Ciao da qualche giorno ho alcuni problemi con il mio pc
Da quando ho inserito una penna usb, nella barra delle applicazioni in basso a destra è apparsa un'icona di "eee pc tray ulility 5.1.1.4003 " che non riesco più a togliere e quando cerco di aprire alcune pagine da internet mi appare una finestra che dice "connessione attraverso miniport wan" e successivamente errore 678.
Ho lanciato due programmi : malwarebytes e hijackthis vi mando i log
Inoltre spesso si blocca tutto il sistema e sono costretta a spegnere il computer e riaccenderlo.
Spero che possiate aiutarmi


Malwarebytes' Anti-Malware 1.44
Versione del database: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

13/02/2010 12.39.15
mbam-log-2010-02-13 (12-39-07).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 100405
Tempo trascorso: 3 minute(s), 59 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 2

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.21.52, on 13/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\EeePC\ACPI\AsTray.exe
C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
C:\Programmi\EeePC\ACPI\AsEPCMon.exe
C:\Programmi\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Elantech\ETDDect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AsusTray] C:\Programmi\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmi\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [ETDWare] C:\Programmi\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ETDWareDetect] C:\Programmi\Elantech\ETDDect.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SuperHybridEngine.lnk = ?
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe

--
End of file - 4907 bytes




GRAZIE!!!

hai fatto una scansione rapida,ti suggerisco di farne una completa che è piu' accurata.aggiorna malwarebytes prima,e intanto metti in prigione (quarantena)quello che ti ha trovato .

ciao ho appena provato a fare l'aggiornamento di malwarebytes ma non mi è possibile in quanto mi compare la richiesta di una connessione remota (io sono connesso tramite wireless). cosa faccio procedo ugualmente con combo fix? grazie!!

ComboFix 10-02-12.01 - Armando 13/02/2010 14.42.31.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.777 [GMT 1:00]
Eseguito da: c:\documents and settings\Armando\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-0111782848-2611252433-320367115-3874
c:\recycler\S-1-5-21-117609710-2025429265-1547161642-1003
c:\recycler\S-1-5-21-1200791401-2173177111-2569383337-1003
c:\recycler\S-1-5-21-2427576251-1231486041-982712095-1872
c:\recycler\S-1-5-21-3234280684-1396253550-4185536343-1003
c:\recycler\S-1-5-21-5516288273-9119671088-100652620-2457
c:\recycler\S-1-5-21-55401569-2533582971-3823923958-1003
c:\recycler\S-1-5-21-6950578542-8882598769-047577704-9039
c:\windows\system32\Thumbs.db

La copia infetta di c:\windows\system32\DRIVERS\atapi.sys è stata trovata e disinfettata
ipristinata copia da - c:\windows\system32\dllcache\atapi.sys
.
((((((((((((((((((((((((( Files Creati Da 2010-01-13 al 2010-02-13 )))))))))))))))))))))))))))))))))))
.

