Dialer e file avpx ed exe.exe: dilemma con Win Xp

[nap74]

Salve a tutti,
chiedo il vostro aiuto perchè da un pò di tempo ho due dialer auto rigeneranti che puntualmente cancello e appena riavvio il pc me li ritrovo di nuovo. I file sono exe.exe e avpx.exe
Ho la connessione tradizionale e grazie al cielo sino ad ora mi sono sempre reso conto che compaiono due televisorini in basso alla schermata e cambia il rumore del modem. Così non appena succede disconnetto tutto.
Ho scaricato SpyBot e Adware e company: dopo una prima eliminazione, ieri nuovamente si sono ripresentati i televisorini e mi riappaiono in C i due file su citati.

Premettendo che non sono un esperto di informatica, come posso fare?
Help me.

Nap74

[amvinfe]

fai una scansione con HijackThis e posta il log.
Programma e spiegazioni di come va usato, in Rilievo -links utili-

[nap74]

Salve,
come mi chiedevi ecco cosa esce da HijackThis:

.................................................. .........
Logfile of HijackThis v1.98.2
Scan saved at 13.38.07, on 10/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WALTDCS\wallchanger.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\dory\Documenti\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ijemnp.t.muxa.cc/s.php?aid=586 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ijemnp.t.muxa.cc/s.php?aid=586 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iol.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ijemnp.t.muxa.cc/s.php?aid=586 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ijemnp.t.muxa.cc/s.php?aid=586 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ijemnp.t.muxa.cc/h.php?aid=586 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ijemnp.t.muxa.cc/s.php?aid=586 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ijemnp.t.muxa.cc/s.php?aid=586 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Infostrada LIBERO
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {34507444-6E69-407F-8178-9C414941D9C4} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: (no name) - {05FAB127-6F3A-47ca-8C19-E757DCD2D03C} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Wallchanger] C:\WALTDCS\wallchanger.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /A "C:\WINDOWS\System32\E_S3.tmp"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.iol.it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab
.................................................. ....................

Help me, help me .......... thank you

[amvinfe]

scaricati AdAware ed aggiornalo.

Riavvia in modalità provvisoria apri HJT ed elimina questi valori

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ijemnp.t.muxa.cc/s.php?aid=586 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ijemnp.t.muxa.cc/s.php?aid=586 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ijemnp.t.muxa.cc/s.php?aid=586 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ijemnp.t.muxa.cc/s.php?aid=586 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ijemnp.t.muxa.cc/h.php?aid=586 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ijemnp.t.muxa.cc/s.php?aid=586 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ijemnp.t.muxa.cc/s.php?aid=586 (obfuscated)
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {34507444-6E69-407F-8178-9C414941D9C4} - (no file)
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)


apri AdAware e fai una scansione sempre dalla provvisoria, elimina i valori infetti.
Riavvia e fai una scansione online
Riavvia e posta un nuovo log di HJT

N.B.
AdAware, il corretto utilizzo di HJT ed i links per la scansione online li trovi in Rilievo -links utili-

[nap74]

Grazie per la segnalazione,
anche se non ho la minima idea di quello che sto facendo, ci proverò e ti farò sapere.

Una curiosità: ho visto scritto messenger all'interno delle righe: cosa significa che ho beccato questo dialer attraverso messenger? Mi sai dare qualche spiegazione "umana" su ciò che attualmente è sul mio pc?

Grazie ancora
Nap74

[nap74]

Ecco il log che mi segnala il Pc

.................................................. ...................
Logfile of HijackThis v1.98.2
Scan saved at 18.56.53, on 11/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WALTDCS\wallchanger.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\dory\Documenti\HijackThis.exe
C:\Programmi\File comuni\Real\Update_OB\rnathchk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iol.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Infostrada LIBERO
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {05FAB127-6F3A-47ca-8C19-E757DCD2D03C} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Wallchanger] C:\WALTDCS\wallchanger.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /A "C:\WINDOWS\System32\E_S3.tmp"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.iol.it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab

.................................................. ...................

Cosa significa? Quale è la situazione?
Grazie
Nap74

[amvinfe]

non ti resta che eliminare dalla mod. provvisoria questo vaolre
O3 - Toolbar: (no name) - {05FAB127-6F3A-47ca-8C19-E757DCD2D03C} - (no file)
poi per il resto il log è ok.

[nap74]

Ciao,
ho seguito le tue istruzioni ma escono ancora quei televisorini di cui ti parlavo.
Un solo dubbio: quando ho individuato le righe sul log da eliminare secondo la tua segnalazione, il computer non mi dice esplicitamente elimina, ma mi dice "vuoi che non considero queste righe"? Io ho chiaramente selezionato si.

A questo punto: ho sbagliato io qualcosa o questo maledetto dialer ha tante vite come il diavolo?

Saluti e grazie
Nap 74

[amvinfe]

in rilievo -links utili- c'è una guida per capire come va usato in maniera corretta HijackThis.

[bradipo82]

ho lo stesso problema anch'io , mando anche il mio scan con Hijack :

Logfile of HijackThis v1.97.7
Scan saved at 14.55.23, on 16/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\ctfmon.exe
C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\INTERN~2\KBOSDCtl.EXE
C:\WINDOWS\wavdriver.exe
C:\PROGRA~1\INTERN~2\KCodeMsg.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Massimo\Documenti\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ockhgma.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ockhgma.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ockhgma.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ockhgma.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ockhgma.dll/sp.html (obfuscated)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {74CCFEA1-A877-4D6B-91AB-500D51777CE5} - C:\WINDOWS\System32\ockhgma.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CTFMON.EXE] C:\WINDOWS\ctfmon.exe .
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [LanGuard] "C:\WINDOWS\languard.exe"
O4 - HKLM\..\Run: [svchosts] "C:\WINDOWS\svchosts.exe"
O4 - HKLM\..\Run: [DigiD] "C:\WINDOWS\DigitalSound.exe"
O4 - HKLM\..\Run: [wavdriver] "C:\WINDOWS\wavdriver.exe"
O4 - HKLM\..\Run: [netcom] C:\WINDOWS\netcom.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [jn8sv5v16d] C:\WINDOWS\h0zgs5na6p.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E2F9D054-D2B5-4CE8-9BDF-8BF3A81DB7E9} (ProductIDGatherer.WindowsGatherer) - http://download.microsoft.com/downlo...IDGatherer.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9F408FF-6B70-4D80-82A7-9C5FC9F54423}: NameServer = 213.205.32.70 213.205.36.70

faccio spesso controlli con ad-aware non trovo errori ,
se invece faccio uno scan con spybot ne trovo 5 :

DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\S-1-5-21-448539723-343818398-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\Zones\0\1004!=W=3

contano qualcosa anche questi per il problema ?
per questi , sempre in spybot , faccio la correzione
e mi scrive "5 problemi corretti" ma se faccio una scansione anche subito dopo ci sono ancora.