Olimpo Informatico

[threequid]

salve a tutti!!
scrivo in questo topic per evitare di aprirne un altro...
Credo di essere stato infetto dal virus vundo (o qualcosa di simile).
Mentre navigo con Firefox mi si apre una finestra di Internet Explorer con pubblicità random... ho provato a fare numerosi scan con antivirus e antispyware diversi ma niente.
Non sono molto pratico di hijackthis, ho letto anche questo topic ma non sono riuscito a capire cosa devo fare.
Vi prego di darmi una mano.
Vi posto il log di hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 10.38.09, on 30/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\WiFiConnector\NintendoWFCReg.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\plpsuuja.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\utente\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AAWTray] C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Esegui il programma di registrazione della chiave USB Wi-Fi Nintendo.lnk = C:\Programmi\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Programmi\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\plpsuuja.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


PS: il vundofix della symantec non mi trova nulla... nei giorni scorsi vundofix v6.5.7. mi riconosceva delle dll infette che pensavo di aver fixato correttamente invece a quanto sembra non è stato corretto niente... fra poco vi posto un log di vundofix V6.5.7.

[threequid]

Ecco il log di VundoFix V6.5.7.

C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.bak2
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\ssrqs.dll

E questo è il log di VirtumundoBeGone


[08/30/2007, 11:04:06] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\utente\Desktop\VirtumundoBeGone.exe" )
[08/30/2007, 11:04:13] - Detected System Information:
[08/30/2007, 11:04:13] - Windows Version: 5.1.2600, Service Pack 2
[08/30/2007, 11:04:13] - Current Username: utente (Admin)
[08/30/2007, 11:04:13] - Windows is in NORMAL mode.
[08/30/2007, 11:04:13] - Searching for Browser Helper Objects:
[08/30/2007, 11:04:13] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[08/30/2007, 11:04:13] - BHO 2: {0B87CFCB-1AD6-462E-B8BE-67BF8D49613D} ()
[08/30/2007, 11:04:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:13] - Checking for HKLM\...\Winlogon\Notify\gebya
[08/30/2007, 11:04:13] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
[08/30/2007, 11:04:13] - BHO 3: {1E08FD10-D16D-4C71-B696-115693A13C7A} ()
[08/30/2007, 11:04:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:13] - Checking for HKLM\...\Winlogon\Notify\jkkjj
[08/30/2007, 11:04:13] - Key not found: HKLM\...\Winlogon\Notify\jkkjj, continuing.
[08/30/2007, 11:04:13] - BHO 4: {2004652A-4CCE-4EA5-A49E-FEEBF2A2BA8B} ()
[08/30/2007, 11:04:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:13] - Checking for HKLM\...\Winlogon\Notify\opnlkif
[08/30/2007, 11:04:13] - Found: HKLM\...\Winlogon\Notify\opnlkif - This is probably Virtumundo.
[08/30/2007, 11:04:13] - Assigning {2004652A-4CCE-4EA5-A49E-FEEBF2A2BA8B} MSEvents Object
[08/30/2007, 11:04:13] - BHO list has been changed! Starting over...
[08/30/2007, 11:04:14] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[08/30/2007, 11:04:14] - BHO 2: {0B87CFCB-1AD6-462E-B8BE-67BF8D49613D} ()
[08/30/2007, 11:04:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:14] - Checking for HKLM\...\Winlogon\Notify\gebya
