Ci sono diverse voci che non mi convincono, ma questa mi convince meno di tutte, fixala.

Per rimuovere Vundo, dovrebbero esistere dei tool specifici, come questo: http://vundofix.atribune.org/

Altrimenti puoi provare con la procedura standard: scansioni in modalità provvisoria con Avira o simili, con Malwarebytes, Combofix, ecc.

posta nella sezione virus e sicurezza,ciao

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:29, on 08/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\IncrediMail\bin\IMApp.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MplSetUp] C:\Programmi\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [JobHisInit] C:\Programmi\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Programmi\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [crntcore32srv] C:\Documents and Settings\responsabile\Dati applicazioni\crntcore32srv\crntcore32srv.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ricerca - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: fbtoolbar Sidebar - {4CE39EE9-5365-44A1-9F63-CBE250BF731A} - C:\Programmi\fb-toolbar\adxloader.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) -
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = umbriaservizi.locale
O17 - HKLM\Software\..\Telephony: DomainName = umbriaservizi.locale
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = umbriaservizi.locale
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 8324 bytes


_________________________________


ComboFix 10-04-07.01 - responsabile 08/04/2010 8:14.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2030.1495 [GMT 2:00]
Eseguito da: c:\documents and settings\responsabile\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100407-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\responsabile\Dati applicazioni\AD ON Multimedia
c:\documents and settings\responsabile\Dati applicazioni\AD ON Multimedia\eBay Shortcuts\config.ini
c:\documents and settings\responsabile\Dati applicazioni\Desktopicon
c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\bvjgsg.dat
c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\bvjgsg.exe
c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\bvjgsg_nav.dat
c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\bvjgsg_navps.dat
c:\programmi\Search Settings
c:\programmi\Search Settings\kb127\SearchSettings.dll
c:\programmi\Search Settings\kb127\SearchSettingsRes409.dll
c:\programmi\Search Settings\SearchSettings.exe
c:\windows\system32\Drivers\ydrpns.sys

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_yiof


((((((((((((((((((((((((( Files Creati Da 2010-03-08 al 2010-04-08 )))))))))))))))))))))))))))))))))))
.

