Eleonorax
15-06-2007, 19:51
Ciao a tutti...vorrei un vostro aiuto se possible....posto qui 2 log...il primo di findAWF ed il secondo di hijackthis....Potete gentilmente dare un'occhiata per vedere se è tutto a posto?
Premetto che questo pc è del negozio ed è stato preda di dialer INSTAT ACCESS e di trojan apparentemente cancellati, ma il pcc presenta piccoli problemini, tipo lentezza nell'aprire le finestre o a volte non le apre affatto...
Se poi, avete anche qualche suggerimento da darmi, Vi ringrazio ulteriormente :)
Ringrazio In anticipo, intanto :)
Find AWF report by noahdfear ©2006
bak folders found
~~~~~~~~~~~
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 7801-4C7F
Directory di C:\WINDOWS\SYSTEM32\BAK
02/03/2006 14.00 15.360 ctfmon.exe
14/08/2006 14.41 114.688 hkcmd.exe
14/08/2006 14.38 94.208 igfxpers.exe
14/08/2006 14.39 98.304 igfxtray.exe
09/07/2001 11.50 155.648 NeroCheck.exe
5 File 478.208 byte
2 Directory 69.822.742.528 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 7801-4C7F
Directory di C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
23/04/2007 08.47 416.256 avgcc.exe
1 File 416.256 byte
2 Directory 69.822.738.432 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 7801-4C7F
Directory di C:\PROGRA~1\SKYPE\PHONE\BAK
0 File 0 byte
2 Directory 69.822.738.432 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 7801-4C7F
Directory di C:\PROGRA~2\CONEXANT\ADSL\BAK
25/08/2005 11.47 65.536 dslagent.exe
25/08/2005 11.59 344.064 dslstat.exe
2 File 409.600 byte
2 Directory 69.822.738.432 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 7801-4C7F
Directory di C:\WINDOWS\ASSEMBLY\NATIVE~1.507\SBAK
0 File 0 byte
3 Directory 69.822.738.432 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 7801-4C7F
Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\121128~1.546\BAK
02/04/2007 10.43 171.448 GoogleToolbarNotifier.exe
1 File 171.448 byte
2 Directory 69.822.738.432 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 7801-4C7F
Directory di C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK
14/03/2007 03.43 83.608 jusched.exe
1 File 83.608 byte
2 Directory 69.822.738.432 byte disponibili
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
15360 2 Mar 2006 "C:\WINDOWS\system32\ctfmon.exe"
15360 2 Mar 2006 "C:\WINDOWS\system32\bak\ctfmon.exe"
114688 14 Aug 2006 "C:\WINDOWS\system32\bak\hkcmd.exe"
114688 14 Aug 2006 "C:\WINDOWS\system32\DRVSTORE\igxp32_4D226E7C758A79C1253BA55C5288A4315667C2F3\hkcmd.exe"
94208 14 Aug 2006 "C:\WINDOWS\system32\bak\igfxpers.exe"
94208 14 Aug 2006 "C:\WINDOWS\system32\DRVSTORE\igxp32_4D226E7C758A79C1253BA55C5288A4315667C2F3\igfxpers.exe"
98304 14 Aug 2006 "C:\WINDOWS\system32\bak\igfxtray.exe"
98304 14 Aug 2006 "C:\WINDOWS\system32\DRVSTORE\igxp32_4D226E7C758A79C1253BA55C5288A4315667C2F3\igfxtray.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
416256 23 Apr 2007 "C:\Programmi\Grisoft\AVG Free\bak\avgcc.exe"
65536 25 Aug 2005 "C:\Program Files\Conexant\Adsl\bak\dslagent.exe"
344064 25 Aug 2005 "C:\Program Files\Conexant\Adsl\bak\dslstat.exe"
15360 5 Jun 2007 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAK\d3159f090423284eba86aea52f3df56e\SBAK.ni.dll"
52272 2 Apr 2007 "C:\Programmi\Google\googletoolbar2user.exe"
138168 2 Apr 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
171448 2 Apr 2007 "C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
36975 3 May 2006 "C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe"
75520 15 Dec 2006 "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
83608 14 Mar 2007 "C:\Programmi\Java\jre1.6.0_01\bin\bak\jusched.exe"
end of report
______________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 17.12.53, on 15/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\sttray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\U.S. Robotics\Cordless Skype Dual Phone\USR9630.exe
C:\Programmi\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Programmi\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Programmi\Skype\Plugin Manager\SkypePM.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\TeamSystem Software\Gamma Sprint\FRAMEWORK\EXE\Startup.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\pc\Desktop\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Michelangelo USB ADSL Wizard.LNK = C:\Programmi\digicom\Michelangelo USB ADSL\Setup.exe
O4 - Global Startup: USRobotics Cordless Skype Dual Phone.lnk = C:\Programmi\U.S. Robotics\Cordless Skype Dual Phone\USR9630.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: MSSQLSERVER - Unknown owner - C:\Programmi\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Programmi\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE" -i MSSQLSERVER (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Programmi\SigmaTel\C-Major Audio\WDM\STacSV.exe
Saluti
Eleonora
Premetto che questo pc è del negozio ed è stato preda di dialer INSTAT ACCESS e di trojan apparentemente cancellati, ma il pcc presenta piccoli problemini, tipo lentezza nell'aprire le finestre o a volte non le apre affatto...
