Grazie davvero r16!
Allora... ho fatto tutto quello che mi hai scritto... però, in Modalità Provvisoria, VirIT non funziona bene, infatti, ad un certo punto della scansione compare la finestra che dice: SI E' VERIFICATO UN ERRORE IN VIRITEXP.EX L'APPLICAZIONE VERRA' CHIUSA.
Ho riavviato tutto... ma il pc si avvia a fatica... fa tantissimo rumore, "macina"... e prima compare il desktop e dopo molto tempo tutte le icone...
cmq ho connesso ad internet... ed almeno AVG non mi segnala quei Trojan... penso siano andati via... però c'è qualcosa che non va...non so!
Posto qui... l'ultimo LOG che ho fatto... GRAZIE MILLE x L'AIUTO!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.34.41, on 24/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Fighters\configservice.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Fighters\licenseservice.exe
C:\Programmi\Fighters\updateservice.exe
C:\Programmi\Fighters\ScannerService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Fighters\spywarefighter\SpywarefighterUser.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\iexplore.exe
c:\programmi\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212347510631
O17 - HKLM\System\CCS\Services\Tcpip\..\{1433FC6B-1195-433C-B840-7FF2E8AE036F}: NameServer = 85.37.17.50 85.38.28.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{1433FC6B-1195-433C-B840-7FF2E8AE036F}: NameServer = 85.37.17.50 85.38.28.76
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: PTK License-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-18665827 - SPAMfighter - C:\Programmi\Fighters\configservice.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4796 bytes

Ciao r16!
Grazie x l'aiuto...
Il mio pc però non funziona x nulla... stamattina appeno l'ho acceso... non si è avviato, rimaneva con una schermata nera... ho dovuto premere + volte il pulsante di reset... e poi si è avviato...
Inoltre ho postato solo il log di HijackThis perchè VirIT mi da lo stesso problema anche in modalità normale... esce sempre quella finestra di cui scrivevo prima.
Adesso, mentre scrivo, sto facendo la scansione con MalwareBytes... e + tardi posto il log.
Riguardo il rumore di "macinino"... non so, penso sia proprio il processore che si sta fondendo... è possibile??
Diciamo che il pc è vecchiotto... del 2000... non penso regga SP3 :-(
Cmq, non ho ancora capito se questi virus sono andati via...Fighters l'ho cancellato.
+ tardi posto tutti i log che riesco a fare.
Grazie mille!!
:-)

Ciao r16!
Allora, ho fatto 2 volte la scansione con Malwarebytes' Anti-Malware perchè nella prima ha rivelato diversi "virus" ma, alcuni riesce ad eliminarli, altri non riesce, compare la finestra che dice che ALCUNI ELEMENTI NON POSSONO ESSERE RIMOSSI (Ho evidenziato di rosso le chiavi di registro che non riesce a "pulire" dal virus). Poi ho fatto la scansione con HijackThis.
Posto tutto qui. GRAZIE ANCORA!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.05.56, on 24/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212347510631
O17 - HKLM\System\CCS\Services\Tcpip\..\{1433FC6B-1195-433C-B840-7FF2E8AE036F}: NameServer = 85.37.17.50 85.38.28.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{1433FC6B-1195-433C-B840-7FF2E8AE036F}: NameServer = 85.37.17.50 85.38.28.76
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3882 bytes
Malwarebytes' Anti-Malware 1.33
Versione del database: 1685
Windows 5.1.2600 Service Pack 2

24/01/2009 13.55.10
mbam-log-2009-01-24 (13-55-04).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 76971
Tempo trascorso: 1 hour(s), 2 minute(s), 16 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 3
Valori di registro infetti: 4
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 5

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati1kqxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati1kqxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati1kqxx (Rootkit.Agent) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\System Volume Information\_restore{577BB312-08CA-4C37-A50D-4E75FCA99FC1}\RP50\A0044093.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\ati1kqxx.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN29.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\rs32net.exe (Rootkit.Agent) -> No action taken.
Malwarebytes' Anti-Malware 1.33
Versione del database: 1685
Windows 5.1.2600 Service Pack 2

24/01/2009 14.58.50
mbam-log-2009-01-24 (14-58-45).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 76245
Tempo trascorso: 57 minute(s), 10 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 3
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 2

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati1kqxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati1kqxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati1kqxx (Rootkit.Agent) -> No action taken.
Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\System Volume Information\_restore{577BB312-08CA-4C37-A50D-4E75FCA99FC1}\RP50\A0044130.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\ati1kqxx.sys (Rootkit.Agent) -> No action taken.