2013-08-25 23:39 . 2008-08-06 13:51 1200128 ----a-w- c:\windows\RtlUpd.exe
2013-08-25 23:39 . 2008-06-18 16:01 77824 ----a-w- c:\windows\SOUNDMAN.EXE
2013-08-25 23:39 . 2007-11-20 16:15 1826816 ----a-w- c:\windows\SkyTel.exe
2013-08-25 23:39 . 2008-08-12 14:10 4751360 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2013-08-25 23:39 . 2008-06-19 14:27 9715200 ----a-w- c:\windows\RTLCPL.EXE
2013-08-25 23:39 . 2008-07-31 13:05 16806912 ----a-w- c:\windows\RTHDCPL.EXE
2013-08-25 23:39 . 2013-08-25 23:39 -------- d-----w- c:\programmi\Realtek
2013-08-25 23:39 . 2008-06-19 14:42 2808832 ----a-w- c:\windows\ALCWZRD.EXE
2013-08-25 23:39 . 2008-06-19 14:20 57344 ----a-w- c:\windows\ALCMTR.EXE
2013-08-25 23:39 . 2007-06-28 14:44 2165760 ----a-w- c:\windows\MicCal.exe
2013-08-25 23:39 . 2008-07-29 13:42 528384 ----a-w- c:\windows\RtlExUpd.dll
2013-08-11 22:34 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-08-11 22:33 . 2008-04-13 09:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2013-08-11 22:33 . 2008-04-13 09:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2013-08-11 22:32 . 2008-04-13 09:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2013-08-11 22:32 . 2008-04-13 09:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2013-08-11 22:32 . 2008-04-13 09:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2013-08-11 22:32 . 2008-04-13 09:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2013-08-11 22:32 . 2008-04-13 09:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2013-08-11 22:32 . 2008-04-13 17:13 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2013-08-11 22:32 . 2008-04-13 09:46 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-08-11 22:32 . 2008-04-13 09:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-09-12 13:59 . 2012-09-12 13:59 -------- d-----w- c:\programmi\Elantech
2012-09-12 13:59 . 2008-04-08 13:59 10752 ----a-w- c:\windows\system32\drivers\ASUSACPI.SYS
2012-09-12 13:59 . 2012-09-12 13:59 -------- d-----w- c:\programmi\EeePC
2010-02-13 12:56 . 2010-02-13 12:56 -------- d-----w- c:\documents and settings\Armando\Dati applicazioni\TuneUp Software
2010-02-13 12:56 . 2010-02-13 13:19 -------- d-----w- c:\programmi\TuneUp Utilities 2010
2010-02-13 12:55 . 2010-02-13 13:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-02-13 12:55 . 2010-02-13 12:55 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-02-13 11:41 . 2010-02-13 11:41 -------- d-----w- c:\programmi\Trend Micro
2010-02-13 11:32 . 2010-02-13 11:32 -------- d-----w- c:\documents and settings\Armando\Dati applicazioni\Malwarebytes
2010-02-13 11:32 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-13 11:32 . 2010-02-13 11:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-13 11:32 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-13 11:32 . 2010-02-13 11:32 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-13 11:18 . 2010-02-13 11:18 -------- d-----w- c:\documents and settings\Armando\Dati applicazioni\IObit
2010-02-13 11:18 . 2010-02-13 11:18 -------- d-----w- c:\programmi\IObit
2010-02-13 11:09 . 2010-02-13 11:09 -------- d-----w- c:\programmi\CCleaner
2010-02-13 11:03 . 2010-02-13 13:41 -------- d-----w- c:\windows\system32\CatRoot2
2010-02-13 08:41 . 2010-02-13 08:41 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-25 23:39 . 2008-08-07 23:26 319488 ----a-w- c:\windows\HideWin.exe
2010-02-13 11:03 . 2010-02-13 11:02 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-30 22:01 . 2009-07-08 16:57 -------- d-----w- c:\documents and settings\Armando\Dati applicazioni\vlc
2009-12-30 14:46 . 2009-12-30 14:46 -------- d-----w- c:\documents and settings\Armando\Dati applicazioni\dvdcss
2009-12-09 10:29 . 2009-04-24 13:08 5228 ----a-w- c:\documents and settings\Armando\Dati applicazioni\wklnhst.dat
2008-05-07 14:34 . 2008-08-08 00:00 15523560 ----a-w- c:\programmi\U1 Setup.exe
2008-04-14 12:00 . 2008-08-07 04:35 1081344 --sha-r- c:\windows\system32\ucfykgk.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2009-12-26 2335952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"AsusACPIServer"="c:\programmi\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-02 593920]
"ETDWare"="c:\programmi\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"ETDWareDetect"="c:\programmi\Elantech\ETDDect.exe" [2008-08-22 204800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AsusEPCMonitor"=c:\programmi\EeePC\ACPI\AsEPCMon.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5678:TCP"= 5678:TCP:szpbep