[08/30/2007, 11:04:14] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
[08/30/2007, 11:04:14] - BHO 3: {1E08FD10-D16D-4C71-B696-115693A13C7A} ()
[08/30/2007, 11:04:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:14] - Checking for HKLM\...\Winlogon\Notify\jkkjj
[08/30/2007, 11:04:14] - Key not found: HKLM\...\Winlogon\Notify\jkkjj, continuing.
[08/30/2007, 11:04:14] - BHO 4: {2004652A-4CCE-4EA5-A49E-FEEBF2A2BA8B} (MSEvents Object)
[08/30/2007, 11:04:14] - ALERT: Found MSEvents Object!
[08/30/2007, 11:04:14] - BHO 5: {716665AD-B598-4B54-AE09-35E8B9FEEF7E} ()
[08/30/2007, 11:04:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:14] - Checking for HKLM\...\Winlogon\Notify\gebcb
[08/30/2007, 11:04:14] - Key not found: HKLM\...\Winlogon\Notify\gebcb, continuing.
[08/30/2007, 11:04:14] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/30/2007, 11:04:14] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/30/2007, 11:04:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:15] - No filename found. Continuing.
[08/30/2007, 11:04:15] - BHO 8: {8C69E7CE-105D-4F55-995D-4427BC0A301F} ()
[08/30/2007, 11:04:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:15] - Checking for HKLM\...\Winlogon\Notify\ssqrs
[08/30/2007, 11:04:15] - Found: HKLM\...\Winlogon\Notify\ssqrs - This is probably Virtumundo.
[08/30/2007, 11:04:15] - Assigning {8C69E7CE-105D-4F55-995D-4427BC0A301F} MSEvents Object
[08/30/2007, 11:04:15] - BHO list has been changed! Starting over...
[08/30/2007, 11:04:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[08/30/2007, 11:04:15] - BHO 2: {0B87CFCB-1AD6-462E-B8BE-67BF8D49613D} ()
[08/30/2007, 11:04:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:15] - Checking for HKLM\...\Winlogon\Notify\gebya
[08/30/2007, 11:04:15] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
[08/30/2007, 11:04:15] - BHO 3: {1E08FD10-D16D-4C71-B696-115693A13C7A} ()
[08/30/2007, 11:04:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:15] - Checking for HKLM\...\Winlogon\Notify\jkkjj
[08/30/2007, 11:04:15] - Key not found: HKLM\...\Winlogon\Notify\jkkjj, continuing.
[08/30/2007, 11:04:15] - BHO 4: {2004652A-4CCE-4EA5-A49E-FEEBF2A2BA8B} (MSEvents Object)
[08/30/2007, 11:04:15] - ALERT: Found MSEvents Object!
[08/30/2007, 11:04:15] - BHO 5: {716665AD-B598-4B54-AE09-35E8B9FEEF7E} ()
[08/30/2007, 11:04:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:16] - Checking for HKLM\...\Winlogon\Notify\gebcb
[08/30/2007, 11:04:16] - Key not found: HKLM\...\Winlogon\Notify\gebcb, continuing.
[08/30/2007, 11:04:16] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/30/2007, 11:04:16] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/30/2007, 11:04:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:16] - No filename found. Continuing.
[08/30/2007, 11:04:16] - BHO 8: {8C69E7CE-105D-4F55-995D-4427BC0A301F} (MSEvents Object)
[08/30/2007, 11:04:16] - ALERT: Found MSEvents Object!
[08/30/2007, 11:04:16] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/30/2007, 11:04:16] - BHO 10: {B9AF7177-9492-4CF8-8C45-ED9BDF7FC077} ()
[08/30/2007, 11:04:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:16] - Checking for HKLM\...\Winlogon\Notify\jkkll
[08/30/2007, 11:04:16] - Key not found: HKLM\...\Winlogon\Notify\jkkll, continuing.
[08/30/2007, 11:04:16] - BHO 11: {F37F6C4C-3B17-406C-8ED5-C4D0E3F047EE} ()
