Ciao r16 dopo che stupidamente ,per curiosita',ho seguito il consiglio di un fesso e ho installato Live Player infognandomi, mi ritrovo il rogue.
ti posto il log di combofix,grazie
ComboFix 09-04-18.05 - Manlio & Paola 18/04/09 16.01.30.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2046.1460 [GMT 2:00]
Eseguito da: c:\documents and settings\Manlio & Paola\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
Error: Cfolders.dat

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Manlio & Paola\Impostazioni locali\Dati applicazioni\oucuu.dat
c:\documents and settings\Manlio & Paola\Impostazioni locali\Dati applicazioni\oucuu.exe
c:\documents and settings\Manlio & Paola\Impostazioni locali\Dati applicazioni\oucuu_nav.dat
c:\documents and settings\Manlio & Paola\Impostazioni locali\Dati applicazioni\oucuu_navps.dat
c:\windows\system32\_000228_.tmp.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-03-18 al 2009-04-18 )))))))))))))))))))))))))))))))))))
.

2009-04-17 14:38 . 2009-04-17 14:38 -------- d-----w c:\documents and settings\Manlio & Paola\Dati applicazioni\live-player
2009-04-15 16:42 . 2009-04-15 16:43 1374 ----a-w c:\windows\imsins.BAK
2009-04-15 16:08 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 16:08 . 2009-03-06 14:19 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 16:08 . 2009-02-09 11:22 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 16:08 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 16:08 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 16:07 . 2008-04-21 21:14 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 07:44 . 2009-04-13 07:47 -------- d-----w c:\documents and settings\Manlio & Paola\Impostazioni locali\Dati applicazioni\Ashampoo
2009-04-10 14:23 . 2008-09-25 13:20 483328 ----a-w c:\windows\system32\actskn45.ocx
2009-04-08 17:25 . 2009-04-08 17:25 1048576 ---h--w c:\windows\cache.dmx
2009-04-06 17:40 . 2008-07-09 09:05 421888 ----a-w c:\windows\system32\ac3filter.acm
2009-04-06 17:16 . 2009-04-06 17:16 1048576 ---h--w C:\cache.dmx
2009-04-04 17:44 . 2005-08-25 20:10 9804 ----a-w c:\windows\system\temp.000
2009-04-04 17:44 . 2005-08-25 20:09 7244 ----a-w c:\windows\system\temp.001
2009-04-04 15:27 . 2005-08-25 20:10 9804 ----a-w c:\windows\system\vdremote.dll
2009-04-04 15:27 . 2005-08-25 20:09 7244 ----a-w c:\windows\system\vdsvrlnk.dll
2009-04-04 15:00 . 2006-08-01 18:06 12952 ----a-w c:\windows\system32\drivers\DLACDBHM.SYS
2009-04-04 15:00 . 2006-08-01 17:46 51800 ----a-w c:\windows\system32\drivers\DRVNDDM.SYS
2009-04-04 15:00 . 2009-04-04 15:08 -------- d-----w c:\windows\system32\DLA
2009-04-04 15:00 . 2006-08-08 07:18 56056 ----a-w c:\windows\system32\DLAAPI_W.DLL
2009-04-04 15:00 . 2006-08-08 07:18 92920 ----a-w c:\windows\DLA.EXE
2009-04-04 15:00 . 2006-08-01 18:06 28216 ----a-w c:\windows\system32\drivers\DLARTL_M.SYS
2009-03-31 17:35 . 2009-03-31 17:35 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-03-20 13:20 . 2009-03-20 13:20 -------- d-----w c:\documents and settings\Manlio & Paola\Dati applicazioni\OpenOffice.org
2009-03-19 17:50 . 2009-03-19 17:50 -------- d-sh--w c:\documents and settings\Manlio & Paola\IECompatCache
2009-03-19 17:48 . 2009-03-19 17:48 -------- d-sh--w c:\documents and settings\Manlio & Paola\PrivacIE
2009-03-19 17:47 . 2009-03-19 17:47 -------- d-sh--w c:\documents and settings\Manlio & Paola\IETldCache
2009-03-19 17:40 . 2009-02-20 17:08 78336 -c--a-w c:\windows\system32\dllcache\ieencode.dll
2009-03-19 17:40 . 2009-02-20 17:08 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-19 17:38 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 14:08 . 2009-01-23 17:51 33046560 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-18 13:58 . 2009-01-07 19:19 -------- d-----w c:\documents and settings\Manlio & Paola\Dati applicazioni\Spamihilator
2009-04-18 13:50 . 2008-04-18 17:02 -------- d-----w c:\programmi\EMCO Malware Destroyer
2009-04-17 20:30 . 2009-01-23 17:51 385928 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-17 20:29 . 2009-04-18 06:39 2251264 ----a-w c:\windows\Internet Logs\xDB17.tmp
2009-04-17 20:29 . 2009-04-18 06:39 21504 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-04-17 18:49 . 2009-04-17 20:09 161792 ----a-w c:\windows\Internet Logs\xDB16.tmp
2009-04-16 17:38 . 2009-04-16 17:38 -------- d-----w c:\programmi\Lphant Applications
2009-04-16 17:38 . 2009-04-10 14:17 -------- d-----w c:\programmi\Lphant
