Olimpo Informatico

[yul]

Salve a tutti!
purtroppo ieri sono stata infettata da msn, e ammetto di essere in totale pallone.
Quando sono stata infettata avevo come antivirus AVG (che non si era accorto di nulla...), poi ho installato Kaspersky che ha trovato una caterva di virus.
A quanto ho capito ha eliminato tutto, tranne questo benedetto trojan-dropper.win32.agent.dgo che continua a riccicare fuori.
Ho provato anche a disattivare il ripristino configurazione di sistema e scansionare in modalità provvissoria, ma niente, ad ogni riavvio kasper mi segnala che il virus è sempre lì.
Prima di postare ho letto che serviva fare uno scan con HijackThis, spero di non aver sbagliato nulla.
il risultato, se ho fatto tutto giusto, è questo:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.31.56, on 06/01/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\usrserv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp .exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\WINDOWS\explorer.exe
C:\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [Windows Live Servicer] usrserv.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp .exe"
O4 - HKLM\..\Run: [SysDrv] C:\DOCUME~1\Utente\IMPOST~1\Temp\588046 .exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: ZDWLan Utility.lnk = C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O4 - Global Startup: ZDWlan.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Anti-virus web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182443844828
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ZyDAS1211BBG - Unknown owner - C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\srvany.exe

--
End of file - 3265 bytes

Grazie mille per qualsiasi aiuto ^______^

[Orange]

ciao yul

Hai un paio di cosette "interessanti"...

scarica Avenger e scompattalo sul desktop
avvialo, seleziona Input script manually
clicca sulla lente d'ingrandimento
nella finestra che si apre View/Edit scrit copia/incolla queste righe:

[yul]

rieccomi!
Allora, dallo scan di Vundofix è uscito questo:
VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 10.46.16 07/01/08

Listing files found while scanning....

C:\WINDOWS\system32\efcdabb.dll
C:\WINDOWS\system32\iifcyvt.dll
C:\WINDOWS\system32\pmnnmjh.dll
C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\rrutv.ini2
C:\WINDOWS\system32\vturr.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\efcdabb.dll
C:\WINDOWS\system32\efcdabb.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\iifcyvt.dll
C:\WINDOWS\system32\iifcyvt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnmjh.dll
C:\WINDOWS\system32\pmnnmjh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\rrutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rrutv.ini2
C:\WINDOWS\system32\rrutv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\vturr.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\efcdabb.dll
C:\WINDOWS\system32\efcdabb.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 11.18.18 07/01/08

Listing files found while scanning....

C:\WINDOWS\system32\efcdabb.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\efcdabb.dll
C:\WINDOWS\system32\efcdabb.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\efcdabb.dll
C:\WINDOWS\system32\efcdabb.dll Could not be deleted.

Performing Repairs to the registry.
Done!

dal nuovo scan con Hijackthis questo:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.51.26, on 07/01/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\srvany.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZyDummyZD11B-BG.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp .exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Programmi\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\HiJackThis.exe
C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkklj.exe
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {20B91997-ADB6-44C5-BF48-FBFBC545CFC1} - C:\WINDOWS\system32\jkklj.dll
O2 - BHO: (no name) - {743C451F-7380-43DD-9B06-019BEE395F75} - C:\WINDOWS\system32\efcdabb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C968C5A4-F058-46F9-A8B2-E54BB43945EC} - C:\WINDOWS\system32\jkklj.dll
O2 - BHO: (no name) - {DB8E2F3F-EAD4-4DF3-86F8-39B460006872} - C:\WINDOWS\system32\vturr.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [Windows Live Servicer] usrserv.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp .exe"
O4 - HKLM\..\Run: [SysDrv] C:\DOCUME~1\Utente\IMPOST~1\Temp\588046 .exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: ZDWLan Utility.lnk = C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O4 - Global Startup: ZDWlan.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Anti-virus web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182443844828
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ZyDAS1211BBG - Unknown owner - C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\srvany.exe

--
End of file - 4224 bytes

segnalo anche un nuovo problema.
Ora al riavvio kaspersky mi segnala come rischio un invader.
Mi dice:
processo in esecuzione (PID:3916):
C:\WINDOWS\system32\rundll32.exe


una domanda: ma devo attivare il ripristino configurazione di sistema?
(al momento è disattivato)

[bdoriano]

Segui le istruzioni di questo topic per postare il log di combofix.