[08/30/2007, 11:04:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:16] - Checking for HKLM\...\Winlogon\Notify\ssttt
[08/30/2007, 11:04:16] - Key not found: HKLM\...\Winlogon\Notify\ssttt, continuing.
[08/30/2007, 11:04:16] - Finished Searching Browser Helper Objects
[08/30/2007, 11:04:16] - *** Detected MSEvents Object
[08/30/2007, 11:04:16] - Trying to remove MSEvents Object...
[08/30/2007, 11:04:17] - Terminating Process: IEXPLORE.EXE
[08/30/2007, 11:04:18] - Terminating Process: RUNDLL32.EXE
[08/30/2007, 11:04:18] - Disabling Automatic Shell Restart
[08/30/2007, 11:04:18] - Terminating Process: EXPLORER.EXE
[08/30/2007, 11:04:23] - Suspending the NT Session Manager System Service
[08/30/2007, 11:04:23] - Terminating Windows NT Logon/Logoff Manager
[08/30/2007, 11:04:31] - Re-enabling Automatic Shell Restart
[08/30/2007, 11:04:31] - File to disable: C:\WINDOWS\system32\opnlkif.dll
[08/30/2007, 11:04:31] - Renaming C:\WINDOWS\system32\opnlkif.dll -> C:\WINDOWS\system32\opnlkif.dll.vir
[08/30/2007, 11:04:31] - File successfully renamed!
[08/30/2007, 11:04:31] - Removing HKLM\...\Browser Helper Objects\{2004652A-4CCE-4EA5-A49E-FEEBF2A2BA8B}
[08/30/2007, 11:04:32] - Removing HKCR\CLSID\{2004652A-4CCE-4EA5-A49E-FEEBF2A2BA8B}
[08/30/2007, 11:04:32] - Adding Kill Bit for ActiveX for GUID: {2004652A-4CCE-4EA5-A49E-FEEBF2A2BA8B}
[08/30/2007, 11:04:34] - Deleting ATLEvents/MSEvents Registry entries
[08/30/2007, 11:04:34] - Removing HKLM\...\Winlogon\Notify\opnlkif
[08/30/2007, 11:04:34] - Searching for Browser Helper Objects:
[08/30/2007, 11:04:34] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[08/30/2007, 11:04:34] - BHO 2: {0B87CFCB-1AD6-462E-B8BE-67BF8D49613D} ()
[08/30/2007, 11:04:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:34] - Checking for HKLM\...\Winlogon\Notify\gebya
[08/30/2007, 11:04:34] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
[08/30/2007, 11:04:34] - BHO 3: {1E08FD10-D16D-4C71-B696-115693A13C7A} ()
[08/30/2007, 11:04:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:34] - Checking for HKLM\...\Winlogon\Notify\jkkjj
[08/30/2007, 11:04:34] - Key not found: HKLM\...\Winlogon\Notify\jkkjj, continuing.
[08/30/2007, 11:04:34] - BHO 4: {716665AD-B598-4B54-AE09-35E8B9FEEF7E} ()
[08/30/2007, 11:04:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:34] - Checking for HKLM\...\Winlogon\Notify\gebcb
[08/30/2007, 11:04:34] - Key not found: HKLM\...\Winlogon\Notify\gebcb, continuing.
[08/30/2007, 11:04:34] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/30/2007, 11:04:34] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/30/2007, 11:04:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:34] - No filename found. Continuing.
[08/30/2007, 11:04:34] - BHO 7: {8C69E7CE-105D-4F55-995D-4427BC0A301F} (MSEvents Object)
[08/30/2007, 11:04:34] - ALERT: Found MSEvents Object!
[08/30/2007, 11:04:34] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/30/2007, 11:04:34] - BHO 9: {B9AF7177-9492-4CF8-8C45-ED9BDF7FC077} ()
[08/30/2007, 11:04:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:34] - Checking for HKLM\...\Winlogon\Notify\jkkll
[08/30/2007, 11:04:34] - Key not found: HKLM\...\Winlogon\Notify\jkkll, continuing.
[08/30/2007, 11:04:34] - BHO 10: {F37F6C4C-3B17-406C-8ED5-C4D0E3F047EE} ()
[08/30/2007, 11:04:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:34] - Checking for HKLM\...\Winlogon\Notify\ssttt
[08/30/2007, 11:04:34] - Key not found: HKLM\...\Winlogon\Notify\ssttt, continuing.
