Buongiorno! Ho postato lo stesso messaggio per errore nel primo forum, chiedo scusa, sono nuovo .....

Ho problemi con la connessione ADSL (LIBERO): continua a staccarsi, dura al massimo 10 sec, quindi è inutilizzabile.
Premetto che prima funzionava perfettamente, quindi dubito siano problemi di cavi: o è il segnale che è intermittente e se così dubito di poter fare qualcosa, o (spero) è un VIRUS, che sia AVG sia AD-AWARE aggiornati non rilevano .
Ho utilizzato un mio modem USB che avevo da prima (DSL-200 della D-LINK) e che funzionava anche con ALICE. Ho installato WINDOWS XP SP2, e utilizzo INTERNET EXPLORER.
Spero possiate aiutarmi, anche perchè il supporto tecnico di INFOSTRADA è inesistente: al telefono ti rispondono dopo minimo mezzora, e comunque non sono tecnici preparati, ma persone che ti dicono sempre le stesse cose, mentre nel SUPPORTO ON LINE ti mandano in un Forum dedicato al servizio mail di libero, dove altri disgraziati con il mio stesso problema o altri chiedono aiuto inutilmente ! BEL SERVIZIO, se non risolvo da solo (grazie a voi) cambierò sicuramente operatore. Ecco il mio LOG:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.37.37, on 17/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\Run: [Free Download Manager] "C:\Programmi\Free Download Manager\fdm.exe" -autorun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\Run: [Free Upload Manager] "C:\Programmi\Free Download Manager\fum\fum.exe" -autorun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\Run: [Free Uploader Oe Integration] C:\Programmi\Free Download Manager\FUM\fumoei.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Super Turbo Tango Patcher Reloader.lnk = C:\WINDOWS\Super Turbo Tango Patcher\Reloader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 6578 bytes


GRAZIE.
Umberto

Ciao.
E' un pò difficile che con l'antivirus cosi' obsoleto che hai, ti rilevi un'infezione recente.
E' uscita da tempo la nuova versione di AVG8.5:
http://www.aiutamici.com/software?ID=11537
Stessa cosa per quanto riguarda AD-AWARE . (scadente)
Per non parlare che se avessi installato il Win SP3 sarebbe stato meglio.
Prova a fare una scansione con Malwarebytes:
http://www.aiutamici.com/software?ID=80346
E posta il log.

Buongiorno.
Ho fatto quanto mi è stato detto: installato e fatto girare AVG 8.5 (mi ha trovato poco o niente), installato e fatto girare Malwarebytes e mi ha trovato due trojan (figli di una ....), dopodichè la connessione mi è durata per ben un minuto circa, pensavo di aver risolto, invece poi mi è caduta e ha ripreso a durare 10s al massimo. Ecco il LOG di Malwarebytes

Malwarebytes' Anti-Malware 1.34
Versione del database: 1864
Windows 5.1.2600 Service Pack 2

18/03/2009 20.40.15
mbam-log-2009-03-18 (20-40-15).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|)
Elementi scansionati: 77936
Tempo trascorso: 17 minute(s), 58 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 1
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

File infetti:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

Allora ho fatto girare Malwarebytes in mod. provv. con il ripr. di config. disabilitato, ma non ha trovato nulla.
Allora ho fatto girare HIJACK in mod. normale, ecco il LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.18.07, on 18/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\Run: [Free Download Manager] "C:\Programmi\Free Download Manager\fdm.exe" -autorun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\Run: [Free Upload Manager] "C:\Programmi\Free Download Manager\fum\fum.exe" -autorun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\Run: [Free Uploader Oe Integration] C:\Programmi\Free Download Manager\FUM\fumoei.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Super Turbo Tango Patcher Reloader.lnk = C:\WINDOWS\Super Turbo Tango Patcher\Reloader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 6928 bytes

Spero abbiate una risposta, altrimenti è il segnale.
Grazie ancora per la Vostra disponibilità.

Umberto72

Ho combinato un casino!!!
Non riuscivo a disabilitare AVG8.5, ho provato con le opzioni, le pianificazioni, l'ho tolto perfino dal FIREWALL, ma niente da fare: partendo COMBOFIX mi diceva che lo scanner AVG era attivo.
Allora ho detto: lo disinstallo, tanto a re-installarlo non ci vuole niente ..... ma niente da fare, non me lo disinstallava per un errore dovuto alla chiave di registro HKLM/...... ecc ecc.
Ultima carta: cancellare fisicamente la cartella AVG8.5 (lo ammetto, lo ho fatto!) e riavviare. Ma COMBOFIX mi ha detto ancora che AVG era attivo, nonostante non ci fosse proprio più; comunque lo ho fatto girare e ti posto il LOG:
(PS: ora AVG non riesco nemmeno a re-installarlo, mi da lo stesso errore della chiave di registro ... come faccio?)