2009-04-14 17:20 . 2008-03-08 08:57 -------- d-----w c:\documents and settings\Manlio & Paola\Dati applicazioni\Roxio
2009-04-11 13:22 . 2009-04-11 17:52 166912 ----a-w c:\windows\Internet Logs\xDB18.tmp
2009-04-11 13:09 . 2008-10-24 17:18 -------- d-----w c:\programmi\Download Express
2009-04-11 07:25 . 2008-03-08 14:00 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-04-11 07:21 . 2008-03-08 14:00 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-04-08 18:36 . 2009-02-09 17:25 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-08 17:24 . 2009-04-08 17:23 -------- d-----w c:\programmi\InterActual
2009-04-07 08:38 . 2009-01-02 14:39 -------- d-----w c:\programmi\LimeWire
2009-04-07 07:30 . 2009-04-04 14:52 -------- d-----w c:\programmi\Roxio
2009-04-06 19:21 . 2009-04-06 19:21 -------- d-----w c:\programmi\Smart Projects
2009-04-06 19:12 . 2008-03-08 08:49 -------- d-----w c:\programmi\File comuni\Sonic Shared
2009-04-06 17:40 . 2009-04-06 17:40 -------- d-----w c:\programmi\XP Codec Pack
2009-04-06 13:32 . 2009-02-09 17:25 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-02-09 17:25 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 13:07 . 2008-03-07 18:46 65928 ----a-w c:\documents and settings\Manlio & Paola\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-05 18:42 . 2009-04-05 19:09 25600 ----a-w c:\windows\Internet Logs\xDB1F.tmp
2009-04-05 18:42 . 2009-04-05 19:09 2148352 ----a-w c:\windows\Internet Logs\xDB23.tmp
2009-04-05 15:38 . 2009-04-05 17:56 2147840 ----a-w c:\windows\Internet Logs\xDB22.tmp
2009-04-05 15:38 . 2009-04-05 17:56 182784 ----a-w c:\windows\Internet Logs\xDB20.tmp
2009-04-05 13:55 . 2009-01-25 13:52 -------- d-----w c:\documents and settings\Manlio & Paola\Dati applicazioni\Free Download Manager
2009-04-04 14:58 . 2009-04-04 14:58 -------- d-----w c:\programmi\File comuni\SureThing Shared
2009-04-04 14:56 . 2008-03-08 08:49 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Roxio
2009-04-04 14:55 . 2008-03-08 08:48 -------- d-----w c:\programmi\File comuni\Roxio Shared
2009-04-04 14:50 . 2008-03-08 08:47 -------- d-----w c:\programmi\DivX
2009-04-02 18:24 . 2008-03-07 18:23 -------- d-----w c:\programmi\Java
2009-04-02 18:23 . 2004-08-19 12:00 86014 ----a-w c:\windows\system32\perfc010.dat
2009-04-02 18:23 . 2004-08-19 12:00 472868 ----a-w c:\windows\system32\perfh010.dat
2009-03-31 18:40 . 2009-03-31 18:42 183808 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-03-24 18:02 . 2009-03-24 18:02 -------- d-----w c:\programmi\JRE
2009-03-24 18:02 . 2009-01-22 20:33 -------- d-----w c:\programmi\OpenOffice.org 3
2009-03-18 17:26 . 2009-03-09 16:37 -------- d-----w c:\programmi\iDC++
2009-03-09 03:19 . 2008-11-23 19:08 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-06 14:19 . 2004-08-19 12:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2004-08-19 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-01 14:28 . 2009-01-02 14:40 -------- d-----w c:\documents and settings\Manlio & Paola\Dati applicazioni\LimeWire
2009-03-01 08:47 . 2009-03-01 08:38 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\iolo
2009-03-01 08:47 . 2009-03-01 08:47 74703 ----a-w c:\windows\system32\mfc45.dll
2009-02-09 14:04 . 2004-08-19 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2004-08-19 15:34 2027520 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2004-08-19 12:00 2148864 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2004-08-19 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2004-08-19 12:00 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-08-19 12:00 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2004-08-19 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2004-08-19 12:00 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-07 15:32 . 2009-02-07 15:32 76875 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-06 10:39 . 2004-08-19 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2004-08-19 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-26 19:31 . 2008-09-02 17:00 737280 -c--a-w c:\windows\iun6002.exe
2009-01-23 17:49 . 2009-01-23 17:47 4212 ---h--w c:\windows\system32\zllictbl.dat
2008-03-07 18:11 . 2008-03-07 18:11 143 -c--a-w c:\documents and settings\Manlio & Paola\Impostazioni locali\Dati applicazioni\fusioncache.dat
2008-05-06 19:24 . 2008-05-06 19:24 32768 -csha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008050620080507\index.dat
.

------- Sigcheck -------

[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2009-01-11 08:33 360320 3C966F647BAB332093CB0F92692B5CB8 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-19 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2004-08-19 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2009-02-07 14:21 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2009-02-07 14:21 361600 CBEEBEB899E31EF52B962CB31FC8CA5C c:\windows\system32\dllcache\tcpip.sys
[-] 2009-02-07 14:21 361600 CBEEBEB899E31EF52B962CB31FC8CA5C c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2009-02-02 251264]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spamihilator"="c:\programmi\Spamihilator\spamihilator.exe" [2008-12-23 1321984]
"StartupDelayer"="c:\programmi\r2 Studios\Startup Delayer\Startup Launcher.exe" [2008-11-29 73728]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-09-24 1447168]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\e:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Magentic\\bin\\MgImp.exe"=
"c:\\Programmi\\Magentic\\bin\\Magentic.exe"=
"c:\\Programmi\\Magentic\\bin\\MgApp.exe"=
"c:\\Programmi\\PhotoJoy\\Bin\\PjApp.exe"=
"c:\\Programmi\\PhotoJoy\\Bin\\PjImp.exe"=
"c:\\Programmi\\PhotoJoy\\Bin\\PhotoJoy.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=

R2 MalwareDefenderService;Malware Defender Service; [x]
R3 MODRC;WinFast DTV Dongle Infrared receiver driver;c:\windows\system32\DRIVERS\wfdbmodr.sys [2005-09-20 8320]
R3 wfdbbda;WinFast DTV Dongle BDA Driver;c:\windows\system32\Drivers\wfdbbda.sys [2005-10-27 29952]
R3 WFDBLOAD;WinFast DTV Dongle Firmware Loader;c:\windows\system32\DRIVERS\wfdbload.sys [2005-09-20 18560]
R3 WFIOCTL;WFIOCTL;c:\programmi\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 9446]
S1 c2scsi;c2scsi; [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-09-24 34312]
S1 hhlleimo;hhlleimo;c:\windows\system32\drivers\hhlleimo.sys [2009-02-13 231424]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-03-31 142592]
S2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-09-24 468224]
S2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe [2008-04-14 14336]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1980412c-185d-11dd-b38d-00c09fde9baf}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dff428bc-dfb7-11dd-b224-00c09fde9baf}]
\Shell\AutoRun\command - G:\StartPortableApps.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-02-21 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-21 17:15]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-oucuu - c:\documents and settings\manlio & paola\impostazioni locali\dati applicazioni\oucuu.exe
Notify-WgaLogon - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.fastweb.it/portale/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: Scarica con Download &Express - c:\programmi\Download Express\Add_Url.htm
IE: Scarica con Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
TCP: {7E4B9424-2CD5-4AA7-B3B0-3597804C49D6} = 29.253.128.10,1.253.128.39
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
FF - ProfilePath - c:\documents and settings\Manlio & Paola\Dati applicazioni\Mozilla\Firefox\Profiles\p4h90lxx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - MyStart Cerca
FF - prefs.js: browser.startup.homepage - hxxp://www.fastweb.it/portale/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - component: c:\documents and settings\Manlio & Paola\Dati applicazioni\Mozilla\Firefox\Profiles\p4h90lxx.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 16:08
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UnlockerDriver5]
"ImagePath"="\??\c:\programmi\Unlocker\UnlockerDriver5.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\MANLIO~1\IMPOST~1\Temp\ASFWHide"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-04-18 16.10.35
ComboFix-quarantined-files.txt 2009-04-18 14:10

Pre-Run: 61.837.971.456 byte disponibili
Post-Run: 62.000.979.968 byte disponibili

235

Ciao bazzurlone .
Apri un topic tutto tuo, che ti seguo meglio.
Fai una scansione con Malwarebytes,e posti il log, mi posti il log di Combofix, e anche uno di HJT.
Malwarebytes, è in grado di eliminare quel rogue.
Comunque segui il percorso ed elimina la voce in rosso:
c:\documents and settings\Manlio & Paola\Dati applicazioni\live-player

Ho fatto scaricare il programma Combofix a mio fratello ed è sorto il seguente problema (gli ho fatto disabilitare l'antivirus e l'antispyware); ha avviato il programma e dopo un po' (sono apparse delle scritte con un numero sequenziale) e dopo è arrivato un avvisio di riavvio del PC. Quando si è riavvito il pc si sono riattivati i software di sicurezza e non è riuscito a fare la scansione con combofix. Dove ha sbagliato? Come posso aiutarlo?

Grazie r16 in settimana vado a casa da mio fratello e seguiro' la guida che mi hai indicato così ti posterò nuovamente il log. Recentemente gli avevo installato Acronis True Image e gli avevo consigliato di acquistare un hard disk esterno dove effettuare un'immagine del PC che in caso di problema ripristinava il tutto (parliamo di circa 1 mese fa). Non mi ha dato ascolto e ogni volta si ritrova a dover combatter con qualche virus & C. menomale che ci siete voi.