[08/30/2007, 11:04:34] - Finished Searching Browser Helper Objects
[08/30/2007, 11:04:34] - *** Detected MSEvents Object
[08/30/2007, 11:04:34] - Trying to remove MSEvents Object...
[08/30/2007, 11:04:35] - Terminating Process: IEXPLORE.EXE
[08/30/2007, 11:04:35] - Terminating Process: RUNDLL32.EXE
[08/30/2007, 11:04:35] - Disabling Automatic Shell Restart
[08/30/2007, 11:04:35] - Terminating Process: EXPLORER.EXE
[08/30/2007, 11:04:36] - Suspending the NT Session Manager System Service
[08/30/2007, 11:04:36] - Terminating Windows NT Logon/Logoff Manager
[08/30/2007, 11:04:36] - Re-enabling Automatic Shell Restart
[08/30/2007, 11:04:36] - File to disable: C:\WINDOWS\system32\ssqrs.dll
[08/30/2007, 11:04:36] - Renaming C:\WINDOWS\system32\ssqrs.dll -> C:\WINDOWS\system32\ssqrs.dll.vir
[08/30/2007, 11:04:36] - File successfully renamed!
[08/30/2007, 11:04:36] - Removing HKLM\...\Browser Helper Objects\{8C69E7CE-105D-4F55-995D-4427BC0A301F}
[08/30/2007, 11:04:36] - Removing HKCR\CLSID\{8C69E7CE-105D-4F55-995D-4427BC0A301F}
[08/30/2007, 11:04:36] - Adding Kill Bit for ActiveX for GUID: {8C69E7CE-105D-4F55-995D-4427BC0A301F}
[08/30/2007, 11:04:36] - Deleting ATLEvents/MSEvents Registry entries
[08/30/2007, 11:04:36] - Removing HKLM\...\Winlogon\Notify\ssqrs
[08/30/2007, 11:04:36] - Searching for Browser Helper Objects:
[08/30/2007, 11:04:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[08/30/2007, 11:04:36] - BHO 2: {0B87CFCB-1AD6-462E-B8BE-67BF8D49613D} ()
[08/30/2007, 11:04:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:36] - Checking for HKLM\...\Winlogon\Notify\gebya
[08/30/2007, 11:04:36] - Key not found: HKLM\...\Winlogon\Notify\gebya, continuing.
[08/30/2007, 11:04:36] - BHO 3: {1E08FD10-D16D-4C71-B696-115693A13C7A} ()
[08/30/2007, 11:04:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:36] - Checking for HKLM\...\Winlogon\Notify\jkkjj
[08/30/2007, 11:04:36] - Key not found: HKLM\...\Winlogon\Notify\jkkjj, continuing.
[08/30/2007, 11:04:36] - BHO 4: {716665AD-B598-4B54-AE09-35E8B9FEEF7E} ()
[08/30/2007, 11:04:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:36] - Checking for HKLM\...\Winlogon\Notify\gebcb
[08/30/2007, 11:04:36] - Key not found: HKLM\...\Winlogon\Notify\gebcb, continuing.
[08/30/2007, 11:04:36] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/30/2007, 11:04:36] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/30/2007, 11:04:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:36] - No filename found. Continuing.
[08/30/2007, 11:04:36] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/30/2007, 11:04:36] - BHO 8: {B9AF7177-9492-4CF8-8C45-ED9BDF7FC077} ()
[08/30/2007, 11:04:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:37] - Checking for HKLM\...\Winlogon\Notify\jkkll
[08/30/2007, 11:04:37] - Key not found: HKLM\...\Winlogon\Notify\jkkll, continuing.
[08/30/2007, 11:04:37] - BHO 9: {F37F6C4C-3B17-406C-8ED5-C4D0E3F047EE} ()
[08/30/2007, 11:04:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/30/2007, 11:04:37] - Checking for HKLM\...\Winlogon\Notify\ssttt
[08/30/2007, 11:04:37] - Key not found: HKLM\...\Winlogon\Notify\ssttt, continuing.
[08/30/2007, 11:04:37] - Finished Searching Browser Helper Objects
[08/30/2007, 11:04:37] - Finishing up...
[08/30/2007, 11:04:37] - A restart is needed.
[08/30/2007, 11:04:49] - Attempting to Restart via STOP error (Blue Screen!)