Grazie mille!
r16 scusami... ma non riesco a disabilitare l'antivirus :-( ho AVG free 8.0... non vedo nessuna opzione x disabilitare... come si fa?Pure da "Centro Sicurezza PC" non riesco a trovare l'opzione x disabilitare...
GRAZIE ANCORA....... e scusa lo stress!!
Ma come fanno questi virus ad entrare nel pc???? Non ho installato nessun programma strano :-(

Ciao r16!Posto tutti i log!GRAZIE 1000 :-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.13.33, on 26/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212347510631
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3732 bytes


ComboFix 09-01-21.04 - Bea 2009-01-26 12:20:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.383.119 [GMT 1:00]
Eseguito da: c:\documents and settings\Bea\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-12-26 al 2009-01-26 )))))))))))))))))))))))))))))))))))
.

2009-01-24 00:46 . 2009-01-24 00:46 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-24 00:46 . 2009-01-24 00:46 <DIR> d-------- c:\documents and settings\Bea\Dati applicazioni\Malwarebytes
2009-01-24 00:46 . 2009-01-24 00:46 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-24 00:46 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-24 00:46 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-24 00:44 . 2009-01-24 00:44 <DIR> d-------- c:\programmi\CCleaner
2009-01-24 00:42 . 2008-08-30 12:11 40,960 --a------ c:\windows\system32\drivers\VIRAGTLT.SYS
2009-01-24 00:41 . 2009-01-24 01:27 <DIR> d-------- C:\VEXPLITE
2009-01-23 23:33 . 2009-01-23 23:33 <DIR> d-------- c:\programmi\Trend Micro
2009-01-23 13:55 . 2009-01-24 01:49 <DIR> d-------- c:\programmi\Fighters
2009-01-23 13:55 . 2009-01-23 13:55 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Fighters
2009-01-16 14:04 . 2009-01-26 12:28 32,768 --a------ c:\windows\system32\drivers\ati1kqxx.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-26 11:28 2,721,903 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-01-26 11:27 249,856 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-26 11:27 21,159,968 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-24 00:45 --------- d-----w c:\programmi\Windows Live
2009-01-24 00:44 --------- d-----w c:\programmi\Erickson
2009-01-23 23:50 134,656 ----a-w c:\windows\Internet Logs\xDB11.tmp
2009-01-23 13:47 3,559,936 ----a-w c:\windows\Internet Logs\xDB10.tmp
2009-01-21 18:15 --------- d-----w c:\documents and settings\Bea\Dati applicazioni\dvdcss
2009-01-20 11:13 --------- d-----w c:\programmi\eMule
2009-01-17 17:24 223,744 ----a-w c:\windows\Internet Logs\xDBF.tmp
2009-01-16 22:35 239,616 ----a-w c:\windows\Internet Logs\xDBE.tmp
2009-01-16 16:40 3,258,368 ----a-w c:\windows\Internet Logs\xDBD.tmp
2008-12-30 17:19 1,469,952 ----a-w c:\windows\Internet Logs\xDBC.tmp
2008-12-25 11:56 1,458,688 ----a-w c:\windows\Internet Logs\xDBB.tmp
2008-12-22 11:23 1,453,056 ----a-w c:\windows\Internet Logs\xDBA.tmp
2008-12-20 22:50 3,294,720 ----a-w c:\windows\Internet Logs\xDB8.tmp
2008-12-20 22:50 1,448,448 ----a-w c:\windows\Internet Logs\xDB9.tmp
2008-12-15 08:29 1,436,160 ----a-w c:\windows\Internet Logs\xDB7.tmp
2008-12-03 21:15 2,947,584 ----a-w c:\windows\Internet Logs\xDB5.tmp
2008-12-03 21:15 1,418,240 ----a-w c:\windows\Internet Logs\xDB6.tmp
2008-11-29 20:59 3,010,048 ----a-w c:\windows\Internet Logs\xDB4.tmp
2008-11-29 20:51 81,920 ----a-w c:\windows\DUMP69ee.tmp
2008-11-10 14:44 3,054,592 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-11-10 14:44 1,388,544 ----a-w c:\windows\Internet Logs\xDB3.tmp
2008-11-04 20:58 3,071,488 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-11-01 18:29 10,520 ----a-w c:\windows\system32\avgrsstx.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1kqxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1yexx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7cgxx.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2006-04-21 14:41 438359 c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR]
--a------ 2009-01-24 00:42 249856 c:\vexplite\MONLITE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

