I post the log of runscanner.
Thanks for analysis.
Runscanner logfile http://www.runscanner.net
* = signed file
- = file not found
000 General info
----------------
Computer name : SERVER
Creation time : 31/1/2008 20.37.44
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.6000.16575
OS : Windows Vista Ultimate
OS Build : 6000
OS SP :
RunScanner Version : 1.6.1.0
User Language : Italiano (Italia)
User rights : Administrator
Windows folder : C:\Windows
001 Running processes
---------------------
c:\program files\asus\aasp\1.00.33\aacenter.exe
* c:\program files\common files\acronis\schedule2\schedul2.exe (Acronis)
* c:\program files\common files\acronis\schedule2\schedhlp.exe (Acronis)
* c:\program files\acronis\trueimagehome\trueimagemonitor.exe (Acronis)
c:\program files\iobit\advanced windowscare v2\awcl.exe (IObit)
c:\program files\antivir personaledition classic\avguard.exe (Avira GmbH)
c:\program files\antivir personaledition classic\sched.exe (Avira GmbH)
c:\program files\antivir personaledition classic\avgnt.exe (Avira GmbH)
* c:\windows\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\system32\wininit.exe (Microsoft Corporation)
* c:\program files\windows media player\wmpnscfg.exe (Microsoft Corporation)
* c:\windows\system32\services.exe (Microsoft Corporation)
* c:\windows\system32\spoolsv.exe (Microsoft Corporation)
c:\program files\a-squared anti-dialer\a2adguard.exe (a-squared)
c:\program files\a-squared anti-dialer\a2service.exe (Emsi Software GmbH)
* c:\program files\alwil software\avast4\ashserv.exe (ALWIL Software)
* c:\program files\alwil software\avast4\aswupdsv.exe (ALWIL Software)
* c:\program files\alwil software\avast4\ashmaisv.exe (ALWIL Software)
* c:\program files\alwil software\avast4\ashdisp.exe (ALWIL Software)
* c:\program files\alwil software\avast4\ashwebsv.exe (ALWIL Software)
c:\program files\faxtalk communicator\ftctrl32.exe (Thought Communications, Inc.)
* c:\windows\windowsmobile\wmdc.exe (Microsoft Corporation)
* c:\program files\comodo\firewall\cmdagent.exe (COMODO)
c:\program files\comodo\cboclean\bocore.exe (COMODO)
c:\program files\comodo\cboclean\boc425.exe (COMODO)
* c:\windows\system32\conime.exe (Microsoft Corporation)
* c:\program files\eraser\eraser.exe (Heidi Computers Ltd)
* c:\windows\explorer.exe (Microsoft Corporation)
c:\program files\faxtalk communicator\fapiexe.exe (Thought Communications, Inc.)
* c:\windows\system32\dwm.exe (Microsoft Corporation)
c:\program files\google\google desktop search\googledesktop.exe (Google)
c:\program files\google\google desktop search\googledesktop.exe (Google)
c:\program files\google\google desktop search\googledesktop.exe (Google)
* C:\Windows\system32\audiodg.exe (Microsoft Corporation)
* c:\program files\java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
c:\program files\keepass password safe\keepass.exe (Dominik Reichl)
* c:\program files\common files\logitech\khalshared\khalmnpr.exe (Logitech Inc.)
c:\program files\logitech\setpoint\setpoint.exe (Logitech Inc.)
* c:\windows\ehome\ehmsas.exe (Microsoft Corporation)
* c:\windows\ehome\ehtray.exe (Microsoft Corporation)
* c:\windows\system32\mobsync.exe (Microsoft Corporation)
* c:\windows\system32\taskeng.exe (Microsoft Corporation)
* c:\windows\system32\taskeng.exe (Microsoft Corporation)
* c:\program files\acronis\trueimagehome\timountermonitor.exe (Acronis)
c:\windows\system32\nvraidservice.exe (NVIDIA Corporation)
c:\program files\poptray\poptray.exe (Renier Crause)
c:\program files\vidalia bundle\privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
c:\program files\asus\pc probe ii\probe2.exe (ASUS)
* c:\windows\system32\lsass.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\csrss.exe (Microsoft Corporation)
* c:\windows\system32\csrss.exe (Microsoft Corporation)
* c:\program files\runscanner\runscanner.exe (Runscanner.net)
* c:\program files\siteadvisor\6253\saservice.exe
* c:\program files\windows media player\wmpnetwk.exe (Microsoft Corporation)
* c:\windows\system32\slsvc.exe (Microsoft Corporation)
* c:\windows\system32\lsm.exe (Microsoft Corporation)
* c:\windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
* c:\program files\siteadvisor\6253\siteadv.exe
* c:\program files\spybot - search & destroy\sdwinsec.exe (Safer Networking Ltd.)