PS: Dopo aver smanettato con i vari programmi da voi consigliati nei primi post, il trojan sembra essere stato rimosso... il problema è che anche nei giorni scorsi, usando VundoFix sembrava rimosso... poi è ricomparso... speriamo bene.
Cercate di darmi delle dritte.!

Con hijackthis ho fixato questa stringa che mi sembrava molto sospetta O23 - Service: DomainService - - C:\WINDOWS\system32\plpsuuja.exe

[bdoriano]

Ciao threequid,

Wow! un autodidatta! Complimenti!
Direi che i passaggi sono stati tutti corretti.

Per il file sospetto, procedi così:
Scarica questo e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[threequid]

ho eseguito l'azione con avenger ed ecco il nuovo log

Logfile of HijackThis v1.99.1
Scan saved at 14.58.00, on 30/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\WiFiConnector\NintendoWFCReg.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Last.fm\LastFMHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\HP\HP Software Update\HPWUCli.exe
C:\Documents and Settings\utente\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B87CFCB-1AD6-462E-B8BE-67BF8D49613D} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: (no name) - {1E08FD10-D16D-4C71-B696-115693A13C7A} - C:\WINDOWS\system32\jkkjj.dll (file missing)
O2 - BHO: (no name) - {716665AD-B598-4B54-AE09-35E8B9FEEF7E} - C:\WINDOWS\system32\gebcb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B9AF7177-9492-4CF8-8C45-ED9BDF7FC077} - C:\WINDOWS\system32\jkkll.dll (file missing)
O2 - BHO: (no name) - {F37F6C4C-3B17-406C-8ED5-C4D0E3F047EE} - C:\WINDOWS\system32\ssttt.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AAWTray] C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Esegui il programma di registrazione della chiave USB Wi-Fi Nintendo.lnk = C:\Programmi\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Programmi\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: opnnnon - opnnnon.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Ora mi appresto a fare le ulteriori operazioni.

Grazie!!

[threequid]

Ecco i due scan di gmer.

Prima parte http://www.freefilehosting.net/download/MTcxNTE=
Seconda parte http://www.freefilehosting.net/download/MTcxNTQ=

Il log di FindAWF mi è sembrato vuoto

[bdoriano]

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[threequid]

Ecco il log di avenger (a quanto pare una delle operazioni non è andata a buon fine..)


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cioswtqn

*******************

Script file located at: \??\C:\WINDOWS\dalxcgyn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File c:\windows\system32\mkifogjs.sys not found!
Deletion of file c:\windows\system32\mkifogjs.sys failed!

Could not process line:
c:\windows\system32\mkifogjs.sys
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnnnon deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B87CFCB-1AD6-462E-B8BE-67BF8D49613D} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E08FD10-D16D-4C71-B696-115693A13C7A} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{716665AD-B598-4B54-AE09-35E8B9FEEF7E} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9AF7177-9492-4CF8-8C45-ED9BDF7FC077} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F37F6C4C-3B17-406C-8ED5-C4D0E3F047EE} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{2004652A-4CCE-4EA5-A49E-FEEBF2A2BA8B} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



Ed ecco il log di HT

Logfile of HijackThis v1.99.1
Scan saved at 20.35.32, on 30/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\WiFiConnector\NintendoWFCReg.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Last.fm\LastFMHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\utente\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AAWTray] C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Esegui il programma di registrazione della chiave USB Wi-Fi Nintendo.lnk = C:\Programmi\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Programmi\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Grazie mille per l'aiuto

[threequid]

novità sugli ultimi log?
è tutto ok?

[Orange]

il log HJT sembra pulito.

[threequid]

niente ragazzi... questo virus non se ne vuole andare.
Si riforma continuamente e addirittura ora non mi permette di usare google perchè "non possiamo elaborare la tua richiesta in questo momento. Un virus o un'applicazione spyware ci sta inviando richieste automatiche e sembra che il tuo computer o la tua rete siano stati infettati."
Ho fatto andare virtumondobegone in modalità provvisoria ma non trova niente.
Ho fatto uno scan con Spyboot e ritrova gli stessi identici spyware ad intervalli regolari. (tra l'altro non so se possa essere utile ma il virus viene individuato con Virtumonde e non Virtumondo)
Vi riposto un nuovo log di HJT... per favore aiutatemi ):


Logfile of HijackThis v1.99.1
Scan saved at 21.38.20, on 02/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\WiFiConnector\NintendoWFCReg.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Last.fm\LastFMHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Documents and Settings\utente\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Esegui il programma di registrazione della chiave USB Wi-Fi Nintendo.lnk = C:\Programmi\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Programmi\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Sante62]

Tentar non nuoce...

Scarica Virit da quì: http://www.tgsoft.it/italy/download.htm

Aggiornalo e fagli fare la scansione completa del PC.
Fai in modo che rimuova automaticamente i file infetti trovati.
Non dimenticare di disattivare momentaneamente il tuo antivirus.
Incolla poi quì il risultato.

