www.MegaLab.it

[e.villan]

Qualcuno di Voi potrebbe analizzarmi il log della scansione che ho effettuato dopo aver fatto girare ANTIVIR appena installato ???
Mi ha trovato 3 virus che gli hanno negato l'accesso e che non è riuscito a spostare in quarantena.
Uno di questi è sicuramente monrdfxa.exe perché già con AVAST l'avevo beccato ma non sono mai riuscito ad eliminarlo nemmeno con DELETE DOCTOR o UNLOKER (più o meno si scrive così).
Se qualcuno di Voi mi saprebbe indicare una nuova strada per eliminarli definitivamente senza formattare gliene sarei grato.
AntiVir PersonalEdition Classic
Report file date: martedì 30 ottobre 2007 21:00

Scanning for 910788 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: SYSTEM
Computer name: ROBERTA280864

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/07 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 30/10/07 19:51:34
AVSCAN.DLL : 7.0.6.0 49192 Bytes 30/10/07 19:51:34
LUKE.DLL : 7.0.5.3 147496 Bytes 30/10/07 19:51:34
LUKERES.DLL : 7.0.6.1 10280 Bytes 30/10/07 19:51:35
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/07 19:51:40
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/07 19:51:40
ANTIVIR2.VDF : 7.0.0.140 940544 Bytes 26/10/07 19:51:40
ANTIVIR3.VDF : 7.0.0.155 93696 Bytes 30/10/07 19:51:40
AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 30/10/07 19:51:42
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/07 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 30/10/07 19:51:34
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/07 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 30/10/07 19:51:42
AVREG.DLL : 7.0.1.6 30760 Bytes 30/10/07 19:51:34
AVARKT.DLL : 1.0.0.20 278568 Bytes 30/10/07 19:51:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 30/10/07 19:51:34
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/07 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 30/10/07 19:51:21
RCTEXT.DLL : 7.0.62.0 86056 Bytes 30/10/07 19:51:21
SQLITE3.DLL : 3.3.17.1 339968 Bytes 30/10/07 19:51:35