* c:\program files\common files\acronis\fomatik\trueimagetrystartservice.exe
* c:\windows\system32\zonelabs\vsmon.exe (Check Point Software Technologies LTD)
c:\program files\unlocker\unlockerassistant.exe
* c:\program files\comodo\vengine\vengine.exe (Comodo CA Ltd.)
c:\program files\vidalia bundle\vidalia\vidalia.exe
c:\program files\weather watcher\ww.exe (Singer's Creations)
* c:\program files\windows defender\msascui.exe (Microsoft Corporation)
* c:\windows\system32\smss.exe (Microsoft Corporation)
* c:\windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
* c:\program files\xdrive\xdrive desktop\xdriveservice.exe (Xdrive LLC)
c:\program files\xdrive\xdrive desktop\xdrivetray.exe (Xdrive LLC)
* c:\program files\zone labs\zonealarm\zlclient.exe (Check Point Software Technologies LTD)
002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\common files\acronis\schedule2\schedhlp.exe (Acronis)
* c:\program files\acronis\trueimagehome\timountermonitor.exe (Acronis)
c:\program files\a-squared anti-dialer\a2adguard.exe (a-squared)
* c:\progra~1\alwils~1\avast4\ashdisp.exe (ALWIL Software)
c:\program files\antivir personaledition classic\avgnt.exe (Avira GmbH)
c:\progra~1\comodo\cboclean\boc425.exe (COMODO)
c:\program files\faxtalk communicator\ftctrl32.exe (Thought Communications, Inc.)
c:\program files\google\google desktop search\googledesktop.exe (Google)
c:\windows\jm\jminside.exe
c:\program files\asus\pc probe ii\probe2.exe (ASUS)
* C:\Windows\khalmnpr.exe (Logitech Inc.)
c:\windows\system32\nvraidservice.exe (NVIDIA Corporation)
c:\program files\quicktime\qttask.exe (Apple Inc.)
* c:\program files\siteadvisor\6253\siteadv.exe
* c:\program files\acronis\trueimagehome\trueimagemonitor.exe (Acronis)
c:\program files\unlocker\unlockerassistant.exe
* c:\program files\zone labs\zonealarm\zlclient.exe (Check Point Software Technologies LTD)
003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\eraser\eraser.exe (Heidi Computers Ltd)
c:\program files\keepass password safe\keepass.exe (Dominik Reichl)
c:\program files\innovatools\uninstallability\uability.exe (Aurelitec, Inc.)
c:\program files\vidalia bundle\vidalia\vidalia.exe
c:\program files\weather watcher\ww.exe (Singer's Creations)
c:\program files\xdrive\xdrive desktop\xdrivetray.exe (Xdrive LLC)
004 C:\Users\paolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
--------------------------------------------------------------------------------
c:\progra~1\poptray\poptray.exe (Renier Crause)
005 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
----------------------------------------------------------------
c:\progra~1\logitech\setpoint\setpoint.exe (Logitech Inc.)
c:\progra~1\vidali~1\privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
006 %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
-------------------------------------------------------------------
c:\progra~1\logitech\setpoint\setpoint.exe (Logitech Inc.)