[yul]

ecco qui:

ComboFix 08-01-07.4 - Utente 2008-01-07 15.05.13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.178 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix(2).exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\1_exception.nls
C:\WINDOWS\system32\efcdabb.dll
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\jlkkj.ini2
C:\WINDOWS\Temp\177265.exe
C:\WINDOWS\Temp\367062.exe
C:\WINDOWS\Temp\717687.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RUNTIME
-------\LEGACY_SMTPDRV
-------\runtime
-------\smtpdrv


((((((((((((((((((((((((( Files Creati Da 2007-12-07 al 2008-01-07 )))))))))))))))))))))))))))))))))))
.

2008-01-07 15:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 10:46 . 2008-01-07 11:38 <DIR> d-------- C:\VundoFix Backups
2008-01-07 00:41 . 2008-01-07 00:41 1,080 --a------ C:\hcypsblt .bat
2008-01-06 23:30 . 2008-01-07 11:50 <DIR> d-------- C:\Hijackthis
2008-01-06 19:50 . 2008-01-06 19:50 <DIR> d-------- C:\Programmi\ZyDAS Technology Corporation
2008-01-06 19:14 . 2007-06-21 18:13 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-01-06 19:14 . 2007-06-21 18:13 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-01-06 19:14 . 2007-06-21 18:13 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-01-06 19:14 . 2007-06-21 16:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-01-06 19:14 . 2007-06-21 18:13 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-01-06 19:14 . 2007-06-21 18:13 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-01-06 19:14 . 2007-06-21 18:13 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-01-06 19:14 . 2007-06-21 18:13 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-01-06 00:36 . 2008-01-06 00:36 196 --a------ C:\WINDOWS\_delis43.ini
2008-01-06 00:33 . 2008-01-06 00:33 <DIR> d-------- C:\Documents and Settings\Utente\WINDOWS
2008-01-06 00:31 . 2008-01-06 00:31 <DIR> d-------- C:\Programmi\ZyDAS
2008-01-06 00:31 . 2004-04-28 16:32 81,920 --a------ C:\WINDOWS\system32\ZDBRGDLL.dll
2008-01-06 00:31 . 2004-06-30 13:54 19,200 --a------ C:\WINDOWS\system32\ZDBRGSYS.sys
2008-01-05 22:25 . 2008-01-05 22:34 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-05 22:25 . 2008-01-05 22:34 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-05 22:02 . 2008-01-05 22:02 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-01-05 22:02 . 2008-01-07 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-05 22:02 . 2008-01-07 15:29 1,711,392 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-05 22:02 . 2008-01-05 22:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-05 22:02 . 2008-01-05 22:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-05 22:02 . 2008-01-07 15:30 29,728 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-05 22:02 . 2008-01-07 11:40 25,412 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-05 22:02 . 2008-01-07 11:40 4,664 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-05 21:59 . 2008-01-05 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
2007-12-22 13:11 . 2008-01-07 13:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-22 13:11 . 2007-12-22 13:11 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-22 13:08 . 2008-01-05 22:34 <DIR> d-------- C:\Programmi\iTunes
2007-12-22 13:08 . 2007-12-22 13:08 <DIR> d-------- C:\Programmi\iPod
2007-12-22 13:06 . 2008-01-05 23:50 <DIR> d-------- C:\Programmi\QuickTime
2007-12-22 13:05 . 2007-12-22 13:05 <DIR> d-------- C:\Programmi\File comuni\Apple
2007-12-22 13:05 . 2007-12-22 13:05 <DIR> d-------- C:\Programmi\Apple Software Update
2007-12-22 13:05 . 2007-12-22 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2007-12-13 22:59 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 18:49 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-05 21:33 --------- d-----w C:\Programmi\MSN Messenger
2008-01-05 19:54 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Apple Computer
2007-12-22 12:06 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2007-12-13 21:59 --------- d-----w C:\Programmi\Java
2007-12-09 14:43 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\AdobeUM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

[bdoriano]

Houston abbiamo un problema.

Vedo che ci sono dei files con uno spazio finale nel nome

[yul]

come dire...
No, non ne esiste nemmeno uno

[bdoriano]

Prova a fare questi passaggi:

• Fai una scansione online con Bitdefender.
  
• Fai una scansione online con Panda Active Scan.
  
• Fai una scansione online con Eset.