ComboFix 09-03-18.01 - USERxp 2009-03-19 22.15.38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.2039.1547 [GMT 1:00]
Eseguito da: c:\documents and settings\USERxp\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Creati Da 2009-02-19 al 2009-03-19 )))))))))))))))))))))))))))))))))))
.

2009-03-18 20:16 . 2009-03-18 20:16 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-03-18 20:16 . 2009-03-18 20:16 <DIR> d-------- c:\documents and settings\USERxp\Dati applicazioni\Malwarebytes
2009-03-18 20:16 . 2009-03-18 20:16 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-03-18 20:16 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 20:16 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 18:18 . 2009-03-18 18:18 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-18 17:58 . 2009-03-18 18:11 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-18 17:58 . 2009-03-19 22:13 <DIR> d-------- c:\programmi\AVG
2009-03-18 17:58 . 2009-03-18 20:14 <DIR> d-------- c:\documents and settings\USERxp\Dati applicazioni\AVGTOOLBAR
2009-03-18 17:58 . 2009-03-19 22:13 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-03-18 17:58 . 2009-03-18 17:58 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-18 17:58 . 2009-03-18 17:58 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-18 17:58 . 2009-03-18 17:58 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-17 19:48 . 2009-03-17 19:48 552 --a------ c:\windows\system32\d3d8caps.dat
2009-03-14 18:36 . 2002-06-12 12:31 286,720 --a------ c:\windows\system32\gsi.cpl
2009-03-14 18:36 . 2002-05-14 11:15 252,883 --a------ c:\windows\system32\drivers\gwausb.sys
2009-03-14 18:36 . 2002-05-14 15:12 110,592 --------- c:\windows\system32\gspnDll.dll
2009-03-14 18:36 . 2002-06-12 13:45 98,304 --------- c:\windows\system32\instDll.dll
2009-03-14 18:36 . 2002-06-12 12:39 90,112 --a------ c:\windows\system32\gsicon.exe
2009-03-14 18:36 . 2002-06-12 13:19 81,920 --------- c:\windows\system32\GCPL_ITALIAN.dll
2009-03-14 18:36 . 2002-03-22 10:01 27,147 --a------ c:\windows\system32\drivers\gafwload.sys
2009-03-14 18:36 . 2002-05-02 14:46 25,088 --a------ c:\windows\system32\CoInst.dll
2009-03-14 18:36 . 2002-05-14 15:12 24,576 --------- c:\windows\system32\delaySpawn.exe
2009-03-14 18:36 . 2002-05-02 14:45 16,384 --a------ c:\windows\system32\dslagent.exe
2009-03-14 18:36 . 2003-01-10 09:34 13,881 --------- c:\windows\wwdslcfg.ini
2009-03-06 17:54 . 2009-03-09 19:38 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-22 09:13 . 2009-02-22 09:13 <DIR> d--h-c--- c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-22 09:13 . 2009-03-09 19:38 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-22 09:12 . 2009-02-22 09:12 <DIR> d-------- c:\programmi\Lavasoft
2009-02-22 09:12 . 2009-02-22 09:13 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-02-22 08:45 . 2009-02-22 08:45 <DIR> d-------- c:\documents and settings\USERxp\Dati applicazioni\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 13:54 --------- d-----w c:\documents and settings\USERxp\Dati applicazioni\Media Player Classic
2009-01-26 17:39 --------- d-----w c:\programmi\Servizi in linea
2008-12-21 10:40 1,234,120 ----a-w c:\programmi\wrar380.exe
2007-11-25 07:29 5,894,946 ----a-w c:\windows\system32\config\systemprofile\gtk-runtime.exe
2007-11-25 07:29 5,894,946 ----a-w c:\documents and settings\USERxp\gtk-runtime.exe
2007-11-25 07:29 5,894,946 ----a-w c:\documents and settings\Default User\gtk-runtime.exe
2004-10-12 09:14 57,344 ----a-w c:\windows\system32\config\systemprofile\InstHelp.dll
2004-10-12 09:14 57,344 ----a-w c:\documents and settings\USERxp\InstHelp.dll
2004-10-12 09:14 57,344 ----a-w c:\documents and settings\Default User\InstHelp.dll
2006-10-11 08:04 61,036 ----a-w c:\programmi\mozilla firefox\components\jar50.dll
2006-10-11 08:04 48,742 ----a-w c:\programmi\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 29,313 ----a-w c:\programmi\mozilla firefox\components\myspell.dll
2006-10-11 08:05 41,082 ----a-w c:\programmi\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 166,510 ----a-w c:\programmi\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

2007-12-31 20:51 579072 bab4f995e526484a235a276e269aaf7f c:\windows\Super Turbo Tango Patcher\Backup\user32.dll
2007-12-31 20:51 552960 67e0e92cf392160df81006a4696b0b57 c:\windows\system32\user32.dll

2007-12-31 20:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\system32\wininet.dll

2007-12-31 20:54 360704 a11391be25035570ae4b8970920f2c74 c:\windows\system32\drivers\tcpip.sys

2007-12-31 21:03 2024448 490425dc4c13910372479345b913ddb6 c:\windows\Super Turbo Tango Patcher\Backup\ntkrnlpa.exe
2008-10-15 19:52 2194944 d20ec1a968f99681d18a5b9f31f0a847 c:\windows\system32\ntkrnlpa.exe

2007-12-31 20:50 2144768 2374a104625951570fc7c20e4a4b56b2 c:\windows\Super Turbo Tango Patcher\Backup\ntoskrnl.exe
2008-10-15 19:52 2315264 195cbeb7c44addbaa493586983d3e5cf c:\windows\system32\ntoskrnl.exe

2007-12-31 20:49 1008640 42a8c7dba63cc8e2dd0e2fe0bae426f4 c:\windows\explorer.exe
2007-12-31 20:49 1035776 b4e85805be6d23de697f7b3ba7492d0b c:\windows\Super Turbo Tango Patcher\Backup\explorer.exe

2007-12-31 20:51 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\system32\spoolsv.exe

2007-12-31 20:51 53080 f3e9065eb617a7e3a832a7976bfa021b c:\windows\Super Turbo Tango Patcher\Backup\wuauclt.exe
2007-12-31 20:51 71000 ffd482098b1f0450ebd1d31a649501f2 c:\windows\system32\wuauclt.exe

2007-12-31 20:51 296960 ad61c489795f7d361cc466a1c20a5439 c:\windows\system32\termsrv.dll

2007-12-31 20:49 1030144 6d9421a648f26b8640c63d0f8f2b7d48 c:\windows\system32\kernel32.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 c:\windows\RTHDCPL.exe]
"GSICONEXE"="GSICON.EXE" [2002-06-12 c:\windows\system32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [2002-05-02 c:\windows\system32\dslagent.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-12-31 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Super Turbo Tango Patcher Reloader.lnk - c:\windows\Super Turbo Tango Patcher\Reloader.exe [2006-11-15 107438]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-18 17:58 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-22 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-18 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-18 107912]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-10-15 40928]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-10-15 27776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 gafwload;D-Link DSL-200 USB ADSL Loader;c:\windows\system32\drivers\gafwload.sys [2009-03-14 27147]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18AAA5C0-4FCB-11CF-AAX5-81CX1C605612}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\isei.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-02-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:37]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKU-Default-Run-Free Download Manager - c:\programmi\Free Download Manager\fdm.exe
HKU-Default-Run-Free Upload Manager - c:\programmi\Free Download Manager\fum\fum.exe
HKU-Default-Run-Free Uploader Oe Integration - c:\programmi\Free Download Manager\FUM\fumoei.exe
HKU-Default-Run-MsnMsgr - c:\programmi\MSN Messenger\MsnMsgr.Exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 22:16:19
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-03-19 22.17.00
ComboFix-quarantined-files.txt 2009-03-19 21:16:58

Pre-Run: 90.205.114.368 byte disponibili
Post-Run: 90,448,515,072 byte disponibili

161


Grazie ancora per l'aiuto.
Umberto

Fatto tutto, già che c'ero ho anche installato la SP3.

Ecco i LOG di COMBOFIX, e quello di HIJACK:


ComboFix 09-03-18.01 - USERxp 2009-03-20 18:29:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.2039.1642 [GMT 1:00]
Eseguito da: c:\documents and settings\USERxp\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\USERxp\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\isei.exe
.

((((((((((((((((((((((((( Files Creati Da 2009-02-20 al 2009-03-20 )))))))))))))))))))))))))))))))))))
.

2009-03-20 17:52 . 2009-03-20 17:52 <DIR> d-------- c:\windows\system32\xircom
2009-03-20 17:52 . 2009-03-20 17:52 <DIR> d-------- c:\windows\srchasst
2009-03-20 17:52 . 2009-03-20 17:52 <DIR> d-------- c:\programmi\microsoft frontpage
2009-03-18 20:16 . 2009-03-18 20:16 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-03-18 20:16 . 2009-03-18 20:16 <DIR> d-------- c:\documents and settings\USERxp\Dati applicazioni\Malwarebytes
2009-03-18 20:16 . 2009-03-18 20:16 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-03-18 20:16 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 20:16 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 18:18 . 2009-03-18 18:18 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-18 17:58 . 2009-03-20 18:16 <DIR> d-------- c:\documents and settings\USERxp\Dati applicazioni\AVGTOOLBAR
2009-03-18 17:58 . 2009-03-20 18:25 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-03-17 19:48 . 2009-03-17 19:48 552 --a------ c:\windows\system32\d3d8caps.dat
2009-03-14 18:36 . 2002-06-12 12:31 286,720 --a------ c:\windows\system32\gsi.cpl
2009-03-14 18:36 . 2002-05-14 11:15 252,883 --a------ c:\windows\system32\drivers\gwausb.sys
2009-03-14 18:36 . 2002-05-14 15:12 110,592 --------- c:\windows\system32\gspnDll.dll
2009-03-14 18:36 . 2002-06-12 13:45 98,304 --------- c:\windows\system32\instDll.dll
2009-03-14 18:36 . 2002-06-12 12:39 90,112 --a------ c:\windows\system32\gsicon.exe
2009-03-14 18:36 . 2002-06-12 13:19 81,920 --------- c:\windows\system32\GCPL_ITALIAN.dll
2009-03-14 18:36 . 2002-03-22 10:01 27,147 --a------ c:\windows\system32\drivers\gafwload.sys
2009-03-14 18:36 . 2002-05-02 14:46 25,088 --a------ c:\windows\system32\CoInst.dll
2009-03-14 18:36 . 2002-05-14 15:12 24,576 --------- c:\windows\system32\delaySpawn.exe
2009-03-14 18:36 . 2002-05-02 14:45 16,384 --a------ c:\windows\system32\dslagent.exe
2009-03-14 18:36 . 2003-01-10 09:34 13,881 --------- c:\windows\wwdslcfg.ini
2009-03-06 17:54 . 2009-03-09 19:38 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-22 09:13 . 2009-02-22 09:13 <DIR> d--h-c--- c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-22 09:13 . 2009-03-09 19:38 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-22 09:12 . 2009-02-22 09:12 <DIR> d-------- c:\programmi\Lavasoft
2009-02-22 09:12 . 2009-02-22 09:13 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-02-22 08:45 . 2009-02-22 08:45 <DIR> d-------- c:\documents and settings\USERxp\Dati applicazioni\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 13:54 --------- d-----w c:\documents and settings\USERxp\Dati applicazioni\Media Player Classic
2009-01-26 17:39 --------- d-----w c:\programmi\Servizi in linea
2008-12-21 10:40 1,234,120 ----a-w c:\programmi\wrar380.exe
2007-11-25 07:29 5,894,946 ----a-w c:\windows\system32\config\systemprofile\gtk-runtime.exe
2007-11-25 07:29 5,894,946 ----a-w c:\documents and settings\USERxp\gtk-runtime.exe
2007-11-25 07:29 5,894,946 ----a-w c:\documents and settings\Default User\gtk-runtime.exe
2004-10-12 09:14 57,344 ----a-w c:\windows\system32\config\systemprofile\InstHelp.dll
2004-10-12 09:14 57,344 ----a-w c:\documents and settings\USERxp\InstHelp.dll
2004-10-12 09:14 57,344 ----a-w c:\documents and settings\Default User\InstHelp.dll
2006-10-11 08:04 61,036 ----a-w c:\programmi\mozilla firefox\components\jar50.dll
2006-10-11 08:04 48,742 ----a-w c:\programmi\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 29,313 ----a-w c:\programmi\mozilla firefox\components\myspell.dll
2006-10-11 08:05 41,082 ----a-w c:\programmi\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 166,510 ----a-w c:\programmi\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

2007-12-31 20:51 579072 bab4f995e526484a235a276e269aaf7f c:\windows\Super Turbo Tango Patcher\Backup\user32.dll
2007-12-31 20:51 552960 67e0e92cf392160df81006a4696b0b57 c:\windows\system32\user32.dll

2007-12-31 20:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\system32\wininet.dll

2007-12-31 20:54 360704 a11391be25035570ae4b8970920f2c74 c:\windows\system32\drivers\tcpip.sys

2007-12-31 21:03 2024448 490425dc4c13910372479345b913ddb6 c:\windows\Super Turbo Tango Patcher\Backup\ntkrnlpa.exe
2008-10-15 19:52 2194944 d20ec1a968f99681d18a5b9f31f0a847 c:\windows\system32\ntkrnlpa.exe

2007-12-31 20:50 2144768 2374a104625951570fc7c20e4a4b56b2 c:\windows\Super Turbo Tango Patcher\Backup\ntoskrnl.exe
2008-10-15 19:52 2315264 195cbeb7c44addbaa493586983d3e5cf c:\windows\system32\ntoskrnl.exe

2007-12-31 20:49 1008640 42a8c7dba63cc8e2dd0e2fe0bae426f4 c:\windows\explorer.exe
2007-12-31 20:49 1035776 b4e85805be6d23de697f7b3ba7492d0b c:\windows\Super Turbo Tango Patcher\Backup\explorer.exe

2007-12-31 20:51 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\system32\spoolsv.exe

2007-12-31 20:51 53080 f3e9065eb617a7e3a832a7976bfa021b c:\windows\Super Turbo Tango Patcher\Backup\wuauclt.exe
2007-12-31 20:51 71000 ffd482098b1f0450ebd1d31a649501f2 c:\windows\system32\wuauclt.exe

2007-12-31 20:51 296960 ad61c489795f7d361cc466a1c20a5439 c:\windows\system32\termsrv.dll

2007-12-31 20:49 1030144 6d9421a648f26b8640c63d0f8f2b7d48 c:\windows\system32\kernel32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-03-19_22.16.28,95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-15 18:35:00 8,738 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
+ 2009-03-20 17:08:13 8,972 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
- 2008-10-15 18:34:57 86,327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2009-03-20 17:08:44 86,327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2008-10-15 18:35:00 2,112 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-03-20 17:08:44 2,426 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 c:\windows\RTHDCPL.exe]
"GSICONEXE"="GSICON.EXE" [2002-06-12 c:\windows\system32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [2002-05-02 c:\windows\system32\dslagent.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-12-31 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Super Turbo Tango Patcher Reloader.lnk - c:\windows\Super Turbo Tango Patcher\Reloader.exe [2006-11-15 107438]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-22 64160]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-10-15 40928]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-10-15 27776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
S2 gafwload;D-Link DSL-200 USB ADSL Loader;c:\windows\system32\drivers\gafwload.sys [2009-03-14 27147]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18AAA5C0-4FCB-11CF-AAX5-81CX1C605612}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\isei.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-02-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:37]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Notify-avgrsstarter - avgrsstx.dll


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 18:29:46
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-03-20 18:30:25
ComboFix-quarantined-files.txt 2009-03-20 17:30:23
ComboFix2.txt 2009-03-19 21:17:01

Pre-Run: 90,467,708,928 byte disponibili
Post-Run: 90,458,447,872 byte disponibili

160








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.38.54, on 20/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Programmi\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Super Turbo Tango Patcher Reloader.lnk = C:\WINDOWS\Super Turbo Tango Patcher\Reloader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5266 bytes



Ancora grazie in anticipo.
Umberto

Ciao umberto72 .
Dal log di HJT non mi risulta che hai installato il SP3.
Fai cosi:
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema (consigliato)
Segui questo percorso ed elimina il file in rosso:
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\isei.exe
Riavvia il pc e controlla se si è rigenerato.

Ciao.
Ci deve essere quel file.
Prova con la funzione "Cerca" , copia-incolla questo: isei.exe (non eliminare niente, dimmi solo se lo trovi)
La cartella che hai controllato è diversa da quella che ti ho indicato.
S-1-5-21-1482476501-1644491937-682003330-1013 (quella che ti ho indicato io)
S-1-5-21-1343024091-1644491937-839522115-1003 (quella che hai controllato tu)
Se non la trovi, prova cosi:
Start\ Esegui\ digita: regedit e clicca ok.
Con il tasto DESTRO clicca sopra la cartella "HKEY_LOCAL_MACHINE" e scegli "trova".
Nel riquadro che si apre copia -incolla questo valore: {18AAA5C0-4FCB-11CF-AAX5-81CX1C605612} e batti Invio.
Aspetta la fine della scansione.
Per il momento dimmi solo se lo trova.

Questo è l'ultimo log di HJT che hai postato:



Leggo XP SP2

Ok.
E' logico che se hai fatto la scansione con HJT, e dopo hai installato SP3, a me risulta l' SP2.
Ma la logica direbbe che dovevi postarmi il log di HJT, dopo l'installazione del SP3...... o no...
Facciamo per sicurezza il buckup del registro:
Start\ Esegui\ digita: regedit e clicca ok.
Poi clicca su "File" e poi su "Esporta".
Dai un nome e clicca su "Salva".
********************************************************************************************************* Adesso portati su quel valore: {18AAA5C0-4FCB-11CF-AAX5-81CX1C605612}
Cliccaci sopra con il tasto destro e scegli elimina.
Riavvia il pc.

Eccoti comunque l LOG aggiornati (dopo installazione SP3) di HIJACK e MALWAREBYTES:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.07.21, on 22/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\Programmi\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEBE0398-B3CD-4A2E-96FA-DC4CC1F83731}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5905 bytes





Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)



Ciao
Umberto72

Ho fatto tutto ciò che mi hai detto, ma stasera è un disastro, mentre questa mattina funzionava perfettamente.
Adesso sembra che vada.
Ho fatto girare AVG e MALWAREBYTES in mod provv dopo aver disabilitato il ripr. di config. , e HIJACK in modalità normale; ecco i LOG (AVG c'è e funziona, mi ha trovato tanti file bloccati ..??..)


Scansione della riga di comando di AVG 8.5 Anti-Virus
Copyright (c) 1992 - 2009 AVG Technologies
Versione programma 8.0.268, engine 8.0.273
Database dei virus: versione 270.11.24/2017 2009-03-22

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat File bloccato. Non verificato.
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG File bloccato. Non verificato.
C:\Documents and Settings\NetworkService\NTUSER.DAT File bloccato. Non verificato.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG File bloccato. Non verificato.
C:\Documents and Settings\USERxp\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat File bloccato. Non verificato.
C:\Documents and Settings\USERxp\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG File bloccato. Non verificato.
C:\Documents and Settings\USERxp\NTUSER.DAT File bloccato. Non verificato.
C:\Documents and Settings\USERxp\ntuser.dat.LOG File bloccato. Non verificato.
C:\pagefile.sys File bloccato. Non verificato.
C:\Programmi\GRETECH\GomPlayer\Dodge.dll Run-time compresso fsg
C:\System Volume Information\ File bloccato. Non verificato.
C:\WINDOWS\system32\config\default File bloccato. Non verificato.
C:\WINDOWS\system32\config\default.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\config\SAM File bloccato. Non verificato.
C:\WINDOWS\system32\config\SAM.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\config\SECURITY File bloccato. Non verificato.
C:\WINDOWS\system32\config\SECURITY.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\config\software File bloccato. Non verificato.
C:\WINDOWS\system32\config\software.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\config\system File bloccato. Non verificato.
C:\WINDOWS\system32\config\system.LOG File bloccato. Non verificato.
C:\WINDOWS\system32\drivers\sptd.sys File bloccato. Non verificato.
D:\System Volume Information\ File bloccato. Non verificato.

---

Oggetti sottoposti a scansione : 165647
Infezioni trovate : 0
PUP trovati : 0
Infezioni corrette : 0
PUP corretti : 0
Avvisi : 0




Malwarebytes' Anti-Malware 1.34
Versione del database: 1883
Windows 5.1.2600 Service Pack 3

22/03/2009 22.13.58
mbam-log-2009-03-22 (22-13-58).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Elementi scansionati: 105903
Tempo trascorso: 22 minute(s), 45 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.27.34, on 22/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\gsicon.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\Programmi\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEBE0398-B3CD-4A2E-96FA-DC4CC1F83731}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 5449 bytes


Se non c'è nulla che non va, non so più che pesci pigliare ..... Sto pensando di formattare e re-installare tutto, ma risolverei? La SP3 può darmi problemi sul mio sistema operativo non originale?
Grazie ancora.
Umberto 72