Se poi, avete anche qualche suggerimento da darmi, Vi ringrazio ulteriormente :)
Ringrazio In anticipo, intanto :)
Find AWF report by noahdfear ©2006
bak folders found
~~~~~~~~~~~
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 7801-4C7F
Directory di C:\WINDOWS\SYSTEM32\BAK
02/03/2006 14.00 15.360 ctfmon.exe
14/08/2006 14.41 114.688 hkcmd.exe
14/08/2006 14.38 94.208 igfxpers.exe
14/08/2006 14.39 98.304 igfxtray.exe
09/07/2001 11.50 155.648 NeroCheck.exe
5 File 478.208 byte
2 Directory 69.822.742.528 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 7801-4C7F
Directory di C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK
23/04/2007 08.47 416.256 avgcc.exe
1 File 416.256 byte
2 Directory 69.822.738.432 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 7801-4C7F
Directory di C:\PROGRA~1\SKYPE\PHONE\BAK
0 File 0 byte
2 Directory 69.822.738.432 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 7801-4C7F
Directory di C:\PROGRA~2\CONEXANT\ADSL\BAK
25/08/2005 11.47 65.536 dslagent.exe
25/08/2005 11.59 344.064 dslstat.exe
2 File 409.600 byte
2 Directory 69.822.738.432 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 7801-4C7F
Directory di C:\WINDOWS\ASSEMBLY\NATIVE~1.507\SBAK
0 File 0 byte
3 Directory 69.822.738.432 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 7801-4C7F
Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\121128~1.546\BAK
02/04/2007 10.43 171.448 GoogleToolbarNotifier.exe
1 File 171.448 byte
2 Directory 69.822.738.432 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 7801-4C7F
Directory di C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK
14/03/2007 03.43 83.608 jusched.exe
1 File 83.608 byte
2 Directory 69.822.738.432 byte disponibili
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
15360 2 Mar 2006 "C:\WINDOWS\system32\ctfmon.exe"
15360 2 Mar 2006 "C:\WINDOWS\system32\bak\ctfmon.exe"
114688 14 Aug 2006 "C:\WINDOWS\system32\bak\hkcmd.exe"
114688 14 Aug 2006 "C:\WINDOWS\system32\DRVSTORE\igxp32_4D226E7C758A79C1253BA55C5288A4315667C2F3\hkcmd.exe"
94208 14 Aug 2006 "C:\WINDOWS\system32\bak\igfxpers.exe"
94208 14 Aug 2006 "C:\WINDOWS\system32\DRVSTORE\igxp32_4D226E7C758A79C1253BA55C5288A4315667C2F3\igfxpers.exe"
98304 14 Aug 2006 "C:\WINDOWS\system32\bak\igfxtray.exe"
98304 14 Aug 2006 "C:\WINDOWS\system32\DRVSTORE\igxp32_4D226E7C758A79C1253BA55C5288A4315667C2F3\igfxtray.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
416256 23 Apr 2007 "C:\Programmi\Grisoft\AVG Free\bak\avgcc.exe"
65536 25 Aug 2005 "C:\Program Files\Conexant\Adsl\bak\dslagent.exe"
344064 25 Aug 2005 "C:\Program Files\Conexant\Adsl\bak\dslstat.exe"
15360 5 Jun 2007 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAK\d3159f090423284eba86aea52f3df56e\SBAK.ni.dll"
52272 2 Apr 2007 "C:\Programmi\Google\googletoolbar2user.exe"
138168 2 Apr 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
171448 2 Apr 2007 "C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
36975 3 May 2006 "C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe"
75520 15 Dec 2006 "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
83608 14 Mar 2007 "C:\Programmi\Java\jre1.6.0_01\bin\bak\jusched.exe"
end of report
______________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 17.12.53, on 15/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\sttray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\U.S. Robotics\Cordless Skype Dual Phone\USR9630.exe
C:\Programmi\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Programmi\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Programmi\Skype\Plugin Manager\SkypePM.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\TeamSystem Software\Gamma Sprint\FRAMEWORK\EXE\Startup.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\pc\Desktop\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Michelangelo USB ADSL Wizard.LNK = C:\Programmi\digicom\Michelangelo USB ADSL\Setup.exe
O4 - Global Startup: USRobotics Cordless Skype Dual Phone.lnk = C:\Programmi\U.S. Robotics\Cordless Skype Dual Phone\USR9630.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: MSSQLSERVER - Unknown owner - C:\Programmi\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Programmi\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE" -i MSSQLSERVER (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Programmi\SigmaTel\C-Major Audio\WDM\STacSV.exe
Saluti
Eleonora