BHO.Agent.BM

[saciccio]

Ciao a tutti, sono un nuovo arrivato. Da qualche mese ho a che fare con qualche problema nel mio pc dopo averlo prestato a mio fratello (non ho idea che siti ha visitato...), vi chiederei gentilmente di aiutarmi.
Ho effettuato una scansione con VirIT eXplorer Lite questo è il file log, purtroppo avendo già usato il programma in passato anche se reinstallato riconosce che il periodo di prova e trascorso e non consente di eliminare i file infetti:
06/11/2006 - 19:44:55

[SCANSIONE DEL REGISTRO]
{f250d521-225d-4d6b-8829-e064f944e180} Infetto da BHO.Agent.BM

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\WINDOWS\SYSTEM\msorcljv.cnt Infetto da Trojan.Win32.RootKit.N
C:\WINDOWS\SYSTEM\studg.ini Infetto da Trojan.Win32.RootKit.N
C:\WINDOWS\SYSTEM\ypaa.dll Infetto da BHO.Agent.BM
C:\WINDOWS\SYSTEM\sqlsrdui.txt Infetto da Trojan.Win32.RootKit.N
C:\WINDOWS\SYSTEM\cp_125z.nls Infetto da Trojan.Win32.RootKit.N
C:\WINDOWS\SYSTEM\msorclgv.cnt Infetto da Trojan.Win32.RootKit.N
C:\WINDOWS\SYSTEM\vgafuls.3gr Infetto da Trojan.Win32.RootKit.N
C:\WINDOWS\SYSTEM\tbm53df.tmp Infetto da Trojan.Win32.RootKit.P
C:\WINDOWS\SYSTEM\licensk.txt Infetto da Trojan.Win32.RootKit.P
C:\WINDOWS\SYSTEM\stdole3l.tlb Infetto da Trojan.Win32.RootKit.P
C:\WINDOWS\SYSTEM\stdole3u.tlb Infetto da Trojan.Win32.RootKit.P
C:\WINDOWS\Desktop\backups\backup-20061102-183734-787-oomtdpy.exe Infetto da Trojan.Win32.Small.NP
C:\WINDOWS\Desktop\backups\backup-20061102-183756-956-oomtdpy.exe Infetto da Trojan.Win32.Small.NP
C:\WINDOWS\384217362.exe Infetto da Trojan.Win32.Small.NE
C:\WINDOWS\46241234110.exe Infetto da Trojan.Win32.Small.NE
C:\WINDOWS\1799736160.exe Infetto da Trojan.Win32.Small.NE
C:\WINDOWS\5241.TMP Infetto da BHO.Agent.BM
C:\WINDOWS\hostb.sam Infetto da Trojan.Win32.RootKit.P
C:\WINDOWS\163126122171.exe Infetto da Trojan.Win32.Small.NE
C:\WINDOWS\820175.exe Infetto da Trojan.Win32.Small.NE
C:\Programmi\File comuni\SERVICES\wdshFQm.exe Infetto da Trojan.Win32.Agent.AHW
C:\Uninstall.exe Infetto da Trojan.Win32.Small.NE

Chiavi Registro infette: 1.
Files Infetti: 22.
Files Sospetti: 0.
Files Analizzati: 36806.
Files Totali: 36806.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.





ho fatto una scansione HijackThis e vi invio il logfile:

Logfile of HijackThis v1.99.1
Scan saved at 16.08.27, on 07/11/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRAMMI\FILE COMUNI\{37E21228-0000-1040--0027}\888BAR.DLL
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRAMMI\FILE COMUNI\{37E21228-0000-1040--0027}\888BAR.DLL
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE" /background
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... n_ansi.cab

Inoltre ho effettuato una scansione online con Kaspersky,ecco il risultato:

martedì 7 novembre 2006 15.43.28
Operating System: Microsoft Windows 98 SE
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/11/2006
Kaspersky Anti-Virus database records: 238846


