Ho un problema che non riesco a risolvere.........
mi compare in trusted zone un dominio "fasullo" *.whataboutadog.com e compare un file in C:\WINDOWS\Temp un file che cambia di volta in volta, ora trovo YO4B3F.exe (lo cancello in modalità provvisoria ma ricompare con altro nome).
Ho fatto girare un pò di "cose" ma non risolvo il problema....
ccleaner
spybot
trend micro antispyware
AD aware se
trend nicro office scan
e
altro
allego log hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 23.23.48, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Officescan NT\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Officescan NT\tmlisten.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Officescan NT\OfcPfwSvc.exe
C:\WINDOWS\TEMP\YO4B3F.EXE
C:\WINDOWS\Explorer.EXE
C:\Officescan NT\pccntmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Logitech\Video\ISStart.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Officescan NT\Pop3Trap.exe
C:\Program Files\QuickTime\bak\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Alice ti aiuta\bin\mpbtn.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\00215629\My Documents\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://noiportal.telecomitalia.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telecom Italia s.p.a.
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Officescan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RUN_PWR_SETTINGS] %windir%\system32\RunUnset.vbs
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Program Files\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: MapiProfileTI.lnk = C:\WINDOWS\MapiProfileTI.vbs
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://noiportal.telecomitalia.it
O15 - Trusted Zone: http://organigramma.griffon.local
O15 - Trusted Zone: *.griffon.local
O15 - Trusted Zone: http://atomwfe1.telecomitalia.it
O15 - Trusted Zone: http://atomwfe2.telecomitalia.it
O15 - Trusted Zone: http://griffon.ittelecom.open.telecomitalia.it
O15 - Trusted Zone: http://griffon.open.telecomitalia.it
O15 - Trusted Zone: http://hr.open.telecomitalia.it
O15 - Trusted Zone: http://paperless.open.telecomitalia.it
O15 - Trusted Zone: http://tils.open.telecomitalia.it
O15 - Trusted Zone: http://dwh-o2c.telecomitalia.local
O15 - Trusted Zone: http://soa404.telecomitalia.local
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: http://organigramma.griffon.local (HKLM)
O15 - Trusted Zone: *.griffon.local (HKLM)
O15 - Trusted Zone: http://atomwfe1.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://atomwfe2.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://griffon.ittelecom.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://griffon.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://hr.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://paperless.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://tils.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://dwh-o2c.telecomitalia.local (HKLM)
O15 - Trusted Zone: http://soa404.telecomitalia.local (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = telecomitalia.local
O17 - HKLM\Software\..\Telephony: DomainName = telecomitalia.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{04B7E05C-ECA4-4393-BC1B-FC1B635BA7C4}: NameServer = 156.54.205.68,156.54.17.166
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9FA1FB0-D522-4225-95FD-95A29CD25D01}: NameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = telecomitalia.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = telecomitalia.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{04B7E05C-ECA4-4393-BC1B-FC1B635BA7C4}: NameServer = 156.54.205.68,156.54.17.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = telecomitalia.local
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Officescan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Officescan NT\OfcPfwSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Officescan NT\tmlisten.exe

Ho un problema che non riesco a risolvere......... mi compare in trusted zone un dominio "fasullo" .whataboutadog.com

Fosse solo quello.

Disattiva il Ripristino configurazione di sistema e, per iniziare, fixa tutta questa roba:

C:\WINDOWS\TEMP\YO4B3F.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [RUN_PWR_SETTINGS] %windir%\system32\RunUnset.vbs

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" –atboottime

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: MapiProfileTI.lnk = C:\WINDOWS\MapiProfileTI.vbs

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O15 - Trusted Zone: *.griffon.local

O15 - Trusted Zone: http://atomwfe1.telecomitalia.it

O15 - Trusted Zone: http://atomwfe2.telecomitalia.it

O15 - Trusted Zone: http://griffon.ittelecom.open.telecomitalia.it

O15 - Trusted Zone: http://griffon.open.telecomitalia.it

O15 - Trusted Zone: http://hr.open.telecomitalia.it

O15 - Trusted Zone: http://paperless.open.telecomitalia.it

O15 - Trusted Zone: http://tils.open.telecomitalia.it

O15 - Trusted Zone: http://dwh-o2c.telecomitalia.local

O15 - Trusted Zone: http://soa404.telecomitalia.local

O15 - Trusted Zone: *.whataboutadog.com

O15 - Trusted Zone: http://organigramma.griffon.local (HKLM)

