Grazie r16,

eccoti quanto richiesto:
TDSSKiller.2.5.21.0_11.09.2011_11.48.47_log.txt

Buona giornata

Ciao r16,
Ecco qui sotto il log d Combofix.

Dopo averlo lanciato mi segnalava la presenza attiva in Scanner(S) di Antivir Desktop (indicato due volte).
Ho aperto CCleaner e in Strumenti > Avvio ho disattivato i due riferimenti alla scanner HP installato.
La procedura è proseguita.
Mentre Combofx predisponeva il file log (durate il riavvio del pc) è apparsa una finestra con una X a sfondo rosso dal titolo RUNDLL che diceva:

“Errore durante il caricamento di C:\WINDOWS\system32\bit4cnsp.ddl
Impossibile trovare il modulo specificato

Mi era parso che fosse una delle cartelle che il programma ha eliminato. Forse mi sbaglio…

Dopo, all’attivazione AVG, questo mi segnala Combofix come pericolo.
AVG 2012 è free e l’ho scaricato dal suo sito.
Ciao


ComboFix 11-09-11.02 - Martino 11/09/2011 14.18.26.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.768.400 [GMT 2:00]
Eseguito da: c:\documents and settings\Martino\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CC9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Martino\Dati applicazioni\OfferBox
c:\documents and settings\Martino\Dati applicazioni\OfferBox\config.dat
c:\documents and settings\Martino\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\Martino\Documenti\~WRL0001.tmp
c:\documents and settings\Martino\Documenti\~WRL0002.tmp
c:\documents and settings\Martino\Documenti\~WRL0005.tmp
c:\documents and settings\Martino\Documenti\~WRL0180.tmp
c:\documents and settings\Martino\Documenti\~WRL0191.tmp
c:\documents and settings\Martino\Documenti\~WRL0435.tmp
c:\documents and settings\Martino\Documenti\~WRL0815.tmp
c:\documents and settings\Martino\Documenti\~WRL1117.tmp
c:\documents and settings\Martino\Documenti\~WRL1643.tmp
c:\documents and settings\Martino\Documenti\~WRL2986.tmp
c:\documents and settings\Martino\Documenti\~WRL3215.tmp
c:\documents and settings\Martino\Documenti\~WRL3862.tmp
c:\documents and settings\Martino\Documenti\~WRL4090.tmp
c:\documents and settings\Martino\Documenti\0130.ini
c:\documents and settings\Martino\Documenti\DPE.DUS
c:\documents and settings\Martino\Impostazioni locali\Dati applicazioni\ApplicationHistory
c:\documents and settings\Martino\Impostazioni locali\Dati applicazioni\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Martino\Impostazioni locali\Dati applicazioni\ApplicationHistory\hpqimvac.exe.88889dc3.ini
c:\documents and settings\Martino\Impostazioni locali\Dati applicazioni\ApplicationHistory\hpqimzone.exe.fd734169.ini
c:\documents and settings\Martino\Impostazioni locali\Dati applicazioni\ApplicationHistory\hpqimzone.exe.fd734169.ini.inuse
c:\documents and settings\Martino\Impostazioni locali\Dati applicazioni\ApplicationHistory\hpqthb08.exe.8be1ac5.ini
c:\documents and settings\Martino\Impostazioni locali\Dati applicazioni\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Martino\Impostazioni locali\Dati applicazioni\ApplicationHistory\SL4C.tmp.2afb7eeb.ini
c:\windows\IsUn0410.exe
c:\windows\system32\bit4cnsp.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-11 al 2011-09-11 )))))))))))))))))))))))))))))))))))
.
.
2011-09-10 18:13 . 2011-09-10 18:13 388096 ----a-r- c:\documents and settings\Martino\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-10 15:16 . 2011-09-10 15:16 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\HP
2011-09-10 15:00 . 2011-09-10 15:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
2011-09-10 15:00 . 2011-09-10 15:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2011-09-10 11:11 . 2011-09-11 12:26 -------- d-----w- c:\programmi\BONJOUR
2011-09-10 08:48 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-10 08:48 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-09-10 08:45 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-09 17:51 . 2011-09-09 17:51 -------- d-----w- c:\documents and settings\Martino\Dati applicazioni\AVG2012
2011-09-09 17:45 . 2011-09-09 17:45 -------- d-----w- c:\programmi\AVG
2011-09-09 16:43 . 2011-09-09 16:43 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-09 16:31 . 2011-09-09 16:31 -------- d-----w- c:\documents and settings\Martino\Impostazioni locali\Dati applicazioni\QuickStores
2011-09-09 16:28 . 2011-09-09 16:28 -------- d-----w- c:\programmi\CCleaner
2011-09-09 16:25 . 2011-09-09 16:30 -------- d-----w- c:\windows\LastGood(2).Tmp
2011-09-09 13:57 . 2011-09-09 15:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira(2)
2011-09-06 18:55 . 2011-09-06 18:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Common Files
2011-09-06 18:54 . 2011-09-11 09:47 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-06 18:54 . 2011-09-09 17:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVG2012
2011-09-06 18:47 . 2011-09-11 09:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MFAData