[threequid]

Ciao! grazie per la risposta!
Quale log devo postare? quello di virit o quello di HJT?
grazie!

[Orange]

VirIt

[threequid]

Questo è il log dei due scan che ho fatto con virit...
sembra aver trovato e rimosso qualche virus... il problema è che non vorrei che si riformassero, come hanno sempre fatto da un po' di giorni a questa parte.
se volete posso mettere a disposizione altri log, basta che mi dirigete voi


VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
03/09/2007 - 08:03:37

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\01234567\gepj[1] Infetto da Trojan.Win32.Vundo.BV
* * * RIMOSSO * * *
C:\WINDOWS\system32\opnlkif.dll.vir Infetto da Trojan.Win32.Vundo.BV
* * * RIMOSSO * * *

Chiavi Registro infette: 0.
Files Infetti: 2.
Files Sospetti: 0.
Files Analizzati: 34530.
Files Totali: 34530.
Chiavi Registro rimosse: 0.
Virus Rimossi: 2.

--------------------------------------------------------
03/09/2007 - 08:19:49

[SCANSIONE DEL REGISTRO]
OK

[A:]
BOOT SECTOR: OK


[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]


[E:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

E:\Programmi\mirc\mirc32.exe Infetto da Backdoor.mIRC.G
* * * RIMOSSO * * *
E:\Programmi\SocksCapV2\sc32.exe Infetto da Trojan.StartPage.BM
* * * RIMOSSO * * *
E:\mIRC\mirc32.exe Infetto da Backdoor.mIRC.G
* * * RIMOSSO * * *
E:\mirc2\mirc32.exe Infetto da Backdoor.mIRC.G
* * * RIMOSSO * * *
E:\System Volume Information\_restore{D389E68D-D152-4B00-A927-3DD42787F239}\RP40\A0010572.exe Infetto da Backdoor.mIRC.G
* * * RIMOSSO * * *
E:\System Volume Information\_restore{D389E68D-D152-4B00-A927-3DD42787F239}\RP40\A0010573.exe Infetto da Trojan.StartPage.BM
* * * RIMOSSO * * *
E:\System Volume Information\_restore{D389E68D-D152-4B00-A927-3DD42787F239}\RP40\A0010574.exe Infetto da Backdoor.mIRC.G
* * * RIMOSSO * * *
E:\System Volume Information\_restore{D389E68D-D152-4B00-A927-3DD42787F239}\RP40\A0010575.exe Infetto da Backdoor.mIRC.G
* * * RIMOSSO * * *

[F:]


[G:]
BOOT SECTOR: OK


[I:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 8.
Files Sospetti: 0.
Files Analizzati: 101634.
Files Totali: 101634.
Chiavi Registro rimosse: 0.
Virus Rimossi: 8.

[Sante62]

Disabilita il ripristino configurazione di sistema:
http://forum.zeusnews.com/viewtopic.php?t=22084
Utilizza l'opzione pulitura disco oppure CCleaner e ATF Cleaner per eliminare i file inutili.
Poi, fai una scansione online con Kaspersky:
http://forum.zeusnews.com/viewtopic.php?t=21705
Quando sta scaricando i file necessari, disattiva momentaneamente l'antivirus ed eventualmente anche il firewall. Non appena inizia la scansione del PC disconnettiti da internet.
Alla fine carica il risultato su www.freefilehosting.net, riportando quì il link che ti viene assegnato.

[threequid]

Grazie ancora per l'aiuto!
Ho fatto gli scan richiesti, senza antivirus e senza firewall, disconnesso dalla rete.

In questo link c'è lo scan dei dischi rigidi
http://www.freefilehosting.net/download/MTg2NzY=

In quest'altro c'è lo scan delle cosiddette "critical areas"
http://www.freefilehosting.net/download/MTg2Nzg=

fatemi sapere se avete bisogno di altri log


Grazie mille!