S2 xmwjzh;ztwxhr;c:\windows\system32\svchost.exe -k netsvcs [07/08/2008 5.36.02 14336]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [08/08/2008 0.27.42 625024]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xmwjzh
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
FF - ProfilePath - c:\documents and settings\Armando\Dati applicazioni\Mozilla\Firefox\Profiles\hysns4cj.default\
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 14:47
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmwjzh]
"ServiceDll"="c:\windows\system32\ucfykgk.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3516)
c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
c:\programmi\eee storage\xpclient.dll
c:\programmi\eee storage\logicnp.eznamespaceextensions.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-13 14:49:40 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-13 13:49

Pre-Run: 67.085.094.912 byte disponibili
Post-Run: 67.056.070.656 byte disponibili

- - End Of File - - CC2EF196B416D88D8820FE8906FBAAA2


continuo a dirti grazie!

ComboFix 10-02-12.01 - Armando 13/02/2010 15.39.06.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.630 [GMT 1:00]
Eseguito da: c:\documents and settings\Armando\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Armando\Desktop\CFScript.txt

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\ucfykgk.dll"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ucfykgk.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XMWJZH
-------\Service_xmwjzh


((((((((((((((((((((((((( Files Creati Da 2010-01-13 al 2010-02-13 )))))))))))))))))))))))))))))))))))
.

2013-08-25 23:39 . 2008-08-06 13:51 1200128 ----a-w- c:\windows\RtlUpd.exe
2013-08-25 23:39 . 2008-06-18 16:01 77824 ----a-w- c:\windows\SOUNDMAN.EXE
2013-08-25 23:39 . 2007-11-20 16:15 1826816 ----a-w- c:\windows\SkyTel.exe
2013-08-25 23:39 . 2008-08-12 14:10 4751360 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2013-08-25 23:39 . 2008-06-19 14:27 9715200 ----a-w- c:\windows\RTLCPL.EXE
2013-08-25 23:39 . 2008-07-31 13:05 16806912 ----a-w- c:\windows\RTHDCPL.EXE
2013-08-25 23:39 . 2013-08-25 23:39 -------- d-----w- c:\programmi\Realtek
2013-08-25 23:39 . 2008-06-19 14:42 2808832 ----a-w- c:\windows\ALCWZRD.EXE
2013-08-25 23:39 . 2008-06-19 14:20 57344 ----a-w- c:\windows\ALCMTR.EXE
2013-08-25 23:39 . 2007-06-28 14:44 2165760 ----a-w- c:\windows\MicCal.exe
2013-08-25 23:39 . 2008-07-29 13:42 528384 ----a-w- c:\windows\RtlExUpd.dll
2013-08-11 22:34 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-08-11 22:33 . 2008-04-13 09:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2013-08-11 22:33 . 2008-04-13 09:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2013-08-11 22:32 . 2008-04-13 09:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2013-08-11 22:32 . 2008-04-13 09:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2013-08-11 22:32 . 2008-04-13 09:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2013-08-11 22:32 . 2008-04-13 09:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2013-08-11 22:32 . 2008-04-13 09:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2013-08-11 22:32 . 2008-04-13 17:13 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2013-08-11 22:32 . 2008-04-13 09:46 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-08-11 22:32 . 2008-04-13 09:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-09-12 13:59 . 2012-09-12 13:59 -------- d-----w- c:\programmi\Elantech
2012-09-12 13:59 . 2008-04-08 13:59 10752 ----a-w- c:\windows\system32\drivers\ASUSACPI.SYS
2012-09-12 13:59 . 2012-09-12 13:59 -------- d-----w- c:\programmi\EeePC
2010-02-13 12:56 . 2010-02-13 12:56 -------- d-----w- c:\documents and settings\Armando\Dati applicazioni\TuneUp Software
2010-02-13 12:56 . 2010-02-13 13:19 -------- d-----w- c:\programmi\TuneUp Utilities 2010
2010-02-13 12:55 . 2010-02-13 13:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-02-13 12:55 . 2010-02-13 12:55 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-02-13 11:41 . 2010-02-13 11:41 -------- d-----w- c:\programmi\Trend Micro
2010-02-13 11:32 . 2010-02-13 11:32 -------- d-----w- c:\documents and settings\Armando\Dati applicazioni\Malwarebytes
2010-02-13 11:32 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-13 11:32 . 2010-02-13 11:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-13 11:32 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-13 11:32 . 2010-02-13 11:32 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-13 11:18 . 2010-02-13 11:18 -------- d-----w- c:\documents and settings\Armando\Dati applicazioni\IObit
2010-02-13 11:18 . 2010-02-13 11:18 -------- d-----w- c:\programmi\IObit
2010-02-13 11:09 . 2010-02-13 11:09 -------- d-----w- c:\programmi\CCleaner
2010-02-13 11:03 . 2010-02-13 14:38 -------- d-----w- c:\windows\system32\CatRoot2
2010-02-13 08:41 . 2010-02-13 08:41 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-25 23:39 . 2008-08-07 23:26 319488 ----a-w- c:\windows\HideWin.exe
2010-02-13 11:03 . 2010-02-13 11:02 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-30 22:01 . 2009-07-08 16:57 -------- d-----w- c:\documents and settings\Armando\Dati applicazioni\vlc
2009-12-30 14:46 . 2009-12-30 14:46 -------- d-----w- c:\documents and settings\Armando\Dati applicazioni\dvdcss
2009-12-09 10:29 . 2009-04-24 13:08 5228 ----a-w- c:\documents and settings\Armando\Dati applicazioni\wklnhst.dat
2008-05-07 14:34 . 2008-08-08 00:00 15523560 ----a-w- c:\programmi\U1 Setup.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2009-12-26 2335952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"AsusACPIServer"="c:\programmi\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-02 593920]
"ETDWare"="c:\programmi\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"ETDWareDetect"="c:\programmi\Elantech\ETDDect.exe" [2008-08-22 204800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AsusEPCMonitor"=c:\programmi\EeePC\ACPI\AsEPCMon.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=

S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [08/08/2008 0.27.42 625024]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
FF - ProfilePath - c:\documents and settings\Armando\Dati applicazioni\Mozilla\Firefox\Profiles\hysns4cj.default\
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 15:43
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(124)
c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
c:\programmi\eee storage\xpclient.dll
c:\programmi\eee storage\logicnp.eznamespaceextensions.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-13 15:46:05 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-13 14:46
ComboFix2.txt 2010-02-13 13:49

Pre-Run: 67.065.999.360 byte disponibili
Post-Run: 67.026.472.960 byte disponibili

- - End Of File - - C3690727D3D93FB83D3AF10801F5CE7F


dimmi tutto!

Malwarebytes' Anti-Malware 1.44
Versione del database: 3732
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

13/02/2010 16.08.41
mbam-log-2010-02-13 (16-08-41).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 129428
Tempo trascorso: 11 minute(s), 43 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 4

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\System Volume Information\_restore{0F24F54A-B150-4CA8-8103-B8AC2AD05C7F}\RP3\A0001102.exe (TrojanDownloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0F24F54A-B150-4CA8-8103-B8AC2AD05C7F}\RP3\A0001103.exe (Trojan.Hijacker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0F24F54A-B150-4CA8-8103-B8AC2AD05C7F}\RP3\A0001104.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0F24F54A-B150-4CA8-8103-B8AC2AD05C7F}\RP3\A0001105.exe (Trojan.Agent) -> Quarantined and deleted successfully.



file infetti 4 eliminati!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.52.00, on 13/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
C:\Programmi\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\Elantech\ETDDect.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v3.4.exe
c:\871b0b1a8b2c08ba668791abf2a8c7fc\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmi\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [ETDWare] C:\Programmi\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ETDWareDetect] C:\Programmi\Elantech\ETDDect.exe
O4 - HKLM\..\RunOnce: [KB923561] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKLM\..\RunOnce: [KB955759] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe

--
End of file - 4638 bytes

ho eseguito tutto quello che mi hai detto e credo proprio di aver risolto il mio problema!!! un grande grazie!