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programmi\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: martedì 30 ottobre 2007 21:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'mioSync.exe' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'SAgent2.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'EPSON CardMonitor1.0.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '44' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\msipsr.exe
[DETECTION] Is the Trojan horse TR/Dldr.WinAD.D
[INFO] The file was moved to '47908dd3.qua'!
C:\msupdate.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.159554
[INFO] The file was moved to '479c8dd5.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Roberta Mavero\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-4d53972-2891fa66.zip
[0] Archive type: ZIP
HiPointInstallShieldRT.class
[DETECTION] Is the Trojan horse TR/Java.Downloader.Gen
[INFO] The file was moved to '477b9226.qua'!
C:\Documents and Settings\Roberta Mavero\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\itrRT.jar-567de1b6-1e3da05a.zip
[0] Archive type: ZIP
HiPointInstallShieldRT.class
[DETECTION] Is the Trojan horse TR/Java.Downloader.Gen
[INFO] The file was moved to '4799924e.qua'!
C:\Documents and Settings\Roberta Mavero\Desktop\[PC GAME NO CD]FIFA 2008 crack.zip
[0] Archive type: ZIP
install.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[1] Archive type: ZIP SFX (self extracting)
[INFO] The file was moved to '476a92af.qua'!
C:\Documents and Settings\Roberta Mavero\Desktop\ANDRE\altro\install.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '479a932a.qua'!
C:\Documents and Settings\Roberta Mavero\Desktop\GIOCHI\FIFA06\FIFA06-NODVD.rar
[0] Archive type: RAR
PatchFX.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.bws.20
[INFO] The file was moved to '476d996c.qua'!
C:\System Volume Information\_restore{60B4AD22-0E09-46BA-82D5-96B0CDC7E57E}\RP1\A0000036.cmd
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/KillAV.BJ Backdoor server programs
[INFO] The file was moved to '4757aa6f.qua'!
C:\System Volume Information\_restore{60B4AD22-0E09-46BA-82D5-96B0CDC7E57E}\RP1\A0000037.exe
[0] Archive type: RAR SFX (self extracting)
avikiller.cmd
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/KillAV.BJ Backdoor server programs
[INFO] The file was moved to '4757aa75.qua'!
C:\System Volume Information\_restore{60B4AD22-0E09-46BA-82D5-96B0CDC7E57E}\RP1\A0000059.exe
[0] Archive type: RAR SFX (self extracting)
avikiller.cmd
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/KillAV.BJ Backdoor server programs
[INFO] The file was moved to '4757aa7b.qua'!
C:\System Volume Information\_restore{60B4AD22-0E09-46BA-82D5-96B0CDC7E57E}\RP1\A0000063.cmd
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/KillAV.BJ Backdoor server programs
[INFO] The file was moved to '4757aa7d.qua'!
C:\System Volume Information\_restore{60B4AD22-0E09-46BA-82D5-96B0CDC7E57E}\RP2\A0002118.exe
[DETECTION] Is the Trojan horse TR/Dldr.WinAD.D
[INFO] The file was moved to '4757aa81.qua'!
C:\System Volume Information\_restore{60B4AD22-0E09-46BA-82D5-96B0CDC7E57E}\RP3\A0002186.exe
[0] Archive type: RAR SFX (self extracting)
avikiller.cmd
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/KillAV.BJ Backdoor server programs
[INFO] The file was moved to '4757aa85.qua'!
C:\System Volume Information\_restore{772D45A0-3BD3-4DBE-AAC3-6A34C5671DE4}\RP12\A0035816.exe
[DETECTION] Is the Trojan horse TR/Agent.afy.7
[INFO] The file was moved to '4757aaa3.qua'!
C:\System Volume Information\_restore{772D45A0-3BD3-4DBE-AAC3-6A34C5671DE4}\RP12\A0036846.exe
[DETECTION] Is the Trojan horse TR/Agent.afy.7
[INFO] The file was moved to '4757aaa9.qua'!
C:\System Volume Information\_restore{772D45A0-3BD3-4DBE-AAC3-6A34C5671DE4}\RP12\A0036888.exe
[DETECTION] Is the Trojan horse TR/Agent.afy.7
[INFO] The file was moved to '4757aaac.qua'!
C:\System Volume Information\_restore{772D45A0-3BD3-4DBE-AAC3-6A34C5671DE4}\RP12\A0036919.exe
[DETECTION] Is the Trojan horse TR/Agent.afy.7
[INFO] The file was moved to '4757aaaf.qua'!
C:\System Volume Information\_restore{772D45A0-3BD3-4DBE-AAC3-6A34C5671DE4}\RP13\A0038026.exe
[DETECTION] Is the Trojan horse TR/LinkOptimiz.10.A
[INFO] The file was moved to '4757aab8.qua'!
C:\System Volume Information\_restore{772D45A0-3BD3-4DBE-AAC3-6A34C5671DE4}\RP13\A0038027.exe
[DETECTION] Is the Trojan horse TR/Dldr.WinAD.D
[INFO] The file was moved to '4757aaba.qua'!
C:\System Volume Information\_restore{772D45A0-3BD3-4DBE-AAC3-6A34C5671DE4}\RP13\A0038028.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.159554
[INFO] The file was moved to '4757aabb.qua'!
C:\System Volume Information\_restore{772D45A0-3BD3-4DBE-AAC3-6A34C5671DE4}\RP13\A0038034.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '4757aabd.qua'!
C:\WINDOWS\system32\monrdfxa.exe
[WARNING] The file could not be opened!


End of the scan: martedì 30 ottobre 2007 23:21
Used time: 2:21:14 min

The scan has been done completely.

5156 Scanning directories
248647 Files were scanned
19 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
21 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
248628 Files not concerned
1426 Archives were scanned
2 Warnings
7 Notes

Grazie per l'aiuto.
Ciao

[antonio]

diciamo che qualche virus era presente!
hai provato dalla mod provvisoria?posta pure il log di hijackthis

[crazy.cat]

Mi sembra sia uno solo il file non spostato in quarantena.