O15 - Trusted Zone: *.griffon.local (HKLM)

O15 - Trusted Zone: http://atomwfe1.telecomitalia.it (HKLM)

O15 - Trusted Zone: http://atomwfe2.telecomitalia.it (HKLM)

O15 - Trusted Zone: http://griffon.ittelecom.open.telecomitalia.it (HKLM)

O15 - Trusted Zone: http://griffon.open.telecomitalia.it (HKLM)

O15 - Trusted Zone: http://hr.open.telecomitalia.it (HKLM)

O15 - Trusted Zone: http://paperless.open.telecomitalia.it (HKLM)

O15 - Trusted Zone: http://tils.open.telecomitalia.it (HKLM)

O15 - Trusted Zone: http://dwh-o2c.telecomitalia.local (HKLM)

O15 - Trusted Zone: http://soa404.telecomitalia.local (HKLM)


Scarica questi software e tool per eseguire una pulizia:

CCLEANER: clicca qui per il download (http://download.piriform.com/ccsetup201.exe)
una volta installato, lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
● Impostazioni, e spunta la voce Cancellazione sicura (lenta)
poi su:
● Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore
● alla voce Pulizia, spunta tutte le quelle comprese nella sezione Avanzate
● nel menu a sinistra, clicca sulla voce Pulizia, clicca su tasto Avvia Pulizia per eseguire la scansione
● sempre nel menu a sinistra, clicca sulla voce Problemi, clicca sul tasto Trova problemi ed avvia una scansione; al termine della scansione clicca sulla voce Ripara selezionati e prosegui

ASQUARED FREE: clicca qui per il download (http://download5.emsisoft.com/a2FreeSetup.exe)
una volta installato, scarica gli aggiornamenti e poi, esegui una scansione del sistema in modalità Deep Scan e rimuovi tutto ciò che viene rilevato con esclusione dei riferimenti a Software, MIrc, fotocamere digitali e/o scanner eventualmente installati.

PANDA ANTIROOTKIT: clicca qui per il download (http://research.pandasoftware.com/blogs/images/AntiRootkit.zip)
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, si aggiorna in automatico ed esegue la scansione (ovviamente rimuove tutti gli eventuali rootkit che rileva)

ELISTARTA TOOL: clicca qui per il download (http://www.zonavirus.com/datos/descargas/78/elistara.asp)
scorri, fino in fondo, la pagina Web che si aprirà e clicca su Descargar ELISTARTA per scaricare il Tool (per comodità, posizionalo su Desktop)
Esegui ELISTARTA TOOL:
● alla prima domanda, rispondi SI
● alla seconda, rispondi SI
● alla terza rispondi NO
● si apre la finestra di scansione, clicca su Explorar
● terminata la scansione, chiudi il Tool e provvedi a riavviare il sistema
● verrà rilasciato un log dal nome infosat.txt in C: (clicca su Risorse del Computer, poi su Disco Locale C: e trovi il log e lo alleghi alla discussione)
Annotazione
dopo aver rilanciato Internet Explorer, potrebbe rendersi necessario reimpostare la propria pagina Web predefinita

aggiorna INTERNET EXPLORER: clicca qui per il download (https://www.microsoft.com/italy/windows/downloads/ie/getitnow.mspx)
scorri fino in fondo la pagina web, a sinistra devi selezionare il tuo sistema operativo (nel tuo caso sarà Windows XP ServicePack2 e avvii il download

aggiorna JAVASUN:
● Start
● Panello di Controllo (se non viene visualizzato in modalità classica, in alto a sinistra clicca sulla voce passa alla visualizzazione classica)
● clicca sulla icona Java per accedere al suo Pannello di controllo
● clicca sulla scheda Aggiornamento e poi sul pulsante Aggiorna adesso

Al termine ripubblica un nuovo log di Hthis, perchè non sarà ancora finita.