[Sante62]

Ciao.
Scarica Avenger e mettilo in una sua cartella in C:\
http://swandog46.geekstogo.com/avenger.zip
Avvialo
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

Files to delete:
C:\WINDOWS\system32\plpsuuja.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\NERO13359\Toolbar.exe
E:\Documenti\installazione\AGSetup0606.exe/fsg-ag.exe
E:\Documenti\installazione\AGSetup0606.exe
E:\Documenti\installazione\eDonkey60.exe/data0005/UCMIE.DLL
E:\Documenti\installazione\eDonkey60.exe/data0005
E:\Documenti\installazione\eDonkey60.exe
E:\Documenti\installazione\overnet0.48.1.exe/data0081/UCMIE.DLL
E:\Documenti\installazione\overnet0.48.1.exe/data0081/IUCMORE.DLL
E:\Documenti\installazione\overnet0.48.1.exe/data0081
E:\Documenti\installazione\overnet0.48.1.exe
E:\Documenti\installazione\GDiVXZen1.1.exe/data0014/data0001.cab/Save.exe
E:\Documenti\installazione\GDiVXZen1.1.exe/data0014/data0001.cab/SaveUninst.exe
E:\Documenti\installazione\GDiVXZen1.1.exe/data0014/data0001.cab/Weather/Weather.exe
E:\Documenti\installazione\GDiVXZen1.1.exe/data0014/data0001.cab/Weather/Uninst.exe
E:\Documenti\installazione\GDiVXZen1.1.exe/data0014/data0001.cab
E:\Documenti\installazione\GDiVXZen1.1.exe/data0014
E:\Documenti\installazione\GDiVXZen1.1.exe/data0017
E:\Documenti\installazione\GDiVXZen1.1.exe
E:\Programmi\mirc\SDmirc.ini
E:\mIRC\download\OmeNServE.zip/SDmirc.ini
E:\mIRC\download\OmeNServE.zip
E:\mIRC\download\FastSetup-V20.zip/FastSetup-V20.exe/mirc.exe
E:\mIRC\download\FastSetup-V20.zip/FastSetup-V20.exe
E:\mIRC\download\FastSetup-V20.zip
E:\mIRC\download\FastLand File Server V 2.0\mirc.exe
E:\mirc2\download\OmeNServE.zip/SDmirc.ini
E:\mirc2\download\OmeNServE.zip
E:\mirc2\download\sdfind396.zip/SDmirc.ini
E:\mirc2\download\sdfind396.zip

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, si dovrebbe aprire il blocco note con il risultato, che incollerai quì. Altrimenti lo trovi su C:\Avenger.txt. Posta pure un log aggiornato di HJT.

[threequid]

Ciao sante!
grazie mille per il tuo aiuto.
Questo è il log di avenger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\anuxudcd

*******************

Script file located at: \??\C:\Documents and Settings\gfswmxvc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\plpsuuja.exe deleted successfully.
File C:\DOCUME~1\utente\IMPOST~1\Temp\NERO13359\Toolbar.exe deleted successfully.


Could not open file E:\Documenti\installazione\AGSetup0606.exe/fsg-ag.exe for deletion
Deletion of file E:\Documenti\installazione\AGSetup0606.exe/fsg-ag.exe failed!
Status: 0xc0000033
File E:\Documenti\installazione\AGSetup0606.exe deleted successfully.


Could not open file E:\Documenti\installazione\eDonkey60.exe/data0005/UCMIE.DLL for deletion
Deletion of file E:\Documenti\installazione\eDonkey60.exe/data0005/UCMIE.DLL failed!
Status: 0xc0000033



Could not open file E:\Documenti\installazione\eDonkey60.exe/data0005 for deletion
Deletion of file E:\Documenti\installazione\eDonkey60.exe/data0005 failed!
Status: 0xc0000033

File E:\Documenti\installazione\eDonkey60.exe deleted successfully.


Could not open file E:\Documenti\installazione\overnet0.48.1.exe/data0081/UCMIE.DLL for deletion
Deletion of file E:\Documenti\installazione\overnet0.48.1.exe/data0081/UCMIE.DLL failed!
Status: 0xc0000033



Could not open file E:\Documenti\installazione\overnet0.48.1.exe/data0081/IUCMORE.DLL for deletion
Deletion of file E:\Documenti\installazione\overnet0.48.1.exe/data0081/IUCMORE.DLL failed!
Status: 0xc0000033



Could not open file E:\Documenti\installazione\overnet0.48.1.exe/data0081 for deletion
Deletion of file E:\Documenti\installazione\overnet0.48.1.exe/data0081 failed!
Status: 0xc0000033

File E:\Documenti\installazione\overnet0.48.1.exe deleted successfully.