[yul]

mentre faccio le scansioni devo disattivare kaspersky?
e il ripristino configurazione di sistema?

[Sante62]

[yul]

rieccomi^^
allora, con panda ho ottenuto questo:
Incident Status Location

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.cfexe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.exe
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Utente\Cookies\utente@ads.pointroll[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Utente\Cookies\utente@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Utente\Cookies\utente@bs.serving-sys[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Utente\Cookies\utente@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Utente\Cookies\utente@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Utente\Cookies\utente@overture[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Utente\Cookies\utente@serving-sys[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Utente\Cookies\utente@tradedoubler[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Utente\Cookies\utente@weborama[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Utente\Cookies\utente@xiti[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.overture.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.adserver.easyad.info/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.research-int.se/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ptv7iw6l.default\cookies.txt[.questionmarket.com/]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Utente\Desktop\ComboFix(2).exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Utente\Desktop\ComboFix(2).exe[nircmd.cfexe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
con bitdefender questo:
http://www.freefilehosting.net/download/3a6b2

[Orange]

Sembra che non ci siano altre tracce di Vundo, se non nelle cartelle di quarantena e backup del Av e i vari tool usati.

Fai per favore queste operazioni:

* disattiva il ripristino di configurazione del sistema

* scarica ATF Cleaner
avvialo, metti la spunta su Select all (se usi Firefox o Opera spunta anche le loro opzioni)
clicca Empty selected e aspetta il messaggio Done cleaning!
eventualmente ripeti per FF e/o Opera

Fatto questo fai i log di HJT e uno di ComboFix e postali entrambi.

[yul]

ecco qui!
combofix:
ComboFix 08-01-07.4 - Utente 2008-01-09 20.15.32.3 - NTFSx86
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix(2).exe
.

((((((((((((((((((((((((( Files Creati Da 2007-12-09 al 2008-01-09 )))))))))))))))))))))))))))))))))))
.

2008-01-08 18:05 . 2008-01-08 18:08 <DIR> d-------- C:\Programmi\EsetOnlineScanner
2008-01-08 12:40 . 2008-01-08 17:52 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-08 12:40 . 2008-01-08 12:40 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-08 12:40 . 2008-01-08 12:40 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-08 12:40 . 2008-01-08 12:40 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-08 11:56 . 2008-01-08 11:56 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-07 22:20 . 2008-01-08 12:05 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-07 15:57 . 2008-01-07 15:57 <DIR> d-------- C:\Programmi\ZyDAS Technology Corporation
2008-01-07 15:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 10:46 . 2008-01-08 12:28 <DIR> d-------- C:\VundoFix Backups
2008-01-07 00:41 . 2008-01-07 00:41 1,080 --a------ C:\hcypsblt .bat
2008-01-06 23:30 . 2008-01-07 11:50 <DIR> d-------- C:\Hijackthis
2008-01-06 19:14 . 2007-06-21 18:13 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-01-06 19:14 . 2007-06-21 18:13 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-01-06 19:14 . 2007-06-21 18:13 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-01-06 19:14 . 2007-06-21 16:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-01-06 19:14 . 2007-06-21 18:13 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-01-06 19:14 . 2008-01-09 19:48 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-01-06 19:14 . 2007-06-21 18:13 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-01-06 19:14 . 2007-06-21 18:13 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-01-06 00:36 . 2008-01-06 00:36 196 --a------ C:\WINDOWS\_delis43.ini
2008-01-06 00:33 . 2008-01-06 00:33 <DIR> d-------- C:\Documents and Settings\Utente\WINDOWS
2008-01-06 00:31 . 2008-01-06 00:31 <DIR> d-------- C:\Programmi\ZyDAS
2008-01-06 00:31 . 2004-04-28 16:32 81,920 --a------ C:\WINDOWS\system32\ZDBRGDLL.dll
2008-01-06 00:31 . 2004-06-30 13:54 19,200 --a------ C:\WINDOWS\system32\ZDBRGSYS.sys
2008-01-05 22:25 . 2008-01-05 22:34 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-05 22:25 . 2008-01-05 22:34 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-05 22:02 . 2008-01-05 22:02 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-01-05 22:02 . 2008-01-09 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-05 22:02 . 2008-01-09 20:17 7,449,376 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-05 22:02 . 2008-01-09 19:45 102,692 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-05 22:02 . 2008-01-05 22:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-05 22:02 . 2008-01-05 22:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-05 22:02 . 2008-01-09 20:17 46,624 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-05 22:02 . 2008-01-09 19:45 6,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-05 21:59 . 2008-01-05 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
2007-12-22 13:11 . 2008-01-07 13:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-22 13:11 . 2007-12-22 13:11 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-22 13:08 . 2008-01-05 22:34 <DIR> d-------- C:\Programmi\iTunes
2007-12-22 13:08 . 2007-12-22 13:08 <DIR> d-------- C:\Programmi\iPod
2007-12-22 13:06 . 2008-01-05 23:50 <DIR> d-------- C:\Programmi\QuickTime
2007-12-22 13:05 . 2007-12-22 13:05 <DIR> d-------- C:\Programmi\File comuni\Apple
2007-12-22 13:05 . 2007-12-22 13:05 <DIR> d-------- C:\Programmi\Apple Software Update
2007-12-22 13:05 . 2007-12-22 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2007-12-13 22:59 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 14:57 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-05 21:33 --------- d-----w C:\Programmi\MSN Messenger
2008-01-05 19:54 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Apple Computer
2007-12-22 12:06 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2007-12-13 21:59 --------- d-----w C:\Programmi\Java
2007-12-09 14:43 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\AdobeUM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:27 727,552 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:42 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
.