R0 ati1kqxx;ati1kqxx;c:\windows\system32\drivers\ati1kqxx.sys [2009-01-16 32768]
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.SYS [2009-01-24 40960]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-01 97928]
R3 es1969;Driver audio ESS 1969 (WDM);c:\windows\system32\drivers\es1969.sys [2008-06-01 72192]
R3 S3Inc;S3Inc;c:\windows\system32\drivers\s3mini.sys [2000-02-15 168576]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-06-01 902424]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-01 231704]
R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-01 76040]
R4 viritsvclite;Virit eXplorer Lite;c:\vexplite\viritsvc.exe [2007-10-10 57344]
S0 ati1yexx;ati1yexx;c:\windows\system32\Drivers\ati1yexx.sys --> c:\windows\system32\Drivers\ati1yexx.sys [?]
S0 ati7cgxx;ati7cgxx;c:\windows\system32\Drivers\ati7cgxx.sys --> c:\windows\system32\Drivers\ati7cgxx.sys [?]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-EPSON Stylus C62 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
MSConfigStartUp-spywarefighterguard - c:\programmi\Fighters\spywarefighter\SpywarefighterUser.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 12:29:56
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\AVG\AVG8\avgupd.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-26 12:33:59 - Il pc è stato riavviato [Bea]
ComboFix-quarantined-files.txt 2009-01-26 11:33:51

Pre-Run: 332,193,792 byte disponibili
Post-Run: 532,520,960 byte disponibili

141


Malwarebytes' Anti-Malware 1.33
Versione del database: 1685
Windows 5.1.2600 Service Pack 2

26/01/2009 13.10.39
mbam-log-2009-01-26 (13-10-39).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 76775
Tempo trascorso: 34 minute(s), 13 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 3
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 3

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati1kqxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati1kqxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati1kqxx (Rootkit.Agent) -> Delete on reboot.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\System Volume Information\_restore{577BB312-08CA-4C37-A50D-4E75FCA99FC1}\RP51\A0044449.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{577BB312-08CA-4C37-A50D-4E75FCA99FC1}\RP52\A0044562.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati1kqxx.sys (Rootkit.Agent) -> Delete on reboot.

Ciao r16!
Adesso ho disattivato il Ripristino Config.......... hai ragione, le altre volte, nella fretta, ho dimenticato questo passaggio!
Cmq ecco il risultato di Avenger:
Prima però è comparsa una finestra che diceva: cmd.exe - Disco non presente. Impossibile trovare il disco nell'unità. Inserire un disco nell'unità\Device\Harddisk1\DR2

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Jan 29 12:53:23 2009

12:53:23: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Jan 29 12:53:29 2009

12:53:29: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Thu Jan 29 12:54:02 2009

12:53:59: Warning: Skipping potentially dangerous line:
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati1kqxx" (Registry key deletion mode)
12:54:02: Error: Execution aborted by user!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not delete registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati1kqxx"
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati1kqxx" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: could not delete registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati1kqxx"
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati1kqxx" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: could not delete registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati1kqxx"
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati1kqxx" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: could not delete registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1kqxx.sys"
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1kqxx.sys" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1yexx.sys" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7cgxx.sys" deleted successfully.

Error: could not open file "C:\WINDOWS\system32\drivers\ati1kqxx.sys"
Deletion of file "C:\WINDOWS\system32\drivers\ati1kqxx.sys" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: file "c:\windows\system32\Drivers\ati1yexx.sys" not found!
Deletion of file "c:\windows\system32\Drivers\ati1yexx.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\Drivers\ati7cgxx.sys" not found!
Deletion of file "c:\windows\system32\Drivers\ati7cgxx.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\ati1kqxx.sys" not found!
Deletion of driver "ati1kqxx.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\ati1yexx.sys" not found!
Deletion of driver "ati1yexx.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\ati7cgxx.sys" not found!
Deletion of driver "ati7cgxx.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Scusa ... non voglio farvi impazzire con questo virus... se proprio non c'è niente da fare... lo formatto, non so!!
GRAZIEEE