Disattiva il ripristino della configurazione e riavvia subito il pc
http://www.MegaLab.it/2330

Utilizzando the avenger
http://www.MegaLab.it/2656

Gli dai in pasto questo script

Files to delete:
C:\msipsr.exe
C:\msupdate.exe
C:\Documents and Settings\Roberta Mavero\Desktop\[PC GAME NO CD]FIFA 2008 crack.zip
C:\Documents and Settings\Roberta Mavero\Desktop\ANDRE\altro\install.exe
C:\Documents and Settings\Roberta Mavero\Desktop\GIOCHI\FIFA06\FIFA06-NODVD.rar
C:\WINDOWS\system32\monrdfxa.exe

Dopo il riavvio del pc ti esce un file txt, postalo qui.

Ma ti sei affezionato a questo virus C:\WINDOWS\system32\monrdfxa.exe, oppure non eri mai riuscito a toglierlo?
http://www.MegaLab.it/forum/viewtopic.p ... highlight=
http://www.MegaLab.it/forum/viewtopic.p ... highlight=

[e.villan]

il problema è che non riesco proprio ad eliminarlo.
Non essendo una cima col computer e non conoscendo l'inglese, quando uso programmi in inglese mi perdo e magai non gli faccio fare i passaggi che dovrebbe fare.
Comunque ora proverò ancora con le tue ultime indicazione e ti farò sapere.
Sempre che mio figlio mi lasci del tempo tra una chat e un altra com msn.
Grazie di tutto

[e.villan]

Una domanda Crazy.cat, ho scaricato Avenger e quando lo apro mi si apre la grafica come da istruzioni che mi avevi allegato.
C'è però un problema, quando inserisco lo script che mi hai segnalato (es.c:\windows\system32\monrdfxa.exe) e seleziono il pulsante con il semaforo mi esce questo messaggio:
---------------------------
Error
---------------------------
Error: could not open script file. Please verify that path name is valid and file exists.
---------------------------
OK
---------------------------
questo messaggio con la prima esecuzione (load script from file)

se invece utilizzo l'ultima (input scipt manually)
---------------------------
Error
---------------------------
Error: selected file does not appear to be a valid script.
---------------------------
OK
---------------------------
---------------------------
Error
---------------------------
Press OK to log error and continue or Cancel to abort.
---------------------------
OK Annulla
---------------------------
---------------------------
Error
---------------------------


Error code: 0


---------------------------
OK
---------------------------

Sembrerebbe che non funziona, non riesco a fargli cancellare nessun file.
I primi due file che mi hai segnalato non li trovo neppure nel sistema.

Potresti aiutarmi per favore altrimenti questo benetto virus non lo cancello più.
Grazie, ciao.

[crazy.cat]

Nello script ci deve essere anche la riga Files to delete:

Poi il nome del file da cancellare, quindi

Files to delete:
C:\WINDOWS\system32\monrdfxa.exe

Salvati queste due righe in un file txt e poi usando la prima opzione di avenger gli fai selezionare il txt e poi premi il semaforo.

Prova ad insistere, a volte non lo prende subito il comando.

[e.villan]

sembrerebbe sparito
Ti allego il log di hijackthis da analizzare
Logfile of HijackThis v1.99.1
Scan saved at 14.08.25, on 01/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Mio Technology\MioSync\mioSync.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Roberta Mavero\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/results.aspx?mkt=it-it&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http//:192.168.1.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Programmi\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RealTray] C:\Programmi\K-Lite Codec Pack\Real\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON CardMonitor.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MioSync.lnk = C:\Programmi\Mio Technology\MioSync\mioSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-7be7a2179c355028.spaces.live ... nPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2C75D0-D6C1-4B0D-A49C-3549F31D8CAB}: NameServer = 85.37.17.4 85.38.28.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\FILECO~1\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FILECO~1\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Grazie ancora
Ciao, Enzo

[crazy.cat]

Il log è a posto, speriamo si stata la volta buona.