[bdoriano]

Pulizie generiche anche per te:

• se già non l'hai fatto, Disabilita il ripristino di sistema
  
• scarica drWeb CureIT
  
• Scarica Norman Malware Cleaner.
  
• avvia il pc in modalità provvisoria
  
• fai fare una scansione completa a CureIT.
  
• Avvia Norman Malware Cleaner.
  Viene generato un log sul desktop chiamandolo NFix_2007-12-gg_hh-mm-ss.log, alla fine della scansione postalo qui.
  
• Dopo, fai queste scansioni con GMER e posta i logs su FreeFileHosting come indicato qui.

[yul]

Evviva, secondo cureit non ci sono virus ^__^
questo invece è il risultato di norman:
Norman Malware Cleaner
Copyright © 1990 - 2007, Norman ASA. Built 2008/01/07 17:03:01

Norman Scanner Engine Version: 5.91.08
Nvcbin.def Version: 5.90.00, Date: 2008/01/07 17:03:01, Variants: 1123929

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600(Safe mode) Service Pack 2
Logged on user: OSSIAN\Utente


Scan started: 10/01/2008 10:46:21


Scanning running processes and process memory...

Number of processes/threads found: 0
Number of processes/threads scanned: 0
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 0s 31ms



Running post-scan cleanup routine:


ora parto con gmer^^

[yul]

ecco qui i file di gmer:
http://www.freefilehosting.net/download/3a7kl
http://www.freefilehosting.net/download/3a7km

[bdoriano]

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[yul]

ecco qui il risultato di avenger
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tydmkrkf

*******************

Script file located at: \??\C:\WINDOWS\fiwqttjw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Windows Live Servicer deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB8E2F3F-EAD4-4DF3-86F8-39B460006872} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

e il log aggiornato di HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20, on 10/01/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\srvany.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZyDummyZD11B-BG.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Programmi\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp .exe"
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [googletalk] "C:\Programmi\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: ZDWLan Utility.lnk = C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O4 - Global Startup: ZDWlan.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Anti-virus web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

[bdoriano]

Il log di hijackthis è incompleto.
In teoria, però, dovresti essere a posto. Riscontri ancora problemi?

[yul]

ops, scusate!!
avevo scaricato avenger sul desktop.
ho rifatto tutto mettendolo su c.
i risultato è questo:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xelllocx

*******************

Script file located at: \??\C:\WINDOWS\hfbvagoy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Windows Live Servicer
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Windows Live Servicer failed!
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB8E2F3F-EAD4-4DF3-86F8-39B460006872} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB8E2F3F-EAD4-4DF3-86F8-39B460006872} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

e con HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20, on 10/01/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\srvany.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZyDummyZD11B-BG.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Programmi\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp .exe"
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [googletalk] "C:\Programmi\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: ZDWLan Utility.lnk = C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O4 - Global Startup: ZDWlan.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Anti-virus web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182443844828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ZyDAS1211BBG - Unknown owner - C:\Programmi\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\srvany.exe

--
End of file - 4271 bytes