La pagina iniziale di IE si è settata su Fastlook e nel browser (anche di sistema) si è installata un barra chiamata "Search Toolbar".
L'esecuzione di SpybotS&D aggiornato (anche in modalità provvisoria di WinXP) non è servita alla rimozione.
Però SpybotS&D dice di non essere riuscito a rimuovere alcune voci poiché residenti in memoria. Cercandole nel registro (non in modalità provvisoria) non sono riuscito a trovarle.

(no name) - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
Tubby - C:\WINDOWS\System32\vtlbar1.dll - {9EAC0102-5E61-2312-BC2D-76746C56544C}
NAV Helper - C:\Programmi\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\WINDOWS\system32\key.dll - {D8FF9A84-FEB9-4B4B-B36B-D46570203C39}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[{15320607-1001-1831-1000-118599957123}]
CODEBASE = ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//qwduaju//hs...::/painter.exe

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab

[{2048B51E-8D74-4762-82CE-B48CF545EEEA}]
CODEBASE = http://do.gameonstarter.com/cont/sc.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/downlo...22/wmv9VCM.CAB

[NCSView Class]
InProcServer32 = C:\Programmi\Earth Resource Mapping\Image Web Server\Client\NCSView.dll
CODEBASE = http://ww3.atlanteitaliano.it/ecwplugins/ncs.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

[ddm_download.ddm_control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\TEST.OCX
CODEBASE = http://download.rfwnad.com/cab/crack.CAB

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Ambiente supporto di rete AFD: \SystemRoot\System32\drivers\afd.sys (autostart)
aslm75: \??\C:\WINDOWS\system32\drivers\aslm75.sys (autostart)
Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Browser di computer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Bluetooth Serial Driver: \??\C:\WINDOWS\System32\drivers\btserial.sys (autostart)
Bluetooth Port Client Driver: \??\C:\WINDOWS\System32\drivers\btslbcsp.sys (autostart)
Bluetooth Service: C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe (autostart)
C-DillaCdaC11BA: C:\WINDOWS\System32\drivers\CDAC11BA.EXE (autostart)
CdaC15BA: \??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS (autostart)
Servizi di crittografia: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Gestione dischi logici: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
Registro eventi: %SystemRoot%\system32\services.exe (autostart)
Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)
Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)
Guida in linea e supporto tecnico: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
K56: System32\DRIVERS\HSF_K56K.sys (autostart)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Helper NetBIOS di TCP/IP: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Machine Debug Manager: "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
Servizio Norton AntiVirus Auto-Protect: C:\Programmi\Norton AntiVirus\navapsvc.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Servizi IPSEC: %SystemRoot%\System32\lsass.exe (autostart)
Archiviazione protetta: %SystemRoot%\system32\lsass.exe (autostart)
Registro di sistema remoto: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
RPC (Remote Procedure Call): %SystemRoot%\system32\svchost -k rpcss (autostart)
Gestione account di protezione (SAM): %SystemRoot%\system32\lsass.exe (autostart)
ScriptBlocking Service: C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Accesso secondario: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Notifica eventi di sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Sentinel: \SystemRoot\System32\Drivers\SENTINEL.SYS (autostart)
Rilevamento hardware shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)
SpeakerPhone: System32\DRIVERS\HSF_SPKP.sys (autostart)
Spooler di stampa: %SystemRoot%\system32\spoolsv.exe (autostart)
Servizio Ripristino configurazione di sistema: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Acquisizione di immagini di Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
SYMTDI: \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS (autostart)
Temi: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Tones: System32\DRIVERS\HSF_TONE.sys (autostart)
Manutenzione collegamenti distribuiti client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
V124: System32\DRIVERS\HSF_V124.sys (autostart)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Strumentazione gestione Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Numero di serie del supporto portatile: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Zero Configuration reti senza fili: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll