antoxx89

Grazie mille..spero che i problemi si siano risolti! In caso contrario ( incrociamo le dita) te lo dirò! Grazie tante per la tua pazienza e soprattutto un applauso alla tua preparazione! Hai una soluzione per ogni problema!!

si..ultimamente mentre sono collegata compare questo messaggio: Si è verificato un errore in Generic Host Process for Win32 Services. L'applicazione verrà chiusa.

ops Eccolo: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 18.48.35, on 19/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe C:\WINDOWS\system32\svchost.exe C:\VEXPLITE\viritsvc.exe C:\WINDOWS\system32\dllhost.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\Windows Media Player\wmplayer.exe C:\Programmi\MSN Messenger\usnsvc.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\MSN Messenger\livecall.exe C:\Program Files\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ninaxx89.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135146805026 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...anner371110.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B1FF5ADE-AF58-45DF-9865-15B770595273}: NameServer = 85.37.17.39 85.38.28.71 O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe -- End of file - 5364 bytes

Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 14.40.57, on 19/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\HiJackThis_v2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_it.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://es6-scripts.dlv4.com/binaries/egacc..._1071_em_XP.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ninaxx89.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135146805026 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...anner371110.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe -- End of file - 4987 bytes

VirIT eXplorer Lite Log [sCANSIONE DELLA MEMORIA] OK [sCANSIONE DELLA MEMORIA] OK -------------------------------------------------------- 17/04/2007 - 22:24:14 [sCANSIONE DEL REGISTRO] {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} Infetto da Trojan.Win32.InstantAcces.AD [C:] MASTER BOOT RECORD: OK BOOT SECTOR: OK C:\WINDOWS\pzo.exe Infetto da Trojan.Win32.Agent.ATI C:\WINDOWS\system32\com2.all Infetto da Trojan.Win32.RootKit.R C:\WINDOWS\system32\rsvp32_2.dll Infetto da LSP.Cimuz.D C:\WINDOWS\system32\rsvp32_2.dlltrhr45 Infetto da LSP.Cimuz.D C:\WINDOWS\system32\spywinclean.exe Infetto da Trojan.Win32.Agent.ATI Chiavi Registro infette: 1. Files Infetti: 5. Files Sospetti: 0. Files Analizzati: 44572. Files Totali: 44572. Chiavi Registro rimosse: 0. Virus Rimossi: 0. Logfile of HijackThis v1.99.1 Scan saved at 16.10.08, on 18/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\VEXPLITE\MONLITE.EXE C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\linkprd.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe C:\WINDOWS\system32\svchost.exe C:\VEXPLITE\viritsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Programmi\MSN Messenger\usnsvc.exe C:\Programmi\MSN Messenger\livecall.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O4 - HKLM\..\Run: [spyClean] c:\windows\system32\spywinclean.exe O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [instant Access] C:\WINDOWS\system32\linkprd.exe /res O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_it.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://es6-scripts.dlv4.com/binaries/egacc..._1071_em_XP.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ninaxx89.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135146805026 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...anner371110.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B1FF5ADE-AF58-45DF-9865-15B770595273}: NameServer = 85.37.17.39 85.38.28.71 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\inakalky ******************* Script file located at: \??\C:\WINDOWS\system32\ieimdtdg.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\daxukhedrp.exe deleted successfully. File C:\WINDOWS\Prefetch\DAXUKHEDRP.EXE-1E3CCAB5.p_ deleted successfully. File C:\WINDOWS\system32\com2 not found! Deletion of file C:\WINDOWS\system32\com2 failed! Could not process line: C:\WINDOWS\system32\com2 Status: 0xc0000034 File C:\WINDOWS\system32\daxukhedrp.dat deleted successfully. File C:\WINDOWS\system32\daxukhedrp_nav.dat deleted successfully. Could not get size of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs Replacement with dummy of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Removal tool loaded into memory Gromozon rootkit component not detected - searching for other components Scanning: C:\WINDOWS Scanning: C:\Programmi\File comuni Trojan.Gromozon does not exist - your system is clean. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe Questo non compare!!! Inoltre non riesco ad eseguire lo scan con Kaspersky perchè il pc si spegne!!

VirIT VirIT eXplorer Lite Log [sCANSIONE DELLA MEMORIA] OK -------------------------------------------------------- 14/04/2007 - 14:50:54 [sCANSIONE DEL REGISTRO] {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} Infetto da Trojan.Win32.InstantAcces.AD [A:] BOOT SECTOR: OK [C:] MASTER BOOT RECORD: OK BOOT SECTOR: OK RootKit C:\WINDOWS\system32\daxukhedrp.exe,Hidden application file, Hidden fileC:\WINDOWS\Prefetch\DAXUKHEDRP.EXE-1E3CCAB5.p_,Hidden fileC:\WINDOWS\system32\com2,Hidden fileC:\WINDOWS\system32\daxukhedrp.dat,Hidden fileC:\WINDOWS\system32\daxukhedrp_nav.dat,Hidden fileC:\WINDOWS\system32\daxukhedrp_navps.dat,Hidden fileC:\WINDOWS\system32\dgsetup.dll,Hidden fileC:\WINDOWS\system32\dmconfig.dll,Hidden fileC:\WINDOWS\system32\dpnwsock.dll,Hidden fileC:\WINDOWS\system32\dsprop.dll,Hidden fileC:\WINDOWS\system32\expand.exe,Hidden fileC:\WINDOWS\system32\inetcfg.dll,Hidden fileC:\WINDOWS\system32\ipxpromn.dll,Hidden fileC:\WINDOWS\system32\joy.cpl,Hidden file Find AWF report by noahdfear ©2006 bak folders found ~~~~~~~~~~~ Il volume nell'unit… C non ha etichetta. Numero di serie del volume: 2026-30F7 Directory di C:\PROGRA~1\MSNMES~1\BAK 0 File 0 byte 2 Directory 10.090.049.536 byte disponibili Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ end of report

Salve! Ho un problema...a parte quello di Instant Access che è ricomparso. Ho seguito tutte le procedure...le cartelle bak sono state eliminate ma non va via! Se avete altre soluzioni sono qui!! Comunque ho un altro problema... Ho fatto la scansione cn Avg Anti-Rootkit e ne ha visualizzati tantissimi come ad esempio: C:/WINDOWS/system32/daxukhedrp.exe ed altri ancora che iniziano con C:WINDOES/system32 Se provo ad eliminarli mi dice che l'operazione potrebbe essere pericolosa... Voi che dite? Li posso eliminare? Grazie in anticipo!!

Grazie mille per aver risolto questo problema!!!!!!

L'icona di Instant Access non è più spuntata! Nessun problema quindi...potresti darmi qualche dritta per evitare di prendere questi fastidiosi trojan?

Prima ho fatto la scansione con Kaspersky e poi l'altra cosa con il Gromozon!! Symantec Trojan.Linkoptimizer Removal Tool 1.0.8 Restored SeDebugPrivilege to Administrators group Trojan.Linkoptimizer has not been found on your computer. Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 9 ActiveX Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader 7.0 - Italiano Adobe Shockwave Player Adobe Stock Photos 1.0 ADSL 302T Aggiornamento della protezione per Windows XP (KB890046) Aggiornamento della protezione per Windows XP (KB893066) Aggiornamento della protezione per Windows XP (KB893756) Aggiornamento della protezione per Windows XP (KB896358) Aggiornamento della protezione per Windows XP (KB896422) Aggiornamento della protezione per Windows XP (KB896423) Aggiornamento della protezione per Windows XP (KB896424) Aggiornamento della protezione per Windows XP (KB896428) Aggiornamento della protezione per Windows XP (KB899587) Aggiornamento della protezione per Windows XP (KB899589) Aggiornamento della protezione per Windows XP (KB899591) Aggiornamento della protezione per Windows XP (KB900725) Aggiornamento della protezione per Windows XP (KB901017) Aggiornamento della protezione per Windows XP (KB901214) Aggiornamento della protezione per Windows XP (KB902400) Aggiornamento della protezione per Windows XP (KB904706) Aggiornamento della protezione per Windows XP (KB905414) Aggiornamento della protezione per Windows XP (KB905749) Aggiornamento della protezione per Windows XP (KB905915) Aggiornamento per Windows XP (KB894391) Aggiornamento per Windows XP (KB898461) Aggiornamento per Windows XP (KB910437) Aggiornamento rapido per Windows XP - KB873339 Aggiornamento rapido per Windows XP - KB885250 Aggiornamento rapido per Windows XP - KB885835 Aggiornamento rapido per Windows XP - KB885836 Aggiornamento rapido per Windows XP - KB886185 Aggiornamento rapido per Windows XP - KB887472 Aggiornamento rapido per Windows XP - KB887742 Aggiornamento rapido per Windows XP - KB888113 Aggiornamento rapido per Windows XP - KB888302 Aggiornamento rapido per Windows XP - KB890859 Aggiornamento rapido per Windows XP - KB891781 Alien Skin Eye Candy 5 Nature Alien Skin Xenofex 2.0 Animation Shop 3 Try And Buy ArcSoft Panorama Maker 3 ArcSoft PhotoImpression AVG Anti-Rootkit Beta AVG Anti-Spyware 7.5 AVG Free Edition CCleaner (remove only) CDex extraction audio DivX DVD Decrypter (Remove Only) DVD Shrink 3.2 eMule Plus 1.2a Eye Candy 4000 Give4Free Plugin Google Earth HijackThis 1.99.1 Installazione Guidata Alice ADSL J2SE Runtime Environment 5.0 Update 4 Jasc Paint Shop Pro 9 Kaspersky Online Scanner K-Lite Codec Pack 2.53 Standard L&H TTS3000 Italiano Language Engineering Power Translator Megaupload Toolbar Messenger Plus! Live Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 1.1 Italian Language Pack Microsoft Office Professional Edition 2003 Nero 7 Demo Nikon FotoShare Nokia Connectivity Cable Driver Nokia PC Suite PictureProject Pinnacle Hollywood FX 5 PowerDVD SmartSound Quicktracks Plugin Software per stampante EPSON Studio 9 Studio 9.4 Patch TRUST 120 SPACEC@M Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Live OneCare safety scanner Windows Live Sign-in Assistant WinRAR gestione archivi Xara3D6

GROMOZON Removal tool loaded into memory Gromozon rootkit component not detected - searching for other components Scanning: C:\WINDOWS Scanning: C:\Programmi\File comuni Removing protected file: C:\Programmi\File comuni\Services\AATGxt.exe Removing protected file: C:\Programmi\File comuni\Services\AClTd.exe Removing protected file: C:\Programmi\File comuni\Services\agC.exe Removing protected file: C:\Programmi\File comuni\Services\amorfQ.exe Removing protected file: C:\Programmi\File comuni\Services\AuYD.exe Removing protected file: C:\Programmi\File comuni\Services\aVirT.exe Removing protected file: C:\Programmi\File comuni\Services\aYA.exe Removing protected file: C:\Programmi\File comuni\Services\bdC.exe Removing protected file: C:\Programmi\File comuni\Services\BQYU.exe Removing protected file: C:\Programmi\File comuni\Services\Bva.exe Removing protected file: C:\Programmi\File comuni\Services\Bvo.exe Removing protected file: C:\Programmi\File comuni\Services\bxP.exe Removing protected file: C:\Programmi\File comuni\Services\cCW.exe Removing protected file: C:\Programmi\File comuni\Services\CeP.exe Removing protected file: C:\Programmi\File comuni\Services\CETfM.exe Removing protected file: C:\Programmi\File comuni\Services\chBWP.exe Removing protected file: C:\Programmi\File comuni\Services\CQh.exe Removing protected file: C:\Programmi\File comuni\Services\cWr.exe Removing protected file: C:\Programmi\File comuni\Services\DDHk.exe Removing protected file: C:\Programmi\File comuni\Services\DRN.exe Removing protected file: C:\Programmi\File comuni\Services\dur.exe Removing protected file: C:\Programmi\File comuni\Services\eeG.exe Removing protected file: C:\Programmi\File comuni\Services\eFROjn.exe Removing protected file: C:\Programmi\File comuni\Services\Egc.exe Removing protected file: C:\Programmi\File comuni\Services\eGE.exe Removing protected file: C:\Programmi\File comuni\Services\ekAdi.exe Removing protected file: C:\Programmi\File comuni\Services\EOsO.exe Removing protected file: C:\Programmi\File comuni\Services\eow.exe Removing protected file: C:\Programmi\File comuni\Services\EWVgp.exe Removing protected file: C:\Programmi\File comuni\Services\eyEiMP.exe Removing protected file: C:\Programmi\File comuni\Services\fCd.exe Removing protected file: C:\Programmi\File comuni\Services\fcn.exe Removing protected file: C:\Programmi\File comuni\Services\FJr.exe Removing protected file: C:\Programmi\File comuni\Services\fQN.exe Removing protected file: C:\Programmi\File comuni\Services\fVXXZ.exe Removing protected file: C:\Programmi\File comuni\Services\FzLd.exe Removing protected file: C:\Programmi\File comuni\Services\gBe.exe Removing protected file: C:\Programmi\File comuni\Services\geM.exe Removing protected file: C:\Programmi\File comuni\Services\goG.exe Removing protected file: C:\Programmi\File comuni\Services\gRtfZ.exe Removing protected file: C:\Programmi\File comuni\Services\HClIE.exe Removing protected file: C:\Programmi\File comuni\Services\Hhp.exe Removing protected file: C:\Programmi\File comuni\Services\HJb.exe Removing protected file: C:\Programmi\File comuni\Services\hJU.exe Removing protected file: C:\Programmi\File comuni\Services\HKU.exe Removing protected file: C:\Programmi\File comuni\Services\IdF.exe Removing protected file: C:\Programmi\File comuni\Services\ieA.exe Removing protected file: C:\Programmi\File comuni\Services\IJhzK.exe Removing protected file: C:\Programmi\File comuni\Services\isi.exe Removing protected file: C:\Programmi\File comuni\Services\iTp.exe Removing protected file: C:\Programmi\File comuni\Services\jCb.exe Removing protected file: C:\Programmi\File