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\WINDOWS\

Scan Statistics
Total number of scanned objects 40122
Number of viruses found 10
Number of infected objects 74 / 0
Number of suspicious objects 0
Duration of the scan process 01:47:11

Infected Object Name Virus Name Last Action
C:\WINDOWS\SYSTEM\msorcljv.cnt Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\studg.ini Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\ypaa.dll Infected: Trojan-Clicker.Win32.Small.mf skipped

C:\WINDOWS\SYSTEM\sqlsrdui.txt Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\cp_125z.nls Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\msorclgv.cnt Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\vgafuls.3gr Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\A242.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\C075.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\4125.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\E295.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\40F1.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\4112.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\A082.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\WIN386.SWP Object is locked skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/Counter.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/Worker.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/Xeyond.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/web.exe Infected: Trojan.Win32.Dialer.qn skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip ZIP: infected - 5 skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/Counter.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/Worker.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/Xeyond.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/web.exe Infected: Trojan.Win32.Agent.rx skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip ZIP: infected - 5 skipped

C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\Cookies\index.dat Object is locked skipped

C:\WINDOWS\Cronologia\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\Cronologia\History.IE5\MSHist012006110720061108\index.dat Object is locked skipped

C:\WINDOWS\Impostazioni locali\Dati applicazioni\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

C:\WINDOWS\40E6.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\IH51E0.TMP Infected: Trojan.Win32.Diamin.cr skipped

C:\WINDOWS\384217362.exe Infected: Packed.Win32.PolyCrypt.a skipped

C:\WINDOWS\46241234110.exe Infected: Trojan-Clicker.Win32.Small.kj skipped

C:\WINDOWS\1799736160.exe Infected: Packed.Win32.PolyCrypt.a skipped

C:\WINDOWS\5241.TMP Infected: Trojan-Clicker.Win32.Small.mf skipped

C:\WINDOWS\E274.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped

C:\WINDOWS\cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

C:\WINDOWS\~setuptmp0\upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped

C:\WINDOWS\~setuptmp0\cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

C:\WINDOWS\SYSTEM\msorcljv.cnt Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\studg.ini Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\ypaa.dll Infected: Trojan-Clicker.Win32.Small.mf skipped

C:\WINDOWS\SYSTEM\sqlsrdui.txt Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\cp_125z.nls Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\msorclgv.cnt Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\vgafuls.3gr Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\A242.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\C075.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\4125.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\E295.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\40F1.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\4112.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\A082.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\WIN386.SWP Object is locked skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/Counter.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/Worker.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/Xeyond.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/web.exe Infected: Trojan.Win32.Dialer.qn skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip ZIP: infected - 5 skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/Counter.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/Worker.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/Xeyond.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/web.exe Infected: Trojan.Win32.Agent.rx skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip ZIP: infected - 5 skipped

C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\Cookies\index.dat Object is locked skipped

C:\WINDOWS\Cronologia\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\Cronologia\History.IE5\MSHist012006110720061108\index.dat Object is locked skipped

C:\WINDOWS\Impostazioni locali\Dati applicazioni\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

C:\WINDOWS\40E6.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\IH51E0.TMP Infected: Trojan.Win32.Diamin.cr skipped

C:\WINDOWS\384217362.exe Infected: Packed.Win32.PolyCrypt.a skipped

C:\WINDOWS\46241234110.exe Infected: Trojan-Clicker.Win32.Small.kj skipped

C:\WINDOWS\1799736160.exe Infected: Packed.Win32.PolyCrypt.a skipped

C:\WINDOWS\5241.TMP Infected: Trojan-Clicker.Win32.Small.mf skipped

C:\WINDOWS\E274.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\~DFBC3A.TMP Object is locked skipped

C:\WINDOWS\~WRD0000.doc Object is locked skipped

C:\WINDOWS\upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped

C:\WINDOWS\cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

C:\WINDOWS\~WRS0002.tmp Object is locked skipped

C:\WINDOWS\~setuptmp0\upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped

C:\WINDOWS\~setuptmp0\cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

Scan process completed.


grazie a tutti e in particolare chi mi vorrà aiutare

[BilloKenobi]

sei infetto da linkoptimizer... prima di operare contro questo eliminiamo la 888bar, veicolo di malware. fixa con hjt queste:

O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRAMMI\FILE COMUNI\{37E21228-0000-1040--0027}\888BAR.DLL
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRAMMI\FILE COMUNI\{37E21228-0000-1040--0027}\888BAR.DLL

e con killbox (che trovi nella mia firma) elimina questo file:

C:\PROGRAMMI\FILE COMUNI\{37E21228-0000-1040--0027}\888BAR.DLL

poi scarica Gmer

GMER --- http://www.gmer.net/files.php

quando lo hai scaricato, estrailo, avvialo, e fai uno scan dalla sezione "Autostart". poi clicchi su copia e incolli nella risposta

[BilloKenobi]

per quanto riguarda la 888bar, ecco un link in merito

http://www.castlecops.com/tk30584-ToolB ... 88Bar.html

a guardare con google, pare un virus diffuso in area asiatica.... oltre metà dei risultati sono in caratteri cinesi/giapponesi/qualcosa

[saciccio]

ti ringrazio per l'aiuto e la disponibilità,ho eliminato la 888bar questo è il Logfile of HijackThis v1.99.1


Scan saved at 19.00.20, on 07/11/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE" /background
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... n_ansi.cab


Ho problemi as estrarre Gmer credo che non giri su 98 SE ....cosa posso fare??
Grazie ancora

[BilloKenobi]

VirIt e Gmer erano validi alleati inoltre il fatto che il tuo pc sia un Win 98 complica non poco le cose

proviamo in altro modo... non ricordo se funziona col 98, ma prova con questo tool:

http://www.mytempdir.com/1012500. se non funziona subito, rinominalo con un nome casuale... tipo tiuccido.exe... se funziona rilascia un log n C:\gromozon_removal.log. postane l'eventuale contenuto

[BilloKenobi]

no, non funziona... segui i consigli di Luke57, ma credo che il tuo caso sia difficile...

[saciccio]

grazie per tutto!!

[saciccio]

Ciao BilloKenobi innanzitutto ti voglio ancora ringraziare per il tuo aiuto e per la tua disponibilità ...credo che il grosso sia risolto infatti,grazie all'aiuto avuto da utenti più esperti in vari forum come da tuo consiglio, ho eliminato un pò di munnizza che avevo dentro al mio pc ed ora sembra che vada bene!!! ...anche se noto ancora qualche anomalia tipo una cartella di nome "Links" che mi si continua a ricreare tra i preferiti anche quando la cancello (...ma potrebbe crearla l'antivirus?? al momento ho installato nod32!!) oppure ogni tanto capita anche che quando spengo il pc senza prima staccare la connessione da internet un msg che mi avverte che 1 o più utenti sono connessi al pc e che spegnendolo questi verranno disconnessi o alcuni programmi tipo XoftSpy che non riesco ad installare perchè mi dice che sono già installati anche se non ci sono!!!

....virit non rileva più nessuna infezione mentre questo è il Logfile of HijackThis v1.99.1
Scan saved at 11.57.20, on 15/11/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMMI\ESET\NOD32KRN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\VEXPLITE\MONLITE.EXE
C:\PROGRAMMI\UNLOCKER\UNLOCKERASSISTANT.EXE
C:\PROGRAMMI\ESET\NOD32KUI.EXE
C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\PROGRAMMI\UNLOCKER\UNLOCKERASSISTANT.EXE"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Programmi\Eset\nod32krn.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE" /background
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...ebscan_ansi.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...free/asinst.cab

Ciao e ancora mille volte grazie!! Ciccio