c:\progra~1\vidali~1\privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
007 %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
-------------------------------------------------------------------------------
c:\progra~1\poptray\poptray.exe (Renier Crause)
010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
* c:\program files\common files\acronis\schedule2\schedul2.exe (Acronis Scheduler2 Service)
* c:\program files\common files\acronis\fomatik\trueimagetrystartservice.exe (Acronis Try And Decide Service)
* c:\program files\lavasoft\ad-aware 2007\aawservice.exe (Ad-Aware 2007 Service)
c:\program files\antivir personaledition classic\avguard.exe (AntiVir PersonalEdition Classic Guard)
c:\program files\antivir personaledition classic\sched.exe (AntiVir PersonalEdition Classic Scheduler)
c:\program files\a-squared anti-dialer\a2service.exe (a-squared Anti-Dialer Service)
c:\program files\a-squared free\a2service.exe (a-squared Free Service)
* c:\program files\alwil software\avast4\ashserv.exe (avast! Antivirus)
* c:\program files\alwil software\avast4\aswupdsv.exe (avast! iAVS4 Control Service)
* c:\program files\alwil software\avast4\ashmaisv.exe (avast! Mail Scanner)
* c:\program files\alwil software\avast4\ashwebsv.exe (avast! Web Scanner)
c:\program files\comodo\cboclean\bocore.exe (BOCore)
c:\program files\google\google desktop search\googledesktop.exe (GoogleDesktopManager)
* c:\program files\spybot - search & destroy\sdwinsec.exe (SBSD Security Center Service)
* c:\program files\siteadvisor\6253\saservice.exe (Servizio SiteAdvisor)
* c:\windows\system32\zonelabs\vsmon.exe (TrueVector Internet Monitor)
* c:\program files\xdrive\xdrive desktop\xdriveservice.exe (Xdrive Service)
011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
* C:\Windows\system32\drivers\snapman.sys (Acronis Snapshots Manager)
* C:\Windows\system32\drivers\timntr.sys (Acronis True Image Backup Archive Explorer)
* C:\Windows\system32\drivers\tifsfilt.sys (Acronis True Image FS Filter)
* C:\Windows\system32\drivers\tdrpman.sys (Acronis Try&Decide and Restore Points filter)
* C:\Windows\system32\drivers\asio.sys (AsIO)
* C:\Windows\system32\drivers\aswmonflt.sys (aswMonFlt)
* c:\windows\system32\drivers\aswrdr.sys (aswRdr)
* c:\windows\system32\drivers\aswtdi.sys (avast! Network Shield Support)
* c:\program files\antivir personaledition classic\avgio.sys (avgio)
* c:\program files\antivir personaledition classic\avgntflt.sys (avgntflt)
* C:\Windows\system32\drivers\avipbb.sys (avipbb)
* c:\program files\comodo\cboclean\bocdrive.sys (BOClean Kernel Monitor.)
c:\program files\asus\asusupdate\bs_def.sys (BS_DEF)
c:\windows\system32\drivers\eio.sys (EIO)
* C:\Windows\system32\drivers\l8042kbd.sys (Logitech SetPoint Keyboard Driver)
* C:\Windows\system32\drivers\nvmfdx32.sys (NVIDIA nForce Networking Controller Driver)
* C:\Windows\system32\drivers\lmouke.sys (SetPoint Mouse Filter Driver)
* C:\Windows\system32\drivers\l8042mou.sys (SetPoint PS/2 Mouse Filter Driver)
* C:\Windows\system32\drivers\ssmdrv.sys (ssmdrv)
c:\program files\unlocker\unlockerdriver5.sys (UnlockerDriver5)
* C:\Windows\system32\drivers\3c1807pd.sys (USRobotics V.92 Voice Win Int)
* C:\Windows\system32\drivers\vsdatant.sys (Zone Alarm Firewall Driver)
031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
* c:\program files\siteadvisor\6253\siteadv.dll {3A5DC592-7723-4EAA-9EE6-AF4222BCF879}
041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
* c:\program files\siteadvisor\6253\siteadv.dll {0BF43445-2F28-4351-9252-17FE6E806AA0}
042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
GUID / CLSID not found {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
GUID / CLSID not found {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
GUID / CLSID not found {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
GUID / CLSID not found {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
GUID / CLSID not found {92780B25-18CC-41C8-B9BE-3C9C571A8263}
052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
* c:\progra~1\spybot~1\sdhelper.dll (Safer Networking Limited) {53707962-6F74-2D53-2644-206D7942484F}
c:\progra~1\stardo~1\sdieint.dll {FFFFFEF0-5B30-21D4-945D-000000000000}
* c:\program files\siteadvisor\6253\siteadv.dll {089FD14D-132B-48FC-8861-0048AE113215}
061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
c:\program files\7-zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
* c:\program files\acronis\trueimagehome\tishell.dll (Acronis) {C539A15A-3AF9-4c92-B771-50CB78F5C751}
