HiJackThis - Analisi Log - leggere Regole di Sezione

[shadow88]

Quote:

Originariamente inviato da juninho85

hai provato a cambiare l'homepage da pannello di controllo/opzioni internet?
ma comunque riesce a navigare?

No...non riesce ad accedere ad alcuna pagina..ripeto, il problema si verifica con qualsiasi browser. Se sapete darmi qualche suggerimento mi fate un grosso piacere....grazie

[ania]

*

[juninho85]

Quote:

Originariamente inviato da shadow88

No...non riesce ad accedere ad alcuna pagina..ripeto, il problema si verifica con qualsiasi browser. Se sapete darmi qualche suggerimento mi fate un grosso piacere....grazie

già che ci siamo,posta un log

[juninho85]

Quote:

Originariamente inviato da notebookale

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

elimina queste,ma nulla a che fare con sgrunt

[juninho85]

Quote:

Originariamente inviato da net-gamer

C:\Programmi\inKline Global\Modem Booster\ModemBtr.exe

fai analizzare questo file qui

[juninho85]

Quote:

Originariamente inviato da marco1.46

O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\marco\115185857.dll
O2 - BHO: MS Network support DLL - {2DC9D850-044D-11E1-B3C9-00805E499D93} - C:\WINDOWS\System32\msnetwrk.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

dovrebbe essere un bel rootkit

[net-gamer]

intanto grazie per le risposte.

Si, è download accelerator plus, e l'ho tolto prima ^^.
Hmm ModemBooster è un programmino tranquillo, niente mi ha detto che è dannoso.


Tu dici sia un rootkit?
Cosa potrei fare?

[ania]

*

[net-gamer]

Grazie ancora per i consigli
ma questi anti rootkit non hanno trovato niente.
Qualcosa c'è ancora e fa danni

[juninho85]

Quote:

Originariamente inviato da net-gamer

Tu dici sia un rootkit?
Cosa potrei fare?

non mi riferivo al tuo log,non ho trovato nulla di sospetto se non quella voce

[alessandroemme]

Cosa devo togliere???Grazie
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Programmi\AntiVir PersonalEdition Classic\sched.exe
H:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
H:\Programmi\Analog Devices\SoundMAX\Smax4.exe
H:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\WINDOWS\system32\rundll32.exe
H:\Programmi\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe
H:\Programmi\HbTools\Bin\4.8.4.0\HbtOEAddOn.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Programmi\Hbtools\HBTV\HBTV.exe
H:\Programmi\PeerGuardian2\pg2.exe
H:\Programmi\Messenger\msmsgs.exe
H:\Programmi\Skype\Phone\Skype.exe
H:\programmi\freecall.com\freecall\freecall.exe
H:\Programmi\SRS Labs\Audio Sandbox\SRSSSC.exe
H:\DOCUME~1\franco\IMPOST~1\Temp\SRS Labs Clean Up.0001
H:\Programmi\Bluetooth Software\BTTray.exe
H:\Programmi\File comuni\SRS Labs Shared\Service\srslabslicenseservice.exe
H:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE
H:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
H:\Programmi\HbTools\Bin\4.8.4.0\HbtSrv.exe
H:\Programmi\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
H:\Programmi\eMule\emule.exe
H:\Documents and Settings\franco\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers...meLeftPane.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E2DE765F79452D38CF - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - h:\programmi\hbtools\hbtv\hbtvhelper.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - H:\Programmi\HbTools\Bin\4.8.4.0\HbtHostIE.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - H:\Programmi\HbTools\Bin\4.8.4.0\HbtHostIE.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "H:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] H:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] H:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "H:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WeatherOnTray] H:\Programmi\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [HbTools] H:\Programmi\HbTools\Bin\4.8.4.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [jedqtodf] H:\WINDOWS\system32\afhvyxfg.exe
O4 - HKCU\..\Run: [PeerGuardian] H:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "H:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FreeCall] "H:\programmi\freecall.com\freecall\freecall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SRS Audio Sandbox] "H:\Programmi\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = H:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - H:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - H:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{83E1A629-1879-438B-82A7-AE90806743C5}: NameServer = 192.168.22.1
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - H:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - H:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SRS Labs License Service - SRS Labs - H:\Programmi\File comuni\SRS Labs Shared\Service\srslabslicenseservice.exe

