ntoskrnl.exe change

[Diash]

AVG oltre alla solita shell32.dll mi dice anche che :

ntoskrnl.exe change


Che cos'è..
..poco fa AVG mi ha anche rilevato un virus, ci sono collegamenti ?

Grazie per l'aiuto che so non mancherà!!

[Diash]

Ecco trovato di nuovo il virus che mi rileva..

trojan horse downloader.zlob.xxx (le ultime tre cambiano sempre!)

L'ho preso scaricando un programma molto usato e conosciuto : DivX Player, state attenti !!!!!!

[tognazzi]

molte varianti del Trojan-Downloader.Win32.Zlob sono descritte nella lista di malware della emsisoft.
scarica asquared free
http://www.emsisoft.com/en/software/free/
aggiornalo (update) e scansiona (scan).

un consiglio a tutti: tenete sempre installato asquared.
tra l'altro non ha protezione in tempo reale perciò non assorbe risorse del pc se non quando viene lanciato per la scansione.
da qui
http://www.emsisoft.com/en/support/malware/
si può anche scaricare la lista dei malware come file in formato plain text.
con la funzione "trova" del text editor o aprendo il file di testo con ms word e usando la funzione "trova" è possibile vedere se il trojan che si vuole eliminare è presente nel database di minacce conosciute da asquared prima ancora di cominciare la scansione.

[Diash]

a squared non lo rileva.
AVG lo rileva mi dice che lo rimuove, ma poi mi si ripresenta !!!
Che devo fa ??

[tognazzi]

qui è descritta la procedura di rimozione manuale.
http://www.2-spyware.com/remove-zlob...FQrlQgodjHwRJw

[Diash]

Ho provato tutto quello che mi dici..
..ma sto virus mi torna sempre fuori!!!Ho appena scansionato con ad-aware e mi ha trovato un casino !!
Ora posto il log file di hijackthis sperando che serva e che un volenteroso che sa leggerlo mi dia una mano !!!

[Diash]

Logfile of HijackThis v1.99.1
Scan saved at 6.51.43, on 27/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmi\GizmoPlugin\GizmoPlugin.exe
C:\Programmi\Spyware Doctor\sdhelp.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Trust\CnxDslTb.exe
C:\Programmi\Creative\ShareDLL\CtNotify.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\WinPortrait\wpctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\CASIO\Photo Loader\Plauto.exe
C:\Programmi\Java\jre1.5.0_06\bin\jucheck.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\USER\Desktop\HijackThis.exe

[Diash]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programmi\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.d ll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [trustras] trustras.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\Trust\CnxDslTb.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PivotSoftware] "C:\Programmi\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [MMTray] "C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: pccmsi.lnk = C:\Documents and Settings\USER\Desktop\TIS2007_153_1151\Setup\setup .exe
O4 - Global Startup: Photo Loader residente.lnk = C:\Programmi\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159558016998
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9D97AEA-54A1-46C7-8370-D5413CAF7637}: NameServer = 213.205.36.70 213.205.32.70
O18 - Protocol: bw+0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

[Diash]

O18 - Protocol: bwa0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {48B04228-F9D9-4A63-BF5E-C73AD03569D3} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Programmi\GizmoPlugin\GizmoPlugin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmi\Spyware Doctor\sdhelp.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe



Spero che mi diate come sempre una mano !!
Perchè sto virus mi sta facendo impazzire..

[tognazzi]

molto strano explorer.exe in c: invece che in win
un po' di pazienza ancora il tuo log è lungo

EDIT che imbecille il tuo explorer.exe E' in win ho letto male.
processo in regola

ci sono delle cose che non capisco bene.
occhio però, NON fare il fix checked senza la conferma di altri:

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.d ll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

comunque questi non sono viruz. è una BHO, una barra "di aiuto" in IE può essere che l'hai installata tu stesso e ti serve.
il viruz non lo trovo