comuni\Services\JcQHoE.exe Removing protected file: C:\Programmi\File comuni\Services\jmvEHq.exe Removing protected file: C:\Programmi\File comuni\Services\JPpRf.exe Removing protected file: C:\Programmi\File comuni\Services\jSS.exe Removing protected file: C:\Programmi\File comuni\Services\JTMwq.exe Removing protected file: C:\Programmi\File comuni\Services\jtOTWS.exe Removing protected file: C:\Programmi\File comuni\Services\jUM.exe Removing protected file: C:\Programmi\File comuni\Services\Jvjv.exe Removing protected file: C:\Programmi\File comuni\Services\JwEMd.exe Removing protected file: C:\Programmi\File comuni\Services\Jza.exe Removing protected file: C:\Programmi\File comuni\Services\KAUb.exe Removing protected file: C:\Programmi\File comuni\Services\KcC.exe Removing protected file: C:\Programmi\File comuni\Services\keP.exe Removing protected file: C:\Programmi\File comuni\Services\KiC.exe Removing protected file: C:\Programmi\File comuni\Services\kkQ.exe Removing protected file: C:\Programmi\File comuni\Services\kNQC.exe Removing protected file: C:\Programmi\File comuni\Services\KVd.exe Removing protected file: C:\Programmi\File comuni\Services\KYYDgx.exe Removing protected file: C:\Programmi\File comuni\Services\KZXCJ.exe Removing protected file: C:\Programmi\File comuni\Services\lbkLo.exe Removing protected file: C:\Programmi\File comuni\Services\LBwnHH.exe Removing protected file: C:\Programmi\File comuni\Services\lDO.exe Removing protected file: C:\Programmi\File comuni\Services\LFf.exe Removing protected file: C:\Programmi\File comuni\Services\lFjt.exe Removing protected file: C:\Programmi\File comuni\Services\lKE.exe Removing protected file: C:\Programmi\File comuni\Services\lSGIWW.exe Removing protected file: C:\Programmi\File comuni\Services\lWonP.exe Removing protected file: C:\Programmi\File comuni\Services\lXw.exe Removing protected file: C:\Programmi\File comuni\Services\Maa.exe Removing protected file: C:\Programmi\File comuni\Services\mAGjnS.exe Removing protected file: C:\Programmi\File comuni\Services\mauH.exe Removing protected file: C:\Programmi\File comuni\Services\MiQv.exe Removing protected file: C:\Programmi\File comuni\Services\MjWHEu.exe Removing protected file: C:\Programmi\File comuni\Services\mKBwu.exe Removing protected file: C:\Programmi\File comuni\Services\MMN.exe Removing protected file: C:\Programmi\File comuni\Services\mRUPtu.exe Removing protected file: C:\Programmi\File comuni\Services\MtB.exe Removing protected file: C:\Programmi\File comuni\Services\MTu.exe Removing protected file: C:\Programmi\File comuni\Services\MyxK.exe Removing protected file: C:\Programmi\File comuni\Services\MzdT.exe Removing protected file: C:\Programmi\File comuni\Services\nbIBvW.exe Removing protected file: C:\Programmi\File comuni\Services\NdKI.exe Removing protected file: C:\Programmi\File comuni\Services\nEKCn.exe Removing protected file: C:\Programmi\File comuni\Services\nGbLhd.exe Removing protected file: C:\Programmi\File comuni\Services\ngHiD.exe Removing protected file: C:\Programmi\File comuni\Services\ngs.exe Removing protected file: C:\Programmi\File comuni\Services\NGtmF.exe Removing protected file: C:\Programmi\File comuni\Services\nhOD.exe Removing protected file: C:\Programmi\File comuni\Services\NHQ.exe Removing protected file: C:\Programmi\File comuni\Services\NNGmoh.exe Removing protected file: C:\Programmi\File comuni\Services\NQc.exe Removing protected file: C:\Programmi\File comuni\Services\NVk.exe Removing protected file: C:\Programmi\File comuni\Services\NwB.exe Removing protected file: C:\Programmi\File comuni\Services\nYe.exe Removing protected file: C:\Programmi\File