[FOXYLADY]

Ciao,

apri hijackthis e vai in Open the misc tool section>open process manager, seleziona se presenti queste voci
H:\Programmi\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe
H:\Programmi\HbTools\Bin\4.8.4.0\HbtOEAddOn.exe
H:\Programmi\Hbtools\HBTV\HBTV.exe
H:\Programmi\HbTools\Bin\4.8.4.0\HbtSrv.exe
e premi il pulsante kill process

poi premi back e successivamente scan, a questo punto fixa queste voci
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E2DE765F79452D38CF - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - h:\programmi\hbtools\hbtv\hbtvhelper.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - H:\Programmi\HbTools\Bin\4.8.4.0\HbtHostIE.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - H:\Programmi\HbTools\Bin\4.8.4.0\HbtHostIE.dll
O4 - HKLM\..\Run: [WeatherOnTray] H:\Programmi\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [HbTools] H:\Programmi\HbTools\Bin\4.8.4.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [jedqtodf] H:\WINDOWS\system32\afhvyxfg.exe

vai in pannello di controllo>installazione applicazioni e verifica se è presente il programma Hbtools, nel caso disinstallalo (è uno spyware).
Elimina poi manualmente tutta la cartella Hbtools.

Fai un paio di scansioni con questi
http://www.superantispyware.com/
http://www.ewido.net/en/

[net-gamer]

Hmmmm ecco trovati:

Dialer.Agent.z
Dialer.IDialer.m

Ho cercato su google varie informazioni. Non sono stato molto chiari al riguardo. Dicono di fare cose che gia ho fatto.

[notebookale]

Quote:

Originariamente inviato da juninho85

elimina queste,ma nulla a che fare con sgrunt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

non ne trovo neache uno!

[notebookale]

ma mi avete consigliato di togliere winpcap..sicuri?
ho visto che è tipo una libreria o una cosa del genere.
aiutoo

[marco1.46]

Quote:

Originariamente inviato da juninho85

dovrebbe essere un bel rootkit

Grazie infinite!!!! Tutto risolto (almeno così sembra..per adesso...)

[juninho85]

Quote:

Originariamente inviato da marco1.46

Grazie infinite!!!! Tutto risolto (almeno così sembra..per adesso...)

...come?

[marco1.46]

Boh sinceramente ho smanettato un pò qua e là... però non ho la certezza che sia scomparso del tutto...ancora ho qualche problemino, anche se non paragonabile con i problemi che avevo precedentemente..

[Mav73]

Saluti a tutti...vorrei un parere su questo log nn molto pulito...
in particolare la voce
O2 - BHO: (no name) - {5D01E522-F60D-4732-BD3F-852D28B4DCEF} - D:\WINNT\system32\CTDEVCPN.DLL
non riesco a trovare riferimenti in merito
da dire ke da ieri dopo una ricerca su google di qualsiasi tipo, clikkando sul link del sito trovato mi collega spesso (nn sempre) ad un sito tedesco (.de)...
cmq ho notato ke è tornato il trojan da me già eliminato da poco (Trojan-Clicker.Win32.Small.kj), trovando in temp il file it_0220.exe....ufffaaaa...
vi posto il log fatto ora :

