Help Bastione antivirus!

[brunogermain]

ciao a tutti,
mi chiamo bruno e anch'io ho un problema con bastione.
diciamo però che a me ha fatto un bel po' di casino. dal menu start sono spariti il pannello di controllo e le risorse del computer (anche dal desktop) e dalle risorse del computer, a cui si arriva con mille sotterfugi, è scomparso nientemeno che C:
ovviamente il sistema viaggia a circa un decimo della velocità abituale.

comunque ecco il log di hijackthis. spero che possiate aiutarmi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51: VIRUS ALERT!, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\SPYWAREfighter\spftray.exe
C:\Programmi\SPYWAREfighter\spfprc.exe
E:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: sqvgnrpx - {9437C997-89E6-4B84-A745-BEFD3A910FF5} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [60dde798] rundll32.exe "C:\WINDOWS\system32\vkxwmrnx.dll",b
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmi\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1208205802015
O17 - HKLM\System\CCS\Services\Tcpip\..\{1486C85E-5A90-4320-A49E-BFC6C7C0D047}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1486C85E-5A90-4320-A49E-BFC6C7C0D047}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1486C85E-5A90-4320-A49E-BFC6C7C0D047}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{1486C85E-5A90-4320-A49E-BFC6C7C0D047}: NameServer = 192.168.1.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{1486C85E-5A90-4320-A49E-BFC6C7C0D047}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O21 - SSODL: fdxbameg - {A3627987-6C95-40BE-A822-4D74AEFBCC12} - C:\WINDOWS\fdxbameg.dll
O21 - SSODL: fsrpknov - {C5462E30-641D-4265-93D9-B7CA856C6E36} - C:\WINDOWS\fsrpknov.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmi\SPYWAREfighter\spfprc.exe

--
End of file - 6641 bytes

[Deifobe]

Ciao Bruno ,
ho aperto per te una nuova discussione (leggi il Regolamento del forum Sicurezza )


Scarica SystemScan, disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus

carica il rapporto che trovi sul desktop su Savefile e posta il link ottenuto.

[brunogermain]

ecco il link al report di systemscan

http://www.freefilehosting.net/download/3jc84

[Deifobe]

ciao Bruno, quando vuoi rispondere clicca su "rispondi"... altrimenti apri una nuova discussione.

Il rapporto di systemsca non è analizzabile. O lo carichi zippato su freefilehossting... oppure lo carichi sul sito che ti avevo indicato.

[brunogermain]

sto provando con i software consigliati dal forum. avg manco riesco ad installarlo...
intanto ecco il al report su savefile

http://www.savefile.com/files/1657137

grazie mille per il momento!

[Deifobe]

ripeto:

quando rispondi non cliccare su "Nuovo" ma su => "Rispondi"

Grazie

[Deifobe]

il rapporto postato è incompleto.

Scarica Avenger e CCleaner

Apri il blocco note e nella pagina copia/incolla:

Windows Registry Editor Version 5.00

[-HKCR\CLSID\{A3627987-6C95-40BE-A822-4D74AEFBCC12}]

[-HKCR\CLSID\{C5462E30-641D-4265-93D9-B7CA856C6E36}]

[-HKCR\CLSID\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}]

[-HKCR\CLSID\{1F543B5E-1DCE-4E55-A8C5-1CFF4F46F38B}]

[-HKCR\CLSID\{AF4EBF01-2871-49E4-BF25-8F0564359C31}]

salvalo in c:\ con il nome nome: fix.reg
tipo di file: tutti i file


Esegui avenger e nella finestra copia/incolla tutta la citazione:

files to delete:
C:\sqmnoopt06.sqm
C:\sqmdata06.sqm
C:\sqmnoopt07.sqm
C:\sqmdata07.sqm
C:\sqmnoopt08.sqm
C:\sqmdata08.sqm
C:\sqmnoopt09.sqm
C:\sqmdata09.sqm
C:\sqmnoopt10.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmnoopt11.sqm
C:\sqmdata12.sqm
C:\sqmnoopt12.sqm
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmdata17.sqm
C:\sqmnoopt18.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\sqmnoopt00.sqm
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmdata04.sqm
C:\sqmnoopt05.sqm
C:\sqmdata05.sqm
C:\WINDOWS\fsrpknov.dll
C:\WINDOWS\fdxbameg.dll
C:\WINDOWS\sqvgnrpx.dll
C:\WINDOWS\wbxdpgfevkl.dll
C:\WINDOWS\egxk.exe
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\system32\urqPihge.dll
C:\WINDOWS\system32\mlJBRkhh.dll
C:\WINDOWS\system32\geBtQhET.dll
C:\WINDOWS\system32\bxxvjsid.ini
C:\WINDOWS\system32\6bfe23e6-.txt
C:\WINDOWS\system32\vkxwmrnx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\TEhQtBeg.ini2
C:\WINDOWS\system32\xnrmwxkv.ini
C:\WINDOWS\system32\TEhQtBeg.ini

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | 60dde798
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad | fdxbameg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad | fsrpknov
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks | {684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}

registry keys to delete:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqPihge
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{1F543B5E-1DCE-4E55-A8C5-1CFF4F46F38B}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{AF4EBF01-2871-49E4-BF25-8F0564359C31}

programs to launch on reboot:
c:\fix.reg

Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato

Svuota C:\WINDOWS\Prefetch

Esegui CCleaner e ripulisci i file temporanei e i cookie (eseguilo 2 volte)

Scarica, installa e aggiorna malwarebytes, esegui una scansione completa e posta il rapporto.

Riesegui systemscan e posta un nuovo rapporto

(i rapporti caricali sempre su Savefile)

ciao

[brunogermain]

ok. prima di tutto volevo scusarmi per la mia iNETtitudine. è la prima volta che posto qualcosa su un forum.
e poi grazie per la disponibilità. veramente.

dopo una serie di vicissitudini sono riuscito a far andare Spybot. i trojan sembrano eliminati, ma continuo a non riuscire ad accedere a C: ed al pannello di controllo.

questi i report di hijackthis e systemscan dopo la cura


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:17: VIRUS ALERT!, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: sqvgnrpx - {9437C997-89E6-4B84-A745-BEFD3A910FF5} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [60dde798] rundll32.exe "C:\WINDOWS\system32\vkxwmrnx.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1208205802015
O17 - HKLM\System\CCS\Services\Tcpip\..\{1486C85E-5A90-4320-A49E-BFC6C7C0D047}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1486C85E-5A90-4320-A49E-BFC6C7C0D047}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1486C85E-5A90-4320-A49E-BFC6C7C0D047}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{1486C85E-5A90-4320-A49E-BFC6C7C0D047}: NameServer = 192.168.1.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{1486C85E-5A90-4320-A49E-BFC6C7C0D047}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O21 - SSODL: fdxbameg - {A3627987-6C95-40BE-A822-4D74AEFBCC12} - C:\WINDOWS\fdxbameg.dll (file missing)
O21 - SSODL: fsrpknov - {C5462E30-641D-4265-93D9-B7CA856C6E36} - C:\WINDOWS\fsrpknov.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

--
End of file - 6206 bytes


ed il link al report di systemscan, che stavolta spero sia completo...

http://www.savefile.com/files/1657361


mille grazie di nuovo!

[Deifobe]

è tutto uguale a prima.

da hjt fixa questa:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Riesegui avenger e posta il rapporto.

[brunogermain]

il report di avenger

http://www.savefile.com/files/1657457

sto eseguendo la scansione con malwarebytes...