comuni\Services\OeH.exe Removing protected file: C:\Programmi\File comuni\Services\oes.exe Removing protected file: C:\Programmi\File comuni\Services\oIL.exe Removing protected file: C:\Programmi\File comuni\Services\OitnV.exe Removing protected file: C:\Programmi\File comuni\Services\ONbLdv.exe Removing protected file: C:\Programmi\File comuni\Services\OpD.exe Removing protected file: C:\Programmi\File comuni\Services\Pbdu.exe Removing protected file: C:\Programmi\File comuni\Services\pdf.exe Removing protected file: C:\Programmi\File comuni\Services\pgF.exe Removing protected file: C:\Programmi\File comuni\Services\pRH.exe Removing protected file: C:\Programmi\File comuni\Services\pwfE.exe Removing protected file: C:\Programmi\File comuni\Services\PzV.exe Removing protected file: C:\Programmi\File comuni\Services\pzWRg.exe Removing protected file: C:\Programmi\File comuni\Services\QDGx.exe Removing protected file: C:\Programmi\File comuni\Services\qFvGV.exe Removing protected file: C:\Programmi\File comuni\Services\qHC.exe Removing protected file: C:\Programmi\File comuni\Services\QMu.exe Removing protected file: C:\Programmi\File comuni\Services\qPy.exe Removing protected file: C:\Programmi\File comuni\Services\QQrj.exe Removing protected file: C:\Programmi\File comuni\Services\QZqjvc.exe Removing protected file: C:\Programmi\File comuni\Services\RBN.exe Removing protected file: C:\Programmi\File comuni\Services\reAHD.exe Removing protected file: C:\Programmi\File comuni\Services\Rfu.exe Removing protected file: C:\Programmi\File comuni\Services\RFXT.exe Removing protected file: C:\Programmi\File comuni\Services\RgO.exe Removing protected file: C:\Programmi\File comuni\Services\rir.exe Removing protected file: C:\Programmi\File comuni\Services\RkDtH.exe Removing protected file: C:\Programmi\File comuni\Services\rMM.exe Removing protected file: C:\Programmi\File comuni\Services\RpR.exe Removing protected file: C:\Programmi\File comuni\Services\rwjpu.exe Removing protected file: C:\Programmi\File comuni\Services\RYYg.exe Removing protected file: C:\Programmi\File comuni\Services\RZO.exe Removing protected file: C:\Programmi\File comuni\Services\sDi.exe Removing protected file: C:\Programmi\File comuni\Services\sgrs.exe Removing protected file: C:\Programmi\File comuni\Services\SJP.exe Removing protected file: C:\Programmi\File comuni\Services\sLE.exe Removing protected file: C:\Programmi\File comuni\Services\SLK.exe Removing protected file: C:\Programmi\File comuni\Services\sNG.exe Removing protected file: C:\Programmi\File comuni\Services\SPo.exe Removing protected file: C:\Programmi\File comuni\Services\Spr.exe Removing protected file: C:\Programmi\File comuni\Services\SQhLr.exe Removing protected file: C:\Programmi\File comuni\Services\Sxw.exe Removing protected file: C:\Programmi\File comuni\Services\TcUJuW.exe Removing protected file: C:\Programmi\File comuni\Services\tDa.exe Removing protected file: C:\Programmi\File comuni\Services\TIk.exe Removing protected file: C:\Programmi\File comuni\Services\tLi.exe Removing protected file: C:\Programmi\File comuni\Services\tOj.exe Removing protected file: C:\Programmi\File comuni\Services\TPM.exe Removing protected file: C:\Programmi\File comuni\Services\tRj.exe Removing protected file: C:\Programmi\File comuni\Services\tsO.exe Removing protected file: C:\Programmi\File comuni\Services\TuA.exe Removing protected file: C:\Programmi\File comuni\Services\TwqxMH.exe Removing protected file: C:\Programmi\File comuni\Services\TZamG.exe Removing protected file: C:\Programmi\File comuni\Services\TzygNk.exe Removing protected file: C:\Programmi\File comuni\Services\UBQ.exe