2010-04-08 06:22 . 2010-04-08 06:22 -------- d-----w- c:\temp\WPDNSE
2010-04-08 06:22 . 2010-04-08 06:22 53248 ----a-w- c:\temp\catchme.dll
2010-04-08 06:21 . 2010-04-08 06:21 16384 ----atw- c:\temp\Perflib_Perfdata_7e0.dat
2010-04-08 06:21 . 2010-04-08 06:21 16384 ----atw- c:\temp\Perflib_Perfdata_59c.dat
2010-04-07 08:51 . 2010-04-07 08:51 163840 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\crntcore32srv\tjebqtpgghgk.dll
2010-04-07 08:43 . 2010-04-07 08:43 5918775 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-06 08:40 . 2010-04-06 08:40 50354 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\Facebook\uninstall.exe
2010-04-06 08:40 . 2010-04-06 08:40 -------- d-----w- c:\documents and settings\responsabile\Dati applicazioni\Facebook
2010-04-06 08:30 . 2010-04-06 08:30 -------- d-----w- c:\programmi\NCH Software
2010-04-06 06:32 . 2010-04-06 08:14 -------- d-----w- c:\temp\plugtmp-1
2010-04-02 10:19 . 2010-04-02 10:19 -------- d-----w- c:\documents and settings\responsabile\Dati applicazioni\NCH Swift Sound
2010-04-02 10:19 . 2010-04-02 10:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NCH Swift Sound
2010-04-02 10:19 . 2010-04-02 10:19 -------- d-----w- c:\programmi\NCH Swift Sound
2010-04-02 09:01 . 2010-04-02 10:01 -------- d-----w- c:\temp\audacity_1_2_temp
2010-04-02 09:01 . 2010-04-02 09:01 -------- d-----w- c:\programmi\Audacity
2010-04-02 07:21 . 2010-04-02 09:56 -------- d-----w- c:\temp\plugtmp
2010-03-31 06:12 . 2010-03-31 06:12 503808 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7d683c9b-n\msvcp71.dll
2010-03-31 06:12 . 2010-03-31 06:12 499712 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7d683c9b-n\jmc.dll
2010-03-31 06:12 . 2010-03-31 06:12 348160 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7d683c9b-n\msvcr71.dll
2010-03-31 06:12 . 2010-03-31 06:12 61440 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3ccb3800-n\decora-sse.dll
2010-03-31 06:12 . 2010-03-31 06:12 12800 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3ccb3800-n\decora-d3d.dll
2010-03-30 10:10 . 2010-03-30 10:10 -------- d-----w- c:\temp\Adobe
2010-03-19 10:25 . 2010-04-08 06:18 -------- d-----w- c:\temp\IncrediMail
2010-03-15 07:18 . 2010-03-29 06:57 -------- d-----w- c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\Abelssoft
2010-03-15 07:18 . 2010-03-29 06:56 -------- d-----w- c:\programmi\CheckDrive
2010-03-12 11:19 . 2010-04-06 07:49 -------- d-----w- c:\temp\hsperfdata_responsabile
2010-03-11 09:39 . 2010-03-11 09:41 -------- d-----w- c:\documents and settings\responsabile\Dati applicazioni\XnView
2010-03-11 09:39 . 2010-03-11 09:39 -------- d-----w- c:\temp\Rar$EX00.546
2010-03-11 09:28 . 2010-04-08 05:27 -------- d-----w- c:\temp\IM
2010-03-11 07:38 . 2010-04-08 06:18 -------- d-----w- c:\temp\VBE
2010-03-10 23:12 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 11:16 . 2010-04-07 10:47 -------- d-----w- c:\temp\__SkypeIEToolbar_Cache
2010-03-10 11:12 . 2010-03-10 11:12 16384 ----atw- c:\temp\Perflib_Perfdata_598.dat
2010-03-09 07:21 . 2010-03-09 07:21 239616 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\crntcore32srv\crntcore32srv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 08:51 . 2010-03-05 10:00 -------- d-----w- c:\documents and settings\responsabile\Dati applicazioni\crntcore32srv
2010-04-07 08:45 . 2009-03-31 06:38 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-07 08:39 . 2010-03-05 10:00 -------- d-----w- c:\programmi\fb-toolbar
2010-04-06 10:27 . 2009-03-26 13:34 -------- d-----w- c:\documents and settings\responsabile\Dati applicazioni\Skype
2010-04-06 10:08 . 2009-03-26 13:38 -------- d-----w- c:\documents and settings\responsabile\Dati applicazioni\skypePM
2010-03-31 06:13 . 2007-05-31 09:21 -------- d-----w- c:\programmi\File comuni\Java
2010-03-31 06:12 . 2007-05-31 09:21 -------- d-----w- c:\programmi\Java
2010-03-31 06:12 . 2006-03-02 12:00 84156 ----a-w- c:\windows\system32\perfc010.dat
2010-03-31 06:12 . 2006-03-02 12:00 489410 ----a-w- c:\windows\system32\perfh010.dat
2010-03-30 10:41 . 2010-01-20 08:10 -------- d-----w- c:\documents and settings\responsabile\Dati applicazioni\Free Download Manager
2010-03-29 22:46 . 2009-03-31 06:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-03-31 06:38 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 11:16 . 2009-03-13 11:34 -------- d-----w- c:\programmi\FindyKill
2010-03-10 07:27 . 2007-05-11 15:55 -------- d-----w- c:\programmi\CCleaner
2010-03-09 02:28 . 2008-12-22 07:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\responsabile\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
2010-02-25 06:16 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-21 07:19 . 2010-02-21 07:19 413696 ----a-w- c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\tbantahn.exe
2010-01-27 10:03 . 2007-05-11 15:43 123 ----a-w- c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\fusioncache.dat
2010-01-25 22:25 . 2010-01-25 22:25 308736 ----a-w- c:\documents and settings\responsabile\Impostazioni locali\Dati applicazioni\dukbrh.exe
2010-01-15 09:03 . 2010-01-15 09:03 1956528 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player_ax.exe
2007-04-23 10:48 . 2007-06-25 07:08 7168 ----a-w- c:\programmi\mozilla firefox\plugins\libcomm.dll
2007-05-17 10:01 . 2007-06-25 07:08 35008 ----a-w- c:\programmi\mozilla firefox\plugins\NanoInst.dll
2007-05-03 10:33 . 2007-06-25 07:08 53248 ----a-w- c:\programmi\mozilla firefox\plugins\PSComm.dll
2007-05-17 10:01 . 2007-06-25 07:08 130152 ----a-w- c:\programmi\mozilla firefox\plugins\PSNAdBrk.dll
2002-07-31 18:55 . 2008-01-30 07:57 104 --sh--w- c:\windows\WSYS049.SYS
2008-12-05 16:45 . 2008-11-05 11:37 88 --sh--r- c:\windows\system32\5F9242AA4D.sys
2009-02-26 16:21 . 2009-02-26 16:21 23 --sha-w- c:\windows\system32\edacded0_x.dat
2008-12-05 16:45 . 2008-11-05 11:37 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-03-16 10:48 . 2009-03-13 15:25 12951584 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2009-01-27 251264]
"crntcore32srv"="c:\documents and settings\responsabile\Dati applicazioni\crntcore32srv\crntcore32srv.exe" [2009-09-07 261632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"MplSetUp"="c:\programmi\RMClient\MplSetUp.exe" [2000-11-04 40960]
"JobHisInit"="c:\programmi\RMClient\JobHisInit.exe" [2001-11-16 135168]
"IntelAudioStudio"="c:\programmi\Intel Audio Studio\IntelAudioStudio.exe" [2006-08-02 9134080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\Graphisoft1\\ArchiCAD 10\\ArchiCAD.exe"=
"c:\\Programmi\\B2BPOKER\\GoldWin\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/04/2009 10:21 114768]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [18/05/2007 16:05 24786]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/04/2009 10:21 20560]
R3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [21/01/2008 11:56 45534]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S2 cpwnt;cpwnt; [x]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\16.tmp --> c:\windows\system32\16.tmp [?]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [31/07/2008 09:05 64640]
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-07 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 15:17]