Logfile of HijackThis v1.99.1
Scan saved at 10:28:56, on 18.01.2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
D:\WINNT\system32\DRIVERS\CDANTSRV.EXE
D:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
D:\PROGRA~1\NETSUP~1\client32.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\gearsec.exe
d:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
D:\Programmi\Norton Personal Firewall\NISUM.EXE
D:\Programmi\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
D:\WINNT\system32\nvsvc32.exe
D:\Programmi\NetSupport Manager\Gateway32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
D:\WINNT\system32\stisvc.exe
D:\Programmi\Norton Personal Firewall\SymProxySvc.exe
D:\Programmi\Commander Pro\UPServ.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\Programmi\Norton Personal Firewall\NISSERV.EXE
D:\WINNT\Explorer.EXE
D:\Programmi\File comuni\Symantec Shared\SymTray.exe
D:\Programmi\Commander Pro\UPS.EXE
D:\Programmi\Messenger Plus! 3\MsgPlus.exe
D:\Programmi\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe
D:\Programmi\Norton Personal Firewall\IAMAPP.EXE
D:\Programmi\File comuni\Symantec Shared\ccApp.exe
D:\Programmi\MSN Messenger\msnmsgr.exe
D:\Programmi\Ectaco\Language Teacher 2000\EI\ei.exe
D:\Programmi\Norton AntiVirus\navapsvc.exe
D:\Programmi\eMule\emule.exe
D:\Programmi\Windows Media Player\wmplayer.exe
D:\Programmi\Internet Explorer\iexplore.exe
D:\Programmi\Hbtools\HBTV\HBTV.exe
D:\Programmi\HbTools\Bin\4.8.2.0\HbtSrv.exe
D:\WINNT\system32\notepad.exe
D:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\PROGRA~1\WINZIP\winzip32.exe
D:\Documents and Settings\Administrator\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://digiland.libero.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da PC Professionale
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B9499803B2A2303766A - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - d:\programmi\hbtools\hbtv\hbtvhelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5D01E522-F60D-4732-BD3F-852D28B4DCEF} - D:\WINNT\system32\CTDEVCPN.DLL
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - D:\Programmi\HbTools\Bin\4.8.2.0\HbtHostIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\programmi\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - D:\Programmi\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programmi\google\googletoolbar2.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - D:\Programmi\HbTools\Bin\4.8.2.0\HbtHostIE.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - D:\Programmi\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] D:\Programmi\File comuni\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LWBMOUSE] D:\Programmi\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe
O4 - HKLM\..\Run: [iamapp] D:\Programmi\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [ccRegVfy] "D:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] D:\WINNT\msconfig.exe /auto
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] D:\Programmi\File comuni\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [asustweakenable] D:\Programmi\ASUS\Tweaking Utilities\atweak.exe /start
O4 - Global Startup: Language Teacher 2000 Eng-Ita.lnk = D:\Programmi\Ectaco\Language Teacher 2000\EI\ei.exe
O8 - Extra context menu item: &Google Search - res://d:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Link to &MidpX - D:\Programmi\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Search Using Copernic - D:\Programmi\Copernic 2001 Pro\Search Extension.htm
O8 - Extra context menu item: Similar Pages - res://d:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - D:\Programmi\Copernic 2001 Pro\Copernic.exe
O9 - Extra 'Tools' menuitem: Launch Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - D:\Programmi\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - D:\Programmi\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: Translate - {99EFB53C-C965-43CF-9F45-52242D134187} - file://D:\Programmi\Copernic 2001 Pro\Translate.htm
O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://D:\Programmi\Copernic 2001 Pro\Translate.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
O12 - Plugin for .pdf: D:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20DA0F4B-C2C7-42C9-9162-70A89F55154F}: NameServer = 85.37.17.16 85.38.28.68
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - D:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Client32 - NetSupport Ltd - D:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Provvedere al Servizio Sicurezza (GEARSecurity) - GEAR Software - D:\WINNT\system32\gearsec.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - D:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - d:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - D:\Programmi\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - D:\Programmi\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Programmi\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: Gateway32 (PCIGateway) - NetSupport Ltd - D:\Programmi\NetSupport Manager\Gateway32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - D:\Programmi\Norton Personal Firewall\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: UPSmart - Unknown owner - D:\Programmi\Commander Pro\UPServ.exe

aspetto un vostro parere grazie...

[Mav73]

http://www.genealogie.de/?w=16
questo è il sito a cui mi riporta il link trovato da google dopo una ricerca...