Probably SpyWare in my computer

BLACK1971 · 07-07-2008, 02:46 AM

Hello to everyone.
I installed a file and now appears a message that my pc is infected and I must connect to a site. I don't have connected to that site.

I can't find this Spyware with Norton Antivirus.

I send my Hijacklog file :

*-----------------*---------------------------------------
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10.28.38, on 07/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Eraser\eraser.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\Programmi\Microsoft Office\Office10\msoffice.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Norton 360\ScanStub.exe
C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
F:\OperaTor\OperaTor.exe
F:\OperaTor\Privoxy\privoxy.exe
F:\OperaTor\Opera\opera.exe
C:\Programmi\Vodafone\Vodafone Mobile Connect\VMConnect.exe
C:\Programmi\Vodafone\Vodafone Mobile Connect\WLANClient\WlanClient.exe
C:\Programmi\Mozilla Firefox\firefox.exe
F:\Antivirus\HiJackThis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mp-service.eu/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {1C1B8A44-61FE-411E-8F33-813A4E2E2984} - C:\WINDOWS\system32\avgsafe.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Mostra barra degli strumenti di Norton - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Eraser] C:\Programmi\Eraser\eraser.exe -hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Invia a &Bluetooth - c:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E9B70D8-C37D-4C1B-A8A1-DA21AF5586D5}: NameServer = 83.224.66.134 83.224.65.134
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10915 bytes
*---------------------------*-----------------------

And my Startup list file :
*-----------------------------*-------------------------

StartupList report, 07/07/2008, 10.31.11
StartupList version: 1.52.2
Started from : F:\Antivirus\HiJackThis\HiJackThis_v2.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\File comuni\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
c:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Eraser\eraser.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\Programmi\Microsoft Office\Office10\msoffice.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-

LC\symlcsvc.exe
C:\Programmi\Norton 360\ScanStub.exe
C:\Programmi\File comuni\Symantec

Shared\VAScanner\comHost.exe
F:\OperaTor\OperaTor.exe
F:\OperaTor\Privoxy\privoxy.exe
F:\OperaTor\Opera\opera.exe
C:\Programmi\Vodafone\Vodafone Mobile Connect\VMConnect.exe
C:\Programmi\Vodafone\Vodafone Mobile

Connect\WLANClient\WlanClient.exe
C:\Programmi\Mozilla Firefox\firefox.exe
F:\Antivirus\HiJackThis\HiJackThis_v2.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Mauro Perin\Menu

Avvio\Programmi\Esecuzione automatica]
OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3

\program\quickstart.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu

Avvio\Programmi\Esecuzione automatica]
BTTray.lnk = ?
Microsoft Office.lnk = C:\Programmi\Microsoft

Office\Office10\OSA.EXE
WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
Avvio veloce di Adobe Reader.lnk =

C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LaunchApp = Alaunch
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
SynTPLpr = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
PCMService = "C:\Programmi\Arcade\PCMService.exe"
BluetoothAuthenticationAgent = rundll32.exe

bthprops.cpl,,BluetoothAuthenticationAgent
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil

/RemAdvDef /Migration32
MSPY2002 = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

/SYNC
PHIME2002ASync = C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

/IMEName
ATIPTA = C:\Programmi\ATI Technologies\ATI Control

Panel\atiptaxx.exe
EPM-DM = c:\acer\epm\epm-dm.exe
ePowerManagement = C:\Acer\ePM\ePM.exe boot
LManager = C:\Programmi\Launch Manager\QtZgAcer.EXE
eRecoveryService = C:\Programmi\Acer\eRecovery\Monitor.exe
SunJavaUpdateSched = C:\Programmi\Java\jre1.5.0_06

\bin\jusched.exe
NWEReboot =
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
QuickTime Task = "C:\Programmi\QuickTime\qttask.exe" -

atboottime
iTunesHelper = "C:\Programmi\iTunes\iTunesHelper.exe"
ccApp = "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
Symantec PIF AlertEng = "C:\Programmi\File comuni\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}

\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}

\AlertEng.dll"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Programmi\Messenger\msmsgs.exe" /background
H/PC Connection Agent = "C:\Programmi\Microsoft

ActiveSync\WCESCOMM.EXE"
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} =

"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
Skype = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash

/minimized
Eraser = C:\Programmi\Eraser\eraser.exe -hide

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command

(Default) = "C:\WINDOWS\notepad.exe" "%1"

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Programmi\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3}
(no name) - C:\WINDOWS\system32\avgsafe.dll - {1C1B8A44-

61FE-411E-8F33-813A4E2E2984}
(no name) - C:\Programmi\File comuni\Symantec

Shared\coShared\Browser\1.5\NppBho.dll - {1E8A6170-7264-

4D0F-BEAE-D42A53123C75}
(no name) - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\programmi\google\googletoolbar1.dll -

{AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Programmi\PDFCreator Toolbar\v3.0.0.0

\PDFCreator_Toolbar.dll - {C451C08A-EC37-45DF-AAAD-

18B51AB5E837}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32

\Macromed\Flash\Flash9f.ocx
CODEBASE =

http://download.macromedia.com/pub/s...abs/flash/swfl

ash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\WINDOWS\system32\wshbth.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Documents and Settings\Mauro

Perin\Impostazioni locali\Temp\WCESCOMM.LOG||C:\Documents

and Settings\Mauro Perin\Impostazioni

locali\Temp\Perflib_Perfdata_14c.dat||C:\Documents and

Settings\Mauro Perin\Impostazioni

locali\Temp\~DF85D0.tmp||C:\Documents and Settings\Mauro

Perin\Impostazioni locali\Temp\WCESCOMM.LOG||C:\Documents

and Settings\Mauro Perin\Impostazioni

locali\Temp\Perflib_Perfdata_14c.dat||C:\Documents and

Settings\Mauro Perin\Impostazioni

locali\Temp\~DF85D0.tmp||C:\WINDOWS\Temp\JET5AD9.tmp||C:\WIN

DOWS\Temp\JET5B46.tmp||C:\WINDOWS\Temp\cc2.tmp||C:\WINDOWS\T

emp\cc3.tmp||C:\WINDOWS\Temp\cc4.tmp

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
End of report, 9.459 bytes
Report generated in 0,328 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious

data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if

running on WinNT
/forcent - to include WinNT-only startups even if

running on Win9x
/forceall - to include all Win9x and WinNT startups,

regardless of platform
/history - to list version history only

*---------------------------*---------------------------

Can anyone help me ?

Thanks to all.