Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Acer\Acer eConsole\MediaServerService.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Acer\Acer eMode Management\AspireService.exe
C:\Programmi\Acer\Acer eConsole\MediaSync.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Phone\Skype.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Eyetide Media\Eyetide Viewer\EyetideController.exe
C:\Programmi\Microsoft Office\Office10\msoffice.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Marco Banfi\Desktop\stng260.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Marco Banfi\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gooogle.bz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.ricercadoppia.com/behaviors/google
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O1 - Hosts: 205.214.67.211 auto.search.msn.com
O1 - Hosts: 205.214.67.212 auto.search.msn.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: XBTBPos00 Class - {9EC0E71A-88BE-49AF-B690-7C032CDCE8B4} - C:\WINDOWS\DOWNLO~1\CONFLICT.3\RICERC~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_0.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AspireService] C:\Programmi\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Programmi\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [fix] C:\WINDOWS\system32\thecat.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Messenger] C:\WINDOWS\system32\msn_loader.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SecurityUpdate] C:\WINDOWS\system32\SecurityUpdate.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpamTerminator] C:\Programmi\Spam Terminator\Terminator.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Microsoft Security] C:\WINDOWS\system32\iedunper.exe
O4 - HKCU\..\Run: [wke.exe] C:\WINDOWS\system32\wke.exe
O4 - HKCU\..\Run: [apri_tutte_le_pagine[1].exe] C:\WINDOWS\system32\winsvc\svc\apri_tutte_le_pagin e[1].exe
O4 - HKCU\..\Run: [troie.exe] C:\WINDOWS\system32\winsvc\svc\troie.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Eyetide Launcher.lnk = C:\Programmi\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.acquadirose.biz
O15 - Trusted Zone: www.acquadirose.com
O15 - Trusted Zone: www.analcord.com
O15 - Trusted Zone: www.cisiamodibrutto.com
O15 - Trusted Zone: www.coppiastrana.biz
O15 - Trusted Zone: www.coppiastrana.com
O15 - Trusted Zone: www.cywanstorage.biz
O15 - Trusted Zone: www.dettaglio.biz
O15 - Trusted Zone: www.forteforte.com
O15 - Trusted Zone: www.gooogle.bz
O15 - Trusted Zone: content.licenseacquisition.org
O15 - Trusted Zone: www.pc-localhost
O15 - Trusted Zone: www.phishingfix.biz
O15 - Trusted Zone: www.phishnigfix.biz
O15 - Trusted Zone: www.playmore.biz
O15 - Trusted Zone: www.preferiti-windows.com
O15 - Trusted Zone: www.ricercadoppia.com
O15 - Trusted Zone: www.scalalap.com
O15 - Trusted Zone: www.secureappz.com
O15 - Trusted Zone: www.senzatempo.biz
O15 - Trusted Zone: www.sextriere.com
O15 - Trusted Zone: www.supermonica.biz
O15 - Trusted Zone: www.tuttaqualita.com
O15 - Trusted Zone: www.virgilio.in
O15 - Trusted Zone: www.vispateresa.biz
O15 - Trusted Zone: www.what-you-want.biz
O15 - Trusted Zone: www.xread.biz
O15 - Trusted Zone: cds.zangocash.com
O16 - DPF: {01E69986-A054-4C52-ABE8-EF63DF1C5211} - http://www.cywanstorage.biz/SUPERINS...ercadoppia.cab
O16 - DPF: {03E9BA8E-B2A3-437C-AA3F-0EE4A6B1C224} - http://www.popup-freesex-adv.biz/PhisInstaller.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {3177243B-362A-4021-935B-1A5328CDECBC} - http://www.playmore.biz/SUpdate.exe
O16 - DPF: {381E86E3-E7CE-46FC-BA2C-E83D3B6E4309} - http://www.cywanstorage.biz/WWE/Catto.exe
O16 - DPF: {3A4DCD02-A451-4799-9E1C-AC0D4F769A97} - http://www.cywanstorage.biz/PHFX/MSPhish.exe
O16 - DPF: {3F5E67E1-81E6-4487-BF6F-07941A080BAB} - http://www.cywanstorage.biz/SUPERINS.../messenger.exe
O16 - DPF: {42953420-19EF-4EE7-89BD-5E41846AF76B} - http://www.playmore.biz/pop/fine/Foto.exe
O16 - DPF: {4360E841-FE3E-427F-98DC-7ABC8ACE6665} - http://www.cywanstorage.biz/FFF6/FotoVacanze.exe
O16 - DPF: {4BEF29D6-A5C7-4330-9B56-2AF01286E45B} - http://www.popup-freesex-adv.biz/regphidett.exe
O16 - DPF: {4D4C0269-8303-4448-80DC-A3DE34BC5374} - http://www.cywanstorage.biz/XZF44/troie.exe
O16 - DPF: {698D2E14-0489-4EA8-A483-962DA0D05968} - http://www.cisiamodibrutto.com/35anni/lettera.exe
O16 - DPF: {73B9A791-BA9E-418A-B5A4-948B63BE04F7} - http://www.playmore.biz/pop/tialla.exe
O16 - DPF: {8838BDA8-9C2E-480C-8926-3104C642D7E4} - http://www.gooogle.bz/cywtr.exe
O16 - DPF: {8D7D6D73-8BC2-488A-A035-64D708FC038F} - http://www.cywanstorage.biz/LNKSHR/Checkout.exe
O16 - DPF: {914EDE1B-31BC-41C4-BC43-04EA43372765} - http://www.cywanstorage.biz/PHFX/certo.exe
O16 - DPF: {96966B7C-CA72-4928-895B-1C2F0E5302A9} - http://www.cywanstorage.biz/CXDF2/pialla.exe
O16 - DPF: {9CAEE012-5DFF-11DB-8373-B622A1EF5492} - http://www.cywanstorage.biz/SUPERINSTALLER/Amarcord.exe
O16 - DPF: {A2E136E1-D81B-4EB5-A990-9FD0C9F517D1} - http://www.preferiti-windows.com/engine/bravo.exe
O16 - DPF: {B21B0CED-97EC-4699-8456-1F23BE60A455} - http://www.popup-freesex-adv.biz/wke.exe
O16 - DPF: {C2805F9F-0F0A-4631-A89F-ABE6B7C76223} - http://www.ricercadoppia.com/banner/RicDopp.exe
O16 - DPF: {C3CDCDA1-FD97-488D-8EE8-24098CD9C0D2} - http://www.popup-freesex-adv.biz/start.exe
O16 - DPF: {E1FE4155-5CF8-4B2F-A6CF-FE39B3A14FF4} - http://www.ricercadoppia.com/fatture.exe
O16 - DPF: {EA8804CE-A2F0-4773-89B8-1E5168A1D8D7} - http://www.playmore.biz/pop/notepad.exe
O16 - DPF: {F40F43F6-890C-479D-A996-306123662084} - http://www.gooogle.bz/Gooog.exe
O16 - DPF: {FDD394B8-F6A0-4307-95F2-EF3ED18874FB} - http://www.phishingfix.biz/CheckedUrlList/tialla.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{637EF90E-A396-4844-BE57-A81822F660CC}: NameServer = 85.37.17.15 85.38.28.74
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Programmi\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Rispondi quotando