2011-09-06 18:41 . 2001-08-30 21:07 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-09-06 08:00 . 2011-09-11 12:31 -------- d-----w- c:\windows\system32\CatRoot2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2004-08-30 20:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-08-08 04:08 . 2011-08-08 04:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-07-15 13:29 . 2004-08-30 20:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-10 23:14 . 2011-07-10 23:14 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-10 23:14 . 2011-07-10 23:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-10 23:14 . 2011-07-10 23:14 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-10 23:14 . 2011-07-10 23:14 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-10 23:14 . 2011-07-10 23:14 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-10 23:13 . 2011-07-10 23:13 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-10 23:13 . 2011-07-10 23:13 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-08 14:02 . 2004-08-30 20:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52 . 2011-07-31 09:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-07-31 09:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2010-10-09 14:55 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:30 . 2004-08-30 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:30 . 2004-08-30 20:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:30 . 2004-08-30 20:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-30 20:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-30 20:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-09-03 06:31 . 2011-09-10 11:01 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AVG_TRAY"="c:\programmi\AVG\AVG2012\avgtray.exe" [2011-08-19 2387296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido HP Photosmart Premier.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido HP Photosmart Premier.lnk
backup=c:\windows\pss\Avvio rapido HP Photosmart Premier.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\aTube Catcher 2.0\\yct.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Programmi\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 1.14.28 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [11/07/2011 1.13.42 32464]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11/07/2011 1.13.46 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 1.14.38 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\programmi\AVG\AVG2012\AVGIDSAgent.exe [16/08/2011 6.27.28 5264736]
R2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG2012\avgwdsvc.exe [02/08/2011 6.09.08 192776]
R2 PPPoEService;PPPoE Service;c:\progra~1\Alice\ALICEE~1\app\pppoeservice.exe [09/10/2010 17.37.59 49152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 1.14.26 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 1.14.28 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11/07/2011 1.14.30 16720]
S3 CH2KCCID;Cherry CCID Driver;c:\windows\system32\drivers\ch2kccid.sys [15/02/2010 8.55.52 144640]
S3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\system32\drivers\ntspppoe.sys [09/10/2010 17.37.58 161640]
S3 RAWESR;RAWESR;c:\progra~1\Alice\ALICEE~1\app\RAWESR.SYS [09/10/2010 17.37.59 12924]
S3 TAPBIND;TAPBIND;c:\progra~1\Alice\ALICEE~1\app\TAPBIND1.SYS [09/10/2010 17.37.59 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-09-10 c:\windows\Tasks\WebReg .job
- c:\programmi\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 19:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.ask.com/?l=dis&o=14672
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{258ECCC1-12EE-46E3-9426-71C3DB8B4F36}: NameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Martino\Dati applicazioni\Mozilla\Firefox\Profiles\8m6p01xk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/webhp?hl=it&tab=ww
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-bit4id store register - c:\windows\system32\bit4cnsp.dll
AddRemove-Alice EnterNet - c:\windows\IsUn0410.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-11 14:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(3112)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\programmi\AVG\AVG2012\avgcsrvx.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\AVG\AVG2012\avgnsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2011-09-11 14:38:42 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-09-11 12:38
.
Pre-Run: 26.789.490.688 byte disponibili
Post-Run: 26.793.721.856 byte disponibili
.
- - End Of File - - 070088245F0969A2B7BFDF42CD38B000

Ciao r16,

ti allego qui sotto i due file log di poco fa.
Dopo averli realizzati ho spento il pc e dopo 5 minuti l’ho acceso e l’operazione a andata normalmente a buon fine: miracolo!?!?
Due ore fa invece l’ho spento e 1 ora dopo l’ho acceso ed è apparsa ancora la videata azzura che con il resettamento e l’invio(ok) su “avvia normalmente il pc” ho potuto accedere alle varie funzioni e leggere la tua ultima risposta.
In questa ultima videata azzurra ho notato che mancava una delle righe con i dati che ti ho segnalato (in basso) nel mio primo post.
Inoltre con miticoalex ho evidenziato il fatto che cliccando su “riavvia” il pc si accendeva normalmente.
Se invece lo spegnevo e lo riaccendevo dopo diverse ore (una notte ad es.) compariva la videata azzurra che ti segnalavo nel mio primo post.
Personalmente incrocio le dita che tutto sia andato a posto!

Che ne pensi?
Che sia andato davvero tutto a posto???
Ciao

ComboFix 11-09-11.02 - Martino 11/09/2011 16.22.47.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.768.400 [GMT 2:00]
Eseguito da: c:\documents and settings\Martino\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Martino\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Martino\Impostazioni locali\Dati applicazioni\ApplicationHistory
c:\documents and settings\Martino\Impostazioni locali\Dati applicazioni\ApplicationHistory\hpqimzone.exe.fd734169.ini.inuse
c:\documents and settings\Martino\Impostazioni locali\Dati applicazioni\ApplicationHistory\hpqthb08.exe.8be1ac5.ini
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-11 al 2011-09-11 )))))))))))))))))))))))))))))))))))
.
.
2011-09-10 18:13 . 2011-09-10 18:13 388096 ----a-r- c:\documents and settings\Martino\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-10 15:16 . 2011-09-10 15:16 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\HP
2011-09-10 15:00 . 2011-09-10 15:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
2011-09-10 15:00 . 2011-09-10 15:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2011-09-10 11:11 . 2011-09-11 14:04 -------- d-----w- c:\programmi\BONJOUR
2011-09-10 08:48 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-10 08:48 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-09-10 08:45 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-09 17:51 . 2011-09-09 17:51 -------- d-----w- c:\documents and settings\Martino\Dati applicazioni\AVG2012
2011-09-09 17:45 . 2011-09-09 17:45 -------- d-----w- c:\programmi\AVG
2011-09-09 16:43 . 2011-09-09 16:43 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-09 16:31 . 2011-09-09 16:31 -------- d-----w- c:\documents and settings\Martino\Impostazioni locali\Dati applicazioni\QuickStores
2011-09-09 16:28 . 2011-09-09 16:28 -------- d-----w- c:\programmi\CCleaner
2011-09-09 16:25 . 2011-09-09 16:30 -------- d-----w- c:\windows\LastGood(2).Tmp
2011-09-09 13:57 . 2011-09-09 15:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira(2)
2011-09-06 18:55 . 2011-09-06 18:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Common Files
2011-09-06 18:54 . 2011-09-11 09:47 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-06 18:54 . 2011-09-09 17:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVG2012
2011-09-06 18:47 . 2011-09-11 09:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MFAData
2011-09-06 18:41 . 2001-08-30 21:07 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-09-06 08:00 . 2011-09-11 14:34 -------- d-----w- c:\windows\system32\CatRoot2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2004-08-30 20:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-08-08 04:08 . 2011-08-08 04:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-07-15 13:29 . 2004-08-30 20:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-10 23:14 . 2011-07-10 23:14 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-10 23:14 . 2011-07-10 23:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-10 23:14 . 2011-07-10 23:14 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-10 23:14 . 2011-07-10 23:14 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-10 23:14 . 2011-07-10 23:14 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-10 23:13 . 2011-07-10 23:13 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-10 23:13 . 2011-07-10 23:13 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-08 14:02 . 2004-08-30 20:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52 . 2011-07-31 09:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-07-31 09:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2010-10-09 14:55 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:30 . 2004-08-30 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:30 . 2004-08-30 20:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:30 . 2004-08-30 20:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-30 20:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-30 20:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-09-03 06:31 . 2011-09-10 11:01 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-11_12.30.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-11 14:33 . 2011-09-11 14:33 16384 c:\windows\temp\Perflib_Perfdata_434.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido HP Photosmart Premier.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido HP Photosmart Premier.lnk
backup=c:\windows\pss\Avvio rapido HP Photosmart Premier.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-08-19 04:24 2387296 ----a-w- c:\programmi\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\aTube Catcher 2.0\\yct.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Programmi\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 1.14.28 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [11/07/2011 1.13.42 32464]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11/07/2011 1.13.46 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 1.14.38 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\programmi\AVG\AVG2012\AVGIDSAgent.exe [16/08/2011 6.27.28 5264736]
R2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG2012\avgwdsvc.exe [02/08/2011 6.09.08 192776]
R2 PPPoEService;PPPoE Service;c:\progra~1\Alice\ALICEE~1\app\pppoeservice.exe [09/10/2010 17.37.59 49152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 1.14.26 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 1.14.28 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11/07/2011 1.14.30 16720]
S3 CH2KCCID;Cherry CCID Driver;c:\windows\system32\drivers\ch2kccid.sys [15/02/2010 8.55.52 144640]
S3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\system32\drivers\ntspppoe.sys [09/10/2010 17.37.58 161640]
S3 RAWESR;RAWESR;c:\progra~1\Alice\ALICEE~1\app\RAWESR.SYS [09/10/2010 17.37.59 12924]
S3 TAPBIND;TAPBIND;c:\progra~1\Alice\ALICEE~1\app\TAPBIND1.SYS [09/10/2010 17.37.59 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-09-10 c:\windows\Tasks\WebReg .job
- c:\programmi\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 19:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.ask.com/?l=dis&o=14672
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{258ECCC1-12EE-46E3-9426-71C3DB8B4F36}: NameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Martino\Dati applicazioni\Mozilla\Firefox\Profiles\8m6p01xk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/webhp?hl=it&tab=ww
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-11 16:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(260)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\programmi\AVG\AVG2012\avgcsrvx.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\AVG\AVG2012\avgnsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2011-09-11 16:40:58 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-09-11 14:40
ComboFix2.txt 2011-09-11 12:38
.
Pre-Run: 26.790.739.968 byte disponibili
Post-Run: 26.779.037.696 byte disponibili
.
- - End Of File - - 1BD572F011E9418A0ED1551CD4E05238


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.42.43, on 11/09/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Programmi\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\AVG\AVG2012\avgwdsvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG2012\AVGIDSAgent.exe
C:\Programmi\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\explorer.exe
C:\Programmi\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.ask.com/?l=dis&o=14672
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O10 - Broken Internet access because of LSP provider 'c:\programmi\bonjour\mdnsnsp.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{258ECCC1-12EE-46E3-9426-71C3DB8B4F36}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{258ECCC1-12EE-46E3-9426-71C3DB8B4F36}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe

--
End of file - 4580 bytes

Grazie r16 per la tua grande disponibilità e competenza.
Ora devo spegnere il pc.
Domattina farò i nuovi compiti che mi hai assegnato poi ti farò sapere.
Ciao e buona serata

Ciao r16,

ti informo che ho acceso adesso il pc, dopo un'ora e mezzo ca. che era spento, ed è apparsa la schermata azzurra con le scritte indicate nel mio primo post.
Ho dovuto resettare e dare l'ok nella schermata nera con la scritta "avvia normalmente il pc" per poter accedere alle sue funzioni.
Domattina farò i nuovi compiti che mi hai assegnato poi ti farò sapere.
Ciao e buona serata

ciao r16,
stamane, all'accensione del pc, la schermata azzurra mi si è presentata 2 volte e per 2 volte ho dovuto resettare il pc per accedere, come negli altri casi già indicati, alle sue funzioni.
Adesso inizio a fare quello che mi hai indicato.
Sì ho il cd di installazione Win.

Eccomi qua r16,
ho acceso il pc dopo un'ora e mezzo (forse non c'entra niente) e si è ancora ripresentata la videata azzurra con in basso la scritta "atapi.sys......."
Poi dopo il reset e clic su "avvia il pc normalmente" l'avvio è andato a buon fine.
Ciao

Ciao woodoo,
per essere precisi anche r16 lo aveva escluso in un suo precedente post: "Escluderei un virus.
In ogni caso, esegui le indicazioni che ho postato."
Ma p.f. adesso sia tu un pò più preciso indicando meglio quel "qualcos'altro che era stato gia suggerito."
Grazie

Ma sai woodoo da come scrivevi sembrava che conoscessi ciò a cui ti riferivi…
Comunque, per me profano di tutto è tutta pratica utile.
Per gli amici r16 e miticoalex potrebbe essere qualcosa come: “ma guarda un po’. Perché non riuscire a sciogliere questa matassa?”
Ragionamento - quest’ultimo - di tutto rispetto!
Ciao