Could not open file E:\Documenti\installazione\GDiVXZen1.1.exe/data0014/data0001.cab/Save.exe for deletion
Deletion of file E:\Documenti\installazione\GDiVXZen1.1.exe/data0014/data0001.cab/Save.exe failed!
Status: 0xc0000033



Could not open file E:\Documenti\installazione\GDiVXZen1.1.exe/data0014/data0001.cab/SaveUninst.exe for deletion
Deletion of file E:\Documenti\installazione\GDiVXZen1.1.exe/data0014/data0001.cab/SaveUninst.exe failed!
Status: 0xc0000033



Could not open file E:\Documenti\installazione\GDiVXZen1.1.exe/data0014/data0001.cab/Weather/Weather.exe for deletion
Deletion of file E:\Documenti\installazione\GDiVXZen1.1.exe/data0014/data0001.cab/Weather/Weather.exe failed!
Status: 0xc0000033



Could not open file E:\Documenti\installazione\GDiVXZen1.1.exe/data0014/data0001.cab/Weather/Uninst.exe for deletion
Deletion of file E:\Documenti\installazione\GDiVXZen1.1.exe/data0014/data0001.cab/Weather/Uninst.exe failed!
Status: 0xc0000033



Could not open file E:\Documenti\installazione\GDiVXZen1.1.exe/data0014/data0001.cab for deletion
Deletion of file E:\Documenti\installazione\GDiVXZen1.1.exe/data0014/data0001.cab failed!
Status: 0xc0000033



Could not open file E:\Documenti\installazione\GDiVXZen1.1.exe/data0014 for deletion
Deletion of file E:\Documenti\installazione\GDiVXZen1.1.exe/data0014 failed!
Status: 0xc0000033



Could not open file E:\Documenti\installazione\GDiVXZen1.1.exe/data0017 for deletion
Deletion of file E:\Documenti\installazione\GDiVXZen1.1.exe/data0017 failed!
Status: 0xc0000033

File E:\Documenti\installazione\GDiVXZen1.1.exe deleted successfully.
File E:\Programmi\mirc\SDmirc.ini deleted successfully.


Could not open file E:\mIRC\download\OmeNServE.zip/SDmirc.ini for deletion
Deletion of file E:\mIRC\download\OmeNServE.zip/SDmirc.ini failed!
Status: 0xc0000033

File E:\mIRC\download\OmeNServE.zip deleted successfully.


Could not open file E:\mIRC\download\FastSetup-V20.zip/FastSetup-V20.exe/mirc.exe for deletion
Deletion of file E:\mIRC\download\FastSetup-V20.zip/FastSetup-V20.exe/mirc.exe failed!
Status: 0xc0000033



Could not open file E:\mIRC\download\FastSetup-V20.zip/FastSetup-V20.exe for deletion
Deletion of file E:\mIRC\download\FastSetup-V20.zip/FastSetup-V20.exe failed!
Status: 0xc0000033

File E:\mIRC\download\FastSetup-V20.zip deleted successfully.
File E:\mIRC\download\FastLand File Server V 2.0\mirc.exe deleted successfully.


Could not open file E:\mirc2\download\OmeNServE.zip/SDmirc.ini for deletion
Deletion of file E:\mirc2\download\OmeNServE.zip/SDmirc.ini failed!
Status: 0xc0000033

File E:\mirc2\download\OmeNServE.zip deleted successfully.


Could not open file E:\mirc2\download\sdfind396.zip/SDmirc.ini for deletion
Deletion of file E:\mirc2\download\sdfind396.zip/SDmirc.ini failed!
Status: 0xc0000033

File E:\mirc2\download\sdfind396.zip deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Come vedi qualcosa non si è cancellato... ora ti posto un log di HJT

[threequid]

questo è l'ultimo log di HJT

Logfile of HijackThis v1.99.1
Scan saved at 0.02.31, on 05/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\WiFiConnector\NintendoWFCReg.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Last.fm\LastFMHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Esegui il programma di registrazione della chiave USB Wi-Fi Nintendo.lnk = C:\Programmi\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Programmi\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Sante62]