Failed to access drive I:
7.01: Warning: Failed to access drive H:
7.00: Warning: Failed to access drive E:
7.00: Warning: Failed to access drive D:
6.42: Starting File Sweep
6.42: Warning: Failed to access drive A:
6.42: Cookie Sweep Complete, Elapsed Time: 00.00.00
6.42: salvo@web2.realtracker[1].txt (ID = 3242)
6.42: Found Spy Cookie: realtracker cookie
6.42: salvo@mediaplex[1].txt (ID = 6442)
6.42: Found Spy Cookie: mediaplex cookie
6.42: Starting Cookie Sweep
6.42: Registry Sweep Complete, Elapsed Time:00.00.39
6.42: HKLM\software\classes\dtdp\ (ID = 876977)
6.42: HKCR\dtdp\ (ID = 876940)
6.42: Found Adware: mediaplace
6.42: HKLM\software\classes\typelib\{1dc9d842-044d-11e1-b3c9-00805e499d93}\ (ID = 136961)
6.42: HKLM\software\classes\interface\{1dc9d84f-044d-11e1-b3c9-00805e499d93}\ (ID = 136960)
6.42: HKLM\software\classes\proxyspdobj.proxyspdobj\ (ID = 136958)
6.42: HKCR\typelib\{1dc9d842-044d-11e1-b3c9-00805e499d93}\ (ID = 136957)
6.42: HKCR\interface\{1dc9d84f-044d-11e1-b3c9-00805e499d93}\ (ID = 136956)
6.42: HKCR\proxyspdobj.proxyspdobj\ (ID = 136954)
6.42: Found Adware: proxyspd
6.41: Starting Registry Sweep
6.41: Memory Sweep Complete, Elapsed Time: 00.00.42
6.41: Starting Memory Sweep
6.40: Sweep initiated using definitions version 734
6.40: Spy Sweeper 5.0.7.1608 started
6.40: | Start of Session, sabato 23 settembre 2006 |
********
6.40: | End of Session, sabato 23 settembre 2006 |
6.40: Program Version 5.0.7.1608 Using Spyware Definitions 734
23.37: | End of Session, venerdì 22 settembre 2006 |
Keylogger Shield: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
23.37: Shield States
23.36: Spyware Definitions: 734
23.36: Spy Sweeper 5.0.7.1608 started
23.36: Spy Sweeper 5.0.7.1608 started
23.36: | Start of Session, venerdì 22 settembre 2006 |
********
23.39: None
23.39: Traces Found: 0
23.39: Memory Sweep Complete, Elapsed Time: 00.01.48
23.39: Sweep Canceled
Operation: Terminate
Target: C:\PROGRAMMI\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
23.39: Tamper Detection
23.37: Starting Memory Sweep
23.37: Sweep initiated using definitions version 734
23.37: Spy Sweeper 5.0.7.1608 started
23.37: | Start of Session, venerdì 22 settembre 2006 |
********

questo è il logo di hijack

Logfile of HijackThis v1.99.1
Scan saved at 8.45.16, on 23/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\Dit.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\ScanSoft\OmniPage15.0\Opware15.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lexmark 6200 Series\lxbumon.exe
C:\Programmi\Lexmark 6200 Series\ezprint.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Programmi\MemoRex\MemoRex.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\ScanSoft\OmniPage15.0\OpAgent.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Widcomm\Bluetooth Software\BTTray.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Widcomm\Bluetooth Software\BTStackServer.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\lxbucoms.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Silicon Image\SI3114\SiITray.exe
C:\Documents and Settings\Salvo\Documenti\CountDown\CountDown.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Salvo\Desktop\Prog utilizzate\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [MemoREX] "C:\Programmi\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [MMTray] "C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Opware15] "C:\Programmi\ScanSoft\OmniPage15.0\Opware15.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Programmi\ScanSoft\OmniPage15.0\OpScheduler.exe"
O4 - HKLM\..\Run: [ScanSoft OmniPage 15.0-reminder] "C:\Programmi\ScanSoft\OmniPage15.0\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft\OmniPage15.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Programmi\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Programmi\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmi\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Programmi\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [VF0060 STISvc] "RunDLL32.exe" V0060Pin.dll,RunDLL32EP 513
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipStunt] "C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OpAgent] "C:\Programmi\ScanSoft\OmniPage15.0\OpAgent.exe" /agent
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Java SATARaid.lnk = ?
O4 - Global Startup: RAID Manager.lnk = C:\Programmi\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?02a995ab1d3b4e3e99d9aab4ed050cdf
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?02a995ab1d3b4e3e99d9aab4ed050cdf
O8 - Extra context menu item: Apri PDF in Word (PDF Converter 3.0) - res://C:\Programmi\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /400
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157465101656
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{64FBA758-4B61-4255-9824-7FAD46D8C13E}: NameServer = 85.37.17.51 85.38.28.97
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Sistema Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe

ti è stato postato apposta il link dove mettere il log di haij
seguire le indicazioni ?