Olimpo Informatico

[donvaldemaro]

Salve a tutti,mi complimento per la competenza e sopratutto per la gentilezza che dimostrate verso chi ha bisogno.Ho seguito qualche vostro consiglio che avete dato ad altri utenti e vorrei presentarvi i miei log di combofix e hijackthis e sapere cosa devo fare ulteriormente per finire di pulire il mio pc..
Grazie infinite anticipatamente.Ho usato ccleaner,nod32 e malware cleaner.
come antivirus uso Avg free edition e come firewall Outpost di Agnitum.Ho windows xp service pack 2.
eccovi i log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.42.49, on 18/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programmi\DAP\DAP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DNA\btdna.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nicola71\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {53627352-ec58-4ba8-c874-ef33d15332b8} - {8b23351d-33fe-478c-8ab4-85ce25372635} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A75F7919-7E94-43CD-B9F8-DE91D353A32F} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [vmm32dll] C:\WINDOWS\vmm32dll.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [vmm32dll] C:\WINDOWS\vmm32dll.exe (User 'Default user')
O17 - HKLM\System\CCS\Services\Tcpip\..\{02420A85-FC2F-45FF-89C4-1D0D9E0BEF25}: NameServer = 212.216.172.62 212.216.172.162
O17 - HKLM\System\CS1\Services\Tcpip\..\{02420A85-FC2F-45FF-89C4-1D0D9E0BEF25}: NameServer = 212.216.172.62 212.216.172.162
O20 - Winlogon Notify: ssqPfcde - ssqPfcde.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe

--
End of file - 3676 bytes

ComboFix 08-04-17.1 - Nicola71 2008-04-18 21:11:51.1 - NTFSx86
Eseguito da: C:\Documents and Settings\Nicola71\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\adult.txt
c:\windows\system32\Drivers\Uae27.sys
C:\WINDOWS\system32\finance.txt
C:\WINDOWS\system32\knqtCfhk.ini
C:\WINDOWS\system32\knqtCfhk.ini2
C:\WINDOWS\system32\lhxntyia.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\other.txt
C:\WINDOWS\system32\pharma.txt
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\WLCtrl32.dll

----- BITS: Possible infected sites -----

hxxp://download.microsoft.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE
-------\Legacy_SERVICE.SYS
-------\Legacy_UAE27
-------\Service_service.sys
-------\Service_Uae27
-------\Service_wer32


((((((((((((((((((((((((( Files Creati Da 2008-03-18 al 2008-04-18 )))))))))))))))))))))))))))))))))))
.

