Olimpo Informatico

[stefaniello]

il log è:

Logfile of HijackThis v1.99.1
Scan saved at 19.22.10, on 06/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\acer\epm\epm-dm.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Novatel Wireless\MobiLink\nextgen.exe
C:\Programmi\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\STEFAN~1\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\STEFAN~1\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\STEFAN~1\IMPOST~1\Temp\Rar$EX00.938\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.slysoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Programmi\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\j2re1.4.2_13\bin\jusched.exe"
O4 - HKLM\..\Run: [Dispatcher] C:\WINDOWS\dispatcher.exe
O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "C:\Documents and Settings\STEFANO GANGEMI\Desktop\E3DTE84.exe" -scan
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\jmqxshms.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{232DD36F-F409-452E-867D-3E5F73FB9FEB}: NameServer = 62.13.171.1 62.13.171.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{C794EB92-BE6C-458A-AB2D-CB011E7812CF}: NameServer = 1.1.1.1,1.1.1.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{232DD36F-F409-452E-867D-3E5F73FB9FEB}: NameServer = 62.13.171.1 62.13.171.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: MobiLink IILServer - Novatel Wireless, Inc. - C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

[Smjert]

Avvia HijackThis, premi Do a system scan only, spunta queste voci e poi premi FixChecked:

[stefaniello]

il log di hijackthis è il seguente:

Logfile of HijackThis v1.99.1
Scan saved at 23.12.21, on 06/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\acer\epm\epm-dm.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Programmi\Novatel Wireless\MobiLink\nextgen.exe
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\STEFAN~1\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\STEFAN~1\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\STEFAN~1\IMPOST~1\Temp\Rar$EX00.266\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.slysoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Programmi\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\j2re1.4.2_13\bin\jusched.exe"
O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "C:\Documents and Settings\STEFANO GANGEMI\Desktop\E3DTE84.exe" -scan
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\cvcmhoom.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{232DD36F-F409-452E-867D-3E5F73FB9FEB}: NameServer = 62.13.171.1 62.13.171.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{C794EB92-BE6C-458A-AB2D-CB011E7812CF}: NameServer = 1.1.1.1,1.1.1.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{232DD36F-F409-452E-867D-3E5F73FB9FEB}: NameServer = 62.13.171.1 62.13.171.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: MobiLink IILServer - Novatel Wireless, Inc. - C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

mentre kaspersky nn mi ha fatto salvare un log, posso solo dirti che mi ha trovato 14 virus

[Smjert]

Cosa vuol dire che non te l'ha fatto salvare?
Alla fine della scansione appare il pulsante Save As per salvarlo...
Non mi serve sapere che ha trovato 14 virus ... senza sapere quali e come li identifica.. e poi comunque la scansione online non rimuove/disinfetta i file..

[stefaniello]

mi è uscito il pulsante save us.che devo fare? rifaccio la scansione on line?

[stefaniello]

il log di Kaspersky è il seguente:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 07, 2007 8:25:03 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/03/2007
Kaspersky Anti-Virus database records: 278496
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 57192
Number of viruses found: 14
Number of infected objects: 31 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:12:05

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Dati applicazioni\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\CyberLink\DTVFreqDB4User Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Support\MPLog-03012007-111616.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temp\MpCmdRun-3A-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temp\MpCmdRun.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\stefaniello@hotmail.it\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\stefaniello@hotmail.it\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\stefaniello@hotmail.it\SharingMetadata\Working\database_7824_3258_2432_1998\dfsr.db Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\stefaniello@hotmail.it\SharingMetadata\Working\database_7824_3258_2432_1998\fsr.log Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\stefaniello@hotmail.it\SharingMetadata\Working\database_7824_3258_2432_1998\fsrtmp.log Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\stefaniello@hotmail.it\SharingMetadata\Working\database_7824_3258_2432_1998\tmp.edb Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\stefaniello@hotmail.it\real\members.stg Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\stefaniello@hotmail.it\shadow\members.stg Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\saveinstwm.exe/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\saveinstwm.exe/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\saveinstwm.exe/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\saveinstwm.exe/data0002.cab/Weather.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ak skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\saveinstwm.exe/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.f skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\saveinstwm.exe/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.f skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\saveinstwm.exe Embedded CAB: infected - 6 skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\~DF2C88.tmp Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\~DF2CB8.tmp Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\~DF4DF9.tmp Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\~DF4E46.tmp Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\~DFF669.tmp Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\~DFF67E.tmp Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\ntuser.dat.LOG Object is locked skipped
C:\loaderlog.txt Object is locked skipped
C:\Programmi\CyberLink\PowerCinema\Kernel\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\DTVFreqDB Object is locked skipped
C:\Programmi\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\RECYCLER\S-1-5-21-416125016-870249971-2572101166-1005\Dc2.exe Infected: Trojan-PSW.Win32.VB.kg skipped
C:\System Volume Information\_restore{98E4B9E7-230C-46A5-9F74-F93AEE790324}\RP46\A0008559.exe Object is locked skipped
C:\System Volume Information\_restore{98E4B9E7-230C-46A5-9F74-F93AEE790324}\RP46\A0008561.exe Infected: Trojan-PSW.Win32.VB.kg skipped
C:\System Volume Information\_restore{98E4B9E7-230C-46A5-9F74-F93AEE790324}\RP55\A0012316.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591 skipped
C:\System Volume Information\_restore{98E4B9E7-230C-46A5-9F74-F93AEE790324}\RP57\A0012727.dll Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
C:\System Volume Information\_restore{98E4B9E7-230C-46A5-9F74-F93AEE790324}\RP57\A0012728.exe Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
C:\System Volume Information\_restore{98E4B9E7-230C-46A5-9F74-F93AEE790324}\RP62\A0015906.dll Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{98E4B9E7-230C-46A5-9F74-F93AEE790324}\RP62\A0015907.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{98E4B9E7-230C-46A5-9F74-F93AEE790324}\RP62\A0015908.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gf skipped
C:\System Volume Information\_restore{98E4B9E7-230C-46A5-9F74-F93AEE790324}\RP64\A0016094.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gf skipped
C:\System Volume Information\_restore{98E4B9E7-230C-46A5-9F74-F93AEE790324}\RP65\change.log Object is locked skipped
C:\VundoFix Backups\jhtyvhbv.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\tjcpoblj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gf skipped
C:\VundoFix Backups\VSAdd-in.dll.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Novatel Wireless UMTS Modem Primary Port.txt Object is locked skipped
C:\WINDOWS\NDNuninstall6_38.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\WINDOWS\NDNuninstall7_48.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\nnnljhe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt Object is locked skipped
C:\WINDOWS\Temp\sqlite_2D5VifamdTZVqn2 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Documenti\File ricevuti\MsnMsgr.txt Object is locked skipped
D:\Documenti\Programmi\BearShareV6.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped
D:\Documenti\Programmi\BearShareV6.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped
D:\Documenti\Programmi\BearShareV6.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped
D:\Documenti\Programmi\BearShareV6.exe WiseSFX: infected - 3 skipped
D:\Documenti\Programmi\BearShareV6.exe WiseSFX Dropper: infected - 3 skipped
D:\Documenti\Programmi\JackSMS_3.17_Install.exe/data.rar/JackSMS.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591 skipped
D:\Documenti\Programmi\JackSMS_3.17_Install.exe/data.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.591 skipped
D:\Documenti\Programmi\JackSMS_3.17_Install.exe RarSFX: infected - 2 skipped
D:\Other files\Temp\File temporanei Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
D:\Other files\Temp\File temporanei Internet\Content.IE5\index.dat Object is locked skipped
D:\Other files\Temp\File temporanei Internet\Content.IE5\KDCHQ92F\160x600_guidaffari[1].swf Object is locked skipped
D:\System Volume Information\_restore{98E4B9E7-230C-46A5-9F74-F93AEE790324}\RP65\change.log Object is locked skipped

Scan process completed.