Removing protected file: C:\Programmi\File comuni\Services\ulWC.exe Removing protected file: C:\Programmi\File comuni\Services\uMS.exe Removing protected file: C:\Programmi\File comuni\Services\urj.exe Removing protected file: C:\Programmi\File comuni\Services\Urnc.exe Removing protected file: C:\Programmi\File comuni\Services\uSlkLV.exe Removing protected file: C:\Programmi\File comuni\Services\VQh.exe Removing protected file: C:\Programmi\File comuni\Services\VsXXYr.exe Removing protected file: C:\Programmi\File comuni\Services\VUA.exe Removing protected file: C:\Programmi\File comuni\Services\Wfo.exe Removing protected file: C:\Programmi\File comuni\Services\wmq.exe Removing protected file: C:\Programmi\File comuni\Services\wpmX.exe Removing protected file: C:\Programmi\File comuni\Services\wqQ.exe Removing protected file: C:\Programmi\File comuni\Services\WTn.exe Removing protected file: C:\Programmi\File comuni\Services\wtwti.exe Removing protected file: C:\Programmi\File comuni\Services\wVP.exe Removing protected file: C:\Programmi\File comuni\Services\WWx.exe Removing protected file: C:\Programmi\File comuni\Services\XDRWy.exe Removing protected file: C:\Programmi\File comuni\Services\XfR.exe Removing protected file: C:\Programmi\File comuni\Services\XoS.exe Removing protected file: C:\Programmi\File comuni\Services\XRC.exe Removing protected file: C:\Programmi\File comuni\Services\xUS.exe Removing protected file: C:\Programmi\File comuni\Services\Xysx.exe Removing protected file: C:\Programmi\File comuni\Services\YcO.exe Removing protected file: C:\Programmi\File comuni\Services\ypjjQ.exe Removing protected file: C:\Programmi\File comuni\Services\YTC.exe Removing protected file: C:\Programmi\File comuni\Services\ytq.exe Removing protected file: C:\Programmi\File comuni\Services\YYEY.exe Removing protected file: C:\Programmi\File comuni\Services\YYv.exe Removing protected file: C:\Programmi\File comuni\Services\ZAo.exe Removing protected file: C:\Programmi\File comuni\Services\zHHUEl.exe Removing protected file: C:\Programmi\File comuni\Services\zOV.exe Trojan.Gromozon Removed! VIRIT VirIT eXplorer Lite Log [sCANSIONE DELLA MEMORIA] OK -------------------------------------------------------- 15/03/2007 - 19:58:02 [sCANSIONE DEL REGISTRO] OK [A:] BOOT SECTOR: OK [C:] MASTER BOOT RECORD: OK BOOT SECTOR: OK [D:] [E:] Chiavi Registro infette: 0. Files Infetti: 0. Files Sospetti: 0. Files Analizzati: 49467. Files Totali: 49467. Chiavi Registro rimosse: 0. Virus Rimossi: 0. Gli altri li ho postati sopra!! kasp.html

Facendo la scansione cn AVG Anti-Rootkit ha individuato due file che sono: C:\WINDOWS\system32:lzx32.sys C:\WINDOWS\system32\com2 Che devo fare? Li devo eliminare?

Facendo una scansione con AVG Antispyware ha rilevato 10 Tracking cookie che ho eliminato, un adware che ho ignorato e due file che ho messo in quarantena che sono: Trojan.Obfuscated.dr e Hijacker.Small.kj. Procedo con le altre operazioni!!!

Il mio antivirus è AVG Free. Ecco il log di Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 15.08.24, on 15/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\vsnpstd.exe C:\WINDOWS\bak\vsnpstd.exe C:\WINDOWS\system32\dllhost.exe C:\Programmi\MSN Messenger\usnsvc.exe c:\programmi\internet explorer\iexplore.exe C:\HIJ\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ninaxx89.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135146805026 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...anner371110.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B1FF5ADE-AF58-45DF-9865-15B770595273}: NameServer = 85.37.17.39 85.38.28.71 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe