Internet Explorer non si avvia

[martel]

Riavvia il pc, collegati e posta questi 2 logs (copiandoli e incollandoli in un post)
C:\vundofix.txt
C:\combofix.txt

ecco i log:
Vundo:

VundoFix V7.0.3

Scan started at 10.24.04 06/05/2008

Listing files found while scanning....

No infected files were found.



Combo:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Eddy\Dati applicazioni\inst.exe
C:\WINNT\system32\config\SAM.SAV
C:\WINNT\system32\kbdit142n.dll
C:\WINNT\Web\default.htt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_fuhyvngm
-------\Service_fuhyvngm


((((((((((((((((((((((((( Files Creati Da 2008-04-06 al 2008-05-06 )))))))))))))))))))))))))))))))))))
.

2008-05-06 10:37 . 08-05-06 10:37 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_20c.dat
2008-05-03 18:24 . 08-05-03 18:24 <DIR> d---s---- C:\Documents and Settings\Eddy\UserData
2008-05-03 18:11 . 08-05-03 18:11 <DIR> d-------- C:\Programmi\Dnote Software
2008-05-02 19:27 . 08-05-02 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-05-02 19:26 . 08-05-02 19:26 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-05-02 19:26 . 08-05-02 19:26 <DIR> d-------- C:\Documents and Settings\Eddy\Dati applicazioni\SUPERAntiSpyware.com
2008-05-02 18:31 . 08-05-02 18:31 <DIR> d--h----- C:\WINNT\msdownld.tmp
2008-05-02 18:01 . 08-05-02 18:01 1,144 --a------ C:\WINNT\mozver.dat
2008-05-02 17:03 . 08-05-02 17:39 1,410 --a------ C:\WINNT\imsins.BAK
2008-05-02 16:49 . 08-05-04 13:06 367,410 ---h----- C:\WINNT\ShellIconCache
2008-05-02 12:19 . 08-05-02 12:19 <DIR> d-------- C:\VundoFix Backups
2008-05-02 12:01 . 02-05-15 15:16 462,848 --a------ C:\WINNT\system32\msaatext.dll
2008-05-02 12:01 . 02-05-15 15:16 360,448 --a------ C:\WINNT\system32\oleacc.dll
2008-05-02 12:01 . 02-05-15 15:16 360,448 --a------ C:\WINNT\system32\dllcache\oleacc.dll
2008-05-02 12:01 . 02-05-15 15:16 356,352 --a------ C:\WINNT\system32\oleaccrc.dll
2008-05-02 12:01 . 02-05-15 15:16 356,352 --a------ C:\WINNT\system32\dllcache\oleaccrc.dll
2008-04-30 19:53 . 08-04-30 19:53 <DIR> d-------- C:\FOUND.000
2008-04-30 19:27 . 08-04-30 19:27 <DIR> d-------- C:\WINNT\IE Uninstall
2008-04-30 19:17 . 08-04-30 19:17 <DIR> d-------- C:\WINNT\Application Data
2008-04-30 18:54 . 03-06-19 12:05 618,889 --a------ C:\WINNT\system32\instcat.sql
2008-04-30 18:54 . 03-06-19 12:05 4,296 --a------ C:\WINNT\system32\odbcconf.rsp
2008-04-30 18:23 . 08-04-30 18:23 <DIR> d-------- C:\Programmi\Free Window Registry Repair
2008-04-30 14:55 . 08-04-30 14:55 <DIR> d-------- C:\Documents and Settings\Eddy\Dati applicazioni\Grisoft
2008-04-30 14:55 . 07-05-30 14:10 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2008-04-30 12:44 . 08-04-30 12:44 <DIR> d-------- C:\Programmi\Opera
2008-04-30 10:53 . 08-04-30 10:53 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-04-30 10:49 . 08-04-30 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-04-30 10:35 . 08-04-30 10:35 <DIR> d-------- C:\Programmi\File comuni\Mozilla Shared
2008-04-30 10:35 . 08-04-30 10:35 196,608 --a------ C:\WINNT\system32\libssl32.dll
2008-04-24 18:25 . 08-04-24 18:25 <DIR> d-------- C:\Programmi\TomTom HOME 2
2008-04-24 18:25 . 08-04-24 18:25 <DIR> d-------- C:\Documents and Settings\Eddy\Dati applicazioni\TomTom
2008-04-24 11:46 . 08-04-24 12:46 128 --a------ C:\WINNT\CTWave32.ini
2008-04-16 11:33 . 08-04-16 11:33 <DIR> d-------- C:\Programmi\Tom-TOOLS 7V.5
2008-04-15 20:14 . 08-04-19 11:59 852 --a------ C:\WINNT\BetPC2007.ini
2008-04-15 19:13 . 08-04-15 19:13 <DIR> d-------- C:\Programmi\HappySoft
2008-04-15 19:13 . 08-04-15 19:13 <DIR> d-------- C:\Programmi\File comuni\HappySoft
2008-04-15 19:13 . 07-12-01 17:30 406,528 --a------ C:\WINNT\system32\betpc_images.dll
2008-04-12 18:51 . 08-04-12 18:51 <DIR> d--h----- C:\LGFolder
2008-04-12 18:50 . 08-04-12 18:50 <DIR> d-------- C:\Documents and Settings\Eddy\Dati applicazioni\LG Electronics
2008-04-12 18:49 . 08-04-12 18:49 <DIR> d-------- C:\Programmi\LG PC Suite
2008-04-12 18:48 . 08-04-12 18:48 <DIR> d-------- C:\Programmi\LG Electronics
2008-04-12 18:48 . 05-06-24 18:36 39,036 --a------ C:\WINNT\system32\drivers\lgusbmodem.sys
2008-04-12 18:48 . 05-05-26 11:01 38,144 --a------ C:\WINNT\system32\drivers\lgusbdiag.sys
2008-04-12 18:48 . 05-05-26 11:01 21,344 --a------ C:\WINNT\system32\drivers\lgusbbus.sys
2008-04-09 13:15 . 08-04-09 13:15 <DIR> d-------- C:\Documents and Settings\Eddy\Dati applicazioni\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 08:35 1,015,808 ----a-w C:\WINNT\system32\libeay32.dll
2008-04-05 17:27 --------- d-----w C:\Programmi\TomTom HOME
2008-04-03 17:11 --------- d-----w C:\Programmi\PokerStars.NET
2008-04-02 17:37 --------- d-----w C:\Programmi\Tom-TOOLS (7V4)
2008-04-01 09:23 --------- d-----w C:\Documents and Settings\Eddy\Dati applicazioni\DisplayTune
2008-04-01 09:22 --------- d-----w C:\Programmi\Portrait Displays
2008-04-01 09:22 --------- d-----w C:\Programmi\File comuni\Portrait Displays
2008-04-01 09:00 --------- d-----w C:\Programmi\PowerStrip
2008-03-29 14:57 74,752 ----a-w C:\WINNT\ST6UNST.EXE
2008-03-29 14:57 122,880 ------w C:\WINNT\Setup2.exe
2008-03-29 14:44 --------- d-----w C:\Programmi\Gazza
2008-03-19 16:52 74,752 ----a-w C:\WINNT\cadkasdeinst01e.exe
2008-03-19 16:52 --------- d-----w C:\Programmi\PDF Editor 2
2008-03-14 15:23 47,360 ----a-w C:\WINNT\system32\drivers\pcouffin.sys
2008-03-14 15:23 47,360 ----a-w C:\Documents and Settings\Eddy\Dati applicazioni\pcouffin.sys
2008-03-13 15:37 --------- d-----w C:\Programmi\WinAVIVideoConverter
2008-03-11 16:18 --------- d-----w C:\Documents and Settings\Eddy\Dati applicazioni\InstallShield
2008-03-07 09:17 --------- d-----w C:\Programmi\directx
2008-01-23 22:54 271 ---h--w C:\Programmi\desktop.ini
2008-01-23 22:54 22,075 ---h--w C:\Programmi\folder.htt
2000-08-10 22:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3674680A-2FFE-406B-95EE-F1D2724F1DC3}]
00-08-11 00:00 82432 --a------ c:\winnt\system32\kbdit142n.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [08-05-02 20:17 1481968]
"Uniblue RegistryBooster 2"="C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [05-11-15 00:51 755472]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 11:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [00-08-11 00:00 20752 C:\WINNT\system32\internat.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 20:05 188176]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [06-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 07-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wqpehtgw]
kbdit142n.dll 00-08-11 00:00 82432 C:\WINNT\system32\kbdit142n.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll

R1 aswSP;avast! Self Protection;C:\WINNT\system32\drivers\aswSP.sys [08-03-29 19:31 ]
R2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys [08-01-17 17:34 ]
R2 PStrip;PSTRIP;C:\WINNT\system32\DRIVERS\PSTRIP.SYS [07-07-15 03:37 ]
R3 S3SAVAGE4;S3SAVAGE4;C:\WINNT\system32\DRIVERS\s3savg4m.sys [00-08-10 14:03 ]
S3 DLKRTL;D-Link DFE-528TX PCI Adapter NT Driver;C:\WINNT\system32\DRIVERS\DLKRTL.SYS [01-10-10 10:37 ]
S3 S3Inc;S3Inc;C:\WINNT\system32\DRIVERS\s3sav4m.sys [99-10-25 23:35 ]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fuhyvngm

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 10:37:55
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\WINNT\TEMP\_avast4_\unp194323454.tmp 327680 bytes

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
Ora fine scansione: 2008-05-06 10:39:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-06 08:39:42

13 Directory 8,032,092,160 byte disponibili
17 Directory 7,978,352,640 byte disponibili

143


Cmnq, anche dopo ste scansione IE non si avvia

[Luke57]

Ciao, copia questo codice:

Codice: Seleziona tutto

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3674680A-2FFE-406B-95EE-F1D2724F1DC3}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wqpehtgw]

apri un file di testo (dal blocco note), incollaci il codice, salva obbligatoriamente
il file con il nome di CFScript.txt, con il puntatore del mouse trascinalo sull'icona di combofix per una nuova scansione.
per il problema di IE, scarica winsockfix da qui:
http://news.swzone.it/link.php?action=d&id=9826
avvialo e premi fix.