Dopo aver eseguito la procedura indicata sopra, fai girare questo tool: http://noahdfear.geekstogo.com/FindAWF.exe
copia e incolla qui il log

primo log

Wed Oct 17 01:19:12 2007
EliStartPage v14.84 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%Favoritos%\Software"

Wed Oct 17 01:19:46 2007
EliStartPage v14.84 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Restaurado fichero de Configuración del IE, (IERESET.INF)
Eliminadas las Paginas de Inicio y de Busqueda del IE

Wed Oct 17 01:20:06 2007
EliStartPage v14.84 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Common Files\Microsoft Shared\Database Replication\WZCNFLCT.EXE --> Eliminado, AutoRun.IZ
C:\Program Files\SAP\FrontEnd\Bw\WBKLNCH.EXE --> Eliminado, DollarRevenue (dldr)
C:\Program Files\SAP\FrontEnd\SAPgui\SAPSLIDE.OCX --> Eliminado, DollarRevenue (dldr)
C:\Program Files\SAP\FrontEnd\SAPgui\VISCARRI.OCX --> Eliminado, DollarRevenue (dldr)
Nº Total de Directorios: 6459
Nº Total de Ficheros: 52825
Nº de Ficheros Analizados: 15100
Nº de Ficheros Infectados: 4
Nº de Ficheros Limpiados: 4




log hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 1.29.43, on 17/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Officescan NT\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Officescan NT\tmlisten.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Officescan NT\OfcPfwSvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\TEMP\RVE266.EXE
C:\WINDOWS\Explorer.EXE
C:\Officescan NT\pccntmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Officescan NT\Pop3Trap.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Alice ti aiuta\bin\mpbtn.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\00215629\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telecom Italia s.p.a.
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Officescan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [RUN_PWR_SETTINGS] %windir%\system32\RunUnset.vbs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Program Files\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Bluetooth Manager.lnk.disabled
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O4 - Global Startup: MapiProfileTI.lnk = C:\WINDOWS\MapiProfileTI.vbs
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://noiportal.telecomitalia.it
O15 - Trusted Zone: http://organigramma.griffon.local (HKLM)
O15 - Trusted Zone: *.griffon.local (HKLM)
O15 - Trusted Zone: http://atomwfe1.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://atomwfe2.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://griffon.ittelecom.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://griffon.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://hr.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://mpa.dg.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://paperless.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://tils.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://dwh-o2c.telecomitalia.local (HKLM)
O15 - Trusted Zone: http://soa404.telecomitalia.local (HKLM)
O15 - Trusted IP range: 10.74.27.45 (HKLM)
O15 - Trusted IP range: http://10.173.215.15 (HKLM)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = telecomitalia.local
O17 - HKLM\Software\..\Telephony: DomainName = telecomitalia.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{04B7E05C-ECA4-4393-BC1B-FC1B635BA7C4}: NameServer = 156.54.205.68,156.54.17.166
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9FA1FB0-D522-4225-95FD-95A29CD25D01}: NameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = telecomitalia.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = telecomitalia.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{04B7E05C-ECA4-4393-BC1B-FC1B635BA7C4}: NameServer = 156.54.205.68,156.54.17.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = telecomitalia.local
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Officescan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Officescan NT\OfcPfwSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Officescan NT\tmlisten.exe

Vorrei capire una cosa....questo pc è principalmente per uso aziendale?Poichè dai log vedo portali di telecom italia
ad ogni modo queste sono da fixare

O4 - HKLM\..\Run: [RUN_PWR_SETTINGS] %windir%\system32\RunUnset.vbs SE SAI COS'E' NON LA FIXARE
O4 - Global Startup: Bluetooth Manager.lnk.disabled
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O4 - Global Startup: MapiProfileTI.lnk = C:\WINDOWS\MapiProfileTI.vbsSE SAI COS'E' NON LA FIXARE
O4 - Global Startup: WinZip Quick Pick.lnk.disabled

per le voci 015 , 017 dovresti dare le info che ti richiedevo se sono voci inserite legittimamente per lavoro....
Importante anche il log di FindAWF
Fixa la voce 06 e vedi se ti fà cancellare whataboutadog con relativo temp.