* c:\program files\acronis\trueimagehome\tishell.dll (Acronis) {C539A15B-3AF9-4c92-B771-50CB78F5C751}
c:\program files\a-squared free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF}
* c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
c:\program files\bulk rename utility\bruhere.dll (Bulk Rename Utility) {5D924130-4CB1-11DB-B0DE-0800200C9A66}
* c:\windows\system32\erasext.dll (-) {8BE13461-936F-11D1-A87D-444553540000}
c:\program files\logitech\setpoint\mcplext.dll (Logitech Inc.) {B9B9F083-2B04-452A-8691-83694AC1037B}
c:\program files\logitech\setpoint\kbcplext.dll (Logitech Inc.) {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}
c:\program files\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
c:\program files\unlocker\unlockercom.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
c:\program files\xdrive\xdrive desktop\propext.dll {802293E4-9A69-4387-A084-42814E0BAE29}
c:\program files\xdrive\xdrive desktop\overlay.dll (XDrive) {5D64CBA3-BDEC-427C-8A7F-8CB7C9EA7C74}
c:\program files\xdrive\xdrive desktop\overlay.dll (XDrive) {7C541B8D-BD5A-4687-9010-50E2B5D4A8E4}
c:\program files\xdrive\xdrive desktop\overlay.dll (XDrive) {39C2972F-3338-471B-8D67-FA82E46E3AC2}
062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
c:\program files\common files\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
063 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
---------------------------------------------------------------------
- autocheck
* C:\Windows\system32\lsdelete.exe
069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
* C:\Windows\system32\dopdfmn5.dll (Softland)
C:\Windows\system32\ftcumn47.dll (Thought Communications, Inc.)
c:\windows\system32\ventmon.dll
070 HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
---------------------------------------------------------------------
C:\Windows\system32\relog_ap.dll (Acronis)
073 %windir%\Tasks
------------------
Advanced WindowsCare Personal Startup.job : c:\program files\iobit\advanced windowscare v2\awcl.exe (IObit)
Spybot - Search & Destroy - Scheduled Task.job : c:\program files\spybot - search & destroy\spybotsd.exe (Safer Networking Limited)
SyncBack Altri files di configurazione.job : c:\program files\2brightsparks\syncback\syncback.exe (2BrightSparks)
SyncBack Backup su Z.job : c:\program files\2brightsparks\syncback\syncback.exe (2BrightSparks)
Xdrive Backup - Foto.job : c:\program files\xdrive\xdrive desktop\xdrunner.exe (Xdrive Inc.)
104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* c:\program files\quicktime\qtplugin.ocx (Apple Inc.) {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
&Windows Live Search : res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
Add to Windows &Live Favorites : http://favorites.liv...m/quickadd.aspx
Download With &SeqDownload : file://C:\Program Files\SeqDownload\iemenu.htm
E&sporta in Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
Salva oggetto con Star Downloader : C:\Program Files\Star Downloader\sdie.htm
Save to &Xdrive : res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
120 Domain/DNS hijacking
------------------------
NameServer {3094439B-966B-477F-B684-56046A2CF6DB} : 212.216.172.62,212.216.112.112
121 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
--------------------------------------------------------------------------
c:\progra~1\google\google~2\goec62~1.dll (Google)
173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
c:\program files\7-zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
c:\program files\xdrive\xdrive desktop\rightclickext.dll {3C6CC269-AFF3-4D07-BB07-B26A86A4FEED}
c:\program files\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
* c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
c:\program files\bulk rename utility\bruhere.dll (Bulk Rename Utility) {5D924130-4CB1-11DB-B0DE-0800200C9A66}
c:\program files\xdrive\xdrive desktop\propext.dll {802293E4-9A69-4387-A084-42814E0BAE29}
* c:\windows\system32\erasext.dll (-) {8BE13461-936F-11D1-A87D-444553540000}
c:\program files\powerarchiver\pashlext.dll (eFront Media, Inc.) {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}
c:\program files\crittografia\bfacslib.dll {FBEA4C34-00F5-11d3-A707-0000B4432A4C}
* c:\program files\acronis\trueimagehome\tishell.dll (Acronis)
177 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
----------------------------------------------------------------------------
0.0.0.0,0.0.0.0,192.168.0.1,-1