2010-04-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 15:17]

2010-04-07 c:\windows\Tasks\wavepadShakeIcon.job
- c:\programmi\NCH Swift Sound\WavePad\wavepad.exe [2010-04-02 10:19]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.alice.it/
mWindow Title =
uInternet Settings,ProxyOverride = <local>
IE: Download all with Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ricerca - c:\programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: {{4CE39EE9-5365-44A1-9F63-CBE250BF731A} - {4CE39EE9-5365-44A1-9F63-CBE250BF731A} - c:\programmi\fb-toolbar\adxloader.dll
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA}
DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1}
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
FF - ProfilePath - c:\documents and settings\responsabile\Dati applicazioni\Mozilla\Firefox\Profiles\btqsx0uh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.alice.it/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={FD782851-C8B8-AE56-9826-2759C71BD527}&q=
FF - component: c:\programmi\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\documents and settings\responsabile\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPBREAKOUT.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPPOKER.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Associazioni dei file -------
.
.scr=AutoCADLTScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
HKLM-Run-SigmatelSysTrayApp - sttray.exe
AddRemove-bvjgsg - c:\documents and settings\responsabile\impostazioni locali\dati applicazioni\bvjgsg.exe
AddRemove-Convert Doc_is1 - c:\programmi\Softinterface



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 08:22
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\16.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(768)
c:\programmi\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(3440)
c:\windows\system32\WININET.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\programmi\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\UStorSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\programmi\IncrediMail\bin\IMApp.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-08 08:26:58 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-08 06:26

Pre-Run: 203,171,377,152 byte disponibili
Post-Run: 203,213,340,672 byte disponibili

- - End Of File - - C9DBC505400C74E6058E3DCFF5BB321C



_______________________


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Versione database: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/04/2010 11:34:00
mbam-log-2010-04-07 (11-34-00).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 257879
Tempo trascorso: 44 minuti, 15 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 1
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 3

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bvjgsg (Trojan.Agent.H) -> No action taken.

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
c:\documents and settings\responsabile\impostazioni locali\dati applicazioni\bvjgsg.exe (Trojan.Agent.H) -> No action taken.
C:\Documents and Settings\responsabile\Dati applicazioni\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe (Adware.ADON) -> No action taken.
C:\Documents and Settings\responsabile\Dati applicazioni\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> No action taken.

percui io che dovrei fare????

che è sta storia dei nik per nascondersi???

e io aspetto si.....

mi avete aiutato cosi tante volte che non ho dubbi sulla riuscita...cmq meme è un carissimo amico per questo si è permesso di darmi quei consigli...

mi intrometto solo perchè mi da l idea che il nostro amico sia rimasto un po sconcertato.
ti dico cio che farei io al posto tuo:
aggiornerei l antivirus all ultima versione che offre anche protezione antispyware e programmerei una scansione all avvio,quando il sistema operativo non è caricato ed un eventuale infezione ha maggiori possibilita' di essere individuata e neutralizzata.
installerei un firewall,quello di win,in xp,non offre sufficente protezione non scansionando le connessioni in uscita.
poi,se tutto ti sembra a posto e funzionante dovresti(dopo la scansione all avvio di avast):
Scaricare OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Cliccare su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Dare una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, cliccare su Opzioni e poi Avanzate, togliere il segno di spunta
a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi eseguire le pulizie),
registro compreso.
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp.
(non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows,
aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci
conservate al suo interno ( non eliminare la cartella )
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su
Remove selected

disattiva il ripristino configurazione di sistema
start,pannello di controllo,sistema,configurazione di sistema,metti la spunta a
"disattiva ripristino configurazione di sistema su tutte le unita'",applica,ok.
spegni e riaccendi il pc e fai l operazione inversa per riattivarlo.

se invece riscontri problemi attendi per le pulizie e dicci cosa c è che non va.

ps:chiedo scusa,ma ho visto solo ora che la scansione con mbam è di ieri,sarebbe preferibile se la rifacessi,cosi' per sicurezza.

@ maopapof: non sapevo che solo alcuni utenti potessero dare consigli su come sistemare i virus, credevo valesse solo per l'interpretazione dei log di HjT. Io comunque ho risposto solo perché ho visto un log piuttosto sporco e perché nessuno pareva interessarsi molto al caso.

@archangel256 ...

non era assolutamente neanche nel pensiero di far riferimento al tuo nik, in quanto piu volte hai dimostrato ... leggendoti .... capacita' , modestia :O) ed educazione ,,,, grazie

---

questo passaggio consigliato da giullare intanto fallo:




in seguito scarica MBR rootkit detector e fai quanto segue:

Scarica MBR:EXE e mettilo direttamente nella Directory C:\
Riavvia il Pc in modalità provvisoria
Da Start - Esegui - digita C:\mbr.exe -f e cliccate su OK
Posta il log che verrà salvato su C./ come MBR.

Poi scarica Drweb Cureit! e fai una scansione prima rapida poi completa


p.s
Dai non fare il braccino corto, metti i vestiti vecchi e mi fai il regalo.....
auhahaahah