[martel]

Ciao, copia questo codice:

Codice: Seleziona tutto

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3674680A-2FFE-406B-95EE-F1D2724F1DC3}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wqpehtgw]

apri un file di testo (dal blocco note), incollaci il codice, salva obbligatoriamente
il file con il nome di CFScript.txt, con il puntatore del mouse trascinalo sull'icona di combofix per una nuova scansione.
per il problema di IE, scarica winsockfix da qui:
http://news.swzone.it/link.php?action=d&id=9826
avvialo e premi fix.

non si è risolto niente

dopo che trascino il file creato su combofix, mi dice :Impossibili importare il file. il file specificato non è un file di regidtro di sistema. è possibile importare solo file del registro di sistema

[martel]

ci sono novità:
subito dopo aver ri-eseguito combofix, appena mi esce il log in formato .txt, dove indica la cancellazione del file kbdit142n.dll , IE si è avviato ma dopo poco non lo ha fatto più infatti il file cancellato c'è nuovamente, mi sono accorto anche che winlogon.exe usa va poca memoria prima che questo succedesse , appena IE non si è avviato più l'uso della memoria è aumentato.

[Luke57]

Ciao, scarica avenger da qui:
http://swandog46.geekstogo.com/avenger.zip
scompattalo e nello spazio bianco sotto "Input script here" copia e incolla questo script :

Files to delete:
C:\WINNT\system32\kbdit142n.dll

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wqpehtgw
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3674680A-2FFE-406B-95EE-F1D2724F1DC3}

Fatto ciò, Clicca sul pulsante Execute


Il pc dovrebbe riavviarsi da solo, se così non fosse riavvialo manualmente.
Allega poi il log generato da avenger, lo trovi in C:\avenger.txt è un file di testo.

[martel]

Ciao, scarica avenger da qui:
http://swandog46.geekstogo.com/avenger.zip
scompattalo e nello spazio bianco sotto "Input script here" copia e incolla questo script :

Files to delete:
C:\WINNT\system32\kbdit142n.dll

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wqpehtgw
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3674680A-2FFE-406B-95EE-F1D2724F1DC3}

Fatto ciò, Clicca sul pulsante Execute


Il pc dovrebbe riavviarsi da solo, se così non fosse riavvialo manualmente.
Allega poi il log generato da avenger, lo trovi in C:\avenger.txt è un file di testo.

fatto , mi da errore
Error: Invalid script. A valid script must begin with a command directive. Aborting execution.

cmnq mi sono accorto che il famo dll in questio non c'è più, infatti IE ha ripreso a funzionare, solo che se ad esempio faccio una ricerca con google, tento di aprire il risultato della ricerca in un'altra pagina, questo non avviene, si apre un'altra oagine di IE ma resta bianca, devo necesariamente aprirlo nella pagine della ricerca. altro problema se apro le cartelle non c'è più il il npome della cartella sulla sinistra e se vado in c:\programmi al posto del nome della directory trovo %THISDRINAME%....
e mo che si fa?

[Luke57]

Ciao, una volta inserito lo script in avenger, cancella e riscrivi da te il primo rigo:

Files to delete:

poi premi Execute.

Posta poi un nuovo log di hijackthis oltre al report di avenger.

[martel]

Ciao, una volta inserito lo script in avenger, cancella e riscrivi da te il primo rigo:

Files to delete:

poi premi Execute.

Posta poi un nuovo log di hijackthis oltre al report di avenger.

mi da sempre lo stesso errore, cmne ecco il log di hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05, on 2008-05-07
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\CTSvcCDA.exe
C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\FireTrust\MailWasher Pro\MailWasher.exe
C:\WINNT\system32\cidaemon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eddy\Documenti\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = 6.0.2800.1106
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = 6.0.2800.1106
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.betpoint.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = viewforum.php?f=7
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programmi\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O15 - Trusted Zone: http://www.betpoint.it
O15 - Trusted Zone: http://gtot.microgame.it
O15 - Trusted Zone: http://online.scommettendo.it
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: wqpehtgw - kbdit142n.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmi\File comuni\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe

--
End of file - 5512 bytes