[Smjert]

Scarica CCleaner e installalo.
Una volta fatto avvia CCleaner e vai su Opzioni->Avanzate, togli la spunta a "cancella file in windows temp solo se più vecchi di 48 ore",
torna su Cleaner e fai Analizza, quando ha finito clicca Avvia Cleaner.

Scarica il FixVundo da Symantec.
Scarica VundoFix da Atribune.

Vai sulla barra di avvio->Start->Impostazioni->Pannello di Controllo->
Sistema->scheda Ripristino configurazione di sistema,
spunta la voce "Disattiva Ripristino configurazione di sistema ecc.."

Riavvia il pc.

Fai la stessa cosa ma stavolta togli la spunta.

Una volta riavviato fai partire il tool della Symantec, premi Start e fargli fare la scansione.

Quando ha finito avvia il tool della Atribune, quando ti si apre premi su Scan for Vundo.
Quando ha finito la scansione premi su Remove Vundo.
Ti chiederà se vuoi rimuovere i files, tu rispondi YES
Quando cliccherai yes il desktop diventerà bianco perchè il VundoFix inizierà a rimuovere i files.
Quando avrà finito ti chiederà se può riavviare il pc, premi OK.

Finito il riavvio, riavvia di nuovo il pc in Modalità Provvisoria (quando ti fa il calcolo della memoria, ti segna gli hd collegati ecc premi continuamente F8 finchè non appare un menu, da lì scegli con le freccie la modalità).

[stefaniello]

i files su c:\windows\system32 nn ci sono più ma le chievi sul registro sono rimaste...dimmi tu cosa devo fare...

[Smjert]

Prova ad usare ancora questo tool FxVMonde, fallo girare dalla Modalità Provvisoria.

Apri l'editor di registro e se ci sono queste chiavi cancellale:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}

E cancella quelle chiavi che si sono rigenerate.

[stefaniello]

il log di fxvmode è il seguente:


Symantec Adware.VirtuMonde Removal Tool 1.0.3
Adware.VirtuMonde has not been found on your computer.

mentre quello di hijackthis è:

Logfile of HijackThis v1.99.1
Scan saved at 18.44.20, on 08/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\acer\epm\epm-dm.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Novatel Wireless\MobiLink\nextgen.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\STEFAN~1\IMPOST~1\Temp\Rar$EX00.500\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.slysoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F01FF26-18F5-4613-BFD6-14DE2FBA24C3} - C:\WINDOWS\system32\nnnljhe.dll (file missing)
O2 - BHO: (no name) - {3C4E691E-50E0-4163-8E94-37F72E994272} - (no file)
O2 - BHO: (no name) - {468112A6-12E1-4B40-9497-329EB07F7893} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Programmi\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {71663F8B-11FC-49DA-9A3C-96DE7BE585A5} - C:\WINDOWS\system32\pmnli.dll (file missing)
O2 - BHO: (no name) - {890B304E-00B8-471D-A092-67B8E9CB7B22} - C:\WINDOWS\system32\pmnlj.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95E46C33-E379-4665-BA5A-A86AA937EE5A} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\cjifkmix.dll (file missing)
O2 - BHO: (no name) - {E2233203-265C-43A6-929D-71EA82D8AC9B} - C:\WINDOWS\system32\awvvw.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Programmi\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\j2re1.4.2_13\bin\jusched.exe"
O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "C:\Documents and Settings\STEFANO GANGEMI\Desktop\E3DTE84.exe" -scan
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\cvcmhoom.dll",setvm
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{232DD36F-F409-452E-867D-3E5F73FB9FEB}: NameServer = 62.13.171.1 62.13.171.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{C794EB92-BE6C-458A-AB2D-CB011E7812CF}: NameServer = 1.1.1.1,1.1.1.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{232DD36F-F409-452E-867D-3E5F73FB9FEB}: NameServer = 62.13.171.1 62.13.171.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: MobiLink IILServer - Novatel Wireless, Inc. - C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

[Smjert]

Pare che l'abbiamo stanato!

Avvia HijackThis, premi Do a system scan only, spunta queste voci e poi premi FixChecked:

[stefaniello]

il post di hijackthis è:

Logfile of HijackThis v1.99.1
Scan saved at 19.34.33, on 08/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\acer\epm\epm-dm.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Programmi\Novatel Wireless\MobiLink\nextgen.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\STEFAN~1\IMPOST~1\Temp\Rar$EX00.719\HijackThis.exe
C:\WINDOWS\system32\WgaTray.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.slysoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95E46C33-E379-4665-BA5A-A86AA937EE5A} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Programmi\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\j2re1.4.2_13\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: MobiLink IILServer - Novatel Wireless, Inc. - C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

[Smjert]

Hai dimenticato di fixare queste due voci:

[stefaniello]

ecco il post di hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 19.51.01, on 08/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\Novatel Wireless\MobiLink\nextgen.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\acer\epm\epm-dm.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\Acer\eRecovery\Monitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\STEFAN~1\IMPOST~1\Temp\Rar$EX00.594\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.slysoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmi\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\j2re1.4.2_13\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{232DD36F-F409-452E-867D-3E5F73FB9FEB}: NameServer = 62.13.171.1 62.13.171.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{232DD36F-F409-452E-867D-3E5F73FB9FEB}: NameServer = 62.13.171.1 62.13.171.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: MobiLink IILServer - Novatel Wireless, Inc. - C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

[Smjert]

Per sicurezza rifai la scansione con Kasperky!

[stefaniello]

il log è:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 08, 2007 9:00:24 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 8/03/2007
Kaspersky Anti-Virus database records: 278766
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 52139
Number of viruses found: 9
Number of infected objects: 18 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:51:14

Infected Object Name / Virus Name / Last Action
C:\avenger\backup-08.03.2007- 0.04.56,34.zip/avenger/nnnljhe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\avenger\backup-08.03.2007- 0.04.56,34.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Dati applicazioni\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\CyberLink\DTVFreqDB4User Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Support\MPLog-03012007-111616.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Cronologia\History.IE5\MSHist012007030820070309\index.dat Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\stefaniello@hotmail.it\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\stefaniello@hotmail.it\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\stefaniello@hotmail.it\SharingMetadata\Working\database_7824_3258_2432_1998\dfsr.db Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\stefaniello@hotmail.it\SharingMetadata\Working\database_7824_3258_2432_1998\fsr.log Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\stefaniello@hotmail.it\SharingMetadata\Working\database_7824_3258_2432_1998\fsrtmp.log Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\stefaniello@hotmail.it\SharingMetadata\Working\database_7824_3258_2432_1998\tmp.edb Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\stefaniello@hotmail.it\real\members.stg Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\stefaniello@hotmail.it\shadow\members.stg Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\~DF3D0D.tmp Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\~DF3D1E.tmp Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\~DF3F07.tmp Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\~DF3F16.tmp Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\~DF6699.tmp Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\Impostazioni locali\Temp\~DF66A7.tmp Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\STEFANO GANGEMI\UserData\index.dat Object is locked skipped
C:\Programmi\CyberLink\PowerCinema\Kernel\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\DTVFreqDB Object is locked skipped
C:\Programmi\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\RECYCLER\S-1-5-21-416125016-870249971-2572101166-1005\Dc1.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\RECYCLER\S-1-5-21-416125016-870249971-2572101166-1005\Dc2.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\RECYCLER\S-1-5-21-416125016-870249971-2572101166-1005\Dc4.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{98E4B9E7-230C-46A5-9F74-F93AEE790324}\RP1\A0000005.dll Object is locked skipped
C:\System Volume Information\_restore{98E4B9E7-230C-46A5-9F74-F93AEE790324}\RP1\A0000060.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{98E4B9E7-230C-46A5-9F74-F93AEE790324}\RP1\A0000078.dll Object is locked skipped
C:\System Volume Information\_restore{98E4B9E7-230C-46A5-9F74-F93AEE790324}\RP1\change.log Object is locked skipped
C:\VundoFix Backups\jhtyvhbv.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\tjcpoblj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gf skipped
C:\VundoFix Backups\VSAdd-in.dll.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Novatel Wireless UMTS Modem Primary Port.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt Object is locked skipped
C:\WINDOWS\Temp\sqlite_YbRPOeJoFwI8vKY Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Documenti\File ricevuti\MsnMsgr.txt Object is locked skipped
D:\Documenti\Programmi\BearShareV6.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped
D:\Documenti\Programmi\BearShareV6.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped
D:\Documenti\Programmi\BearShareV6.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped
D:\Documenti\Programmi\BearShareV6.exe WiseSFX: infected - 3 skipped
D:\Documenti\Programmi\BearShareV6.exe WiseSFX Dropper: infected - 3 skipped
D:\Documenti\Programmi\JackSMS_3.17_Install.exe/data.rar/JackSMS.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591 skipped
D:\Documenti\Programmi\JackSMS_3.17_Install.exe/data.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.591 skipped
D:\Documenti\Programmi\JackSMS_3.17_Install.exe RarSFX: infected - 2 skipped
D:\Other files\Temp\File temporanei Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
D:\Other files\Temp\File temporanei Internet\Content.IE5\AOX7DAMU\lo1[1] Object is locked skipped
D:\Other files\Temp\File temporanei Internet\Content.IE5\index.dat Object is locked skipped
D:\System Volume Information\_restore{98E4B9E7-230C-46A5-9F74-F93AEE790324}\RP1\change.log Object is locked skipped

Scan process completed.

[Smjert]

Bene.. mi hai detto che hai svuotato il cestino, che quei file in Recycler non li vedi però li ha rilevati lo stesso..
Inoltre hai ancora dei file nel punto di ripristino, quindi prima rimuoviamoli da li e poi usiamo avenger per rimuovere gli altri e i backup del tool VundoFix.

Avvia CCleaner e vai su Opzioni->Avanzate, togli la spunta a "cancella file in windows temp solo se più vecchi di 48 ore",
torna su Cleaner e fai Analizza, quando ha finito clicca Avvia Cleaner.

Vai sulla barra di avvio->Start->Impostazioni->Pannello di Controllo->
Sistema->scheda Ripristino configurazione di sistema,
spunta la voce "Disattiva Ripristino configurazione di sistema ecc.."

Riavvia il pc

Fai la stessa cosa ma stavolta togli la spunta.

Adesso avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte qui sotto:

[stefaniello]

ecco il log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mtshbeen

*******************

Script file located at: \??\C:\Documents and Settings\wxwjgvmn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\RECYCLER\S-1-5-21-416125016-870249971-2572101166-1005\Dc1.exe not found!
Deletion of file C:\RECYCLER\S-1-5-21-416125016-870249971-2572101166-1005\Dc1.exe failed!

Could not process line:
C:\RECYCLER\S-1-5-21-416125016-870249971-2572101166-1005\Dc1.exe
Status: 0xc0000034



File C:\RECYCLER\S-1-5-21-416125016-870249971-2572101166-1005\Dc2.exe not found!
Deletion of file C:\RECYCLER\S-1-5-21-416125016-870249971-2572101166-1005\Dc2.exe failed!

Could not process line:
C:\RECYCLER\S-1-5-21-416125016-870249971-2572101166-1005\Dc2.exe
Status: 0xc0000034



File C:\RECYCLER\S-1-5-21-416125016-870249971-2572101166-1005\Dc4.dll not found!
Deletion of file C:\RECYCLER\S-1-5-21-416125016-870249971-2572101166-1005\Dc4.dll failed!

Could not process line:
C:\RECYCLER\S-1-5-21-416125016-870249971-2572101166-1005\Dc4.dll
Status: 0xc0000034

Folder C:\VundoFix Backups deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[stefaniello]

ho fatto una nuova scansione on line ed ora è tutto apposto...grazie mille