2008-04-16 07:33 . 2008-04-17 22:08 <DIR> dr-h----- C:\$VAULT$.AVG
2008-04-16 07:21 . 2008-04-18 18:15 <DIR> d-------- C:\Documents and Settings\Nicola71\Dati applicazioni\AVG7
2008-04-16 07:17 . 2008-04-16 07:17 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\AVG7
2008-04-16 07:16 . 2008-04-16 07:16 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-04-15 18:13 . 2008-04-16 07:20 1,602,697 --ahs---- C:\WINDOWS\system32\dkyyrfqx.ini
2008-04-15 07:30 . 2008-04-15 18:08 414 ---hs---- C:\WINDOWS\system32\xlqqwpmw.ini
2008-04-15 07:27 . 2008-04-15 07:28 <DIR> d-------- C:\Programmi\PostaPronta
2008-04-15 07:24 . 2008-04-16 07:30 101,156 --a------ C:\WINDOWS\BM2f93447f.xml
2008-04-14 19:35 . 2008-04-16 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
2008-04-13 15:56 . 2008-04-13 15:56 124 --a------ C:\WINDOWS\FinsonLiveUpdate.ini
2008-04-13 15:40 . 2008-04-13 15:56 <DIR> d-------- C:\Programmi\Finson Live Update
2008-04-13 15:40 . 2008-04-13 15:40 <DIR> d-------- C:\Programmi\Finson
2008-04-13 15:40 . 2008-04-13 15:40 <DIR> d-------- C:\Programmi\File comuni\Kapitol
2008-04-13 14:44 . 2008-02-16 17:31 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-04-13 14:44 . 2008-02-16 17:31 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-04-13 14:44 . 2008-02-16 17:31 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-04-13 14:44 . 2005-01-16 17:47 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-04-13 14:44 . 2008-02-16 17:31 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-04-13 14:44 . 2008-02-16 17:31 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-04-13 14:44 . 2008-02-16 17:31 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-04-13 14:44 . 2008-04-13 14:54 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-04-13 14:44 . 2008-04-13 14:44 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-13 14:44 . 2008-04-18 21:11 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-13 09:19 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-13 09:19 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-13 09:19 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-13 09:19 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-13 09:18 . 2008-04-13 16:10 <DIR> d-------- C:\Programmi\Spyware Doctor
2008-04-13 09:18 . 2008-04-13 09:18 <DIR> d-------- C:\Documents and Settings\Nicola71\Dati applicazioni\PC Tools
2008-04-13 09:13 . 2008-04-13 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan
2008-04-13 09:12 . 2008-04-13 09:12 <DIR> d-------- C:\Programmi\Security Task Manager
2008-04-13 08:52 . 2008-04-13 08:52 <DIR> d-------- C:\Programmi\Panda Security
2008-04-12 21:47 . 2008-04-12 21:53 <DIR> d-------- C:\Programmi\RegCleaner
2008-04-12 18:15 . 2008-04-12 22:10 <DIR> d-------- C:\Programmi\Hot CPU Tester Pro 4 LE
2008-04-12 18:15 . 2007-03-05 11:51 360,580 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-04-10 18:03 . 2008-04-10 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-04-09 22:30 . 2008-04-09 22:31 <DIR> d-------- C:\Programmi\Yahoo!
2008-04-06 16:55 . 2008-04-06 16:55 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-04-02 18:46 . 2008-04-02 18:46 <DIR> d-------- C:\Programmi\ModelliFiscali
2008-04-02 18:46 . 2002-02-15 17:36 749,568 --a------ C:\WINDOWS\system32\APToolkit.ocx
2008-04-02 18:46 . 2001-05-22 07:00 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll
2008-04-02 18:46 . 1997-03-24 04:00 17,408 --a------ C:\WINDOWS\system32\Delphimm.dll
2008-04-02 18:46 . 2008-04-12 21:23 3,220 --a------ C:\Tol2008.ini
2008-03-30 21:43 . 2008-03-30 21:43 268 --ah----- C:\sqmdata01.sqm
2008-03-30 21:43 . 2008-03-30 21:43 244 --ah----- C:\sqmnoopt01.sqm
2008-03-30 21:17 . 2008-03-30 21:17 <DIR> d-------- C:\Garmin
2008-03-30 18:00 . 2008-03-30 18:02 <DIR> d-------- C:\Programmi\WinPcap
2008-03-30 17:55 . 2008-03-30 18:07 <DIR> d-------- C:\Programmi\WMR11
2008-03-29 02:21 . 2008-03-29 09:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-03-29 00:52 . 2008-03-29 19:58 864 --a------ C:\Documents and Settings\Nicola71\Dati applicazioni\NMM-MetaData.db
2008-03-28 23:31 . 2008-03-28 23:31 <DIR> d-------- C:\Programmi\DIFX
2008-03-28 23:30 . 2008-03-28 23:30 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-03-28 23:30 . 2008-03-28 23:30 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-03-28 23:29 . 2008-03-28 23:29 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2008-03-28 23:29 . 2008-03-28 23:30 <DIR> d-------- C:\Programmi\Nokia
2008-03-28 23:29 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-03-28 23:29 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-03-28 23:29 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-03-28 23:29 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-03-24 20:05 . 2008-03-24 20:05 <DIR> d--hs---- C:\found.000
2008-03-24 18:39 . 2007-12-04 17:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-03-24 11:40 . 2008-03-24 20:21 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-03-20 15:03 . 2008-03-20 15:03 2,621,440 --a------ C:\WINDOWS\system32\pdflib_com.dll
2008-03-20 08:06 . 2008-03-20 08:06 <DIR> d-------- C:\Documents and Settings\Nicola71\Dati applicazioni\Agnitum
2008-03-20 08:04 . 2008-04-12 01:32 <DIR> d-------- C:\WINDOWS\system32\Filt
2008-03-20 08:04 . 2007-12-20 18:47 443,424 --a------ C:\WINDOWS\system32\drivers\SandBox.sys
2008-03-20 08:04 . 2007-12-12 15:55 200,464 --a------ C:\WINDOWS\system32\drivers\afw.sys
2008-03-20 01:24 . 2008-03-20 01:24 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Agnitum

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:23 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-18 19:15 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\DNA
2008-04-13 13:43 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-09 19:13 --------- d-----w C:\Programmi\HDSL640 USB ADSL Modem
2008-04-06 20:21 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\PC Suite
2008-04-06 14:55 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-03-30 18:41 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\BitTorrent
2008-03-29 08:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations
2008-03-29 07:54 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\Nokia
2008-03-24 18:19 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WinZip
2008-03-24 10:35 --------- d-----w C:\Programmi\Total Video Converter
2008-03-24 09:31 --------- d-----w C:\Programmi\DAP
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 06:04 --------- d-----w C:\Programmi\Agnitum
2008-03-19 23:24 --------- d-----w C:\Programmi\File comuni\Agnitum Shared
2008-03-15 12:03 --------- d-----w C:\Programmi\SafeNet Sentinel
2008-03-15 12:03 --------- d-----w C:\Programmi\File comuni\SafeNet Sentinel
2008-03-14 16:57 --------- d-----w C:\Programmi\Java
2008-03-14 00:15 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\Skype
2008-03-14 00:11 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\skypePM
2008-03-13 09:29 380,928 ----a-r C:\WINDOWS\system32\CMT_Utilities.dll
2008-03-09 11:00 --------- d-----w C:\Programmi\Windows Live
2008-03-09 10:59 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-03-09 10:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-03-05 16:11 1,044,480 ----a-w C:\WINDOWS\system32\TET_com.dll
2008-03-04 06:25 --------- d-----w C:\Programmi\Motherboard Monitor 5
2008-03-03 22:16 --------- d-----w C:\Programmi\Lavalys
2008-03-03 17:51 --------- d-----w C:\Programmi\Google
2008-03-01 13:37 --------- d-----w C:\Programmi\Runtime Software
2008-03-01 13:13 --------- d-----w C:\Programmi\MSXML 4.0
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-01 10:26 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\Arcsoft
2008-03-01 10:07 --------- d-----w C:\Programmi\palmOne
2008-03-01 09:58 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\LG Electronics
2008-03-01 09:49 --------- d-----w C:\Programmi\LG PC Suite
2008-03-01 09:04 --------- d-----w C:\Programmi\QuickTime
2008-03-01 09:03 --------- d-----w C:\Programmi\OLYMPUS
2008-02-28 21:49 --------- d-----w C:\Programmi\eMule
2008-02-28 19:57 442 ----a-w C:\Programmi\Collegamento a eMule.lnk
2008-02-27 22:12 --------- d-----w C:\Programmi\DNA
2008-02-27 22:12 --------- d-----w C:\Programmi\BitTorrent
2008-02-26 20:19 --------- d-----w C:\Programmi\Temp
2008-02-26 20:08 --------- d-----w C:\Programmi\File comuni\Adobe
2008-02-26 17:19 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\Nokia Multimedia Player
2008-02-26 17:14 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\Datalayer
2008-02-26 17:12 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\Leadertech
2008-02-26 17:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-02-25 17:02 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\Ahead
2008-02-20 22:28 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\Vso
2008-02-20 22:15 --------- d-----w C:\Programmi\VSO
2008-02-20 22:13 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-02-20 22:09 --------- d-----w C:\Programmi\Skype
2008-02-20 22:09 --------- d-----w C:\Programmi\File comuni\Skype
2008-02-20 22:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:27 --------- d-----w C:\Programmi\File comuni\Java
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-19 23:04 51,200 ----a-w C:\ycfyx.exe
2008-02-19 23:04 15,872 ----a-w C:\it1.exe
2008-02-16 18:52 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-16 17:01 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2006-05-06 16:42 7,260,160 ----a-w C:\Programmi\mozilla firefox\plugins\libvlc.dll
.

------- Sigcheck -------

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2003-04-08 14:00 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-04-06 16:55 360064 8283a4d489b207991efdc8328733d0bc C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-04-06 16:55 360064 8283a4d489b207991efdc8328733d0bc C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8b23351d-33fe-478c-8ab4-85ce25372635}]
C:\WINDOWS\system32\cpcgvlmp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A75F7919-7E94-43CD-B9F8-DE91D353A32F}]
C:\WINDOWS\system32\khfCtqnk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:39 15360]
"BitTorrent DNA"="C:\Programmi\DNA\btdna.exe" [2008-03-28 00:44 288576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2002-03-08 22:29 163840 C:\WINDOWS\system32\pctspk.exe]
"DownloadAccelerator"="C:\Programmi\DAP\DAP.exe" [2008-03-24 11:31 3057152]
"2ca077e3"="C:\WINDOWS\system32\xqfryykd.dll" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 18:49 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"vmm32dll"="C:\WINDOWS\vmm32dll.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-16 07:17 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqPfcde]
ssqPfcde.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Photo Express Calendar Checker SE.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Photo Express Calendar Checker SE.lnk
backup=C:\WINDOWS\pss\Photo Express Calendar Checker SE.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nicola71^Menu Avvio^Programmi^Esecuzione automatica^AVG 7.5.lnk]
path=C:\Documents and Settings\Nicola71\Menu Avvio\Programmi\Esecuzione automatica\AVG 7.5.lnk
backup=C:\WINDOWS\pss\AVG 7.5.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nicola71^Menu Avvio^Programmi^Esecuzione automatica^Manager HotSync.lnk]
path=C:\Documents and Settings\Nicola71\Menu Avvio\Programmi\Esecuzione automatica\Manager HotSync.lnk
backup=C:\WINDOWS\pss\Manager HotSync.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
--a------ 2003-09-11 05:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
--a------ 2004-08-13 18:41 86016 C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Programmi\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 11:12 695808 C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
--------- 1998-07-03 13:51 25088 C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\mmhren1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 18:22 21898024 C:\Programmi\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-03 19:51 171448 C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
--a------ 2008-02-17 09:00 8824112 C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"UPS"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"srservice"=2 (0x2)
"SharedAccess"=2 (0x2)
"ServiceLayer"=3 (0x3)
"SentinelProtectionServer"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"ose"=3 (0x3)
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"CryptSvc"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Advance Service Process"=2 (0x2)
"acssrv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"<NO NAME>"= :runsvc
"C:\\Programmi\\VoipStunt.com\\VoipStunt\\voipstunt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 SandBox;SandBox;C:\WINDOWS\system32\DRIVERS\SandBox.sys [2007-12-20 18:47]
R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [2007-12-12 15:55]
R3 ASWFilt;ASWFilt;C:\WINDOWS\system32\Filt\ASWFilt.dll [2007-12-20 18:48]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2002-03-11 07:55]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2002-03-11 07:55]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2002-03-11 11:15]
R3 DCamUSBNW800;CIF USB Camera (2110);C:\WINDOWS\system32\DRIVERS\pcam800.sys [2002-07-27 10:46]
R3 MTC0001_MPB;MPB device driver;C:\WINDOWS\system32\ntMPB.sys [2001-11-27 18:11]
R3 S6U12Scanner;MUSTEK 1200 CU Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 22:58]
S3 CommDrv;CommDrv;C:\WINDOWS\system32\CommDrv.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]
S3 OlCamudp;OLYMPUS Digital Camera;C:\WINDOWS\system32\Drivers\olcamudp.sys [2000-02-09 10:55]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
S4 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~2\acs.exe [2007-12-19 14:32]
S4 Distributed Allocated Memory Unit;Distributed Allocated Memory Unit;"C:\WINDOWS\system32\dllcache\mravsc32.exe" []

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 21:20:06
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\service.sys]
"ImagePath"="\??\C:\WINDOWS\system32\service.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Uae27]
"ImagePath"="System32\Drivers\Uae27.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wer32]
"ImagePath"="\??\C:\WINDOWS\system32\jkghje.dll"
.
Ora fine scansione: 2008-04-18 21:31:08
ComboFix-quarantined-files.txt 2008-04-18 19:31:03

6 Directory 4,462,784,512 byte disponibili
11 Directory 4,766,191,616 byte disponibili
.
2008-04-09 22:31:21 --- E O F ---

[bdoriano]

Ciao donvaldemaro,

Crea un file di testo con le seguenti istruzioni:

[donvaldemaro]

grazie mille bdoriano!
ecco i log aggiornati!

ComboFix 08-04-17.1 - Nicola71 2008-04-19 13.55.12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.625 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Nicola71\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nicola71\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-03-19 al 2008-04-19 )))))))))))))))))))))))))))))))))))
.

2008-04-19 12:54 . 2008-04-19 12:54 <DIR> d-------- C:\Documents and Settings\Nicola71\Dati applicazioni\PCToolsFirewallPlus
2008-04-19 12:41 . 2008-04-19 12:41 <DIR> d-------- C:\Programmi\File comuni\PC Tools
2008-04-19 12:40 . 2008-04-19 13:51 <DIR> d-------- C:\Programmi\PC Tools Firewall Plus
2008-04-16 07:21 . 2008-04-19 12:56 <DIR> d-------- C:\Documents and Settings\Nicola71\Dati applicazioni\AVG7
2008-04-16 07:17 . 2008-04-16 07:17 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\AVG7
2008-04-16 07:16 . 2008-04-16 07:16 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-04-15 07:27 . 2008-04-15 07:28 <DIR> d-------- C:\Programmi\PostaPronta
2008-04-14 19:35 . 2008-04-16 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
2008-04-13 15:40 . 2008-04-13 15:56 <DIR> d-------- C:\Programmi\Finson Live Update
2008-04-13 15:40 . 2008-04-13 15:40 <DIR> d-------- C:\Programmi\Finson
2008-04-13 15:40 . 2008-04-13 15:40 <DIR> d-------- C:\Programmi\File comuni\Kapitol
2008-04-13 14:44 . 2008-02-16 17:31 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-04-13 14:44 . 2008-02-16 17:31 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-04-13 14:44 . 2008-02-16 17:31 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-04-13 14:44 . 2005-01-16 17:47 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-04-13 14:44 . 2008-02-16 17:31 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-04-13 14:44 . 2008-02-16 17:31 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-04-13 14:44 . 2008-02-16 17:31 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-04-13 14:44 . 2008-04-13 14:54 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-04-13 14:44 . 2008-04-18 21:11 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-13 09:18 . 2008-04-13 16:10 <DIR> d-------- C:\Programmi\Spyware Doctor
2008-04-13 09:18 . 2008-04-13 09:18 <DIR> d-------- C:\Documents and Settings\Nicola71\Dati applicazioni\PC Tools
2008-04-13 09:13 . 2008-04-13 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SecTaskMan
2008-04-13 09:12 . 2008-04-13 09:12 <DIR> d-------- C:\Programmi\Security Task Manager
2008-04-13 08:52 . 2008-04-13 08:52 <DIR> d-------- C:\Programmi\Panda Security
2008-04-12 21:47 . 2008-04-12 21:53 <DIR> d-------- C:\Programmi\RegCleaner
2008-04-12 18:15 . 2008-04-12 22:10 <DIR> d-------- C:\Programmi\Hot CPU Tester Pro 4 LE
2008-04-10 18:03 . 2008-04-10 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-04-09 22:30 . 2008-04-09 22:31 <DIR> d-------- C:\Programmi\Yahoo!
2008-04-02 18:46 . 2008-04-02 18:46 <DIR> d-------- C:\Programmi\ModelliFiscali
2008-03-30 18:00 . 2008-03-30 18:02 <DIR> d-------- C:\Programmi\WinPcap
2008-03-30 17:55 . 2008-03-30 18:07 <DIR> d-------- C:\Programmi\WMR11
2008-03-29 02:21 . 2008-03-29 09:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-03-29 00:52 . 2008-03-29 19:58 864 --a------ C:\Documents and Settings\Nicola71\Dati applicazioni\NMM-MetaData.db
2008-03-28 23:31 . 2008-03-28 23:31 <DIR> d-------- C:\Programmi\DIFX
2008-03-28 23:30 . 2008-03-28 23:30 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-03-28 23:30 . 2008-03-28 23:30 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-03-28 23:29 . 2008-03-28 23:29 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2008-03-28 23:29 . 2008-03-28 23:30 <DIR> d-------- C:\Programmi\Nokia
2008-03-24 11:40 . 2008-03-24 20:21 <DIR> d-------- C:\Programmi\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 11:58 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\DNA
2008-04-19 11:51 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-19 10:23 --------- d-----w C:\Programmi\Agnitum
2008-04-13 13:43 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-09 19:13 --------- d-----w C:\Programmi\HDSL640 USB ADSL Modem
2008-04-06 20:21 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\PC Suite
2008-04-06 14:55 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-04-06 14:55 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-03-30 18:41 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\BitTorrent
2008-03-29 08:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations
2008-03-29 07:54 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\Nokia
2008-03-24 18:19 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WinZip
2008-03-24 10:35 --------- d-----w C:\Programmi\Total Video Converter
2008-03-24 09:31 --------- d-----w C:\Programmi\DAP
2008-03-19 23:24 --------- d-----w C:\Programmi\File comuni\Agnitum Shared
2008-03-15 12:03 --------- d-----w C:\Programmi\SafeNet Sentinel
2008-03-15 12:03 --------- d-----w C:\Programmi\File comuni\SafeNet Sentinel
2008-03-14 16:57 --------- d-----w C:\Programmi\Java
2008-03-14 00:15 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\Skype
2008-03-14 00:11 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\skypePM
2008-03-12 07:30 159,896 ----a-w C:\WINDOWS\system32\drivers\pctfw2.sys
2008-03-09 11:00 --------- d-----w C:\Programmi\Windows Live
2008-03-09 10:59 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-03-09 10:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-03-04 06:25 --------- d-----w C:\Programmi\Motherboard Monitor 5
2008-03-03 22:16 --------- d-----w C:\Programmi\Lavalys
2008-03-03 17:51 --------- d-----w C:\Programmi\Google
2008-03-01 13:37 --------- d-----w C:\Programmi\Runtime Software
2008-03-01 13:13 --------- d-----w C:\Programmi\MSXML 4.0
2008-03-01 10:26 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\Arcsoft
2008-03-01 10:07 --------- d-----w C:\Programmi\palmOne
2008-03-01 09:58 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\LG Electronics
2008-03-01 09:49 --------- d-----w C:\Programmi\LG PC Suite
2008-03-01 09:04 --------- d-----w C:\Programmi\QuickTime
2008-03-01 09:03 --------- d-----w C:\Programmi\OLYMPUS
2008-02-28 21:49 --------- d-----w C:\Programmi\eMule
2008-02-28 19:57 442 ----a-w C:\Programmi\Collegamento a eMule.lnk
2008-02-27 22:12 --------- d-----w C:\Programmi\DNA
2008-02-27 22:12 --------- d-----w C:\Programmi\BitTorrent
2008-02-26 20:19 --------- d-----w C:\Programmi\Temp
2008-02-26 20:08 --------- d-----w C:\Programmi\File comuni\Adobe
2008-02-26 17:19 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\Nokia Multimedia Player
2008-02-26 17:14 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\Datalayer
2008-02-26 17:12 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\Leadertech
2008-02-26 17:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-02-25 17:02 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\Ahead
2008-02-25 14:38 93,440 ----a-w C:\WINDOWS\system32\drivers\pctfw.sys
2008-02-21 06:56 40,856 ----a-w C:\WINDOWS\system32\drivers\pctmp.sys
2008-02-21 06:56 18,328 ----a-w C:\WINDOWS\system32\drivers\pctssipc.sys
2008-02-20 22:28 --------- d-----w C:\Documents and Settings\Nicola71\Dati applicazioni\Vso
2008-02-20 22:15 --------- d-----w C:\Programmi\VSO
2008-02-20 22:13 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-02-20 22:09 --------- d-----w C:\Programmi\Skype
2008-02-20 22:09 --------- d-----w C:\Programmi\File comuni\Skype
2008-02-20 22:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-02-20 06:27 --------- d-----w C:\Programmi\File comuni\Java
2008-02-19 23:04 51,200 ----a-w C:\ycfyx.exe
2008-02-19 23:04 15,872 ----a-w C:\it1.exe
2008-02-16 18:52 737,280 ----a-w C:\WINDOWS\iun6002.exe
2006-05-06 16:42 7,260,160 ----a-w C:\Programmi\mozilla firefox\plugins\libvlc.dll
.

------- Sigcheck -------

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2003-04-08 14:00 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-04-06 16:55 360064 8283a4d489b207991efdc8328733d0bc C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-04-06 16:55 360064 8283a4d489b207991efdc8328733d0bc C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-04-18_21.30.02.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-18 19:18:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-19 12:01:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:39 15360]
"BitTorrent DNA"="C:\Programmi\DNA\btdna.exe" [2008-03-28 00:44 288576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2002-03-08 22:29 163840 C:\WINDOWS\system32\pctspk.exe]
"DownloadAccelerator"="C:\Programmi\DAP\DAP.exe" [2008-03-24 11:31 3057152]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 18:49 579584]
"00PCTFW"="C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2008-03-28 14:37 2598808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-16 07:17 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqPfcde]
ssqPfcde.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Photo Express Calendar Checker SE.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Photo Express Calendar Checker SE.lnk
backup=C:\WINDOWS\pss\Photo Express Calendar Checker SE.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nicola71^Menu Avvio^Programmi^Esecuzione automatica^AVG 7.5.lnk]
path=C:\Documents and Settings\Nicola71\Menu Avvio\Programmi\Esecuzione automatica\AVG 7.5.lnk
backup=C:\WINDOWS\pss\AVG 7.5.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Nicola71^Menu Avvio^Programmi^Esecuzione automatica^Manager HotSync.lnk]
path=C:\Documents and Settings\Nicola71\Menu Avvio\Programmi\Esecuzione automatica\Manager HotSync.lnk
backup=C:\WINDOWS\pss\Manager HotSync.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
--a------ 2003-09-11 05:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
--a------ 2004-08-13 18:41 86016 C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Programmi\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 11:12 695808 C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
--------- 1998-07-03 13:51 25088 C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\mmhren1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 18:22 21898024 C:\Programmi\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-03 19:51 171448 C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
--a------ 2008-02-17 09:00 8824112 C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"UPS"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"srservice"=2 (0x2)
"SharedAccess"=2 (0x2)
"ServiceLayer"=3 (0x3)
"SentinelProtectionServer"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"ose"=3 (0x3)
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"CryptSvc"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Advance Service Process"=2 (0x2)
"acssrv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"<NO NAME>"= :runsvc
"C:\\Programmi\\VoipStunt.com\\VoipStunt\\voipstunt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-03-12 09:30]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2008-02-21 08:56]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2008-02-21 08:56]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2002-03-11 07:55]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2002-03-11 07:55]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2002-03-11 11:15]
R3 DCamUSBNW800;CIF USB Camera (2110);C:\WINDOWS\system32\DRIVERS\pcam800.sys [2002-07-27 10:46]
R3 MTC0001_MPB;MPB device driver;C:\WINDOWS\system32\ntMPB.sys [2001-11-27 18:11]
R3 S6U12Scanner;MUSTEK 1200 CU Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 22:58]
S3 CommDrv;CommDrv;C:\WINDOWS\system32\CommDrv.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]
S3 OlCamudp;OLYMPUS Digital Camera;C:\WINDOWS\system32\Drivers\olcamudp.sys [2000-02-09 10:55]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []
S4 Distributed Allocated Memory Unit;Distributed Allocated Memory Unit;"C:\WINDOWS\system32\dllcache\mravsc32.exe" []

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 14:03:12
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
.
**************************************************************************
.
Ora fine scansione: 2008-04-19 14:10:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-19 12:10:36
ComboFix2.txt 2008-04-18 19:31:12

6 Directory 4,655,071,232 byte disponibili
11 Directory 4,744,900,608 byte disponibili
.
2008-04-09 22:31:21 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.13.35, on 19/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programmi\DAP\DAP.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DNA\btdna.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nicola71\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A5A975A-BF11-44C3-AB8F-A00E77783511}: NameServer = 212.216.172.62 212.216.172.162
O20 - Winlogon Notify: ssqPfcde - ssqPfcde.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe

--
End of file - 3762 bytes

grazie!

[bdoriano]

Mi sembra che combofix abbia fatto qualcosina...

• Disabilita il tuo antivirus
  
• Collegati a BitDefender (con IE) e fai la scansione completa.
  
• Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
  Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

[donvaldemaro]

[bdoriano]

Ci sono ancora dei files da eliminare...

[donvaldemaro]

ciao bdoriano, ho fatto la scansione con Kasperky Virus Remove come da tue istruzioni...ha trovato 65 files infetti, a tutti ho dato il comando DELETE (non essendo file che mi interessavano).Ho salvato il report ma prima di postarlo (in quanto è veramente lungo) volevo chiederti se era necessario ai fini di altri consigli.Grazie ancora.

[donvaldemaro]

in attesa di una tua risposta posto il log di HijackThis appena eseguito,dopo la pulizia da te consigliata nel topic.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29, on 2008-04-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\DAP\DAP.EXE
C:\Programmi\HDSL640 USB ADSL Modem\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\Documents and Settings\Nicola71\Desktop\antivirus,antimalware ecc ecc\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\HDSL640 USB ADSL Modem\CnxDslTb.exe
O4 - HKLM\..\Run: [AVP] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_20.04.2008_15-46.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208697983568
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A5A975A-BF11-44C3-AB8F-A00E77783511}: NameServer = 212.216.172.62 212.216.172.162
O20 - Winlogon Notify: ssqPfcde - ssqPfcde.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: setup_7.0.0.180_20.04.2008_15-46 - Kaspersky Lab - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_20.04.2008_15-46.exe

--
End of file - 5029 bytes

[bdoriano]

Si, posta anche il log di Kaspersky caricandolo su FreeFileHosting come indicato qui.

Puoi procedere alla rimozione di Kaspersky:

• clicca sull?icona per lanciare il tool
  
• nella finestra principale, in basso, clicca sulla voce Complete Virus Protection
  
• verrà visualizzato un messaggio: clicca su Ok
  
• chiudi la pagina web che verrà aperta
  
• nel messaggio successivo, clicca su SI per avviare la disinstallazione
  
• al termine, verrà richiesto di riavviare il P.C.

[donvaldemaro]

[bdoriano]

Se non funziona FreeFileHosting, puoi utilizzare anche WikiSend

Per quanto riguarda Kaspersky, tieni conto che la versione che hai installato non ha l'aggiornamento automatico.
Va scaricata ogni volta l'ultima versione disponibile (aggiornata ogni 5/6 ore).
Quindi, conviene utilizzarla solo nel momento del bisogno.

[donvaldemaro]

[bdoriano]

Per rispondere alla tua prima domanda: tra i due è meglio Kasperky.

Ho dato un'occhiata al log che hai inviato... wow! di files ne hai parecchi.
Comunque, sembra aver cancellato tutti i virus riconosciuti.

Rifai il log di hijackthis, così vediamo se ci sono rimasugli di voci cancellate.

Per il resto, riscontri altri problemi?

[donvaldemaro]

[donvaldemaro]

ecco il log appena eseguito

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02, on 2008-04-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\DAP\DAP.EXE
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\HDSL640 USB ADSL Modem\CnxDslTb.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nicola71\Desktop\antivirus,antimalware ecc ecc\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\HDSL640 USB ADSL Modem\CnxDslTb.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208697983568
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A5A975A-BF11-44C3-AB8F-A00E77783511}: NameServer = 212.216.172.62 212.216.172.162
O20 - Winlogon Notify: ssqPfcde - ssqPfcde.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe

--
End of file - 5586 bytes