impossibile cancellari voci con Hijackthis

[tetsuo]

Ho un pc al lavoro infettato da un trojan da una pagina web malevola
dopo una pulizia con Hijackthis non riesco a fissare alcune voci.
Le selezione, premo su fix ma al successivo scan le voci sono sempre lì
come posso risolvere??
Posto a seguire il log
a seguire posto le voci che non riesco a fixare, purtroppo non riesco a postare il log completo in quanto supera il limite di caratteri
ho xp sp2 home ed e la versione di HijackThis è l'ultima disponibile
come posso risolvere??
-edit- ecco il log

Quota:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.10.27, on 16/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Nero\Nero8\InCD\InCDsrv.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\StartupMonitor.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Classic PhoneTools\CapFax.EXE
C:\Programmi\Nero\Nero8\InCD\NBHGui.exe
C:\Programmi\Nero\Nero8\InCD\InCD.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

[tetsuo]

--2a parte del log--

Quota:

C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CapFax] C:\Programmi\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Programmi\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1195754176859
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///H:/components/wmvhdrating.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A322C11-DA76-43EC-A4F1-2382820543C7}: NameServer = 1.253.128.38,29.253.128.11
O20 - AppInit_DLLs: ailikojo.dll,nonmdmbl.dll,egfboffa.dll,jncgokip.dl l,mcfdmhld.dll,fkncplhb.dll,klbghdic.dll,hdifidgk. dll,fcggokkn.dll,cklnndpo.dll,aomddfoh.dll,ihaecbk g.dll,fkjemgmg.dll,ibgaehjp.dll,jhgdbacb.dll,bjcak jeb.dll,mcmjpbdm.dll,apajedan.dll,pnnpjhge.dll
O21 - SSODL: F47C951B - {F47C951B-0E77-4070-B31C-CF55285C0D9D} - C:\WINDOWS\system32\fkncplhb.dll
O21 - SSODL: 6CFD615D - {6CFD615D-CF88-486C-811F-BF2B8EC80D8C} - C:\WINDOWS\system32\mcfdmhld.dll
O21 - SSODL: 37C08429 - {37C08429-3766-4BE0-ABE7-A9B916873BB5} - C:\WINDOWS\system32\jncgokip.dll
O21 - SSODL: E0FB8FFA - {E0FB8FFA-BF57-44AE-997A-ADEB72FEBC19} - C:\WINDOWS\system32\egfboffa.dll
O21 - SSODL: 7876D6B5 - {7876D6B5-6667-433F-8463-351745980FC8} - C:\WINDOWS\system32\nonmdmbl.dll
O21 - SSODL: A2524838 - {A2524838-6A67-43D0-B75E-1E3761BB8DCB} - C:\WINDOWS\system32\ailikojo.dll
O21 - SSODL: 9779310E - {9779310E-A7B5-43B2-AC3C-582B312EA0EF} - C:\WINDOWS\system32\pnnpjhge.dll
O21 - SSODL: A9A3EDA7 - {A9A3EDA7-459F-402C-98AB-64E43565331F} - C:\WINDOWS\system32\apajedan.dll
O21 - SSODL: 6C639BD6 - {6C639BD6-A83C-4D85-869D-11421F9E08F4} - C:\WINDOWS\system32\mcmjpbdm.dll
O21 - SSODL: B3CA43EB - {B3CA43EB-745C-4B1D-9B66-E3D7B8C3ACC8} - C:\WINDOWS\system32\bjcakjeb.dll
O21 - SSODL: 310DBACB - {310DBACB-54E7-4536-9276-D8977EC815FA} - C:\WINDOWS\system32\jhgdbacb.dll
O21 - SSODL: F43E6060 - {F43E6060-78E5-42DB-A8D9-AFA8CB8F07B5} - C:\WINDOWS\system32\fkjemgmg.dll
O21 - SSODL: 2B0AE139 - {2B0AE139-F3E8-497E-ABCD-0C8692D4C84B} - C:\WINDOWS\system32\ibgaehjp.dll
O21 - SSODL: A86DDF81 - {A86DDF81-88FF-4EE2-8A37-4208930CBBDE} - C:\WINDOWS\system32\aomddfoh.dll
O21 - SSODL: 21AECB40 - {21AECB40-76E3-4C96-8E08-8AE58E4A8EE7} - C:\WINDOWS\system32\ihaecbkg.dll
O21 - SSODL: FC008447 - {FC008447-B416-4F97-A50D-A0443F53FA38} - C:\WINDOWS\system32\fcggokkn.dll
O21 - SSODL: C4577D98 - {C4577D98-EE8E-4E5D-A1CC-26E78B9AC4B5} - C:\WINDOWS\system32\cklnndpo.dll
O21 - SSODL: 45B01D2C - {45B01D2C-5FAA-47EE-B3FB-19D863441E6A} - C:\WINDOWS\system32\klbghdic.dll
O21 - SSODL: 1D2F2D04 - {1D2F2D04-91C8-4A65-A2C8-14E0A9DC23D5} - C:\WINDOWS\system32\hdifidgk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Programmi\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[crazy.cat]

Dividi il log su due o più post, vederne solo un pezzo non serve a niente.

[Alhazred]

Fa la scansione e la pulizia da modalità provvisoria.

[cascavel]

e' un' infezione vundo usa combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe , prima di scaricarlo spegni l'antivirus, dopo che avra' compiuto la scansione ed il pc verra' riavviato elimina la cartella C:\qoobox e fai una scansione completa del sistema con malwarebytes http://www.malwarebytes.org/mbam.php , al termine della scansione scegli la voce rimuovi elementi selezionati e riavvia il pc...

[tetsuo]

Grazie delle risposte. Allora in parte forse ho risolto, ho spostato in una dir temporanea le dll sospette e quindi ho poi potuto fixare le voci con HJT. Il dubbio è ovviamente che non si potesse cancellare il riferimento nei registri a tali dll in quanto magari in uso a qualche software malevolo. Domani mattina utilizzo i programmi proposti da cascavel per maggior sicurezza!